Last Updated: 19 September 2025

1. Introduction

Welcome to Match Point AI ("Service"), owned and operated by Crystalab LLP ("we," "us," "our"). We are committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our WhatsApp-based chatbot and any related services.

  • Data Controller: Crystalab LLP
  • Company Number: OC446298
  • Registered Address: 71-75 Shelton Street, London, WC2H 9JQ, United Kingdom
  • Privacy Contact Email: privacy@crystalab.com
  • Data Protection Officer (DPO): ilya@crystalab.com

2. EU Representative (For EU Data Subjects)

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), as we are a UK-based company offering services to individuals in the European Union (EU), we have appointed an EU Representative. For any inquiries related to your personal data from within the EU, you can contact:

  • EU Representative: Ilya Khrustalev
  • Establishment: Spain
  • Contact: ilya@crystalab.com

3. Information We Collect

We collect the following personal data to provide our Service:

  • Contact Information: Your WhatsApp phone number and your email address.
  • Profile Information: Your name, city-based location, and timezone.
  • Professional Networking Data: Your answers to our "Dynamic Questionnaire," which may include information about your professional background, industry, skills, and networking goals (e.g., "looking for a mentor," "open to collaboration").
  • Usage Data: How you interact with our Service, including commands used, message timestamps, and workflow status.
  • Technical Data (from our website): If you visit our website, we may collect cookie and analytics data. Please see our Cookie Policy for details.

A Note on Sensitive Data: We do not intentionally collect any "Special Category Data" (as defined by EU/UK GDPR) or "Sensitive Personal Information" (under US laws). This includes information about your race, ethnic origin, political opinions, religious beliefs, health, or sexual orientation. Our service is for professional networking only. Please do not provide such information in your questionnaire responses.

4. How We Use Your Data & Our Lawful Basis

We process your data for the following purposes and under these legal bases:

| Purpose of Processing | Data Used | Lawful Basis (under EU/UK GDPR) | | :--- | :--- | :--- | | To provide the Service: Onboard you, create your profile, and run our "Matching Engine" to find professional matches. | All Profile & Networking Data | Consent. You provide this by clicking "Agree" during onboarding. | | To communicate with you: Send you matches, reminders, and service updates via WhatsApp. | Phone Number, Profile Data | Consent and Legitimate Interest (to provide the core service). | | To maintain & improve the Service: Monitor service performance, debug issues, and analyze usage to improve our matching algorithms and user experience. | Usage Data, Anonymized Networking Data | Legitimate Interest (to ensure our service is functional and improving). | | To respond to your requests: Process the /stop command, interpret natural language messages (e.g., "update my location"), or respond to emails. | Contact Info, Profile Data | Legitimate Interest (to provide user support). | | To enforce our Terms & ensure security: Identify and prevent fraud, spam, or violations of our Terms of Service. | All Data | Legitimate Interest (to protect our service and users). |

5. Automated Decision-Making

Our core "Matching Engine" is a fully automated system. It analyzes your Professional Networking Data to compare your profile with other users and suggest compatible matches. This automated process is essential for us to provide the Service.

You have the right to information about the logic involved in this matching. Our Service provides an explanation with each match detailing why you were connected. If you object to an automated match or believe there is an error, you may contact our DPO at ilya@crystalab.com to request a human review.

6. Data Sharing and Third-Party Sub-processors

We do not sell your personal data. We only share it with the following third-party service providers (sub-processors) who are necessary to run our Service:

  • Meta (WhatsApp): To deliver messages via the WhatsApp platform.
  • Twilio: Our API provider to connect to the WhatsApp Business API.
  • Google Cloud: To host our application (FastAPI) and database (PostgreSQL) on servers located in the EU (Belgium).
  • Analytics & CRM Providers: We use the following services to understand user behavior and manage communications. These services may collect data from our website or app:
    • Google Analytics
    • Amplitude
    • Meta (Facebook Pixel)
    • HubSpot
    • Intercom

You can learn more about how these services use your data by reviewing their respective privacy policies.

7. International Data Transfers

While our primary database is hosted in the EU (Belgium), several of our sub-processors (including Twilio, Meta, Google, HubSpot, and Intercom) are based in the United States.

When your personal data is transferred from the UK or EU to the US, we rely on legally-approved mechanisms, including Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs), to ensure your data is protected to the same standard as it is within the UK and EU.

8. Data Security

We take the security of your data seriously. We implement robust technical and organizational measures to protect it, including:

  • Encryption at Rest: All data in our PostgreSQL database is encrypted.
  • Encryption in Transit: All data sent between you, our servers, and our sub-processors is encrypted using TLS (HTTPS).

For more details on the security of our hosting environment, you can review the Google Cloud Compliance resource center and Google Cloud's GDPR documentation.

9. Data Retention

We keep your personal information only as long as we need it.

  • Active Users: We retain your data as long as your account is active.
  • Inactive & Deactivated Users: If you send the /stop command, or if your account has two (2) years of no activity, your profile will be deactivated. Your data will be held in an archived state (not used for matching) and will be permanently deleted or anonymized after this 2-year period.

10. Your Data Protection Rights

You have specific rights over your personal data. You can exercise these rights at any time.

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can correct inaccurate data. You can do this by sending a natural language message (e.g., "My location is now New York" or "Please update my timezone to PST"). For other corrections, please email us.
  • Right to Erasure (Deletion): You can request that we delete your personal data. Using the /stop command will begin our deactivation and deletion process.
  • Right to Withdraw Consent: You can withdraw your consent at any time by sending /stop. This will terminate your account, and your data will be handled as per our retention policy.
  • Right to Object to Processing: You can object to our processing of your data where we rely on "Legitimate Interest."
  • Right to Restrict Processing: You can ask us to temporarily stop processing your data in certain circumstances.
  • Right to Data Portability: You can request your data in a structured, machine-readable format.

To exercise any of these rights (other than built-in interactions), please email data-request@crystalab.com or privacy@crystalab.com.

11. Specific Rights for US Users (CCPA/CPRA)

If you are a resident of a US state with applicable privacy laws (like California), you have additional rights:

  • Right to Know: You have the right to know what personal information we collect, use, and disclose.
  • Right to Delete: You have the right to request the deletion of your personal information.
  • Right to Correct: You have the right to correct inaccurate personal information.
  • Right to "Do Not Sell or Share": We do not "sell" your data in the traditional sense. However, our use of analytics and marketing cookies (like Google Analytics and Meta Pixel) on our website may be considered "sharing" under California law. You can opt-out of this by managing your preferences in our website's cookie banner.
  • Right to Limit Use of Sensitive Personal Information: We do not intentionally collect Sensitive Personal Information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

12. Age Limitation

Our service is intended only for individuals 18 years of age or older. Our service is for members of private, pre-vetted communities where members have confirmed they are 18+. We do not knowingly collect data from anyone under 18.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify you via a WhatsApp message with a link to the updated policy.

14. How to Complain

If you are in the United Kingdom, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk.

If you are in the EU, you have the right to lodge a complaint with your local data protection supervisory authority or our EU Representative.

We would, however, appreciate the chance to deal with your concerns first. Please contact us at abuse@crystalab.com.

← Back to Home