Privacy Policy

LAST UPDATED: 13 JUNE 2026 · VERSION 2.0

ON THIS PAGE 1. Who we are 2. What we collect 3. Why we use it & legal bases 4. Sensitive data & explicit consent 5. Who we share with 6. International transfers 7. How long we keep it 8. Security 9. Your rights 10. Age & children 11. Changes & contact

1. Who we are

Relay Labs Limited (trading as "CruiseCtrl", "we", "us") operates the CruiseCtrl mobile and web applications and this website. For the purposes of the EU General Data Protection Regulation (GDPR) and the UK GDPR, the data controller is Relay Labs Limited (registered in Ireland, company no. 807438), registered office 35 Lower Sherrard Street, Dublin 1, Ireland. You can reach our privacy team at privacy@cruisectrl.eu and our Data Protection Officer at dpo@cruisectrl.eu. If you are in the UK, our representative under Article 27 UK GDPR is [UK representative — to be appointed].

2. What we collect

We collect only what we need to run a safe dating service (data minimisation):

Account data — display name, age/date of birth, email and/or phone number, password (hashed).
Profile data — photos, headline, height, pronouns, position, "looking for", and optional Voice Vibe audio.
Sensitive ("special category") data — information that reveals your sexual orientation, and (if you choose to share it) health-related fields such as testing status. See §4.
Precise location — used to show nearby users and Beacons. You can switch to Ghost Mode or disable location at the OS level.
Messages & content — chats (which auto-delete after 24h by default), reactions, and Safe Meet details.
Age-verification data — the result of your age check (pass / pending review). We handle the selfie imagery itself as described below and in §7.
Usage & device data — app interactions, device identifiers, IP address, and diagnostics.
Payment data — handled by Apple, Google or our payment processor; we do not store full card numbers.

Automated age verification. To keep CruiseCtrl strictly 18+, we ask you to take a selfie at sign-up. An automated facial age-estimation system (provided by our processor, Sightengine) estimates whether you are an adult. It is used only to estimate your age — it is not used to identify you, and we do not create or keep a facial template. If the automated check cannot confirm your age, a member of our team reviews it, so you are never refused by software alone. A selfie that confirms your age is deleted immediately after the check; one held for human review is deleted once a decision is made. By taking the selfie you consent to this check.

3. Why we use it & our legal bases

To provide the service (show nearby users, deliver messages, run Beacons/Pulse) — performance of a contract.
To keep users safe and verify age (moderation, fraud and abuse prevention, Safe Meet, 18+ checks) — legitimate interests and legal obligation.
To process sensitive data (your orientation, health fields) — your explicit consent (GDPR Art. 9).
Analytics & personalisation — your consent (via the cookie banner), which you can withdraw anytime.
Legal & tax compliance — legal obligation.

4. Sensitive data & explicit consent

Using a gay dating app inherently reveals information about your sexual orientation, which is a "special category" of data under GDPR Art. 9. Health-related fields (such as testing status) are also special-category data. We process this data only with your explicit consent (Art. 9(2)(a)), which you give separately when you create your profile or add these fields — it is not bundled with acceptance of our general terms — and which you can withdraw at any time by deleting the relevant fields or your account. We never use this data for advertising or profiling, we never share it with advertisers, and we never sell it. Any explicit-content profile options are off by default and available only after 18+ verification.

We do not sell your personal information, and we do not share it for cross-context behavioural advertising. We share limited data with:

Service providers acting on our instructions under contract — including EU-based cloud hosting, push notifications, and our age-verification & image-moderation provider (Sightengine).
Other users — the profile information you choose to make visible.
Safety & legal — to respond to lawful requests, protect users, or comply with the law.

We require all providers to protect your data and use it only for the purposes we specify. A current list of our sub-processors is available on request from privacy@cruisectrl.eu.

6. International transfers

We host and process your data in the EU. Where we transfer personal data outside the EEA or UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and the UK International Data Transfer Agreement / Addendum. Contact us for a copy of the relevant safeguards.

7. How long we keep it

We keep your data for as long as your account is active. Messages auto-delete after 24 hours unless both parties keep them. Age-verification imagery is deleted promptly after a check completes; only the pass/fail result is retained. We keep limited records where required for legal, tax or safety reasons (e.g. transaction records, ban records). When you delete your account, we delete or anonymise your data within 30 days, subject to those legal exceptions.

8. Security

We protect your data with encryption in transit (HTTPS/TLS), hashed passwords, access controls, and monitoring for unusual activity. No system is perfectly secure; we will notify you and the relevant authority of a personal-data breach within 72 hours where required by law.

9. Your rights

Under the EU GDPR and UK GDPR, you have the right to access, correct, delete, port, restrict, and object to processing of your personal data, and to withdraw consent at any time (this does not affect processing already carried out). You can exercise most of these directly in the app (Settings → Privacy & Safety → Export / Delete) or by emailing privacy@cruisectrl.eu.

You also have the right to lodge a complaint with a supervisory authority — in Ireland, the Data Protection Commission (dataprotection.ie); in the UK, the Information Commissioner's Office (ico.org.uk); or the authority in your own EU country.

Your age-verification decision is not made by automated means alone — where the automated check cannot confirm your age, a person reviews it and you can ask us to reconsider.

10. Age & children

CruiseCtrl is strictly for adults 18 and over. We do not knowingly allow anyone under 18, and we do not knowingly collect data from children. If you believe a minor is using the service, report it immediately to safety@cruisectrl.eu and we will act.

11. Changes & contact

We will notify you of material changes before they take effect. Questions or requests: privacy@cruisectrl.eu · Relay Labs Limited, 35 Lower Sherrard Street, Dublin 1, Ireland.