Leftovers.

Privacy

In plain English: we collect what we need to match you with people, keep you safe, and run the service. We don't sell your data. We never will.

Last updated: April 24, 2026

This is an early-access draft. The version that will govern your account when we launch to paying members will be reviewed by counsel and expanded. Questions in the meantime: hello@leftovers.love.

What we collect

To run a dating service we collect a normal set of things:

  • Account basics. Your email address, and when you sign in, authentication metadata handled by Amazon Cognito (password hash, multi-factor enrollment, session tokens).
  • Profile you give us. First name, birth date, gender, pronouns, orientation, city/state, the people you’re open to dating, age range and distance, up to six photos, three prompt answers, optional cause tags, and an optional “last thing I showed up for” line.
  • Coarse location. City, state, and an approximate latitude/longitude we use to compute distance for matching. We never display precise coordinates to anyone — yours or anyone else’s.
  • Activity. Likes you send, matches, message content, reports, blocks, read receipts (when you have a paid plan), and the fact that you logged in.
  • Payment. If you subscribe, we store a Stripe customer ID and subscription status. We do not see or store your card number — Stripe handles that directly.
  • Device and usage. Standard web server logs (IP, user agent, request path), and product analytics events (signup completed, profile published, match created, etc.) through PostHog.

Why we collect it

  • To let you sign in and keep your session secure.
  • To show your profile to compatible people and theirs to you.
  • To compute matches using your preferences and proximity.
  • To keep the community safe: verifying photos, detecting romance-scam patterns, investigating reports, and enforcing our Terms.
  • To process payments and manage your subscription.
  • To improve the product — figure out where the onboarding trips people up, what prompts actually lead to conversations, and which safety tools are getting used.

Who we share it with

We share only the minimum required for the service to function, and only with providers bound by their own privacy obligations:

  • Amazon Web Services — hosting, database, storage.
  • Amazon Cognito — authentication.
  • Stripe — subscription payments.
  • Amazon SES — sending you transactional email.
  • Amazon Rekognition — photo moderation and selfie-to-profile face matching. Photos stay inside AWS.
  • OpenAI Moderation — flagging harmful text in messages. Message bodies are sent to OpenAI’s moderation endpoint, which does not use the content for model training.
  • PostHog — product analytics.
  • Sentry — application error tracking.

We do not sell your data. We do not share it with advertisers. We do not run ads on Leftovers. Your messages are not read by a human unless they’re reported, moderation flags them, or the law requires us to.

Your rights

  • Access and export. You can request a copy of your data at any time.
  • Correction. Edit any profile field from your account settings, or ask us to correct something if you can’t.
  • Deletion. Delete your account from settings. We remove your profile and photos within 7 days and retain only what we need for safety (reports you were involved in) and legal reasons (payment records for tax purposes), for as long as required.
  • Portability. On request, we’ll export your data in a machine-readable format.
  • Opt out of analytics. Use your browser’s Do-Not-Track or Global Privacy Control signal and we’ll respect it for analytics.

Cookies

Session cookies for authentication (required for you to stay logged in), a CSRF cookie on state-changing requests (required for security), and a PostHog analytics cookie (not required — opt-out supported).

Security

Data at rest is encrypted in AWS-managed stores. Traffic between you and the site is TLS-encrypted. Photos are served via signed URLs and never exposed to search engines. We enforce rate limits on authentication and reporting endpoints and review security patches on our dependencies continuously. No system is perfectly safe — if you spot something, please email us at hello@leftovers.love.

Children

Leftovers is for adults only. You must be at least 18 to use the service. We do not knowingly collect information from anyone under 18. If you believe we have, email us and we will delete it.

International users

Leftovers is operated from the United States. Your data is processed and stored in the US. If you’re outside the US, using the service constitutes your consent to that transfer.

Changes

When we change anything meaningful, we’ll email you and update the “Last updated” date at the top.

Contact

Questions, requests, complaints — hello@leftovers.love.