Last updated: July 2026
Who we are
We are GF Hearts LLC, a social platform for people living the gluten-free lifestyle, whether by medical necessity or personal choice. The site is designed for dating and friendship connections, resources, events, vendors, restaurant recommendations, merchandise, articles, and more. We want to create a space of safety and warmth, and this policy explains what data we collect, why we collect it, and what rights you have over it.
Our website address is: https://gfhearts.com.
Information we collect
Account data: name, email address, password, date of birth, gender, and location.
Dating and profile data: photos, dating preferences, relationship goals, interests, GF Meter status, and any bio information you voluntarily provide. The “Name” field is required and public; profiles are visible to any site visitor. Other profile fields may be required or optional, and you can generally limit visibility of a given field to friends, logged-in users, or administrators only. You can edit or delete your profile information at any time from Profile > Edit, except you cannot change your username or GF Meter status. Site administrators can view and edit all profile data.
Verified badge: members can request a “verified” badge, which administrators review and assign. This is a simple yes/no status shown on your profile and in activity, messages, and comments – it does not involve submitting an ID or document.
Health and dietary information: dietary preferences, reasons for a gluten-free lifestyle (e.g. celiac disease diagnosis, gluten intolerance), and food sensitivities, which you may choose to display on your profile or share in community spaces.
User-generated content: forum posts, comments, recipe/restaurant submissions and reviews, and activity stream updates (new friendships, joined groups, profile updates, etc.). Activity content follows the same privacy rules as the context it’s created in – a profile update is public, while an update in a private group is visible only to that group’s members. You can delete your own activity items at any time; administrators can view and edit all activity items.
Registration and submission forms: account registration, profile editing, and content submissions (such as recipe or restaurant recommendations) are handled through front-end forms that may include file uploads, like a recipe or profile photo.
Media and albums: if you upload images, avoid including embedded location data (EXIF GPS) – other members can download and extract any location data left in uploaded images. You can also create photo, audio, and video albums; each item you upload can be set to its own privacy level (e.g. public, friends-only, or only you).
Private messages: message text and file attachments, who you’re messaging, delivery/read timestamps, online/last-active status, and emoji reactions, handled through Better Messages. Message content is visible only to the sender and recipients, except administrators can read and delete message content. A copy of your recent messages is cached locally in your browser (IndexedDB) for faster loading; this stays on your device and can be cleared by clearing your browser data.
Comments: when you leave a comment, we collect the data in the comment form along with your IP address and browser user agent string, to help with spam detection. An anonymized hash of your email address may be sent to the Gravatar service to check whether you use it (see https://automattic.com/privacy/); once your comment is approved, your profile picture is publicly visible alongside it.
Event, venue, and organizer information: if you or we create, submit, or publish events, venues, or organizers through our events calendar, we store details such as venue name/address/coordinates, organizer name/phone/website/email, and event website/cost/description/date/time/image. Venue addresses may be displayed on an embedded map, which can receive your IP address when the map loads.
Membership data: we use a membership plugin to manage account levels (e.g. free vs. member tiers). If we introduce or expand paid membership features, your billing details and subscription status will be collected and processed through our payment processor at that time.
Purchases: if you buy merchandise through our store, we collect your name, billing address, shipping address, email address, phone number, and payment details during checkout. Payments are processed by Stripe; we do not store your full card number on our servers. This information is used to fulfill orders, provide support, verify your identity, and, if you create an account, pre-fill future orders.
Affiliate and shortened links: when you click a shortened or affiliate link on our site (for example, in a product or restaurant recommendation), we log the referring page, your browser, operating system, and IP address, so we can measure link performance.
Push notifications: if you opt in to push notifications for new posts or BuddyPress activity, your browser or device generates a push subscription token, which we use only to deliver the notifications you’ve requested.
Technical and usage data: IP address, device type, operating system, app usage analytics, and cookie identifiers.
Cookies
- Comment cookies: if you comment, you may opt in to saving your name, email, and website in a cookie for convenience. These last one year.
- Login test cookie: a temporary, no-data cookie set on the login page to check whether your browser accepts cookies; discarded when you close your browser.
- Login and screen option cookies: set when you log in, to keep you signed in and remember your display preferences. Login cookies last two days (two weeks with “Remember Me”); screen option cookies last a year. These are removed when you log out.
- Post-edit cookie: set when you edit or publish an article, containing only the post ID. Expires after one day.
- BuddyPress action-status cookies: show success/failure messages after actions like joining a group; contain no personal data and are deleted after the next page load.
- BuddyPress directory preference cookies: remember sort, filter, and pagination choices on group, member, and activity directories; contain no personal data and are deleted after 24 hours.
- Group-creation cookies: track your progress through creating a new group; contain no personal data and are deleted on completion or after 24 hours.
- Spam and bot-protection cookies: our anti-spam and bot-detection services (see section 6) may set their own cookies to help distinguish humans from automated submissions.
How we use your information
We use your data to:
- Operate, maintain, and personalize the dating and community platform.
- Match you with other users based on your location and preferences.
- Provide gluten-free resources and lifestyle tools tailored to you.
- Process merchandise orders and, where applicable, membership payments.
- Deliver push notifications you’ve opted into.
- Measure the performance of affiliate and shortened links.
- Monitor platform safety, prevent fraud and spam, and enforce our community and anti-harassment guidelines.
- Recognize returning commenters so follow-up comments don’t need manual moderation.
Automated matching
Our matching feature uses your profile data (such as location and stated preferences) to suggest other users to you. This does not involve any decision with legal or similarly significant effect made without human involvement; you always choose whether to act on a suggested match.
Spam and bot protection
To protect comments, forms, and registrations from spam and abuse, we use automated spam and bot-detection services, including Akismet, CleanTalk, and hCaptcha. These services analyze submission content, your IP address, and technical signals about your browser or device to judge whether a submission is likely spam or automated, and some may set their own cookies as part of that check. See Akismet’s privacy policy (https://automattic.com/privacy/) and CleanTalk’s privacy policy (https://cleantalk.org/privacy) for details on how they handle this data.
Embedded and third-party content
Articles may include embedded content (videos, images, articles, etc.) from other sites. That content behaves as if you visited the source site directly – it may set its own cookies, embed third-party tracking, and monitor your interaction with it, including if you’re logged into that other service.
AI chat bots
If the site offers AI-powered chat bots, messages you send in that conversation are sent to the relevant AI service provider (such as OpenAI, Anthropic, or Google) to generate a response.
Who we share your data with
We do not sell your personal data. We share it only in these cases:
- Public profile: anything you add to your dating or community profile is visible to other registered users.
- Service providers: trusted vendors bound by confidentiality obligations, including payment processing (Stripe), content delivery and security (Cloudflare), spam and bot detection (Akismet, CleanTalk, hCaptcha), web hosting, and analytics providers.
- Password resets: if you request one, your IP address is included in the reset email.
- Legal requirements: we may disclose data if required by law or subpoena, or to protect the safety of our users or the public.
How long we retain your data
- Comments and their metadata are kept indefinitely, so we can auto-approve follow-up comments from the same commenter instead of holding them for moderation.
- Registered users’ profile, media, and message data are retained while the account is active. If you request erasure, message content is replaced with a placeholder so other participants’ conversations still make sense.
- Event, venue, and organizer data is retained indefinitely in the local database unless deleted.
- Purchase, order, and membership records are kept as needed for accounting, tax, and customer service purposes.
- Affiliate/shortened-link click logs are retained for as long as needed to report on link performance.
Where your data is sent
- Comments and form submissions may be checked by our spam and bot-detection services (Akismet, CleanTalk, hCaptcha), which may process data outside your country.
- Payment processing for purchases, and for memberships if paid tiers are enabled, is handled by Stripe.
- Our site uses Cloudflare for content delivery and security, which routes traffic through its global network.
- If a venue map is embedded on an event page, the map provider may receive your IP address when the map loads.
How we protect your data
We use industry-standard administrative, technical, and physical safeguards to protect your information, including access controls and secure hosting practices.
Data breach procedures
If we become aware of a data breach affecting your personal data, we will investigate, take steps to contain and remediate it, and notify affected users and any required authorities in line with applicable law.
Your privacy rights (GDPR / CCPA / state laws)
If you have an account, or have left comments, you can request an exported file of the personal data we hold about you, or request that we erase it. This does not include data we’re required to keep for administrative, legal, or security purposes. Depending on your jurisdiction, you may also have the right to access, correct, or restrict the use of your data.
Governing law
This policy is governed by and construed in accordance with the laws of the State of Indiana, in the country of the United States of America, without regard to its conflict of law principles.
Users Under the Age of 18
We do not knowingly retain the personal information of users under the age of 18. If you are the parent of a child who is under the age of 18 and has registered for our website, please contact us immediately. We will take immediate action to remove the information from our servers.
Contact information
Where available, these requests can be made by contacting us directly.
For any privacy-related questions or requests, contact us at: ad***@******ts.com
