KF.Social seats six to eight people who live near each other at a local restaurant each week, matched by age and shared interests, to make new friends. This Privacy Policy explains how KaneFilous Limited, as the data controller, collects, uses, shares, and protects your personal data when you use the KF.Social website and mobile app. It is written to comply with the EU General Data Protection Regulation (GDPR) and the UK General Data Protection Regulation (UK GDPR).
1. About This Policy
This Privacy Policy applies to the website kf.social and the KF.Social mobile app for iOS (together, the "Platform"). It describes what personal data we collect, why we collect it, the lawful basis on which we process it, who we share it with, and your rights. KF.Social is a service for making friends in person over a weekly dinner with a small group of people near you. It is not a dating service.
KaneFilous Limited is the data controller responsible for your personal data. If you have any questions about this policy or our data practices, you can contact us at privacy@kf.social.
2. Data Controller
The data controller for your personal data is KaneFilous Limited, which operates KF.Social. We are rolling out the service across Ireland, the United Kingdom, Europe, and the United States. You can reach our privacy team at privacy@kf.social.
3. What Data We Collect and Why
We collect different types of personal data depending on how you use the Platform. Each category below sets out what we collect, the purpose, and our lawful basis for processing under UK GDPR and GDPR. Dietary data is special category data and is covered separately in Section 4.
Account and identity
We collect your name, email address, date of birth, your login method (email one-time passcode or Sign in with Apple), and your profile photo and bio. Your date of birth is used to confirm that you are 18 or over before you can book a dinner, and to match you with people in a similar age range. Lawful basis: performance of our contract with you (to provide your account and the dinners service) and our legitimate interests in operating a safe, age-appropriate service.
Location
At onboarding we detect an approximate home area once, which you can edit at any time, plus any areas you choose to follow. We use this to show you dinners near you and to send notifications about your areas. This is area-level information used to place you in a local group; we do not carry out precise or continuous location tracking. Lawful basis: performance of our contract with you for showing nearby dinners, and your consent for area notifications, which you can withdraw at any time in Settings.
Booking and payment
When you book a dinner we record the booking and the Matching Fee. Payment is processed by Stripe; KaneFilous Limited is the merchant of record. We do not store your full card number, which is handled directly by Stripe. Lawful basis: performance of our contract with you.
Content
We process the posts, photos, and messages you create, including in group chats, together with the privacy level you choose for each post (public, friends, or private). Lawful basis: performance of our contract with you.
Points and activity
We record points and XP and related activity so the social features of the Platform work as intended. Lawful basis: performance of our contract with you and our legitimate interests in operating the service.
Usage and analytics
We use PostHog for product analytics to understand how the Platform is used and to improve it. We do not show advertising inside KF.Social, and we never sell your personal data for money. We do, however, use measurement pixels from advertising platforms (Meta and TikTok) and affiliate partners on our website to understand which of our own marketing brings people to KF.Social; this is described in Section 8 (Advertising and Measurement) and runs only with your consent. Lawful basis: our legitimate interests in maintaining and improving the Platform, and, where required, your consent for analytics and advertising/measurement cookies.
Communications
We send transactional emails and push notifications, such as booking confirmations, venue reveals, and reminders, and, if you opt in, optional marketing. Lawful basis: performance of our contract with you for transactional messages, and your consent for marketing.
Safety and feedback
If you choose to avoid being matched with someone, or give us feedback after a dinner, we process that avoid-list and feedback data to improve future matches. This information is used only internally, is included when you delete your account, and is never shown to other users. Lawful basis: our legitimate interests in running a safe and pleasant service.
4. Dietary Data (Special Category Data)
Dietary information can reveal details about your health or religious beliefs, so it is treated as special category data under UK GDPR and GDPR Article 9. We process it only with your explicit consent (Article 9(2)(a)), and only to choose a restaurant that can accommodate everyone at your table.
With your explicit consent, you can provide:
- Structured dietary tags: vegetarian, vegan, halal, kosher, gluten-free, dairy-free
- Free-text allergies: anything you choose to tell us in your own words
- A "severe allergy" flag: so we take particular care when selecting a venue
We use this information solely and internally to select a restaurant that can cater for everyone seated together. We never share your dietary data, allergies, or severe-allergy flag with the restaurant or with other guests. At the restaurant, every guest orders for themselves.
Providing dietary data is entirely optional. You can view, edit, or delete it at any time in Settings, and you can withdraw your consent at any time. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal. If you withdraw consent or delete this data, we may be less able to guarantee that a chosen venue can accommodate a specific requirement.
5. Who We Share Data With
We share personal data only with the providers we need to run the Platform and to measure our own marketing, and only for the purposes described. We never sell your personal data for money. We do not show advertising inside KF.Social, but we do use advertising-platform measurement pixels and affiliate tracking on our website, with your consent, as described in Section 8 (Advertising and Measurement).
| Recipient | Purpose |
|---|---|
| Stripe | Processing payments and the Matching Fee. KaneFilous Limited is the merchant of record; Stripe handles card details. |
| Amazon Web Services (AWS) | Cloud hosting, data storage, and content delivery for the Platform. |
| PostHog | Product analytics to understand and improve how the Platform is used. |
| Apple and Google | Sign-in (Sign in with Apple), push notification delivery, and app subscriptions or in-app purchases. |
| Restaurants | Restaurants receive only a reservation under the name "KF" and a headcount. They never receive your personal data, your name, or any dietary data. |
| Meta (Facebook) and TikTok | Advertising-platform measurement pixels on our website that, with your consent, share limited event data (such as page views, sign-ups, and bookings) so we can measure conversions from our own ad campaigns. See Section 8. |
| Affiliate networks and partners | Pixels and tracking links that, with your consent, let affiliate partners who promote KF.Social be credited for referrals they bring to us. See Section 8. |
We may also disclose personal data where required by law, to enforce our terms, or to protect the rights, safety, and security of our users, the public, or KaneFilous Limited.
6. International Data Transfers
We operate across Ireland, the UK, Europe, and the US, and some of our providers process data outside the European Economic Area and the UK (for example, in the United States). Where consented advertising and measurement pixels are used, data may be transferred to the United States by Meta and TikTok. Where personal data is transferred internationally, we rely on appropriate safeguards, including the EU Standard Contractual Clauses (SCCs), the UK International Data Transfer Agreement or Addendum, and, where applicable, certification under the EU-US Data Privacy Framework and its UK Extension.
7. Cookies and Tracking Technologies
On the web we use cookies and similar tracking technologies, which fall into three categories:
- Strictly necessary: cookies that keep you signed in, remember your preferences, and record your cookie choices. These are always on because the site cannot work properly without them.
- Analytics: PostHog cookies that help us understand how the Platform is used so we can improve it. These are set only where consent is required and given.
- Advertising and measurement: the Meta (Facebook) Pixel, the TikTok Pixel, and affiliate tracking pixels and links, which load only after you accept them via the cookie banner. These are described in detail in Section 8.
Only strictly necessary cookies are set without your consent. Analytics and advertising/measurement cookies load only after you accept them in the cookie banner, and you can decline or withdraw your consent at any time through the cookie banner or your browser settings. The mobile app stores session tokens securely on your device (for example, in the iOS Keychain) and caches some content for performance and offline use; the advertising and measurement pixels described in Section 8 run on our website only and are not part of the in-app experience.
8. Advertising and Measurement
We do not show you advertising inside KF.Social, and we never sell your personal data for money. We do use measurement pixels from advertising platforms (Meta and TikTok) and affiliate partners on our website to understand which of our own marketing brings people to KF.Social. With your consent, this shares limited activity data with those platforms; you can decline at any time via the cookie banner.
To measure our own marketing and let partners promote KF.Social, our website uses the following advertising and measurement technologies:
- Meta (Facebook) Pixel and TikTok Pixel: used to measure conversions from our own ad campaigns (for example, page views, sign-ups, and bookings) and to build and measure audiences. They set cookies and send limited event data to those platforms.
- Affiliate and referral tracking: pixels and tracking links used so affiliate partners who promote KF.Social can be credited for the referrals they bring to us.
Recipients. The data collected by these technologies may be shared with Meta Platforms Ireland Limited and Meta Platforms, Inc.; TikTok Technology Limited (Ireland) and TikTok Inc.; and the affiliate networks and partners who refer people to us.
Lawful basis. We rely on your consent under the UK and EU ePrivacy rules and GDPR Article 6(1)(a). These pixels load only after you accept them via the cookie banner. You can decline them, or withdraw a consent you have already given, at any time through the cookie banner or your browser settings, without affecting the lawfulness of processing carried out before withdrawal.
International transfers. Meta and TikTok may process this data in the United States. Where that happens, the transfer is protected by the EU Standard Contractual Clauses, the UK Addendum, and, where applicable, the EU-US Data Privacy Framework, as described in Section 6.
US privacy rights. Under US laws such as the California Consumer Privacy Act (CCPA) as amended by the CPRA, sharing personal data with advertising platforms through pixels may be treated as a "sale" or "share" of personal information. We do not sell your personal data for money, but to honour these rights we provide a "Do Not Sell or Share My Personal Information" opt-out, which you can exercise through the cookie banner. Declining advertising and measurement cookies there gives effect to this opt-out.
9. Communications
We send transactional emails and push notifications that are necessary to provide the service, such as login codes, booking confirmations, venue reveals, and reminders. These are part of providing the dinners service and you cannot opt out of them while you hold an active booking, though you can control push notifications in your device settings.
With your consent, we also send optional marketing about KF.Social. You can withdraw that consent at any time using the unsubscribe link in any marketing email or in Settings. We do not sell or share your contact details for third-party marketing.
10. Data Retention
We keep your personal data only for as long as necessary for the purposes set out in this policy, or as required by law. In general:
- Account and profile data is kept while your account is active and deleted after you close it, subject to a short grace period.
- Dietary data is kept only while you choose to store it and is deleted as soon as you remove it or withdraw consent.
- Booking and payment records are retained for as long as required to meet our financial, tax, and legal obligations.
- Avoid-list and feedback data is retained while your account is active and is deleted with your account.
- Analytics data is retained in line with our provider's defaults and our own minimisation practices.
When you delete your account, we delete or anonymise your personal data, including dietary, avoid-list, and feedback data, except where we are required to retain certain records by law.
11. Your Rights
Under UK GDPR and GDPR, you have the following rights regarding your personal data:
- Right of access: request a copy of the personal data we hold about you
- Right to rectification: request correction of inaccurate or incomplete data
- Right to erasure: request deletion of your personal data
- Right to data portability: request your data in a structured, commonly used, machine-readable format
- Right to restriction: request that we limit how we process your data
- Right to object: object to processing based on our legitimate interests
- Right to withdraw consent: where processing is based on consent (including dietary data and area notifications), withdraw it at any time without affecting prior processing
You can exercise many of these rights directly in Settings, including editing your profile, managing dietary data, and deleting your account. For anything else, contact us at privacy@kf.social.
Complaints
As our lead supervisory authority, you can complain to the Irish Data Protection Commission (DPC) at www.dataprotection.ie if you are unhappy with how we handle your data. You may also complain to a supervisory authority closer to you: if you are in the UK, the Information Commissioner's Office (ICO) at ico.org.uk; if you are elsewhere in the EU, your local data protection authority. We would welcome the chance to address your concerns before you do, so please consider contacting us first.
12. Profiles and Content Privacy
KF.Social includes social features such as profiles, posts, and group chats. Some profile information, such as your display name and profile photo, may be visible to other members so you can recognise each other before and at a dinner.
You control the visibility of your posts using the privacy level you set for each one:
- Public: visible to other members
- Friends: visible only to people you are connected with
- Private: visible only to you
Your dietary data, allergies, avoid-list, and feedback are never shown to other users.
13. Security
We use appropriate technical and organisational measures to protect your personal data, including encryption in transit, secure storage of credentials on your device, restricted internal access, and payment handling by Stripe so that we never store full card numbers. No system can be guaranteed completely secure, but we work to protect your data and to respond promptly to any incident.
14. Children
You must be 18 or over to book a dinner, and we confirm this using your date of birth. The wider app is not directed at children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us at privacy@kf.social and we will take steps to delete it.
15. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will let you know by email or through the Platform. The effective date shown at the top of this page tells you when the current version took effect.
16. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, you can reach us through the following channels:
- Privacy enquiries: privacy@kf.social
- General support: support@kf.social
- Data controller: KaneFilous Limited
- Lead supervisory authority: Irish Data Protection Commission, www.dataprotection.ie
- UK supervisory authority: Information Commissioner's Office, ico.org.uk
Effective: June 2026. This is a draft Privacy Policy for KF.Social, operated by KaneFilous Limited, and is pending review by our solicitors before publication.