all of you, by design
Privacy Policy
Binder Community Limited · No. 17058768
1. Summary — at a glance
This summary helps you navigate the Policy. It does not replace the full text below.
Who we are — Binder Community Limited, a UK company, is the controller of your personal data.
Who can use Binder — Adults aged 18 and over, in the United Kingdom.
Sensitive data — We only use data about your sexual orientation, gender identity, religious or philosophical beliefs, or health where you give explicit consent, or to keep people safe or deal with legal claims.
Matching and profiling — We use an automated compatibility algorithm to suggest people, content and events. This uses your Spectra and Dimension profile — which may include sensitive data. See section 12.
Age verification — We use Stripe Identity to verify that users are aged 18 or over. This involves checking your identity document and a biometric liveness check.
Location — Optional and consent-based; approximate, neighbourhood-level, minimised (rounded to approximately 111 metres).
Images and safety — Images you upload are automatically checked using Microsoft PhotoDNA to detect known illegal content (CSAM). We do not use your data to train AI models.
Your content — Your messages and profile content are not end-to-end encrypted; we can access them to run the service and keep users safe.
Selling data — We do not sell your personal data.
Your rights — Access, correct, delete, restrict, object, portability, withdraw consent, and complain to the ICO.
2. About this Policy and who we are
Binder Community Limited is the “controller” of your personal data, except where this Policy says we act as a “processor” on behalf of another party. Our details are:
Controller: Binder Community Limited, registered in England and Wales (company number 17058768).
Registered office: 15 Montpellier Vale, London SE3 0TA.
Privacy contact / Data Protection Officer: Cameron Farquhar (DPO & General Counsel), cameron@bindercommunity.app.
ICO registration number: to be confirmed on completion of registration.
3. Definitions
Platform means the Binder mobile application, website and related services.
Facet or Dimension means a contextual part of your profile (for example creative, social, romantic or professional) that you choose to create.
Spectra means the preference and identity attributes you choose to share within your Dimensions, which may include sensitive personal data such as sexual orientation, gender identity, and religious or philosophical beliefs.
Stripe means Stripe Payments UK, Ltd, our age verification and payment services provider.
‘Personal data’, ‘special category data’, ‘controller’, ‘processor’ and ‘processing’ have the meanings given in the UK GDPR (the retained EU GDPR as it forms part of UK law, read with the Data Protection Act 2018).
4. Who this Policy is for (18+ only)
The Platform is for adults aged 18 or over in the United Kingdom. It is not directed at children, and we do not knowingly collect personal data from anyone under 18. We use age-assurance measures, provided by Stripe Identity, to prevent under-18s from accessing the Platform (section 12). If we learn that we hold personal data of a person under 18, we will delete it.
5. The personal data we collect, and where it comes from
We collect the following categories of personal data, from you directly unless stated otherwise:
Account data — Name/username, email, phone number, password, date of birth. Source: you.
Profile, Facet and Dimension data — Photos, bio, interests, prompts, the contexts you express. Source: you.
Spectra / special category data — Data revealing sexual orientation, gender identity, religious or philosophical beliefs, or health data you choose to share (see section 8). Source: you — via your Spectra and Dimension settings.
Age-assurance and identity verification data — Government-issued identity document (e.g. passport or driving licence); biometric liveness data used to confirm you are 18+; confirmation result. Source: you; Stripe Identity (age verification processor).
Content and communications — Posts, images, messages and related metadata. Source: you.
Payment data — Billing details and transaction records. Source: you; Stripe Payments UK Ltd.
Technical and usage data — IP address, device identifiers, OS, app version, interactions, session data. Source: automatically.
Cookies and similar — Identifiers and preferences (see section 11). Source: automatically; with consent.
Safety and moderation data — Reports you make, content-moderation results, CSAM-incident records, anti-abuse signals, account-status records. Source: you; our moderation tools.
6. Do you have to provide your data?
Some personal data is necessary to provide the Platform. You must provide account data and complete age verification in order to create and use an account — if you do not, we cannot provide the Platform to you.
Other data is optional: you choose whether to share profile and Facet/Dimension details, Spectra attributes, and location. Not sharing them only means certain features may be unavailable. Marketing is always optional.
You are never required to share Spectra or other sensitive data to use the core Platform. Explicit consent is required before any such data is processed for matching or profiling (section 12).
7. How and why we use your data, and our lawful bases
We must have a lawful basis to use your personal data, and an additional condition for special category data. Our main purposes are:
Create and manage your account — Contract (Art 6(1)(b)).
Operate the Platform — profile, Facets, Dimensions and discovery — Contract (Art 6(1)(b)). Special category elements you display: explicit consent (Art 9(2)(a)).
Compatibility matching and profiling (alignment engine — see section 12) — Contract (Art 6(1)(b)) for the matching service. Explicit consent (Art 9(2)(a)) for Spectra / Dimension attributes that are special category data (sexual orientation, gender identity, religious or philosophical beliefs, health). You may withdraw consent at any time.
Use sexual orientation, gender identity, religion/belief data to help you connect — Explicit consent (Art 9(2)(a)); withdrawable at any time.
Location-based discovery and events — Consent (Art 6(1)(a)); withdrawable at any time.
Age verification (Stripe Identity — including biometric liveness check and identity document review) — Legal obligation (Art 6(1)(c)) — Online Safety Act 2023. Biometric data: substantial public interest — safeguarding (Art 9(2)(g); DPA 2018 Sch 1 para 10), per our Appropriate Policy Document.
Automated image content moderation (Microsoft PhotoDNA — detecting CSAM and illegal imagery) — Legal obligation (Art 6(1)(c)) and legitimate interests (Art 6(1)(f)). Special category: substantial public interest — safeguarding and preventing/detecting unlawful acts (Art 9(2)(g); DPA 2018 Sch 1), per our Appropriate Policy Document.
Keep users safe; moderation; prevent abuse, illegal content and fraud; meet online-safety duties — Legal obligation (Art 6(1)(c)) and legitimate interests (Art 6(1)(f)). Special category: as above (Art 9(2)(g); DPA 2018 Sch 1), per our Appropriate Policy Document.
Take payments and keep financial records — Contract (Art 6(1)(b)); legal obligation (Art 6(1)(c)).
Service messages (security, changes to terms) — Contract (Art 6(1)(b)); legitimate interests (Art 6(1)(f)).
Marketing — Consent (Art 6(1)(a)); PECR.
Analytics, security and improving the Platform — Legitimate interests (Art 6(1)(f)); consent for non-essential cookies.
Legal claims; responding to lawful requests — Legal obligation (Art 6(1)(c)); legitimate interests (Art 6(1)(f)). Special category: legal claims (Art 9(2)(f)).
Where we rely on legitimate interests, we have weighed those interests against your rights; you can ask us about that assessment. Where we rely on consent, you can withdraw it at any time without affecting earlier processing.
8. Sensitive (special category) data and your explicit consent
Data about your sexual orientation, gender identity, religious or philosophical beliefs, and health is especially sensitive. We process it only where you have given explicit consent, except where the law allows or requires another basis — in particular to keep users safe, to comply with legal obligations, or to deal with legal claims (see section 7 and our Appropriate Policy Document).
We collect sensitive data through the Spectra and Dimension system during onboarding and profile setup. This data is used to calculate compatibility scores between users as part of Binder’s matching service (section 12). You control which Spectra attributes you share and you may withdraw consent for individual attributes at any time via Profile Settings. If you withdraw consent for a Spectra attribute, that attribute will be excluded from all future compatibility scoring.
You are never required to share sensitive data to use the core Platform. You control what you display and who can see it through granular privacy settings, and you can withdraw consent at any time by changing your profile or settings or by contacting us. Some features that depend on this data may then be unavailable.
Please also take care with sensitive information you include in messages or share with other users: once you share it with another person, you may not be able to control how they use it.
9. Children’s data
Because the Platform is for adults, we do not knowingly process the personal data of under-18s. If you believe a child is using the Platform, please report it through the app or contact us, and we will take appropriate action, including removing the account and deleting the data.
10. Marketing and your communication preferences
We send marketing by email, SMS or push notification only where you have opted in, and you can opt out at any time using the unsubscribe link or your notification settings. We will still send essential service messages (for example about security, payments, or changes to our terms), which are necessary to provide the Platform and are not marketing.
11. Cookies and similar technologies
We use cookies and similar technologies to operate the Platform, remember your preferences, measure performance and, where you consent, for analytics. Non-essential cookies and similar technologies are set only with your consent through our consent banner. Full details are in our separate Cookie Policy.
12. Matching, profiling, image moderation and automated decisions
Age verification. To verify that you are aged 18 or over, we use Stripe Identity. The age verification process involves:
Uploading a photograph of a government-issued identity document (such as a passport or driving licence).
A biometric liveness check — a brief automated comparison between your face and the photograph on your identity document.
An automated decision on whether you meet the age threshold.
Stripe Identity processes your identity document and biometric data on our behalf. Binder retains only a confirmation of your age status (18+ or not verified) and does not store the identity document or biometric data itself — these are held by Stripe under Stripe’s own data protection policies. The legal basis for this processing is our legal obligation under the Online Safety Act 2023 (Art 6(1)(c) UK GDPR); the processing of biometric data is justified by substantial public interest — safeguarding (Art 9(2)(g) UK GDPR; DPA 2018 Sch 1 para 10), per our Appropriate Policy Document.
Matching and compatibility profiling.Binder uses an automated compatibility algorithm (the “alignment engine”) to suggest other users, content and events that may be relevant to you. This involves profiling within the meaning of Article 4(4) UK GDPR.
What data does the algorithm use? The algorithm uses: (a) your Spectra and Dimension profile — which may include your sexual orientation, gender identity, and religious or philosophical beliefs, if you have chosen to share these; (b) your approximate location (rounded to approximately 111 metres before storage); (c) your activity patterns and interaction history on Binder; and (d) any intent signals you have provided.
What is the logic? The algorithm computes a compatibility score using five models: textual similarity, geographic proximity, shared Spectra / Dimension alignment, shared intent, and interaction history. These scores are weighted and combined to rank suggested users and content. Scores are computed at the time suggestions are generated and are not retained after display.
What is the significance and what are the envisaged consequences? Higher compatibility scores mean you are more likely to see a suggested user or piece of content. Lower scores mean you are less likely to see them. The algorithm affects the order and prominence of suggestions only — it does not determine who may contact you or who you may contact, and it does not restrict your access to the Platform.
Is this a solely automated decision with legal or similarly significant effects? No. Binder’s matching algorithm makes suggestions, but you decide who to interact with. No legal or similarly significant decision is made about you automatically. Article 22 UK GDPR therefore does not apply to this processing.
Your rights in relation to profiling.You have the right to object at any time to the use of your personal data (including special category data) in Binder’s compatibility algorithm. To exercise this right, go to Profile Settings > Privacy > Matching Preferences. If you object, your profile will not be included in compatibility scoring and you will not receive scored suggestions. You may also withdraw consent for specific Spectra attributes — see section 8.
Image moderation — Microsoft PhotoDNA.To keep the Platform safe, every image you upload is automatically scanned using Microsoft PhotoDNA, a hash-matching technology that compares uploaded images against a database of known child sexual abuse material (CSAM) and other illegal imagery. This scanning happens at the point of upload; images are not served to any user until they have been cleared (“fail-closed” architecture).
If a scan identifies a potential match:
The image is immediately quarantined and is not shown to any user.
A safety record is created.
Where required by law, we report the content to the National Crime Agency via the Child Exploitation and Online Protection Command (CEOP) and, where applicable, to the Internet Watch Foundation (IWF).
Your account may be suspended or restricted.
PhotoDNA is a detection tool, not a classifier: it identifies known illegal content by matching hashes and does not assess or profile your content more broadly. We do not use your personal data, images or messages to train general-purpose or third-party AI models.
Where a moderation decision significantly affects you, you can request human review, put your point of view, and contest the outcome.
13. Location data
Location features are optional and work only with your consent, which you can turn on or off at any time in your settings or device permissions.
We collect approximate, neighbourhood-level location rather than precise coordinates wherever possible.
Your location coordinates are rounded to approximately 111 metres (one decimal degree) on our servers before storage. Exact GPS coordinates are not retained.
We do not collect location in the background unless strictly necessary for a feature you have enabled.
We apply technical measures (such as coarsening or ‘ghosting’ location) to reduce the risk that your precise whereabouts can be identified.
Because the Platform can facilitate meeting people in person, please also read our Safety Guidelines before arranging to meet anyone.
14. Who we share your data with
Other users. Information you choose to make visible — your profile, Facets, Dimensions and content — is seen by other users in line with your privacy settings. Please think carefully before sharing sensitive data. Granular privacy settings let you limit who can see you without deleting your account.
Service providers (processors). We use trusted providers who process data on our behalf under written contracts (Article 28 UK GDPR), including:
Stripe Payments UK, Ltd— Age verification (Stripe Identity — identity document and biometric liveness processing) and payment processing. The responsible entity for UK users is Stripe Payments UK, Ltd. Data is processed in the UK. International transfers (where Stripe’s global operations are used to provide services) are covered by Stripe’s certification under the UK Extension to the EU-US Data Privacy Framework.
Microsoft (PhotoDNA) — Automated hash-matching of uploaded images against known CSAM databases to detect illegal content. No image content is retained by Microsoft beyond the duration of the scan. Microsoft Azure services; UK/EU region preferred. International transfers under the UK IDTA / Standard Contractual Clauses.
Railway — Application hosting and deployment of the Binder backend and API.
Supabase — Database hosting and storage of account and profile data, protected by access controls including row-level security.
Expo / Sentry — Push notification delivery (Expo); crash and error diagnostics (Sentry — personal identifiers scrubbed before transmission). US-based processors. International transfers under the UK IDTA / Addendum with transfer risk assessment.
We do not sell your personal data, and we do not share it with third parties for their own marketing without your consent.
Access to your content. Your profile content and messages are not end-to-end encrypted, which means we (and our service providers acting on our instructions) can access them to operate the Platform, provide support, and keep users safe. We do not have access to your password, which is stored in a secured (hashed) form. We use encryption at rest rather than end-to-end encryption so that we can meet our legal and safety obligations, including where we are lawfully required to access content (for example under the Investigatory Powers Act 2016).
Safety, legal and regulatory. We may disclose data where necessary to protect users or the public, to detect or prevent abuse, harassment, illegal content or fraud, to comply with a legal obligation or court order, to respond to lawful requests from law enforcement or regulators (including the National Crime Agency, CEOP, the ICO, and Ofcom), or to bring or defend legal claims.
Corporate transactions. In a merger, acquisition, financing or asset sale, data may be disclosed or transferred subject to appropriate confidentiality protections.
15. Where your data is held, and which law applies
The Platform is offered to users in the United Kingdom, and this Policy is governed by the law of England and Wales.
We aim to host personal data in the United Kingdom. However, some of our service providers are based outside the UK or may process data outside the UK. Where personal data is transferred outside the UK, we rely on an appropriate safeguard, such as the ICO’s International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, together with a transfer risk assessment. Stripe’s international transfers are covered by the UK Extension to the EU-US Data Privacy Framework. Transfer mechanism details for each provider are set out in section 14.
16. How long we keep your data
We keep personal data only as long as necessary for the purposes in this Policy, then delete or anonymise it. Our retention periods are set out in our Data Retention Schedule, which is the controlling document; the list below is an indicative summary.
Account and profile data — Life of account + 90 days after closure.
Messages and content — 12 months (governance retention standard); soft-deleted on user request.
Safety, moderation and CSAM-reporting records — At least 2 years; retained for the duration of any investigation or legal proceedings plus 6 years.
Consent records — Duration of the account + 7 years.
Payment and transaction records — 6 years (tax / limitation period).
Age-assurance records— Confirmation of age status retained while the account is active. Identity document and biometric data processed by Stripe Identity — retained by Stripe under Stripe’s data retention policy; Binder does not hold these.
Technical and usage logs — 12 months.
17. How we protect your data
We design the Platform with privacy and security in mind (‘privacy by design and by default’) and apply technical and organisational measures appropriate to the sensitivity of the data, including:
encryption of data in transit and at rest;
database-level encryption of messages at rest;
storage of account and profile data on Supabase with row-level security on every table;
passwords stored in a secured, hashed form that is not accessible to our staff;
server-side rounding of location coordinates to approximately 111 metres before storage;
least-privilege access controls, monitoring and logging;
fail-closed image scanning — images are not served until cleared by PhotoDNA; and
staff confidentiality obligations.
Your profile content and messages are not end-to-end encrypted and may be accessed by us for the purposes described in this Policy. No system can be guaranteed completely secure; we work to protect your data and to detect and respond to incidents, and we will notify you and the ICO of a personal data breach where required.
18. Your rights
Subject to conditions and exemptions in data protection law, you have the right to:
access your data;
have it corrected;
have it erased;
restrict or object to processing — including objecting to direct marketing and to profiling based on legitimate interests (section 12);
data portability;
withdraw consent at any time, including consent to Spectra / Dimension attributes or to location (section 8); and
request human review of any significant automated decision (section 12).
To exercise a right, contact us using the details in section 22. We respond within one month (extendable for complex requests) and there is normally no charge. We may need to verify your identity first. Some rights are not absolute — for example, we may need to keep certain data for safety or legal reasons even if you ask us to delete it.
19. How to complain
If you are unhappy with how we have handled your personal data, please contact us first — including through our Data Protection Complaints Procedure — so we can try to put it right. You also have the right to complain to the Information Commissioner’s Office (ICO): ico.org.uk; helpline 0303 123 1113; Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
20. Third-party links and services
The Platform may link to or integrate third-party websites or services we do not control. This Policy does not apply to them, and we are not responsible for their privacy practices. Please review their privacy notices before sharing your data.
21. Changes to this Policy
We may update this Policy from time to time. If we make material changes, we will notify you through the Platform or by email before they take effect. The version and date at the top show when it was last revised.
22. Contact us
For any question about this Policy or your personal data, contact our Data Protection Officer at:
Or at Binder Community Limited, 15 Montpellier Vale, London SE3 0TA. Controller: Binder Community Limited (Co. No. 17058768). If you need this Policy in an accessible format, please contact us and we will help.

Last updated: June 2026