Privacy Policy

Last Updated: 30.03.2026

This Privacy Policy describes how RUUM ("we", "us", or "our") collects, uses, and processes personal data in connection with the use of our mobile application and website (the “Services”).

RUUM is committed to protecting your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

By using our Services, you acknowledge that you have read and understood this Privacy Policy.

1. Data Controller

The data controller responsible for your personal data is:

RUUM
RUUM SPA
VIA MILANO 19, FI, 50136
Email: ruum.internal.team@gmail.com

2. Personal Data We Collect

We may collect and process the following categories of personal data:

a. Identification and Account Data

  • First name

  • Date of birth / age

  • Gender (optional)

  • Email address

b. Profile Data

  • Photos

  • Lifestyle preferences

  • Interests, habits, and personal descriptions

  • Occupation

  • Languages spoken

c. Usage Data

  • App interactions (matches, likes, messages)

  • Filters and preferences

  • Log data (IP address, device type, operating system)

d. Location Data

  • City-level location provided by the user

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contractual necessity (Art. 6(1)(b) GDPR)
    To provide the Services and enable matching functionality

  • Consent (Art. 6(1)(a) GDPR)
    For optional features (e.g., marketing communications, profile visibility beyond the app where applicable)

  • Legitimate interests (Art. 6(1)(f) GDPR)
    To improve our Services, ensure platform security, and prevent fraud

4. Purposes of Processing

Your personal data is processed for the following purposes:

  • To create and manage your account

  • To match you with compatible users

  • To enable communication between users

  • To personalize your experience

  • To send service-related communications

  • To improve and optimize our Services

  • To ensure safety, prevent fraud, and enforce terms

Public Profile Visibility

Your profile (including first name, age, city, preferences, and images) may be visible to other users and may also be accessible via web-based profiles.

Such profiles may be indexed by search engines.

Social Sharing

When your profile link is shared, certain data (such as your profile image and basic information) may be displayed as preview content.

5. Data Sharing

We may share your personal data with:

  • Other users (based on matching or interaction)

  • Service providers (hosting, analytics, authentication providers) acting as data processors

  • Professional advisors (legal, accounting) where necessary

  • Authorities where required by law

In the event of a merger, acquisition, or sale, your data may be transferred to the new entity.

6. International Data Transfers

Your data may be transferred outside the European Economic Area (EEA).

In such cases, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission

  • Adequacy decisions where applicable

7. Data Retention

We retain personal data only for as long as necessary:

  • For the duration of your account

  • As required by legal obligations

  • For the establishment, exercise, or defense of legal claims

Inactive accounts may be deleted or anonymized after a reasonable period.

8. Your Rights

Under GDPR, you have the following rights:

  • Right of access (Art. 15)

  • Right to rectification (Art. 16)

  • Right to erasure (“right to be forgotten”, Art. 17)

  • Right to restriction of processing (Art. 18)

  • Right to data portability (Art. 20)

  • Right to object (Art. 21)

  • Right to withdraw consent at any time

You also have the right to lodge a complaint with a supervisory authority (e.g., Garante per la Protezione dei Dati Personali in Italy).

To exercise your rights, contact:
[insert email]

9. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Ensure proper functionality of the Services

  • Store preferences

  • Analyze usage

Where required by law, cookies are used only with your consent.

10. Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encryption (where applicable)

  • Access control systems

  • Secure infrastructure

However, no system can guarantee absolute security.

11. Age Limitation

The Services are intended for individuals aged 18 or older.

We do not knowingly collect data from minors. If we become aware of such data, it will be deleted promptly.

12. Automated Decision-Making

RUUM uses algorithmic matching to suggest compatible users.

This does not produce legal or similarly significant effects under Article 22 GDPR.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically.

Material changes will be communicated via the Services or email where appropriate.

14. Contact

For any questions regarding this Privacy Policy or data protection matters:

Email: ruum.internal.team@gmail.com