Privacy policy

Stuart is an app that introduces people to one another at events and conferences. It is operated by Retruvai, based in England ("Retruvai", "we", "us", "our").

Retruvai is the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR).

When you use Stuart, we collect:

• Your first name and last name
• Your username (what other people see)
• Your email address (used to verify your account)
• Your password (stored as a one-way hash; we cannot read it)
• Confirmation that you are 18 or over
• Your profile photo
• The information you tell Stuart about yourself: what you are working on and want help with, what you are great at and happy to give, and the things that make you who you are
• Your answers to a few quick psychographic questions
• The event or events you are attending
• Match data: who we introduced you to and the note we shared about why you two might click
• Feedback you give after a meeting
• An internal reliability score (see below)
• Standard server logs (your IP address and browser type, captured by our hosting and authentication providers for security)

Your data is used exclusively for:

• Creating and managing your account
• Introducing you to another person at your event we think you will genuinely click with
• Sharing a short note with your match about why we paired you, and helping you both break the ice
• Briefly sharing your photo with your match so you can find each other in person
• Sending you transactional emails and notifications (verification, event reminders, your match, post-meeting feedback)
• Investigating reports and protecting users from harm
• Improving the service using aggregated, non-identifying data

We do not use your data for advertising, marketing to third parties, or commercial profiling.

When you build your profile, you can type, paste, record a voice note, or upload a file (such as a CV). Stuart uses this to write a short summary of you, which it shows you to confirm.

Once you confirm your summary, the original notes, recordings and files you provided are permanently deleted. We keep only the summary and your psychographic answers. If you choose to keep your raw material for now, it stays in your account until you delete it or your account is deleted.

Matches are suggested using an algorithm that scores likely compatibility from the information in your profile. A suggested match is an introduction only: you always choose whether to accept it, and you can decline. Because the final choice is always yours, this does not produce a legal or similarly significant effect on you within the meaning of Article 22 UK GDPR. We will update this policy and notify you in advance of any material change to how matching works.

To improve Stuart, we may use the data you provide on the service, including your profile summary, your psychographic answers, match outcomes and post-meeting feedback, to train and refine the algorithms and machine-learning models that help us introduce people more effectively, detect abuse, and improve the service in other ways consistent with this policy.

Where possible, we use pseudonymised or aggregated data for this purpose. We do not sell your data to anyone for the purpose of training their models, and we do not pass your identifiable personal data to third-party AI services without first removing information that could identify you.

You can object to your data being used to train models at any time by emailing hello@bemorestuart.com. Doing so will not affect your use of the core service.

Before you both accept the match: your match sees your name and a short note about why we paired you. Your photo is never shown at this stage. Matching is based on who you are, not on what you look like.

Once you both accept: your match is shown an ice-breaker and a little helpful background about you, drawn from your profile summary, to help you start a good conversation.

To help you find each other: your photo is shown to your match briefly, once, after you have both agreed to meet. After about ten seconds it is hidden again.

Your match never sees your email address, password, the fact of your age confirmation, or any other personal data.

Your photo is stored privately. It is shown to your match once, briefly, after you have both agreed to meet, so you can recognise each other in the room. After about ten seconds it is hidden again. It is never made public, never shared with any other user, and never used for any purpose other than helping you and your match find each other.

We track an internal reliability score for each user, based on whether you accept matches, show up, and provide post-meeting feedback. This score informs future matching decisions. It is not visible to you, your match, or any other user.

Stuart is for users aged 18 or over. We do not knowingly collect personal data from anyone under 18. If you believe a user under 18 has signed up, please contact us at hello@bemorestuart.com.

We do not ask for special category data (such as race, religion, health, sexual orientation, or political views). If you choose to disclose any such information in what you tell Stuart about yourself, you do so voluntarily and consent to it being reflected in your summary and shared with your match in the manner described above.

We send transactional emails and notifications (verification, event reminders, your match, post-meeting feedback). We do not send marketing emails. We will not use your data for marketing without your separate consent. If we introduce marketing in future, we will update this policy and obtain your consent first.

You may report or block any user at any time from within the app. Your report is kept confidential, the other person is never told, and it is reviewed by our team. We may suspend or remove users whose behaviour violates our Terms.

We process personal data under the following lawful bases in accordance with UK GDPR:

Contract performance (Article 6(1)(b)): to create and manage your account, introduce you to another participant, and provide the functionality you request.

Legitimate interests (Article 6(1)(f)): to investigate reports, protect users from harm, and improve Stuart using pseudonymised, minimised, or aggregated data.

Consent (Article 6(1)(a)): for optional activities. You may withdraw consent at any time without affecting your use of the core service.

Your data is stored using Supabase infrastructure hosted in the European Union (Frankfurt). Data is encrypted in transit (TLS) and at rest. Access is restricted to the team that operates Stuart.

If we discover a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the Information Commissioner's Office within 72 hours of becoming aware of it.

We retain your personal data until you request deletion, or until your account is no longer needed for the purposes described above. We do not auto-delete inactive accounts.

Encrypted backups of our database are retained for up to 30 days. Personal data deleted from the live system may persist in those backups for that window before being permanently overwritten.

We may retain anonymised, aggregated research data that cannot reasonably identify you.

We use the following service providers:

• Supabase: database, authentication and file storage (EU-hosted, Frankfurt). Processes your account data, profile, and photo under a Data Processing Agreement.
• Resend: transactional email delivery. Your email address is shared with Resend solely to deliver emails sent from Stuart. Resend retains a log of email sends, including recipient address, for up to 30 days. Processes under a Data Processing Agreement.
• GitHub Pages: static website hosting.
• Sentry: error monitoring, configured to exclude personally identifiable information (EU-hosted).
• Google Fonts: font delivery. Your IP address may be logged when fonts load. See Google's privacy policy at policies.google.com.

We do not use analytics trackers, advertising networks, or data resale services. We do not share your identifiable personal data with third parties beyond the service providers listed above, except where required by law.

We do not use tracking cookies. Authentication uses browser local storage solely to maintain your login session. No third-party cookies are set.

Under UK GDPR, you have the right to:

• Access: request a copy of your personal data we hold
• Rectification: ask us to correct inaccurate data
• Erasure: request that we delete your account and all associated personal data (see "Account deletion" below)
• Portability: request your data in a machine-readable format
• Restriction: ask us to limit how we process your data while a complaint or correction is being resolved
• Object: object to processing based on our legitimate interests, including for research purposes
• Withdraw consent: at any time, where consent is the legal basis for processing
• Lodge a complaint: with the Information Commissioner's Office (ICO) at www.ico.org.uk

To delete your account, email hello@bemorestuart.com with the subject "Delete my account." We will process the request within 30 days and confirm deletion by email. As noted in "Data retention", some data may persist in encrypted backups for up to a further 30 days, after which it is permanently overwritten.

We may update this policy from time to time. Material changes will be notified to you by email. The current version is always available at bemorestuart.com/privacy.html.

To exercise your rights, request account deletion, or ask any question about this policy, please contact us at: hello@bemorestuart.com