Privacy Policy

The data controller for personal data processed through allasangels.com and the Alla's Angels member platform is:

• Sima Tech Ltd (Сима Тек ООД)
• Registered office: Pernik, Bulgaria
• UIC: 206762842 · VAT: BG206762842
• Operational office: Burgas, Bulgaria
• Privacy contact: privacy@simatech.bg

We collect only the data we need to run a manually vetted matchmaking service:

• Account data: name, email address, phone number, preferred language, role (Gentleman / Lady / Admin), date of birth.
• Verification data: government photo ID, a selfie holding the ID, proof of marital status (for ladies), criminal record certificate (for gentlemen), and notes from a live video screening interview. Stored in a private, access-controlled storage bucket.
• Profile and preference data: photos, biographical text, languages, life stage, family intent, age range, lifestyle and faith preferences.
• Messaging and matching data: matches, conversations, messages, meeting requests, and moderation logs (e.g. automated filter hits for financial requests or external links).
• Technical data: IP address, browser and device information, authentication session tokens, and basic server logs needed for security and abuse prevention.

We do not knowingly collect data from anyone under the age of 18, and we do not process special-category data (e.g. health, political opinions). Faith, where volunteered as a preference, is processed only with your explicit consent under Art. 9(2)(a) GDPR.

• Performance of a contract (Art. 6(1)(b)): creating your account, running the vetting workflow, providing matches, conversations and meeting arrangements.
• Legal obligation (Art. 6(1)(c)): identity verification, fraud prevention, accounting records, responding to lawful requests from authorities.
• Legitimate interests (Art. 6(1)(f)): protecting members from scams and abuse, securing our infrastructure, improving the service. We balance these against your rights and you can object at any time.
• Consent (Art. 6(1)(a) / 9(2)(a)): optional preferences such as faith, non-essential cookies, and marketing communications. You can withdraw consent at any time.

We never sell personal data. We share it only with processors who help us run the service under a written data processing agreement:

• Lovable Cloud (backend infrastructure): EU-region hosting for our database, authentication, file storage and serverless functions.
• Email and notifications provider: transactional emails (sign-in, meeting confirmations, screening updates).
• Pre-vetted partner venues in Burgas: only the first name and meeting time of the two parties involved, where strictly necessary to host the meeting.
• Professional advisors and authorities: accountants, lawyers, and public authorities where we are legally required to disclose.

International transfers outside the EEA, if any, rely on Standard Contractual Clauses and additional safeguards as required by Chapter V GDPR.

• Active accounts: for as long as your account is active and for 12 months after the last sign-in, then deleted or anonymised.
• Verification documents: deleted within 90 days of account closure, unless we are legally required to retain them longer for fraud or AML purposes.
• Messages and meeting records: retained for the lifetime of the account and for up to 24 months after closure for safety and dispute resolution.
• Accounting records: retained for the period required by Bulgarian tax and commercial law (currently up to 11 years).
• Server logs: retained for up to 12 months for security and abuse prevention.

You have the right to:

• Access the personal data we hold about you (Art. 15).
• Rectify inaccurate or incomplete data (Art. 16).
• Erase your data ("right to be forgotten") (Art. 17).
• Restrict processing in certain circumstances (Art. 18).
• Receive your data in a portable format (Art. 20).
• Object to processing based on legitimate interests (Art. 21).
• Withdraw consent at any time, without affecting prior lawful processing.
• Lodge a complaint with the Bulgarian Commission for Personal Data Protection (cpdp.bg) or your local supervisory authority.

To exercise any of these rights, email privacy@simatech.bg. We respond within one month, as required by Art. 12(3) GDPR.

We use strictly necessary cookies for authentication, language preference and security. We do not use third-party advertising or cross-site tracking cookies. Where we add optional analytics in future, we will request your consent first via a cookie banner.

We protect data in line with Art. 32 GDPR. See our Security & Data Protection page for the technical and organisational measures in place — encryption in transit and at rest, row-level access control, private document storage, manual vetting, and least-privilege admin access.

We will post material changes on this page and, where appropriate, notify members by email. The "Last updated" date at the top of the page reflects the latest revision.