This update adds clarifications around content moderation, face verification, admin access, and the lifestyle / identity fields users can optionally fill on their profile. Existing consents remain valid; we do not collect anything new without your action.
Optional lifestyle & identity fields: 19 new optional profile fields (pronouns, sexuality, ethnicity, religion, politics, drinking, smoking, marijuana, drugs, diet, relationship type, family plans, education, job, university, pets, languages, zodiac). All default to "prefer not to say" and can be edited or cleared at any time.
Automated content moderation: Photos run through AWS Rekognition for nudity / violence / weapons / drugs / minors / hate-symbol detection. Chat messages and profile text run through OpenAI's moderation API plus a multi-language profanity filter. Results are logged for audit and used solely to enforce community safety.
Optional face verification: Users may submit three-angle selfies that are compared against profile photos via AWS Rekognition Liveness + CompareFaces. Verification is opt-in and grants a "Verified" badge plus a small Discover Feed Rank bonus. Selfies are deleted after verification completes.
Admin / moderation access: Ranked moderators may review your profile, chat history, or pearl messages in three specific situations: (a) another user reports you, (b) safety systems flag your account, (c) you contact support. Every access is logged in an append-only audit table with timestamp, reason, and reviewing admin. Logs are retained for 2 years (PIPEDA-aligned) then deleted. Moderators do not browse profiles for entertainment.
CSAM detection: If our automated systems detect content depicting a minor in an explicit context, we are required to report to the National Center for Missing & Exploited Children (NCMEC, U.S.) and the Royal Canadian Mounted Police (RCMP, Canada) as mandated by Canadian and U.S. law. Reports include the offending content and account metadata.
Pearl & Reach unification: What we previously called "Reach credits" (1:1 messages at venues / events) is now part of a single "Pearl" weekly currency, which also covers Discover super-likes. We have not changed how messages are stored or accessed; the change is naming + UI only.
Ranked Inc. ("Ranked", "we", "us", "our") is committed to protecting your privacy in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws. This policy explains how we collect, use, disclose, and protect your personal information.
1. Information We Collect
We collect the following personal information when you create and use a Ranked account:
Account Information:
Phone number or email address (for authentication and account security)
First name and date of birth (for profile display and age verification)
Gender and gender preference (for matching)
Profile Information:
Photos you upload (for profile display to other users)
Bio text and prompt responses (for profile display)
Interests and lifestyle tags (for compatibility matching)
Relationship status and dating intention (for matching preferences)
Instagram handle (optional, for profile enrichment)
Location Data:
GPS coordinates (for distance-based matching)
City name (for regional features and event discovery)
IP address (recorded with consent actions for legal compliance)
2. Why We Collect Your Data (Purpose)
Account authentication: To verify your identity and secure your account
Profile display: To show your profile to potential matches
Matching: To connect you with compatible users based on preferences, location, and interests
Messaging: To enable communication between matched users
Behavioral scoring: To encourage genuine engagement and calculate your presence score
Event discovery: To show relevant events and venues near you
Safety: To detect and prevent abuse, fraud, harassment, and policy violations
Service improvement: To analyze aggregate usage patterns and improve features
Notifications: To send important account alerts (matches, messages) and, with your consent, marketing communications
Legal compliance: To meet our obligations under Canadian law
3. Where Your Data Is Stored
Your personal information is stored and processed on servers operated by Supabase Inc., which uses Amazon Web Services (AWS) infrastructure located in US-East (United States).
Important: By using Ranked, you consent to your personal data being transferred to and processed in the United States. While in the United States, your data may be subject to disclosure under US laws, including to US government agencies under the USA PATRIOT Act, the CLOUD Act, or other applicable US legislation.
We have contractual safeguards in place with our infrastructure providers to ensure your data receives a comparable level of protection to that required under Canadian law.
Security measures:
Databases are encrypted at rest and in transit
Row Level Security (RLS) ensures users can only access their own data
Profile photos are stored in secure cloud storage with access controls
We do not sell your personal data to any third party.
Your profile information (name, photos, bio, age) is visible to other Ranked users as part of the matching experience. This is the core function of the service.
We share data with the following service providers who process data on our behalf:
Supabase Inc. — Database hosting, authentication, storage (US-East)
Amazon Web Services — Infrastructure (US-East-2)
Amazon Rekognition — Photo content moderation, automated NSFW / violence / weapons / drugs / hate-symbol / minor-content scanning before storage (US-East-1). Photo bytes are sent to Rekognition transiently; AWS does not retain them.
OpenAI L.L.C. — Text content moderation for chat and Pearl messages via the omni-moderation-latest API (US). Per OpenAI's API data-use policy, prompts sent to the moderation endpoint are NOT used to train models and are not retained beyond their abuse-monitoring window (max 30 days).
Apple Inc. (StoreKit 2) — Payment processing for in-app purchases. Apple receives transaction metadata; we receive only the receipt, transaction id, and product id.
Expo / EAS — Push notification delivery (US)
Twilio Inc. — SMS delivery for phone-based one-time passcodes during sign-in (US)
We may also disclose personal information:
When required by law, court order, or government request
To protect the safety, rights, or property of our users or the public
In connection with a merger, acquisition, or sale of assets (with notice)
5. Data Retention
Account data: Retained while your account is active. Deleted immediately upon account deletion.
Photos: Deleted immediately upon account deletion or photo removal.
Messages: Deleted when either participant deletes their account.
Analytics: Retained while your account is active and deleted with the rest of your account data on deletion.
Score history: Deleted upon account deletion.
Location: Not stored permanently. Used only for real-time distance calculation.
Backups: Supabase point-in-time recovery snapshots may retain a copy of your data for up to 30 days after deletion before being automatically purged.
IAP receipts and audit logs: Retained for 7 years to satisfy Canadian tax and dispute-resolution requirements.
CSAM and abuse reports: Retained indefinitely for legal-compliance and law-enforcement reporting purposes.
5b. Automated Decision-Making
Discover Feed Rank: who appears in your daily Discover queue is decided by a unified equation combining your preferences (gender, age, distance, intent) and a small set of behavioural signals (profile completeness, recent login, response speed, like/match rate, chips earned).
Reach score and segment: a 0–100 number derived from eight weighted factors. The number is hidden until enough behaviour has accumulated to make it meaningful.
Chip tier (Bronze / Silver / Gold / Ivory): derived from your verified check-in count per category, with a city-level percentile recalculation each month.
Host chip tier: derived from how many of your hosted activities had real attendees who checked in.
You can request human review of any of these decisions by emailing our Privacy Officer (see section 13 below). We will respond within 30 days. None of these processes are used to deny you essential access to the service.
6. Your Rights Under PIPEDA
Right of access: You can request a copy of all personal data we hold about you. Use the "Download My Data" feature in Settings, or contact us directly.
Right to correction: You can request correction of any inaccurate personal information. Most data can be corrected directly in your profile.
Right to deletion: You can delete your account and all associated data at any time from Settings.
Right to withdraw consent: You can withdraw consent for optional data processing (location, analytics, marketing) at any time from Settings > Manage Consents.
Right to complain: If you believe your privacy rights have been violated, you may file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.
We will respond to all privacy requests within 30 days. If additional time is needed (up to 30 additional days), we will notify you.
7. Location Data
Location data is classified as sensitive personal information under PIPEDA and requires express consent.
Ranked uses your device GPS coordinates to calculate distances between you and other users, and to show nearby events and venues. Your coordinates are stored on your profile for matching purposes.
You can revoke location permission at any time through your device settings. The app will continue to function with reduced features (distance-based matching will be unavailable).
8. Push Notifications (CASL Compliance)
Push notifications are governed by Canada's Anti-Spam Legislation (CASL).
Transactional notifications (match alerts, message notifications, event reminders) are sent as part of the service you requested and do not require separate consent.
Marketing notifications (weekly digest, spotlight features, tips and recommendations) are commercial electronic messages under CASL and require your express consent. These are off by default. You can manage preferences in Settings.
Every marketing notification identifies Ranked as the sender and includes a mechanism to unsubscribe.
9. Children's Privacy
Ranked is intended solely for individuals aged 18 and over. We do not knowingly collect personal information from anyone under 18.
Age is verified during onboarding through date of birth entry. If we become aware that a user is under 18, we will immediately suspend their account and delete all associated personal data.
10. Data Breach Notification
In the event of a data breach that poses a real risk of significant harm to individuals, we will:
Notify the Office of the Privacy Commissioner of Canada as soon as feasible
Notify affected individuals directly, including what information was involved, what we are doing about it, and steps they can take to protect themselves
Keep records of all breaches for a minimum of 24 months as required by PIPEDA
11. Accountability
Ranked has designated a Privacy Officer who is accountable for our compliance with PIPEDA and this policy. All privacy-related inquiries and requests should be directed to:
We may update this Privacy Policy from time to time. Material changes will be communicated through the app and may require renewed consent. The "Last updated" date at the top indicates when the policy was most recently revised.
Continued use of Ranked after changes to this policy constitutes acceptance of the updated terms. If you do not agree with the changes, you may delete your account at any time.