Privacy Policy
Last updated: June 29, 2026
Simple Web, which operates simplematch ("we"), respects user privacy. This document explains what data we collect, why, and how you can control it. The policy follows the Israeli Protection of Privacy Law 5741-1981 (as amended, including Amendment 13, in force 14 August 2025) and the Protection of Privacy (Data Security) Regulations 5777-2017. For EU users, the principles of the GDPR also apply in parallel.
1. Who we are
The simplematch Service is operated by Simple Web.
Address: LYFE Towers, David Ben Gurion 1, Bnei Brak, Israel.
Contact for privacy matters: email info@simple-web.co.il, phone 053-757-2773.
2. Data we collect
2.1. Event organizers (account holders):
- Couple / organizer name and email address
- Password — stored only as a one-way hash (bcrypt); we never see or recover your password
- Google sign-in details (when you choose to sign in with Google)
- For business owners: contact name, phone, and business address
- Event details: event name, date, location, welcome message and hero image (some shown to guests)
- Plan and subscription details (payment status, account type)
2.2. Event guests
Some fields are sensitive: the combination of gender and "who you want to meet" may reveal sexual orientation, and joining introductions (likes and matches) indicates romantic interests. These fields are collected only when you choose to use the introductions feature, and with your consent.
- First and last name
- Date of birth / age
- Gender
- Who you want to meet — only when you joined introductions
- Profile photo (shown to other participants in the event)
- Chat messages (global and private) — free text that may contain personal information
- Like / match / pass / block actions, and reports (including a free-text reason)
- Presence and last activity (to show who is active)
- 6-digit PIN for re-entry — also stored as a one-way hash
- Contact email (optional, mainly at bar/club events)
2.3. Technical data
Your IP address is used by the app mainly as a rate-limiting key (to prevent abuse) and is not stored by the application code itself. Persistent logging of IP address and browser/OS type happens at our providers' layer (Supabase Auth login logs and Vercel access logs). On the marketing site we also measure usage via Google Analytics (see section 7).
3. Why we collect data and the legal basis
We collect data for the following purposes, on the appropriate legal basis:
- To operate the Service — present profiles, introductions, matches and chat (to perform our agreement with you).
- For identity verification and account login.
- To prevent abuse, spam and duplicates, and to maintain safety (legitimate interest).
- To communicate with you — registration confirmations, password resets and essential service notifications.
- Analytics and service improvement (legitimate interest, and consent where required — see section 7).
- To comply with legal obligations, when required.
3.1. Sensitive data and explicit consent
The sensitive data related to introductions (gender and your meeting preference) is collected only after you choose to join the introductions feature and explicitly consent to it at registration. You may withdraw that consent at any time — see section 6. Providing some details is a condition for using the relevant feature; without them we cannot offer it.
4. Who we share data with
We use leading infrastructure providers that process data on our behalf:
- Supabase Inc. — database, file storage and account management; data is stored in the EU region (Frankfurt, Germany). Supabase also sends operational emails (registration confirmation, password reset).
- Vercel Inc. — application hosting and serverless functions; the compute region is not necessarily pinned to the EU.
- Google LLC — the "Continue with Google" sign-in service (only when chosen).
- Google Analytics (GA4) — usage measurement on the marketing pages and the organizer area (not in the guest event app).
- Google Maps — an embedded map on the "Contact" page only (loading the page sends your IP address to Google).
- Monday.com — lead-management system; the "Contact" form sends it your name, phone, event date, notes, and the audience type you selected.
4.1. What we don't do — and access within the event
We do not sell personal data, do not share it with ad networks without your consent to marketing cookies (see section 7), and do not use it to train commercial AI models. Note: other participants in your event see the profile, photo and messages you share within the event.
Data is stored in the EU (Frankfurt); some compute processing (Vercel) may occur outside the EU. An adequacy arrangement exists between the EU and Israel for data transfers, and processing by our providers is subject to data-processing terms.
5. Storage, security and retention
5.1. Data is stored on servers in the EU (Frankfurt).
5.2. Passwords and PINs are stored as a one-way hash (bcrypt) — irreversible.
5.3. All traffic is encrypted via HTTPS (modern TLS).
5.4. Access separation at the database layer (Row-Level Security): each user reaches only their own data and the data of their event. In addition, operational access is limited to the staff who require it.
5.5. We apply organizational and technical safeguards in line with the Protection of Privacy (Data Security) Regulations 5777-2017. In the event of a security incident we will act to identify it, address it, and notify the Privacy Protection Authority and users as required by law.
5.6. Retention: data is kept while the account or event is active. We do not currently delete data automatically when an event ends; you may request deletion at any time (see section 6.1). Records we are required to keep by law (such as payment and accounting records, and abuse-prevention/audit logs) are kept for the required period.
6. Your rights
Under the Israeli Privacy Law and the GDPR (for EU users), you have the following rights:
- Right of access — to request what data we hold about you.
- Right to rectification — to correct inaccurate data (profile and account details can be self-edited).
- Right to erasure — see the two-tier deletion model in section 6.1.
- Right to object and to withdraw consent — including leaving the introductions feature at any time.
- Right to receive your data — we will provide it on request (there is no self-serve export today).
6.1. Deletion — a two-tier model
On your request we will deactivate your account and remove it from active use (the data is moved to a restricted-access archive). On an explicit erasure request we will permanently delete your personal data — except records we are required to keep by law (such as payment records and audit logs), which are kept only for the required period.
We will respond to any request within one month (and in any case within 30 days). To make a request: info@simple-web.co.il.
7. Cookies and analytics
We use the following types of cookies:
- Essential cookies — the Supabase session (identity) token and the login-flow token (PKCE); without them you cannot sign in and stay logged in. Plus a preferred-language cookie (he / en).
- Analytics cookies — Google Analytics (GA4) sets _ga / _ga_* cookies to measure usage on the marketing pages and the organizer area. They load only after you accept the "Measurement" category in the consent banner, and are not active in the guest event app (/e/).
- Third party on the "Contact" page — the embedded Google Map may set Google cookies when you open the page.
- Marketing cookies — pixels for targeted advertising (Meta, Google Ads). Off by default; they load only if you accept the "Marketing" category in the consent banner.
7.1. What we don't do and how to opt out
You control non-essential cookies through the consent banner (Essential / Functional / Measurement / Marketing). You can change your choice anytime from the "Cookie settings" link in the site footer, and block cookies via your browser settings. We do not share usage data with ad networks without your marketing consent.
8. Minors
8.1. The Service is for users aged 18 and up. Registration for any event is open only to those aged 18 and up.
8.2. We rely on the age the user provides. If we learn of a user under 18, we will remove their account.
9. Changes and contact
9.1. We will give advance notice of a material change to this policy (on the website and/or by email) a reasonable time before it takes effect.
9.2. For privacy questions, requests or complaints: info@simple-web.co.il or 053-757-2773.
9.3. If you are not satisfied with our response: Israeli residents may contact the Privacy Protection Authority (gov.il); EU residents may contact their local supervisory authority.
Privacy questions? info@simple-web.co.il