Privacy Policy
Christian Union
Operated by Lumis Inspira Ltd (Company number 16321581)
Version 1.4. Last updated 13 May 2026
1. Who we are
Christian Union is a faith-based dating service operated by Lumis Inspira Ltd, a company registered in England and Wales (company number 16321581). Our registered address is available on request.
In this Privacy Policy, "we", "us" and "our" refer to Lumis Inspira Ltd. "You" and "your" refer to any person who creates an account or uses the Christian Union app.
For the purposes of UK data protection law, Lumis Inspira Ltd is the data controller in respect of your personal data.
If you have any questions about this policy or how we handle your data, write to: privacy@christianunion.co.uk.
2. What this policy covers
This policy covers all personal data we collect when you use the Christian Union app, visit our website at christianunion.co.uk, or contact us by any means.
It does not cover third-party websites or services we link to. We recommend you read the privacy policies of any third party you interact with directly.
3. The data we collect about you
3.1 Data you give us directly
When you create an account and complete your profile, you provide:
- Identity information. Your first name, date of birth, sex and height.
- Faith information. Your denomination, faith journey, faith importance, a favourite Bible verse and an optional faith note.
- Profile content. Your dating intention, answers to up to three Top 3 prompts, a "Why I'm here" statement and a "One thing to know about me" field.
- Matching data. Your answers to a set of private structured questions about your values, outlook and approach to relationships. These answers are used only for compatibility matching and are never shown to other members.
- Lifestyle data. Your education, profession, company, languages spoken, cultural heritage, drinking, smoking and substance habits, whether you have or want children and your marriage timeline preference.
- Location. Your approximate location, expressed as a geographical point. We collect this for the purpose of distance-based matching. Your precise GPS coordinates are stored server-side and are never transmitted to other members.
- Photos. Up to six photographs of yourself, together with a live selfie captured during identity verification.
- Voice notes. Audio recordings attached to your Top 3 prompts and your "One thing to know" field. At least one voice note is required on your profile at all times.
- Notification preferences. Your in-app notification settings, including per-conversation mute and master notification toggles.
- Growth Feedback. If you opt in, tags and an optional short note submitted when you end a connection. This data is processed in pseudonymised form only (see Section 6).
3.2 Data we collect automatically
- Account data. The email address and authentication provider (Google or Apple) associated with your account, your unique user identifier and the date your account was created.
- Session data. The date and time of your most recent activity in the app, used to enforce our inactivity auto-pause policy.
- Subscription data. Your subscription status and transaction history, processed via RevenueCat.
- Push notification token. The device token used to deliver push notifications to you.
- Error and analytics data. Technical event data collected by PostHog (see Section 6) to help us understand how the app is used and diagnose technical problems. This data is associated with a pseudonymous device identifier, not your name.
3.3 Data generated through use of the service
- Connection and messaging data. The requests you send, the messages you exchange and the connection status between you and other members.
- Discover history. A record of which profiles you have seen, skipped or connected with, used to avoid showing you the same profile twice.
- Report data. If you report another member, we retain your report, the reason you gave and a snapshot of the last 30 messages in the conversation at the time of the report.
- Voice transcripts. When you record a voice note, the audio is transcribed privately by OpenAI Whisper for the purposes described in Section 6. The transcript is never shown to other members.
4. How we use your data and our legal basis for doing so
| Purpose |
Legal basis |
| Creating and managing your account |
Contract (Article 6(1)(b) UK GDPR) |
| Showing your profile to compatible members |
Contract |
| Matching you with other members |
Contract |
| Enabling messaging between members |
Contract |
| Identity verification |
Contract and Legal Obligation (preventing fraud) |
| Sending you push notifications |
Consent (Article 6(1)(a) UK GDPR); you may withdraw at any time in Settings |
| Automated content moderation |
Legitimate Interest (Article 6(1)(f) UK GDPR); keeping the community safe |
| Analytics and service improvement |
Legitimate Interest; understanding how the app is used |
| Safety, fraud prevention and ban enforcement |
Legitimate Interest and Legal Obligation |
| Growth Feedback synthesis |
Consent (opt-in only); you may withdraw at any time in Settings |
| Complying with legal requests |
Legal Obligation (Article 6(1)(c) UK GDPR) |
Where we process special category data (your religious beliefs and denomination, expressed as part of your profile), we rely on your explicit consent given when you create your account (Article 9(2)(a) UK GDPR). You may withdraw this consent at any time by deleting your account.
5. How long we keep your data
| Data |
Retention period |
| Active profile data |
Held while your account is active |
| Paused account data |
Held for up to 24 months from the date of your last activity. Accounts paused and inactive for 24 months are permanently deleted. We will notify you by email 30 days before deletion. |
| Messages |
Held while the connection exists. Deleted when a connection is removed or an account is deleted. Report evidence snapshots are retained for 7 years. |
| Discover history |
Held while your account is active |
| Ban evasion signature |
7 years from the date of permanent removal |
| Voice transcripts |
Held alongside the voice note; deleted when the note is deleted |
| Reports filed by you |
Retained as part of our safety records |
| Deleted account data |
All personal data is anonymised or deleted within 30 days of account deletion, except where retention is required by law or for safety purposes (ban evasion signatures, report evidence) |
6. Third-party data processors and infrastructure
We use the following third-party services to operate Christian Union. All processors are bound by data processing agreements and may only process your data according to our instructions.
- Website hosting. Cloudflare, Inc. (United States). Our marketing website (christianunion.co.uk) is hosted on Cloudflare Pages. Cloudflare processes visitor IP addresses and request metadata to serve pages and protect the site. Cloudflare is certified under the EU-US Data Privacy Framework. See cloudflare.com/privacypolicy.
- Waitlist form. Formspree, Inc. (United States). Email addresses submitted via the waitlist form on our marketing website are stored by Formspree on our behalf. Data is transferred under standard contractual clauses. See formspree.io/legal/privacy-policy.
- App infrastructure and hosting. Supabase (database, authentication and file storage, hosted in the West EU region, Ireland).
- Authentication. Google (if you sign in with Google) and Apple (if you sign in with Apple). We receive only the information each provider makes available to us. We do not receive your passwords.
- Identity verification. AWS Rekognition (Amazon Web Services). Your selfie and profile photos are submitted to Rekognition to confirm that you are a real person and that your selfie matches your profile photos. Rekognition processes this data in the European Economic Area.
- Voice note transcription. OpenAI Whisper, processed in the United States. When you record a voice note as part of your profile, the audio is transcribed privately by OpenAI Whisper for content moderation purposes. The transcript is never shown to other members. Transcripts are stored alongside the voice note and follow the same retention rules. They are not used to train AI models or for voice synthesis. OpenAI has been configured to opt out of using the audio for training.
- Profile analysis and feedback synthesis. Anthropic Claude, processed in the United States. When you complete your profile, certain written answers are analysed by Anthropic Claude to inform your compatibility score. This score affects the order in which profiles are shown. The analysis is used solely for matching. The content of your answers is never shared with other members. The raw text is not stored by Anthropic beyond the API call and is not used to train AI models. Feedback tags and notes submitted through the Growth Feedback feature are also pseudonymised and synthesised by Claude into compassionate themes. The raw tags and any free-text notes are not passed to the model in a form that identifies you.
- Connect message moderation. Anthropic Claude. Opening messages sent with a connection request are reviewed by Claude before delivery to check for content that breaches our Community Guidelines. Messages that pass the check are delivered. Messages that fail are blocked and an automated report is created for human review.
- Subscriptions and payments. RevenueCat handles subscription management. Payment processing is handled directly by the App Store (Apple) or Google Play and is subject to their respective privacy policies. We do not receive or store your payment card details.
- Analytics. PostHog, processed in the European Economic Area. We use PostHog to collect pseudonymous analytics events: which screens are visited, whether errors occur and similar. PostHog does not have access to your name, email address or message content.
- Push notifications. Apple Push Notification Service (APNs) for iOS devices and Firebase Cloud Messaging (Google) for Android devices. We transmit your device token and notification content to deliver notifications to you.
- Email. Brevo, used to send transactional and administrative emails, for example privacy policy update notices and our annual Transparency Report digest.
7. International data transfers
Our primary infrastructure (Supabase) is hosted in Ireland (West EU). Ireland is in the European Economic Area, which benefits from a UK adequacy decision. Transfers to the EEA are treated as transfers within an adequate jurisdiction and require no additional safeguards.
Other providers process data outside the UK:
- European Economic Area (Ireland and EU member states). AWS Rekognition, PostHog. UK adequacy applies.
- United States. Anthropic, OpenAI, RevenueCat, Brevo, Apple, Google and Expo. Where data is transferred to the United States, we rely on the International Data Transfer Addendum to the EU Standard Contractual Clauses approved by the ICO. A copy of these safeguards is available on request by writing to privacy@christianunion.co.uk.
8. Special data types
8.1 Voice notes
Voice notes are audio recordings submitted as part of your profile. At least one voice note is required on your profile at all times. They are stored as private files and served only to members who view your profile.
Voice notes allow other members to hear your personality and testimony within the app. They are also transcribed privately for content moderation purposes (see Section 6). Your voice recordings are never used to train AI models, never used for voice synthesis or voice biometric identification and never used for any purpose other than the operation of the service as described in this Privacy Policy.
You may delete and re-record any voice note from your profile. At least one voice note must remain on your profile at all times. When a voice note is deleted, the audio file and its transcript are removed from our systems.
8.2 Religious belief data
Your denomination, faith journey and related profile fields constitute special category data under UK GDPR (data concerning religious or philosophical beliefs). We process this data on the basis of your explicit consent. This data is central to the service. Christian Union is a faith-based platform and your faith information is a necessary part of your profile and the matching process.
You may withdraw your consent at any time by deleting your account.
8.3 Identity verification
The selfie you submit during identity verification is used solely to confirm that you are a real person whose profile photos are genuine. It is compared against your profile photos by AWS Rekognition and then stored as a private file. It is never shown to other members and never used for facial recognition purposes beyond the one-time verification check.
A one-way mathematical signature is retained from the verification check for the purposes of ban evasion prevention. This signature cannot be used to reconstruct your image.
9. Your rights
Under UK GDPR, you have the following rights in relation to your personal data:
- Right of access. You may request a copy of the personal data we hold about you.
- Right to rectification. You may ask us to correct inaccurate data. Most profile fields can be updated directly within the app.
- Right to erasure. You may request deletion of your personal data. The simplest way to exercise this right is to delete your account from the Settings screen in the app. Account deletion anonymises or removes all personal data subject to the retention exceptions in Section 5.
- Right to restriction. You may ask us to restrict processing of your data in certain circumstances.
- Right to data portability. You may request a machine-readable copy of the data you have provided to us.
- Right to object. Where we rely on legitimate interests as our legal basis, you may object to the processing. We will consider your objection and either cease processing or explain why our legitimate interests override yours.
- Right to withdraw consent. Where we process your data on the basis of consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal. You can withdraw consent to push notifications in your device Settings. You can withdraw consent to Growth Feedback in the app Settings.
To exercise any of these rights, write to privacy@christianunion.co.uk. We will respond within one month. If your request is complex or there are a large number of requests, we may extend this by a further two months and will tell you so.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection matters, at ico.org.uk.
10. Children
Christian Union is for adults aged 21 and over. We do not knowingly collect personal data from anyone under the age of 21. If you believe we have collected data from someone under 21, please contact privacy@christianunion.co.uk and we will delete it promptly.
11. Automated decision-making
We use automated processing to determine the order in which profiles are shown to you. This does not produce a legal or similarly significant effect. It affects only the ordering of profiles, not whether you can use the service or whether others can see you. You retain full control over who you connect with.
Automated processing may result in a message being blocked before delivery. Where this happens, an automated report is created and reviewed. If you believe a message was incorrectly blocked, write to safety@christianunion.co.uk.
12. Security
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss or disclosure. These measures are reviewed and updated on an ongoing basis.
No security measure is perfect. If you become aware of a security concern relating to your account or our service, please contact privacy@christianunion.co.uk immediately.
13. Changes to this policy
We will update this policy from time to time. When we make a material change that affects your rights, we will notify you via an in-app message or email at least 30 days before the change takes effect. The updated date at the top of this policy reflects the date of the most recent revision.
Your continued use of the service after a material change takes effect constitutes your acceptance of the updated policy. If you do not accept the changes, you may close your account before they take effect.
14. Contact
For data protection and privacy enquiries: privacy@christianunion.co.uk
For safety and reporting matters: safety@christianunion.co.uk
For general support: support@christianunion.co.uk
Data Protection Officer: Lumis Inspira Ltd, for the attention of the Data Protection Officer. Contact via privacy@christianunion.co.uk.
Christian Union is operated by Lumis Inspira Ltd, registered in England and Wales, company number 16321581.