Privacy Policy

Persian Riviera is a private social club for the Persian-speaking diaspora and their guests on the French and Italian Riviera. We connect members through curated experiences, events, and private social features.

This Privacy Policy explains how we collect, use, and protect your personal information when you use our platform, apply for membership, or interact with our services.

Data Controller: Persian Riviera · Côte d'Azur, France · privacy@persianriviera.club

We collect information you provide directly, and some information automatically when you use our platform.

Information you provide:

• Full name, email address, phone number, city of residence
• Age and gender (for community matching purposes)
• Government-issued identity documents (for verification)
• Selfie photograph (for identity verification match)
• Application introduction and referral information
• Profile preferences, interests, and bio
• Messages sent to other members
• Tonight Plans and Journey posts you publish

Information collected automatically:

• Login activity and session metadata
• Feature interactions within the platform
• Device type and browser (for security purposes)

We use your information strictly to operate and improve the Persian Riviera platform:

• To review and process your membership application
• To verify your identity and maintain community trust
• To personalise your experience and facilitate connections
• To send service notifications, event invitations, and trust score updates
• To calculate your Trust Score and eligibility for Circle tier upgrades
• To moderate content and maintain community safety
• To process subscription payments via Stripe
• To send important account communications via email and Telegram

We do not use your data for advertising, sell it to third parties, or use it for any purpose unrelated to the platform's operation.

When you submit your identity document and selfie for verification:

• Images are transmitted securely to OpenAI's API (GPT-4o Vision) for automated screening
• The AI confirms identity document authenticity and matches it to your selfie
• A verification score is generated; no facial data is stored permanently after verification
• Identity documents are retained for a maximum of 90 days after verification, then deleted

AI is also used for application screening, content moderation, and member matching recommendations. All AI-generated decisions regarding your membership can be reviewed and appealed by contacting our team.

We share your information only with the following service providers, strictly for platform operation:

• Supabase — Secure cloud database hosting (EU servers)
• OpenAI — AI verification and content processing (data not retained for training)
• Stripe — Payment processing (subject to Stripe's own privacy policy)
• Twilio — SMS OTP delivery
• Telegram — Admin notifications and member communications (opt-in)

We do not share your personal information with other members beyond your public profile details (name, city, tier). Your email and phone number are never visible to other members.

We retain your data only as long as necessary for the purpose for which it was collected:

• Active member accounts: data retained for the duration of membership plus 12 months
• Rejected applications: data deleted 30 days after rejection
• Identity documents: deleted 90 days after successful verification
• Messages: retained for 24 months, then archived or deleted
• Payment records: retained for 7 years per French financial regulations

You may request early deletion of your data at any time (see Your Rights below).

Under the GDPR and applicable French data protection law, you have the following rights:

• Right of access — Request a copy of all personal data we hold about you
• Right to rectification — Correct any inaccurate information
• Right to erasure — Request deletion of your data ("right to be forgotten")
• Right to restriction — Limit how we process your data
• Right to portability — Receive your data in a machine-readable format
• Right to object — Object to automated decision-making (AI screening)
• Right to withdraw consent — At any time, without affecting prior processing

To exercise any of these rights, email us at privacy@persianriviera.club. We will respond within 30 days.

We take the security of your personal data seriously. Our measures include:

• All data transmitted over encrypted HTTPS connections (TLS 1.3)
• Database access restricted to authenticated API endpoints only
• Identity documents encrypted at rest and access-logged
• OTP-based authentication — no passwords stored
• Regular security reviews of third-party integrations
• Admin access to member data requires two-factor authentication

In the event of a data breach that affects your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of it.

Persian Riviera uses only strictly necessary session storage (browser localStorage) to maintain your login session. We do not use tracking cookies, advertising cookies, or third-party analytics that profile your behaviour.

Your session token expires automatically after 7 days and is cleared when you sign out.

If you have any questions about this Privacy Policy or how we handle your data, please contact our Data Protection contact: