Privacy policy​

MatchAu Privacy Policy

Last updated: February 2026

1. Introduction

MatchAu LTD (“MatchAu”, “we”, “us” or “our”) is a company registered in England and Wales. We operate an online introduction platform that helps families and au pairs connect with each other through our applications and websites at aupair.uk and matchaupair.online (the “Platform”).

This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use the Platform. It applies to all users worldwide, including visitors, registered au pair candidates, and host families.

We are the data controller for the personal data we process through the Platform. This means we determine how and why your personal data is processed.

By using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Platform.

2. Data Controller and Contact Details

Data Controller:

MatchAu LTD

71-75 Shelton Street, Covent Garden,

London,

United Kingdom,

WC2H 9JQ

Company number 10915113

 

Data Protection Contact: gdpr@matchaupair.online

 

ICO Registration Number: ZA922684

3. What Personal Data We Collect

3.1 Data You Provide to Us

When you register for and use the Platform, you may provide the following:

       Account data: name, email address, password, date of birth, nationality, language(s) spoken.

       Profile data: profile photographs, biographical information, location (city/country), experience, qualifications, preferences, and information about your family (for host families) or your skills and availability (for au pairs).

       Communication data: messages you send to and receive from other users through the Platform.

       Payment data: if you purchase a Premium Membership, your payment details are processed by our third-party payment processor. We do not store your full credit/debit card numbers on our servers.

       Support data: information you provide when you contact us for support, including reports about other users.

       Verification data: where you use any identity verification features, the information you submit for that purpose.

       Survey and feedback data: responses to surveys, questionnaires, or feedback forms.

3.2 Data We Collect Automatically

When you use the Platform, we automatically collect:

       Device data: device type, model, manufacturer, operating system and version, unique device identifiers, mobile network information.

       Usage data: how you interact with the Platform, including pages visited, features used, search queries, time spent, and click patterns.

       Log data: IP address, browser type and version, access times, referring URL.

       Location data: approximate location based on IP address. If you enable GPS/location services on your device, we may also collect precise location data to display your approximate location to other users. You can disable this through your device settings or in the app.

       Cookie and tracking data: see Section 11 (Cookies) below.

3.3 Data from Third Parties

If you register or log in using a third-party service (such as Google, Facebook, or Apple), we may receive:

       your name, email address, and profile photograph from that service;

       other information you have made publicly available on that service; and

       an authentication token to verify your identity.

The information we receive depends on your privacy settings with the third-party service. We recommend reviewing the privacy policies of any third-party services you connect to the Platform.

3.4 Sensitive / Special Category Data

We aim to minimise the collection of special category data. However, the nature of the Platform means we may process:

       Nationality and ethnic origin: inherent in au pair matching across countries.

       Language and cultural information: relevant to matching preferences.

       Photographs: which may reveal racial or ethnic origin.

Where we process special category data, we do so on the basis of your explicit consent (which you provide when you create your profile and voluntarily share this information) or where it is necessary for reasons of substantial public interest.

4. How We Use Your Personal Data

Purpose

Data Used

Lawful Basis

Provide and operate the Platform

Account data, profile data, communication data

Performance of contract (Art. 6(1)(b))

Match au pairs and host families

Profile data, location data, preferences

Performance of contract (Art. 6(1)(b))

Process payments

Payment data, account data

Performance of contract (Art. 6(1)(b))

Verify user identity

Verification data, account data

Legitimate interest (Art. 6(1)(f)): platform safety

Monitor content for safety

Communication data, profile data

Legitimate interest (Art. 6(1)(f)): user protection and Online Safety Act compliance

Prevent fraud and abuse

Device data, usage data, log data, account data

Legitimate interest (Art. 6(1)(f)): platform security

Respond to support requests

Support data, account data

Performance of contract (Art. 6(1)(b))

Send service notifications

Account data (email, push token)

Performance of contract (Art. 6(1)(b))

Send marketing communications

Account data (email)

Consent (Art. 6(1)(a)): you can withdraw at any time

Improve the Platform

Usage data, device data, log data

Legitimate interest (Art. 6(1)(f)): service improvement

Analytics and research

Aggregated/anonymised usage data

Legitimate interest (Art. 6(1)(f)): understanding usage patterns

Comply with legal obligations

All relevant data

Legal obligation (Art. 6(1)(c))

Enforce our Terms

All relevant data

Legitimate interest (Art. 6(1)(f)): protecting our rights

Cooperate with law enforcement

All relevant data

Legal obligation (Art. 6(1)(c))

 

Legitimate interest assessments: Where we rely on legitimate interests, we have conducted a balancing test to ensure our interests do not override your rights and freedoms. You may request details of these assessments by contacting us.

5. Who We Share Your Personal Data With

We share your personal data only as described below:

5.1 Other Users

Your profile information (name, photographs, location, biography, and preferences) is visible to other registered users of the Platform. Messages are visible to the users you communicate with. Do not include sensitive information (e.g., passport numbers, financial details, DBS certificates) in your profile or messages.

5.2 Service Providers

We use third-party service providers who process data on our behalf under data processing agreements:

       Hosting and infrastructure: [provider to be inserted] — servers located in the United Kingdom

       Analytics: Google Analytics and Firebase (Google LLC) — for understanding how the Platform is used. Google’s privacy policy: policies.google.com/privacy

       Payment processing: [provider to be inserted] — processes payment card data securely; we do not store full card numbers

       Email communications: [provider to be inserted] — for service and marketing emails

       Push notifications: Apple Push Notification Service (APNs) and Firebase Cloud Messaging (FCM)

       Maps and location: Google Maps API — subject to Google Maps Platform Terms of Service and Google’s Privacy Policy

       Authentication: Social login providers (Google, Facebook, Apple) — see Section 3.3

5.3 Legal and Regulatory

We may disclose your data where required by law, including:

       in response to valid legal process (court orders, subpoenas);

       to comply with applicable law or regulation;

       to protect the rights, property, or safety of MatchAu, our users, or the public;

       to detect, prevent, or investigate fraud, security issues, or technical problems;

       to cooperate with law enforcement, child protection, or immigration authorities; and

       as part of safeguarding obligations where a child may be at risk.

5.4 Business Transfers

If MatchAu is involved in a merger, acquisition, reorganisation, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you by email and/or a prominent notice on the Platform before your data is transferred and becomes subject to a different privacy policy.

5.5 No Sale of Personal Data

We do not sell your personal data to third parties. We do not share your personal data with third parties for their own direct marketing purposes without your explicit consent.

6. International Data Transfers

Our Platform connects users across different countries. Your personal data may therefore be transferred to, stored, and processed in the United Kingdom and Ireland (where our servers are located) and may be accessible to users in other countries.

Where personal data is transferred outside the UK or European Economic Area, we ensure appropriate safeguards are in place:

       transfers to countries with an adequacy decision from the UK Secretary of State or the European Commission;

       Standard Contractual Clauses (SCCs) approved by the relevant authority;

       binding corporate rules; or

       other lawful transfer mechanisms.

 

By using the Platform to connect with users in other countries, you acknowledge that your profile information and messages will be accessible to those users and that data protection standards may differ from those in your country.

You may request details of the safeguards we use for international transfers by contacting us.

7. How Long We Keep Your Data

Data Type

Retention Period

Reason

Account and profile data

Duration of your account + 30 days after deletion

Service provision; grace period for accidental deletion

Communication data (messages)

Duration of your account + 90 days after deletion

Service provision; dispute resolution; safety investigations

Payment records

7 years after transaction

Legal obligation (tax and accounting records)

Support and complaint records

3 years after resolution

Dispute resolution; legal claims

Usage and analytics data

24 months (then aggregated/anonymised)

Service improvement

Device and log data

12 months

Security; fraud prevention

Marketing consent records

Duration of consent + 3 years after withdrawal

Legal obligation (proving consent)

Safeguarding reports

7 years after report

Legal obligation; child protection

 

After the applicable retention period, data is securely deleted or anonymised so that it can no longer be associated with you.

8. Your Rights

8.1 Rights Under UK GDPR and EU GDPR

If you are located in the UK or EEA, you have the following rights:

       Right of access (Article 15): Request a copy of the personal data we hold about you.

       Right to rectification (Article 16): Request correction of inaccurate or incomplete data.

       Right to erasure (Article 17): Request deletion of your personal data (“right to be forgotten”).

       Right to restriction (Article 18): Request that we limit how we process your data.

       Right to data portability (Article 20): Receive your data in a structured, machine-readable format.

       Right to object (Article 21): Object to processing based on legitimate interests or for direct marketing.

       Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

       Right to lodge a complaint: You may complain to a supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO) at ico.org.uk. In the EEA, contact your local Data Protection Authority.

 

To exercise any of these rights, contact us at [privacy email to be inserted]. We will respond within one month (which may be extended by two further months for complex requests). We may ask you to verify your identity before processing your request.

8.2 Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you additionally have the right to:

       Know what personal information we collect, use, disclose, and sell (if applicable).

       Delete your personal information (subject to certain exceptions).

       Opt out of the sale of personal information. We do not sell personal information.

       Non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise California rights, contact us at [privacy email to be inserted] with “California Privacy Request” in the subject line.

8.3 Additional Rights for Brazilian Users (LGPD)

If you are located in Brazil, you have rights under the Lei Geral de Proteção de Dados including confirmation of processing, access to data, correction, anonymisation, portability, deletion, and information about third parties with whom data is shared.

8.4 Additional Rights for Australian Users

If you are located in Australia, you have rights under the Privacy Act 1988 (Cth) including the right to access and correct your personal information, and to complain to the Office of the Australian Information Commissioner (OAIC).

9. Account Deletion

You have the right to delete your account at any time. You can do this through your account settings within the Application or by contacting us.

When you delete your account:

       we will verify your identity for security purposes;

       your profile will be removed from the Platform and will no longer be visible to other users;

       your personal data will be deleted or anonymised in accordance with the retention periods in Section 7;

       data that we are legally required to retain (e.g., payment records, safeguarding reports) will be kept for the required period and then deleted;

       messages you have sent to other users may remain visible to them, though your profile will show as deleted; and

       once deleted, your account cannot be restored.

 

Please ensure you have saved any data you need before deleting your account, as we will not be able to provide it after deletion.

10. Security

We implement appropriate technical and organisational measures to protect your personal data, including:

       encryption of data in transit (TLS/SSL) and at rest;

       access controls limiting data access to authorised personnel only;

       regular security assessments and testing;

       secure password hashing; and

       monitoring for suspicious activity.

 

No system is completely secure. While we take reasonable steps to protect your data, we cannot guarantee absolute security. If we become aware of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority in accordance with applicable law.

You are responsible for keeping your password confidential. Do not share your login credentials with anyone.

11. Cookies and Tracking Technologies

We use cookies and similar technologies on the Platform. A cookie is a small text file stored on your device that helps us recognise you and remember your preferences.

11.1 Types of Cookies We Use

Type

Purpose

Duration

Strictly necessary

Essential for the Platform to function (e.g., authentication, security, session management)

Session / up to 12 months

Functional

Remember your preferences and settings (e.g., language, location)

Up to 12 months

Analytics

Understand how users interact with the Platform (e.g., Google Analytics, Firebase Analytics)

Up to 24 months

Marketing

Deliver relevant advertisements and measure campaign effectiveness (if applicable)

Up to 24 months

 

11.2 Your Cookie Choices

Strictly necessary cookies cannot be disabled as they are essential for the Platform to work. For all other cookies, you may:

       manage your preferences through our cookie consent banner (displayed when you first visit the website);

       adjust your browser settings to refuse or delete cookies; or

       use your device settings to limit tracking on mobile applications.

Disabling certain cookies may affect the functionality of the Platform.

11.3 Google Analytics

We use Google Analytics and Firebase Analytics to understand how the Platform is used. These services may collect information about your device, usage patterns, and approximate location. You may opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on, or by adjusting your device’s advertising settings. For more information, see Google’s Privacy Policy at policies.google.com/privacy.

12. Location Data

The Platform may use location data as follows:

       IP-based location: We use your IP address to determine your approximate location (country/city). This is used to display relevant profiles and to show your approximate location to other users.

       GPS/device location: If you enable location services on your device, we may collect precise location data. This is used to improve matching accuracy and display your location on a map. Precise location is shown to other users as an approximate area only, not an exact position.

 

You can disable location services through your device settings or within the Application settings. If you disable location services, some features of the Platform may be limited.

13. Children and Minors

The Platform is restricted to users aged 18 and over. This restriction is enforced through the Apple App Store and Google Play Store age ratings.

We do not knowingly collect personal data from anyone under the age of 18. If we become aware that a person under 18 has registered or provided personal data, we will take steps to terminate their account and delete their data promptly.

If you are a parent or guardian and believe that a person under 18 has provided us with personal data, please contact us at privacy@matchaupair.online.

 

Note regarding children in host families: While children are not users of the Platform, host family profiles may contain information about children in the household (e.g., number and ages of children). This information is provided voluntarily by host families for matching purposes. We process this data on the basis of the host family’s consent and legitimate interest in finding a suitable au pair.

14. Third-Party Links and Services

The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing them with personal data.

If you connect your account using a third-party login (e.g., Google, Facebook, Apple), the third party’s privacy policy governs how they handle your data. We only receive the data described in Section 3.3.

15. Content Monitoring

To protect users and comply with the Online Safety Act 2023, we may monitor content on the Platform, including profiles and messages. This monitoring may include:

       automated systems to detect prohibited content, spam, or fraudulent activity;

       manual review of reported profiles and messages by our moderation team; and

       review of content flagged by users through the reporting mechanism.

 

We process data for content monitoring purposes on the basis of our legitimate interest in maintaining a safe platform and our legal obligations under the Online Safety Act 2023.

16. Marketing Communications

We may send you marketing communications about the Platform, new features, and related services. We will only send marketing emails where:

       you have given us your explicit consent (opt-in); or

       you are an existing user and the marketing relates to similar services (soft opt-in), and you have not opted out.

 

You can opt out of marketing at any time by:

       clicking the unsubscribe link in any marketing email;

       adjusting your preferences in your account settings; or

       contacting us at info@matchaupair.online.

Opting out of marketing does not affect service-related communications (e.g., account notifications, security alerts).

17. Automated Decision-Making

We may use automated processes to match au pairs and host families based on preferences, location, language, and other profile criteria. These automated processes assist with matching suggestions but do not make binding decisions about you.

We do not currently make any solely automated decisions that produce legal effects or similarly significantly affect you. If this changes, we will update this Privacy Policy and, where required, obtain your explicit consent or provide a mechanism for you to request human review.

18. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy from time to time. Updated versions will be published on our website and made available within the Application. The “Last updated” date at the top will be revised accordingly.

Your continued use of the Platform after an updated Privacy Policy has been published constitutes your acknowledgement of the changes. Where changes materially affect how we process your data, we will use reasonable efforts to draw your attention to them through the Platform.

If you do not agree with a revised Privacy Policy, you should stop using the Platform and may delete your account.

19. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

 

MatchAu LTD

Data protection enquiries: gdpr@matchaupair.online

General support: info@matchaupair.online

Safeguarding concerns: gdpr@matchaupair.online

 

UK Supervisory Authority:

Information Commissioner’s Office (ICO)

ico.org.uk  |  0303 123 1113

 

EU Supervisory Authorities: A list of EEA data protection authorities is available at edpb.europa.eu.