Privacy Policy

1. Who we are

Khetha is operated by NEXUSIUM PRIMUS LLC ("Khetha", "we", "us"), a limited liability company formed in New Mexico, United States. We are the controller of your personal information. You can reach us at privacy@khetha.app.

2. What this policy covers

This policy describes how we collect, use, store, and share your personal information when you use the Khetha mobile and web app. Most of our users are in South Africa, so it is written to comply with the Protection of Personal Information Act, 2013 ("POPIA"); where the EU or UK GDPR applies to you, we honour those rights too.

3. Information we collect

• Account: your name, email address, phone number, and date of birth (used to confirm you are 21+).
• Profile: your gender, photos, prompts, bio, and the values you choose to share.
• Location: the approximate location you provide or allow, used to show you nearby people.
• Activity: your likes, passes, matches, and the messages you send and receive.
• Device & technical: device type, app version, IP address, and diagnostic logs.
• Payment: if you subscribe, your purchase and subscription status. We never see or store your card number — payments are handled by Google Play / RevenueCat (Android) or our web payment processor, Stripe (web and iPhone).

4. Why we use it (purpose and lawful basis)

Under POPIA section 11 our lawful bases are your consent (given when you create your account) and the performance of our agreement with you. We use your information to:

• Create and run your account and show you potential matches.
• Enable messaging, matching, and the one-match-at-a-time experience.
• Keep Khetha safe — verify your age, moderate photos and content, and action reports.
• Process subscriptions and prevent fraud and abuse.
• Provide support and tell you about important changes.

5. Who we share it with

We do not sell your personal information. We share it only with service providers necessary to run Khetha, each bound by its own contractual privacy commitments:

• DigitalOcean — application hosting and managed database (London, UK).
• Cloudflare — DNS, edge delivery, and cookieless analytics.
• Twilio — phone-number verification (SMS).
• Resend — transactional email (for example, password resets).
• Amazon Web Services (Rekognition) — automated photo moderation.
• Google Play / RevenueCat and Stripe — subscription billing and payment processing.

6. Cross-border transfer

We are a US-formed company and some of our providers are in the United States, the United Kingdom, and the EU. Your information may therefore be processed outside South Africa. We rely on the contractual safeguards offered by these providers (including standard contractual clauses where applicable) to protect it.

7. How long we keep it

We keep your information for as long as your account is active. When you delete your account it is deactivated immediately and your data is irreversibly purged within 72 hours, except a minimal tombstone record we keep to honour the deletion, and any records the law requires us to retain (such as transaction records). See the Delete account page.

8. Your rights

You can access, correct, and delete your personal information, object to or restrict certain processing, and withdraw consent at any time (for example by deleting your account in Settings). To exercise any right, email privacy@khetha.app; we respond within 30 days. Under POPIA you may complain to the Information Regulator of South Africa; if the GDPR/UK GDPR applies to you, you may complain to your local supervisory authority.

9. Children

Khetha is strictly for adults aged 21 and over. We do not knowingly collect information from anyone under 21. See our Child Safety Standards.

10. Cookies

Our website uses no tracking cookies; our analytics provider (Cloudflare Web Analytics) is cookieless. See our Cookie Notice.

11. Changes to this policy

If we materially change this policy we will publish a new version with a new effective date and, where appropriate, notify you in the app or by email.