Account and profile data
Purpose: Authenticate users, maintain accounts, and display only profile fields chosen for publication.
Processors: Supabase supports authentication and database storage.
Retention: Kept while the account or a required review record remains active, subject to export, correction, deletion, and restriction rights.
Private wishes and matching data
Purpose: Create broad previews, run controlled compatibility checks, support reviewed searches, and manage consented introductions.
Processors: Stored in Moral Trade records backed by Supabase; sensitive text may be encrypted before storage.
Retention: Limited by the relevant consent, expiry, review, safety, or deletion state. Exact wishes and source notes do not appear on public cards.
Payment and donation references
Purpose: Reconcile external payments, contribution evidence, agreement payment state, refunds, disputes, and provider events.
Processors: Stripe handles supported payment objects; Every.org handles off-site donation routes.
Retention: Identifiers, amounts, status, cadence, and evidence references may be retained for reconciliation, disputes, audit integrity, and compliance.
Analytics and attribution
Purpose: Measure whether people understand the service, complete onboarding, perform a concrete first action, and encounter errors or safety blockers.
Processors: Privacy-safe internal funnel records and route-level service telemetry.
Retention: Uses paths, event types, coarse labels, counts, buckets, referral codes, and campaign attribution. Raw private content is excluded.
Notifications and support
Purpose: Deliver account, evidence, review, matching, security, and service communications.
Processors: An external email provider may deliver queued notifications.
Retention: Preference, delivery, failure, opt-out, and support records are retained as needed to honor choices and diagnose delivery.