Privacy Policy
Last updated: 2026-04-19
Mattch takes your privacy seriously. This page covers what we collect, why, how long we keep it, and how to exercise your rights.
Controller & Contact
Mattch is an independent one-person side project and acts as the data controller. For privacy requests, use the inquiry widget at the bottom-right of every page. We aim to respond within 30 days.
Data Protection Officer
The designated Data Protection Officer under Korea's PIPA Article 31 is Taejun Park, operator of Mattch. Privacy-related questions, access requests, and deletion requests should be submitted via the inquiry widget at the bottom-right of any page; we respond within 30 days.
Information We Collect
(1) Quiz responses (sleep position, body type, temperature preference, pain points, etc.), (2) optional email address, (3) feedback and inquiry messages, (4) locale and country code. Quiz responses are stored without identifiers.
How We Use Your Data
Data is used only to: (1) generate your mattress recommendation, (2) improve the algorithm via aggregate analytics, (3) improve our service and guide content, (4) respond to inquiries. We never sell personal data.
Legal Basis (GDPR Article 6)
Service functionality: legitimate interest (Art. 6(1)(f)). Email delivery and analytics scripts: your consent (Art. 6(1)(a)). Pain and posture answers are used only for aggregated recommendation purposes and are not a medical assessment.
Sub-processors
The following providers process data on Mattch's behalf: Supabase (database, US), Vercel (hosting, US), Google Gemini API (AI mattress model search, US), Google Analytics 4 (web analytics, US — only with consent), Umami (web analytics — only with consent), Resend (email delivery, EU/US — when used).
International Transfers
Data may be transferred to providers located in the United States (Supabase, Vercel, Google). Transfers rely on Standard Contractual Clauses and each provider's Data Processing Agreement. If you do not want this, please stop using the service.
Retention
Quiz responses and results: up to 12 months. Email subscribers: until unsubscribe, or up to 24 months. Inquiries and feedback: 24 months. Records older than these windows are anonymized or deleted periodically.
Cookies & Local Storage
Essential: quiz responses (sessionStorage), feedback and consent state (localStorage), admin session (HttpOnly cookie). Optional: analytics scripts (GA4, Umami) load only if you accept via the banner. You can withdraw consent at any time by clearing site data.
Automated Decision-Making
Your recommendation is produced by an automated algorithm (GDPR Art. 22). You may request human review or an explanation via the inquiry widget.
Your Rights
EU/UK residents: right of access, rectification, erasure, restriction, portability, objection, and to withdraw consent (GDPR Arts. 15–22); you may lodge a complaint with your national supervisory authority. California residents: right to know, delete, correct, and opt out of sale (CCPA/CPRA) — Mattch does not sell personal data. Other jurisdictions: equivalent rights under local law where available.
Children
Mattch is not directed to users under 16 (under 13 in the US). If you believe a child has provided data, please notify us via the inquiry widget and we will delete it promptly.
Deletion Requests
To delete stored data, submit a request through the inquiry widget under "Other". Quiz data cached in your browser is cleared automatically when the tab is closed.
Changes to this Policy
We may update this policy to reflect regulatory or service changes. Check the Last updated date at the top.