Privacy Policy
Last updated: March 2026
1. 1. Introduction & Data Controller
MyAuPair SAS is the data controller for your personal data.
This Privacy Policy explains how MyAuPair SAS ("we", "us", "our") collects, uses, and protects your personal data when you use the MyAuPair platform.
MyAuPair SAS acts as the data controller within the meaning of the EU General Data Protection Regulation (GDPR). For questions about data protection, contact our Data Protection Officer at dpo@myaupair.com.
2. 2. Data We Collect
We collect the information you provide, plus anonymized usage data.
We collect the following categories of data:
- Personal data: name, email address, date of birth, phone number, nationality
- Profile data: photos, biography, experience, languages, preferences, personal or motivation letter
- Quiz data: responses to situational judgment scenarios (these are not psychological assessments)
- Usage data: anonymized analytics about how you use the platform (pages visited, features used)
- Payment data: processed directly by Stripe; we store only subscription status and transaction references
We do not collect special category data as defined by GDPR Article 9 (racial or ethnic origin, political opinions, religious beliefs, health data, sexual orientation, etc.).
3. 3. How We Use Your Data
We use your data for compatibility scoring, communication, payments, and account management.
We use your personal data for the following purposes:
- Compatibility scoring: generating profile embeddings and compatibility scores using AI analysis
- Communication: delivering and translating messages between users
- Payments: processing subscription and add-on purchases through Stripe
- Account management: creating and maintaining your account, verifying your identity
- Platform improvement: analyzing anonymized usage patterns to improve the service
- Safety: detecting and preventing fraud, abuse, and policy violations
4. 4. Legal Basis for Processing
We process data based on your consent, our contract with you, or our legitimate interests.
We process your personal data on the following legal bases under GDPR Article 6:
- Consent (Article 6(1)(a)): AI processing of your profile (embedding generation, compatibility scoring), message translation via DeepL. You can withdraw consent at any time.
- Contract performance (Article 6(1)(b)): account creation, profile management, messaging, payment processing
- Legitimate interest (Article 6(1)(f)): platform security, fraud prevention, anonymized analytics
5. 5. AI Processing & Automated Decisions
AI suggests compatibilities but never automatically rejects any candidate. You can always see why a score was given.
MyAuPair uses artificial intelligence to generate compatibility scores and suggest profiles. This processing is based on your explicit consent.
Important safeguards under GDPR Article 22:
- AI suggestions are rankings, not decisions. The AI never automatically rejects or excludes any candidate.
- All compatibility scores come with explanations. You can see why a particular score was given.
- You control AI processing. You can withdraw consent at any time through your account settings, which will disable AI-powered suggestions for your profile.
- Human oversight is preserved. All final decisions about whom to contact are made by the user, not the AI.
The situational judgment quiz evaluates how you would handle real childcare scenarios. It is not a psychological assessment and does not produce health data or special category data.
6. 6. Data Processors
We work with trusted partners to operate the platform. See the table below for details.
We share your data with the following third-party processors, each bound by data processing agreements:
See the data processors table below for a complete list of processors, their purposes, and data locations.
| Processor | Purpose | Data Location |
|---|---|---|
| Supabase | Database hosting & authentication | EU (Frankfurt) |
| Vercel | Frontend hosting & edge functions | EU |
| Stripe | Payment processing & identity verification | EU |
| Anthropic (Claude) | AI compatibility analysis & content moderation | US (DPA) |
| DeepL | Message translation | Germany |
| Resend | Transactional email delivery | US (DPA) |
7. 7. Data Retention
We keep your data while your account is active. Expired data is deleted on schedule.
We retain your data according to the following schedule:
- Active account data: retained as long as your account is active
- Expired or rejected compatibility suggestions: deleted after 6 months
- Inactive conversations (no new messages): archived after 12 months
- Verification raw data (identity documents, selfies): deleted 30 days after verification is complete; only the verification status is retained
- Review data: retained as long as both parties have active accounts
When you delete your account, all your data is permanently removed through cascading deletion.
8. 8. Your Rights
You can access, correct, export, or delete your data at any time.
Under the GDPR, you have the following rights:
- Right of access: request a copy of your personal data
- Right to rectification: correct inaccurate data in your profile settings
- Right to erasure: delete your account and all associated data (cascading deletion)
- Right to data portability: export your data in JSON format
- Right to withdraw consent: disable AI processing at any time
- Right to lodge a complaint: contact the CNIL (France) at cnil.fr or the BfDI (Germany) at bfdi.bund.de
To exercise your rights, use your account settings or contact us at dpo@myaupair.com.
9. 9. International Transfers
Your data is primarily hosted in the EU. US-based processors operate under Standard Contractual Clauses.
Your data is primarily hosted within the European Union:
- Database: Supabase, hosted in Frankfurt, Germany (EU)
- Frontend: Vercel, EU region available
- Payments: Stripe, EU data processing
Some data is processed by US-based companies:
- Anthropic (Claude AI): used for compatibility analysis and content moderation. Operates under Standard Contractual Clauses (SCC) with a Data Processing Agreement.
- Resend: used for transactional email delivery. Operates under Standard Contractual Clauses (SCC) with a Data Processing Agreement.
All US-based processors are bound by appropriate safeguards as required by GDPR Chapter V.
10. 10. Cookies
We use essential cookies only. See our Cookie Policy for details.
MyAuPair uses only essential cookies required for the platform to function. We do not use advertising or analytics cookies.
For full details, please refer to our Cookie Policy.
11. 11. Children's Privacy
MyAuPair is for users 18 and older. We do not collect data from children.
MyAuPair is intended for users aged 18 and older. We do not knowingly collect personal data from children under 18. If we become aware that we have collected data from a child, we will delete it promptly.
Profile information about children in a family (such as ages and number) is provided by the parent or guardian and is used solely for compatibility assessment.
12. 12. Changes to This Policy
We notify you by email about significant changes, with 30 days' notice.
We may update this Privacy Policy from time to time. For material changes, we will:
- Notify you by email at least 30 days before the changes take effect
- Update the "Last updated" date at the top of this page
- Clearly describe what has changed
Continued use of the platform after changes take effect constitutes acceptance of the updated policy.
13. 13. Contact & DPO
Contact our Data Protection Officer at dpo@myaupair.com.
MyAuPair SAS Paris, France
Data Protection Officer: dpo@myaupair.com General inquiries: contact@myaupair.com
Supervisory authorities: - France: CNIL (Commission Nationale de l'Informatique et des Libertés) — cnil.fr - Germany: BfDI (Bundesbeauftragte für den Datenschutz und die Informationsfreiheit) — bfdi.bund.de