Privacy Notice

This Privacy Notice explains what information Up2 collects when you use the Service, how we use it, and the choices you have. By using Up2 you agree to the practices described here.

The Service is operated by TRULY INC LIMITED (UP2) (“we”, “us”, “our”), with its registered address at 483 Prime Apartments, Green Lanes, London, N13 4FG, United Kingdom. For the purposes of the EU and UK General Data Protection Regulation, we are the data controller of the personal information described in this Notice.

We collect the following categories of information:

• Account data: email address, display name, password hash, and profile information you choose to provide (such as interests, photos, and dating preferences).
• Age-verification data: the signals required to confirm you are 18 or older. Sensitive identity documents, where collected by a verification provider, are processed by that provider and are not stored by Up2 long-term.
• Session and device data: IP address (hashed before storage), device type and OS, app version, language, and approximate region.
• Abuse-prevention signals: a one-way hash of your email address and the request IP address at sign-up. These identifiers let us enforce age-eligibility bans and daily-usage limits across account deletion and re-creation, so the same person cannot delete their account and immediately sign up again to reset usage limits or bypass a ban. We never store or share the original email or IP for this purpose.
• Usage data: the modes you use, pairings made, in-app actions, and moderation events. We do not record video or audio sessions by default.
• Subscription and payment metadata: plan, status, and billing identifiers from our payment processors. We do not store your full card number.
• Support and reports: messages you send us, abuse reports you file, and the content (such as profile snapshots) relevant to those reports.

We use the information we collect to:

• operate, secure, and improve the Service;
• pair you with other users and run video sessions;
• enforce our Terms, moderate behavior, and respond to abuse reports;
• verify age and detect duplicate or fraudulent accounts;
• process subscriptions, handle billing, and prevent payment fraud;
• send service messages (such as account, billing, and safety notifications);
• comply with legal obligations and respond to lawful requests.

We share limited information with the providers that power the Service. Each acts under a contract that restricts their use to the purposes we direct.

• Convex — backend and database hosting.
• LiveKit — real-time video and audio infrastructure for live sessions.
• Better Auth — account authentication.
• Sightengine — automated visual content moderation (profile photos and sampled call frames).
• Stripe — web payments and subscription billing.
• Apple — iOS in-app purchase processing.
• Email and push providers — transactional email and mobile push notifications.

We do not sell your personal information. We do not share your information with advertisers for cross-context behavioral advertising.

Live video and audio are relayed through our media provider in real time. We do not record sessions by default. Moderation systems may sample frames or audio during a session to detect policy violations; signals derived from that sampling, not the raw media, are what we retain.

We keep account data while your account is active and for a limited period afterwards to handle disputes, fulfill legal obligations, and prevent abuse (such as evasion of bans or circumvention of free-tier usage limits). Moderation logs and abuse-report evidence are kept for as long as needed to enforce our Terms. Subscription and billing records are kept for the period required by tax and accounting law.

When you delete your account, we wipe your profile, history, and other per-user data. We retain a small set of one-way hashed identifiers (such as a salted hash of your sign-up email and IP address) beyond deletion so that age-eligibility bans and daily-usage limits cannot be reset by deleting and re-creating an account. These hashed identifiers are pruned on a short schedule once they are no longer useful for the gate they support.

You can review and update your profile, manage notification preferences, and delete your account from in-app settings. Depending on where you live, you may also have the right to access, correct, port, or delete the personal information we hold about you, to object to or restrict certain processing, and to lodge a complaint with your local data-protection authority. To exercise these rights, email us at the address below.

We use industry-standard technical and organizational measures to protect your information, including encryption in transit, hashed credentials, and limited internal access. No system is perfectly secure; please use a strong, unique password and report any suspected compromise immediately.

Up2 is for adults aged 18 or older. We do not knowingly collect information from anyone under 18. If you believe a minor has provided us with information, contact us and we will delete it.

We operate globally and may process your information in countries other than your own. Where required, we put appropriate safeguards in place for international transfers.

We may update this Notice from time to time. When we make material changes, we will update the “Last updated” date and, where appropriate, notify you in the Service.

Privacy questions or requests can be sent to privacy@up2.chat or by post to 483 Prime Apartments, Green Lanes, London, N13 4FG, United Kingdom.