Privacy Policy

1 Summary

QuickRishta is a Pakistani matrimonial platform. To match you with potential partners, we need to collect some information about you. This page explains exactly what we collect, why, and how to control it.

In short:

We collect what you give us (registration details, profile, photos, messages) plus standard technical data (IP, browser, last login).
We do not sell your data to third parties.
You control who sees your profile (public vs registered members only) and your photos (public vs private with access requests).
You can delete your account at any time. We then wipe your personal content and the page becomes a "this profile has been deleted" placeholder so search engines that indexed the URL still get a clean response.

2 What we collect

Category	Examples	When
Identity	Name, email, phone, date of birth, gender	At registration
Profile	About me, partner expectations, religion, ethnicity, education, profession, family details, location	When you fill out your profile
Photos	Image files, derived thumbnails, visibility setting per photo	When you upload
Conversations	Messages, interests sent and received, helpdesk threads	When you interact with other members
Preferences	Email preferences, profile visibility, hidden-mode state	When you change settings
Technical	IP address, browser, device, last login timestamp, login history	Automatically, every visit
Payments	Plan purchased, amount, transaction id from our payment processor	If you buy a paid plan

We do not store your full card number or CVV. Payment details are handled by our payment processor and we receive only an opaque transaction reference.

3 How we use it

To match you with potential partners, our search and recommendation engines use your profile data and partner expectations to surface relevant profiles.
To enable communication through interests and messaging, gated by mutual consent.
To moderate the platform, manual review of new profiles and photos, action on reports, removal of abuse.
To send essential emails, account verification, password reset, helpdesk replies. These cannot be opted out of (see §8 for the full breakdown).
To send optional emails, new messages, new interests, photo requests, announcements, only if you have opted into the matching category on the email preferences page.
To prevent abuse, IP and login history help us detect suspicious activity and rate-limit failed sign-ins.
To improve the service, aggregate, anonymised usage patterns inform feature work. We do not profile individuals.

4 When we share

Your data is shared in only three situations:

With other members, your publishable profile fields (display name, age, city, religion, About Me, partner expectations) are shown in search results and on your profile page, subject to your visibility settings. Sensitive fields (email, phone, full address) are never shown.
With service providers who help us operate the platform, payment processor (for paid plans), email delivery service (for the outbound queue), cloud storage (for photos). These providers process your data on our instructions and are bound by their own confidentiality obligations.
When legally required, in response to a valid court order or law enforcement request from a competent authority.

We do not sell, rent, or trade your data with marketing companies, data brokers, or other matrimonial platforms.

5 Profile visibility controls

You decide who can view your profile:

Public, anyone (including signed-out visitors) can view your profile. Best for maximum reach.
Registered members only, signed-out visitors are redirected to sign in. The same searchable index applies, but the profile page itself is gated.

You can also hide your profile entirely (you keep your account, but the profile disappears from all search, browse, match, and directory queries, and you can neither send nor receive interests or messages until you unhide).

These controls live under Edit Profile → Privacy. See our FAQs for examples of which option fits which situation.

6 Photo privacy

Every photo you upload has its own visibility flag:

Public, visible to anyone who can view your profile.
Private, hidden behind a "request access" flow. Other members must ask, you decide whether to grant.

Photos are reviewed by our team before they go live, see our Safety Guidelines for what we accept and reject. When you delete your account, photos are removed from both our database and the underlying cloud storage.

7 Messages and retention

Messages between members are stored in our database and are visible only to the two participants. We do not read individual messages except when investigating a report.

Retention. To keep inboxes fast, messages older than 30 days are automatically removed from your inbox. A timestamped audit copy of every deleted message is preserved in an internal archive table to support moderation investigations, this copy is never shown to other members.

If you delete your account, all messages you sent or received are removed and the audit copy is tagged as user_soft_delete so its retention falls under that policy.

8 Email preferences

You can fine-tune which emails we send you from your Email Preferences page. The two categories of emails:

Essential (always sent): signup verification, password reset, email change confirmation, account suspension notice, helpdesk replies, payment receipts, account-status changes.
Optional (each can be turned off): new messages, new interests, photo requests, weekly digest, promotions, system announcements.

We use a once-per-day throttle on chatty templates (new messages, new interests), even if you receive 20 messages a day, you get at most one email per day for that category. The full notifications are still visible inside the app.

9 Cookies

We use cookies only for what's necessary to run the site:

A session cookie (HTTPOnly, SameSite=Lax) that keeps you signed in.
A remember-me hash that lets you stay signed in across visits, if you tick that box at sign-in.

We do not use third-party advertising cookies. We do not embed Google Analytics, Facebook Pixel, or any other tracker that profiles you across the web.

10 Security

We take reasonable steps to protect your data:

Passwords are stored as bcrypt hashes, never as plaintext.
Database access is restricted to the application server only, no public DB exposure.
Sessions use HTTPOnly, SameSite cookies with strict mode to mitigate CSRF and session fixation.
Failed sign-in attempts are rate-limited to slow brute-force attacks.
Every photo upload runs through MIME and extension checks; admin S3 deletion is destructive (no orphan blobs).

If you suspect your account has been compromised, change your password immediately and tell us via the helpdesk or the contact form.

11 Your rights and deletion

You have the right to:

See what we hold about you, your profile is the bulk of it; the rest (login history, message threads) is visible inside the app.
Correct any inaccurate information by editing your profile.
Delete your account at any time from Settings → Delete Profile. When you delete:
- Messages, interests, favourites, blocks, photo-access entries, notifications, support-thread, daily counters, photos (including S3 files) are all wiped.
- Your users row is kept but marked deleted, your email is anonymised, your password is wiped. You cannot sign in again.
- Your profile URL keeps resolving but shows a "this profile has been deleted" page (we do this so search engines that indexed your URL don't suddenly see a 404).
- Financial records (payment history) are retained for accounting and tax compliance.
Object to specific processing by emailing us, we will assess each request on its merits.

12 Contact

For privacy questions, data requests, or anything else covered by this policy, write to us through the contact form or, if you are signed in, open a helpdesk thread. We aim to respond within 7 business days.