Privacy
Your data, in plain language.
What we collect, why we collect it, who we share it with, and what you can ask us to do with it. No legal jargon where plain English will do.
Effective May 22, 2026
1. Who we are
Found is a US-only matchmaking service for adults who want a spouse. We are launching in the Houston metro and expanding from there. This policy covers our website, our application, and any communication we send you.
References to “Found,” “we,” “us,” and “our” mean the team behind the service. References to “you” mean a visitor, a waitlist subscriber, or a member.
2. What we collect
We only collect information that helps us run the service.
When you join the waitlist
- Your email address.
- What you are looking for (a wife or a husband).
- Optional: your region in the US, and your age band.
We set a cookie named found_waitlist_id in your browser so you can return to your status page without re-entering your email. It is HTTP-only, same-site lax, and expires after ninety days.
When you create an account
- Your email address (used as your login).
- Your first and last name.
- Your date of birth.
- Your region in the US.
- Your role (whether you are looking for a wife or a husband).
Account creation is invite-only during the founding cohort. We authenticate you with one-time email links (“magic links”). We do not store a password, because there is no password.
When you complete your profile
- A short written bio.
- Whether you have been married before.
- Whether you have children, and whether you want children.
- Your stated marriage intent.
- Up to six photos.
Photos are stored in a private bucket. They are served to your match through signed, time-limited URLs, and they are never made available to anyone outside your active match or our review team.
When you verify your identity
Identity verification happens through a third-party identity provider (currently Stripe Identity). You upload a government-issued ID and a selfie to that provider, not to us. We receive only a verification status (pending, verified, or failed) and a reference identifier. The ID document itself stays with the identity provider under their own privacy policy.
When you use the matching surface
- Your queue status (idle, queued, matched, or paused).
- Your active match, if any, including the timestamps for your “continue” and “ready to meet” signals.
- A history of your past matches, for safety and audit purposes.
When you chat with your match
- The full content of your messages with your match.
- Timestamps and read receipts.
Messages are immutable once sent. Neither you nor we can edit the body or change the sender after the fact. This is a safety property, not a feature. We retain message history for the life of the account so our trust-and-safety team can triage reports honestly.
When you report or block someone
- The reason and notes you provide.
- The match the report relates to.
- The identifier of the person you reported or blocked.
Activity metadata
- The last time you were active in the application.
- The last time we sent you certain emails (to throttle frequency).
- Standard server logs (IP address, user agent, timestamp) retained briefly for security and abuse prevention.
What we do not collect
- We do not run third-party advertising trackers.
- We do not run product analytics tools (such as PostHog, Segment, or Mixpanel) at this time.
- We do not run third-party error reporting (such as Sentry) at this time. If we add it for stability reasons, we will update this policy.
- We do not collect your contacts, calendar, precise location, or any data from outside the Found application.
- We do not use your profile, your messages, or any other content you create on Found to train artificial intelligence or machine-learning models.
3. Why we collect it
- To run the service. Authenticate you, show you your match, deliver your messages, verify your identity, and let you return to your application from where you left off.
- To keep members safe. Triage reports, enforce blocks, prevent re-pairing of blocked members, detect repeat patterns, and protect against fraud.
- To send transactional email. Magic-link logins, approval notifications, new-match alerts, new-message alerts when you are away from the app, and ready-to-meet signals.
- To improve the product. We may aggregate anonymous usage patterns to understand what is working. We do not build behavioral profiles for advertising or third-party sharing.
- To meet legal obligations. Responding to lawful requests and defending claims.
4. Who we share it with
We do not sell your personal information. Ever. We share it with the minimum set of vendors required to operate the service, and with our internal review team.
Subprocessors
- Supabase. Our database, authentication, file storage, and realtime provider. Hosts your account data, your profile, your photos, and your messages.
- Resend. Sends our transactional email. Receives the recipient email address, the subject line, and the body of the message being sent.
- Stripe Identity. Verifies your government-issued ID and selfie. Holds the documents you upload, and returns a verification status to us.
Each vendor has its own privacy policy and processes your data under a contract with us. If we add a subprocessor, we will update this list and (for material additions) notify active members by email.
Our review team
During the founding cohort, the founder personally reviews every application, every report, and every block. As the service grows, additional reviewers will join under written confidentiality obligations. Reviewers see your profile, your photos, your match history, and the messages directly relevant to a report.
Legal compliance
We will disclose information when required by valid legal process, when we believe it is necessary to protect someone from imminent harm, or when we believe it is necessary to defend our rights. We will tell you about a request unless legally prohibited from doing so.
Business transfers
If Found is sold, merged, or otherwise reorganized, your information may transfer to the successor entity. We will notify you in advance, and you will retain the rights described in the next section.
5. How long we keep it
- Waitlist entries. Until you ask us to delete you, or until we close the waitlist and no longer need them.
- Active account data. For as long as your account is active.
- Message history. While the match is active, and while we may need it to respond to safety reports.
- Reports and blocks. Indefinitely, so we can prevent rematching of blocked pairs and detect repeat patterns.
- Audit logs. Retained for a period appropriate to detect and respond to security incidents.
- After account deletion. We will remove your profile and your photos within thirty days. We may retain a minimal record (your email address, the fact that an account once existed, and any safety actions taken against the account) to enforce our terms.
6. Your rights
You can exercise any of the rights below by emailing us at coltonje95@gmail.com. We will respond within forty-five days.
- Access. Ask for a copy of the personal information we hold about you.
- Correction. Ask us to correct information that is wrong. You can also edit most of this yourself from your profile.
- Deletion. Ask us to delete your account and your data, subject to the retention notes above.
- Portability. Ask for your data in a machine-readable format.
- Withdraw consent. Where we rely on your consent (for example, for optional profile fields), you may withdraw it.
Texas residents (TDPSA)
The Texas Data Privacy and Security Act gives Texas residents the rights listed above plus the right to appeal a denial. We do not sell personal information, we do not engage in targeted advertising, and we do not engage in profiling that produces legal or similarly significant effects, so the related opt-out rights do not apply to our use.
California residents (CCPA and CPRA)
California residents have the rights listed above. We do not sell or share your personal information for cross-context behavioral advertising. We do not use sensitive personal information for any purpose beyond what is necessary to provide the service you signed up for.
Verifying your request
To protect your account, we may ask you to confirm your identity before fulfilling a request. If we cannot verify the request, we will tell you why.
7. Security
We take security seriously because the trust required to use Found is real. Concretely:
- All connections to our service are encrypted in transit (HTTPS).
- Database content, file storage, and authentication credentials are encrypted at rest by Supabase.
- Database access is governed by row-level security policies that limit each user to their own data, plus what the matching surface and the chat explicitly expose.
- Photos are stored in a private bucket and served only through signed, short-lived URLs to the recipients allowed to see them.
- Messages are immutable at the database level. Neither members nor staff can rewrite a sent message.
- Reviewer actions are logged.
No system is perfectly secure. If we discover a breach affecting your data, we will notify you without undue delay and tell you what happened, what we are doing about it, and what you can do.
8. Children
Found is for adults. You must be eighteen or older to use the service. We do not knowingly collect information from anyone under eighteen. If you believe a minor has created an account, contact us and we will remove it.
9. Outside the United States
Found operates only within the United States. The service is not directed to residents of any other country, and our subprocessors host data in the United States. If you are accessing the service from outside the US, your information will be transferred to and processed in the United States.
10. Cookies
We use a small number of cookies. We do not use third-party tracking cookies.
- Session cookies set by Supabase auth. Keep you signed in while you use the application. HTTP-only, same-site lax.
found_waitlist_id. Lets you return to your waitlist status page without re-entering your email. HTTP-only, same-site lax, ninety-day expiry.
You can clear cookies in your browser at any time. Doing so will sign you out and require you to re-enter your email to look up a waitlist status.
11. Changes to this policy
We will update this policy when our practices change. Material changes will be announced by email to active members, and posted on this page with an updated effective date.
12. Contact
Questions about this policy, requests under your rights, or concerns about something specific can go to coltonje95@gmail.com. A real person will respond.
Last updated May 22, 2026. See also our Terms of Service.