Privacy Policy
Effective Date: February 23, 2026 · Last Updated: February 23, 2026
1. Introduction
CodeCraft Interactive LLC (“we,” “us,” or “our”) operates the WildSoul mobile application (the “App”) and related services (collectively, the “Service”). This Privacy Policy describes how we collect, use, disclose, and protect your personal data when you use our Service.
We are committed to protecting the privacy and safety of our users. WildSoul is a social and dating platform designed for the therian community, and we recognize that the personal data we process may include sensitive information related to personal identity and self-expression.
Data Controller: CodeCraft Interactive LLC, 1032 E Brandon Blvd #7186, Brandon, FL 33511, United States. Contact: privacy@wildsoul.app.
2. Scope and Applicability
This Privacy Policy applies to all users of the WildSoul App worldwide. Depending on your location, additional rights and protections may apply:
- European Economic Area (EEA) and Switzerland: General Data Protection Regulation (GDPR)
- United Kingdom: UK General Data Protection Regulation (UK GDPR)
- Brazil: Lei Geral de Proteção de Dados (LGPD)
- Japan: Act on the Protection of Personal Information (APPI)
- California, USA: California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA)
Region-specific provisions are detailed in Section 11.
3. Data We Collect
3.1 Data You Provide
| Category | Examples | Purpose |
|---|---|---|
| Account Data | Email address, password (hashed), date of birth | Account creation, age verification (18+) |
| Profile Data | Display name, bio, photos, theriotype, shift types, awakening year, interests | Profile display, matching algorithm |
| Identity Data | Theriotype identity, shift experiences | Community matching, personalized experience |
| Communication Data | Chat messages, howls, pawprints | Message delivery between matched users |
| Payment Data | Subscription tier, transaction IDs (processed by Apple/Google via RevenueCat — we do not store card numbers) | Subscription management |
| Support Data | Emails to support, bug reports, feedback | Customer support, service improvement |
3.2 Data Collected Automatically
| Category | Examples | Purpose |
|---|---|---|
| Location Data | GPS coordinates (with your permission) | Show nearby users, calculate distances |
| Device Data | Device model, OS version, app version, unique device identifiers | Technical support, crash diagnostics |
| Usage Data | Swipe patterns, session duration, feature usage | Service improvement, analytics |
| Log Data | IP address, access times, error logs | Security, fraud prevention, debugging |
3.3 Sensitive Data
We recognize that your theriotype identity and shift experiences may be considered sensitive personal data under certain privacy regulations (particularly GDPR and APPI). We process this data only with your explicit consent and solely for the purpose of enabling the core functionality of the Service (matching you with compatible community members).
4. Legal Basis for Processing
We process your personal data on the following legal bases:
| Legal Basis | Data Categories | Applicable Regulations |
|---|---|---|
| Consent | Location, theriotype identity, shift data, marketing emails, analytics | GDPR Art. 6(1)(a), LGPD Art. 7(I), APPI |
| Contract Performance | Account data, profile data, communication data | GDPR Art. 6(1)(b), LGPD Art. 7(V) |
| Legitimate Interest | Usage data, device data, log data (security, fraud prevention, service improvement) | GDPR Art. 6(1)(f) |
| Legal Obligation | Data retention for tax/financial records, law enforcement requests | GDPR Art. 6(1)(c) |
You may withdraw consent at any time through the App settings or by contacting us. Withdrawal does not affect the lawfulness of processing performed prior to withdrawal.
5. How We Use Your Data
- Provide, maintain, and improve the Service
- Match you with other users based on your preferences, theriotype, location, and interests
- Deliver real-time chat messages between matched users
- Process subscription payments and manage billing
- Send service notifications (new matches, messages, account alerts)
- Send marketing communications (only with your explicit consent; you can opt out at any time)
- Enforce our Terms of Service and Community Guidelines
- Detect and prevent fraud, abuse, and security threats
- Comply with legal obligations
- Conduct aggregated, anonymized analytics to improve the Service
6. Data Sharing and Disclosure
We do not sell your personal data. We share data only in the following circumstances:
6.1 With Other Users
Your profile information (name, age, bio, photos, theriotype, shifts, interests) is visible to other WildSoul users. Chat messages are shared only with your matched partners.
6.2 With Service Providers
| Provider | Data Shared | Purpose |
|---|---|---|
| MongoDB Atlas (MongoDB, Inc.) | All user data (encrypted at rest) | Database hosting |
| RevenueCat, Inc. | App user ID, subscription tier, entitlement status | In-app subscription management |
| Cloudinary Ltd. | Profile photos | Image storage and CDN |
| Apple / Google | Purchase receipts, subscription status | In-App Purchase processing |
| Railway / Fly.io / Render | Server logs, IP addresses | Application hosting |
All service providers are bound by data processing agreements and are prohibited from using your data for their own purposes.
6.3 Legal Requirements
We may disclose your data if required by law, court order, or governmental request, or to protect the rights, property, or safety of our users or the public.
6.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your personal data may be transferred as part of the transaction. We will notify you before your data becomes subject to a different privacy policy.
7. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Active account data | Duration of account | Service provision |
| Chat messages | Duration of match (deleted if unmatched) | Message delivery |
| Deleted account data | 30 days post-deletion, then permanently erased | Recovery window, fraud prevention |
| Payment records | Up to 7 years | Tax and legal compliance |
| Server logs | 90 days | Security and debugging |
| Anonymized analytics | Indefinitely | Service improvement (no personal data) |
8. Data Security
We implement industry-standard security measures to protect your data:
- Passwords are hashed using bcrypt with a cost factor of 12
- All data is encrypted in transit using TLS 1.2+
- Database encrypted at rest (MongoDB Atlas encryption)
- JWT-based authentication with token expiration and rotation
- Rate limiting to prevent brute-force and abuse
- Application runs as a non-root process in production containers
- Regular security dependency audits
No system is 100% secure. If you discover a security vulnerability, please report it to security@wildsoul.app.
9. Children's Privacy
WildSoul is strictly for users aged 18 and older. We do not knowingly collect personal data from anyone under 18. Age verification is required during account creation. If we learn that a user is under 18, we will immediately terminate their account and delete all associated data.
10. International Data Transfers
CodeCraft Interactive LLC is based in the United States. Your data may be transferred to and processed in the United States and other countries where our service providers operate. These countries may have data protection laws that differ from your jurisdiction.
For transfers from the EEA/UK, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements with all service providers
- Supplementary technical and organizational measures (encryption, access controls)
For transfers from Japan, we obtain your explicit consent for cross-border data transfers during onboarding, as required by APPI.
For transfers from Brazil, we rely on Standard Contractual Clauses or equivalent safeguards as permitted by the ANPD (Autoridade Nacional de Proteção de Dados).
11. Your Rights by Region
11.1 European Economic Area, UK, and Switzerland (GDPR / UK GDPR)
If you are located in the EEA, UK, or Switzerland, you have the following rights:
- Right of Access — Request a copy of all personal data we hold about you.
- Right to Rectification — Request correction of inaccurate or incomplete data.
- Right to Erasure — Request deletion of your personal data (“right to be forgotten”).
- Right to Data Portability — Receive your data in a structured, machine-readable format (JSON).
- Right to Restrict Processing — Request limitation of processing in certain circumstances.
- Right to Object — Object to processing based on legitimate interests or for direct marketing.
- Right to Withdraw Consent — Withdraw consent at any time via App settings or email.
To exercise these rights, use the in-app data management tools (Settings → Privacy) or contact us at privacy@wildsoul.app. We will respond within 30 days.
You have the right to lodge a complaint with your local Data Protection Authority.
11.2 Brazil (LGPD)
If you are located in Brazil, you have the following rights under the LGPD:
- Confirmation of the existence of data processing
- Access to your personal data
- Correction of incomplete, inaccurate, or outdated data
- Anonymization, blocking, or deletion of unnecessary or excessive data
- Data portability to another service provider
- Deletion of personal data processed with your consent
- Information about public and private entities with which your data has been shared
- Information about the possibility of denying consent and the consequences thereof
- Withdrawal of consent
Encarregado (DPO): Marco A., Managing Member — privacy@wildsoul.app
11.3 Japan (APPI)
If you are located in Japan, you have the following rights under the APPI:
- Request disclosure of your personal data held by us
- Request correction, addition, or deletion of your data if it is inaccurate
- Request cessation of use or erasure if data was obtained improperly
- Request cessation of provision of your data to third parties
We will obtain your explicit consent before transferring your personal data outside Japan.
Sensitive Information: Under APPI, we treat your theriotype identity and shift experiences as requiring explicit consent for processing. This consent is obtained during onboarding.
11.4 California, USA (CCPA/CPRA)
If you are a California resident, you have the following rights:
- Right to Know — Request disclosure of the categories and specific pieces of personal information we have collected.
- Right to Delete — Request deletion of your personal information.
- Right to Correct — Request correction of inaccurate personal information.
- Right to Opt-Out of Sale — We do not sell personal information. No opt-out is necessary.
- Right to Non-Discrimination — We will not discriminate against you for exercising any CCPA rights.
Do Not Sell My Personal Information: We do not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration.
To exercise your rights, email privacy@wildsoul.app or use the in-app tools. We will verify your identity and respond within 45 days.
12. Cookies and Tracking
The WildSoul mobile App does not use browser cookies. Our website (wildsoul.app) uses limited cookies as described in our Cookie Policy. We do not use third-party advertising trackers in the App.
13. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you via in-app notification and/or email at least 30 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.
14. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us:
- Email: privacy@wildsoul.app
- Mail: CodeCraft Interactive LLC, 1032 E Brandon Blvd #7186, Brandon, FL 33511, United States
- Data Protection Contact: Marco A., Managing Member
- Support: support@wildsoul.app
This Privacy Policy was last updated on February 23, 2026.