Privacy Policy
This Privacy Policy explains how Deep Movement Collective (“DMC”, “we”, “us”, or “our”) collects, uses, stores, shares, and protects your personal data when you use our website, mobile application, and related services. It also explains your rights regarding your personal data and how to exercise them.
Please read this policy carefully. By using the Services, you acknowledge that you have read and understood this Privacy Policy. This policy should be read together with our Terms and Conditions.
1 Who We Are (Data Controller)
Deep Movement Collective LLC is the data controller responsible for your personal data.
Entity: Deep Movement Collective LLC
Registered address: 1111B S Governors Ave STE 29782, Dover, DE 19904, United States
Email:
Website: https://the-dmc.com
Under the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR), we are the “data controller.” Under South Africa’s Protection of Personal Information Act 4 of 2013 (POPIA), we are the “responsible party.”
2 What This Policy Covers
This Privacy Policy applies to personal data collected through:
- Our website at the-dmc.com
- The DMC mobile application (iOS and Android)
- The member dashboard
- Any DMC-organised meetups, events, or activities
- Email, WhatsApp, and other communications with us
It does not apply to third-party websites, apps, or services linked from DMC (such as Stripe, WhatsApp, or partner venues). Those services have their own privacy policies, which we encourage you to review.
3 Personal Data We Collect
3.1 Data You Provide Directly
When you register, complete onboarding, use the platform, or contact us, we may collect:
| Category | Examples | When Collected |
|---|---|---|
| Identity data | First name, last name, date of birth, gender | Registration and onboarding |
| Contact data | Email address, phone number, WhatsApp number, city | Registration and onboarding |
| Profile data | Bio, professional background, interests, goals, industry, company name, photos, social media links | Onboarding and profile editing |
| Financial data | Subscription plan, billing history, payment method type (card brand and last 4 digits only) | Subscription and checkout |
| Communication data | Messages to support, feedback, survey responses, testimonials | When you contact us or respond to surveys |
| Meetup data | Attendance, group assignments, activity preferences, feedback on meetups | During match cycles and meetups |
3.2 Data We Collect Automatically
When you use the website or app, we automatically collect:
| Category | Examples | Purpose |
|---|---|---|
| Device and technical data | IP address, browser type, operating system, device type, device identifiers, screen resolution | Platform security, analytics, debugging |
| Usage data | Pages visited, features used, time spent, click patterns, search queries within the platform | Service improvement, personalisation |
| Location data | City-level location derived from IP address or the city you select during onboarding. We do not collect precise GPS location. | Matching you with members in your city |
| Log data | Access times, error logs, referring URLs | Security monitoring, troubleshooting |
| Advertising data | Data collected via Meta Pixel, Google Ads tags, and similar tracking technologies, including page views, conversion events, and ad interactions | Measuring ad effectiveness, remarketing, and audience building |
3.3 Data from Third Parties
We may receive limited data from third parties, including:
- Stripe: payment confirmation status, subscription status, and billing events (not full card details).
- Analytics providers (such as Google Analytics): aggregated and pseudonymised usage data.
- Advertising platforms (Meta/Facebook and Google Ads): conversion data, ad interaction data, and pseudonymised audience insights used to measure campaign performance and serve relevant ads.
- App stores (Apple App Store, Google Play): download and installation data, crash reports.
We do not purchase personal data from data brokers or third-party marketing databases.
4 How We Use Your Personal Data
We use your personal data for the following purposes:
| Purpose | What We Do | Legal Basis (GDPR) | Legal Basis (POPIA) |
|---|---|---|---|
| Provide the Services | Create and manage your account, process onboarding, run the matching algorithm, facilitate meetups, manage subscriptions and billing | Contractual necessity | Processing necessary for a contract |
| Communicate with you | Send match notifications, billing receipts, service updates, and respond to support requests | Contractual necessity | Processing necessary for a contract |
| Improve the Services | Analyse usage patterns, test new features, improve the matching algorithm, fix bugs | Legitimate interest | Legitimate interest of the responsible party |
| Ensure safety and security | Detect and prevent fraud, enforce our Terms, investigate misconduct, protect members | Legitimate interest | Legitimate interest of the responsible party |
| Marketing | Send newsletters, feature announcements, promotions, and community content (only with your consent) | Consent | Consent |
| Push notifications | Send match alerts, meetup reminders, and community updates via the mobile app (only with your consent) | Consent | Consent |
| Legal compliance | Comply with tax, accounting, regulatory, and legal obligations | Legal obligation | Processing necessary for legal compliance |
| Events | Organise city-wide events, manage RSVPs, facilitate community activities | Contractual necessity / Legitimate interest | Contract / Legitimate interest |
| Advertising and remarketing | Measure the effectiveness of our advertising campaigns, serve relevant ads on platforms like Meta (Facebook/Instagram) and Google, and retarget visitors who have interacted with our website or app | Consent | Consent |
5 Cookies and Tracking Technologies
We use cookies and similar tracking technologies on our website and app to improve your experience and analyse how the Services are used.
5.1 Types of Cookies We Use
| Type | Purpose | Examples | Duration |
|---|---|---|---|
| Strictly necessary | Required for the website and app to function (authentication, security, session management) | Session cookies, CSRF tokens, authentication tokens | Session or up to 12 months |
| Analytics | Help us understand how you use the Services so we can improve them | Google Analytics | Up to 26 months |
| Functional | Remember your preferences and settings | Language preference, city selection | Up to 12 months |
| Marketing | Used to deliver targeted advertising, measure ad performance, and serve remarketing ads on third-party platforms (only with consent) | Meta Pixel, Google Ads conversion tracking, email campaign tracking pixels | Up to 12 months |
5.2 Managing Cookies
You can control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling strictly necessary cookies may affect the functionality of the Services.
For analytics cookies, you can opt out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-on. For advertising cookies, you can manage your preferences through Google Ads Settings and Meta Ad Preferences. You can also opt out of interest-based advertising from participating companies at aboutads.info.
6 Who We Share Your Data With
We do not sell your personal data to anyone. We share your data only in the following circumstances:
6.1 Service Providers
We use trusted third-party service providers to operate and improve the Services. These providers process data on our behalf and are contractually required to protect your data:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Stripe | Payment processing, subscription management | Payment method details, billing information, subscription events | United States |
| Railway | Cloud hosting and infrastructure | All platform data (encrypted at rest and in transit) | United States |
| Mailchimp (Intuit) | Email communications and marketing | Name, email address, subscription preferences | United States |
| Google Analytics | Website and app analytics | Pseudonymised usage data, IP address (anonymised) | United States |
| Google Ads | Advertising, conversion tracking, and remarketing | Pseudonymised usage data, conversion events, IP address (anonymised) | United States |
| Meta (Facebook/Instagram) | Advertising, conversion tracking, and remarketing | Pseudonymised usage data, conversion events, IP address (anonymised) | United States |
| Apple / Google | App distribution, push notifications | Device tokens, crash reports | United States |
| Metabase | Internal business analytics and reporting | Aggregated platform data | Self-hosted |
6.2 Other Members
When you are matched with other members, profile information is shared with your match group to facilitate the meetup. This includes your first name, profile photo, professional background, interests, email address, and phone number (or WhatsApp number). This sharing is necessary for group members to coordinate and communicate about upcoming meetups. Your full date of birth is not shared with other members.
By joining DMC and participating in match cycles, you consent to this sharing of contact information with fellow group members. You can request to have your contact details removed by contacting us, though this may limit your ability to participate in meetups.
6.3 Legal and Safety Disclosures
We may disclose your personal data if we are required to do so by law, regulation, or legal process, or if we believe in good faith that disclosure is necessary to:
- Comply with a legal obligation, court order, or regulatory request.
- Protect the rights, safety, or property of DMC, our members, or the public.
- Investigate or prevent fraud, security incidents, or violations of our Terms.
- Respond to an emergency involving potential harm to any person.
6.4 Business Transfers
If DMC is involved in a merger, acquisition, reorganisation, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such change and ensure the receiving party is bound by obligations consistent with this Privacy Policy.
7 International Data Transfers
DMC is based in the United States. If you are located in the United Kingdom, European Economic Area, South Africa, or any other jurisdiction with data protection laws that restrict international data transfers, your personal data will be transferred to and processed in the United States and potentially other countries where our service providers operate.
We ensure that international transfers of personal data are protected by appropriate safeguards, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission and recognised by the UK Information Commissioner’s Office (ICO), incorporated into our agreements with service providers.
- Adequacy decisions, where the European Commission or UK government has determined that a country provides an adequate level of data protection.
- Other lawful transfer mechanisms as recognised under applicable law.
Under Section 72 of POPIA, cross-border transfers are permitted where the recipient is subject to laws or binding agreements that provide an adequate level of protection, or where you have consented to the transfer. Our agreements with service providers include data protection obligations substantially similar to those required by POPIA.
8 Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes described in this policy, unless a longer retention period is required or permitted by law.
| Data Type | Retention Period | Reason |
|---|---|---|
| Account and profile data | Duration of membership plus 12 months after account deletion | Account reactivation inquiries and post-cancellation disputes |
| Financial and billing data | 7 years after the transaction | Tax, accounting, and legal compliance obligations |
| Communication data | 3 years after last interaction | Service quality improvement and recurring issue resolution |
| Analytics and usage data | 26 months (aggregated and pseudonymised) | Service improvement and trend analysis |
| Match and meetup data | Duration of membership plus 6 months | Matching algorithm improvement and dispute resolution |
| Marketing consent records | Duration of membership plus 3 years | Demonstrate compliance with consent requirements |
After the applicable retention period, we will securely delete or anonymise your personal data so that it can no longer be associated with you.
9 Data Security
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it, including:
- Encryption of data in transit using TLS/SSL and encryption at rest for stored data.
- Secure authentication mechanisms, including hashed and salted passwords.
- Access controls limiting who within DMC can access personal data, on a need-to-know basis.
- Regular security reviews and monitoring of our infrastructure.
- PCI-DSS compliant payment processing through Stripe (DMC never stores full card details).
- Incident response procedures to detect, investigate, and respond to data breaches.
While we take reasonable precautions, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your data to the highest practicable standard.
10 Your Rights
Depending on where you are located, you have certain rights regarding your personal data. We are committed to helping you exercise these rights.
If you are located in the United Kingdom or European Economic Area, you have the following rights:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request that we correct inaccurate or incomplete data.
- Right to erasure: Request that we delete your personal data (“right to be forgotten”), subject to certain legal exceptions.
- Right to restrict processing: Request that we limit how we use your data in certain circumstances.
- Right to data portability: Request a copy of your data in a structured, machine-readable format and have it transferred to another controller.
- Right to object: Object to processing based on legitimate interest, including direct marketing.
- Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of processing before withdrawal.
- Right to lodge a complaint: Complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk or your local supervisory authority.
If you are located in South Africa, you have the following rights under the Protection of Personal Information Act 4 of 2013:
- Right to be notified: Be informed when your personal information is being collected and the purpose of the collection.
- Right of access: Request confirmation of whether we hold personal information about you, and request access to that information.
- Right to correction: Request correction or deletion of personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or obtained unlawfully.
- Right to deletion: Request destruction or deletion of personal information that we are no longer authorised to retain.
- Right to object: Object to the processing of your personal information on reasonable grounds, and object to receiving direct marketing.
- Right to submit a complaint: Lodge a complaint with the Information Regulator (South Africa) at inforegulator.org.za.
How to Exercise Your Rights
To exercise any of these rights, please contact us at with the subject line “Data Rights Request.” We may ask you to verify your identity before processing your request.
We will respond to your request within:
- 30 days for requests under UK GDPR / EU GDPR (extendable by a further 60 days for complex requests, with notice).
- A reasonable period for requests under POPIA (generally within 30 days).
We will not charge a fee for most requests. However, we may charge a reasonable administrative fee if your request is manifestly unfounded, excessive, or repetitive, or we may refuse to act on the request in such cases.
11 Children’s Privacy
DMC is not directed at individuals under the age of 18. We do not knowingly collect personal data from anyone under 18 years of age. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at and we will take steps to delete that information promptly.
12 Marketing and Communications
12.1 Marketing Consent
We will only send you marketing communications (such as newsletters, promotional offers, and community content) where you have given us your explicit consent or where we are permitted to do so under applicable law.
We rely on your opt-in consent for electronic marketing communications, in accordance with the Privacy and Electronic Communications Regulations 2003 (PECR) and ePrivacy rules.
We rely on your opt-in consent for direct marketing, in accordance with Section 69 of POPIA and the Consumer Protection Act.
12.2 Opting Out
You can opt out of marketing communications at any time by:
- Clicking the “Unsubscribe” link in any marketing email.
- Updating your communication preferences in your account dashboard.
- Contacting us at .
Opting out of marketing does not affect transactional communications necessary for the operation of your account (such as billing receipts, match notifications, and service updates).
13 Automated Decision-Making and Profiling
DMC uses an automated matching algorithm to group members into small groups for meetups based on factors such as city, interests, goals, and preferences.
This matching process constitutes profiling under GDPR but does not produce legal effects or similarly significant effects on you. It is used solely to facilitate the core DMC experience of curated group meetups.
You have the right to request information about the logic involved in the matching process and to object to automated decision-making. To do so, please contact us at .
We do not use automated decision-making for any purpose that produces legal effects or significantly affects you (such as credit decisions, employment, or access to essential services).
14 Do Not Track Signals
Some browsers transmit “Do Not Track” (DNT) signals. There is currently no industry standard for how to respond to DNT signals. Our website does not currently respond to DNT signals, but you can manage tracking preferences through your browser settings and cookie choices as described in Section 5.
15 Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Services, or applicable law.
If we make material changes, we will notify you by:
- Sending an email to the address associated with your account.
- Displaying a prominent notice within the platform or app.
- Updating the “Last Updated” date at the top of this policy.
We will provide at least 14 days’ notice before material changes take effect, except where changes are required by law. Your continued use of the Services after the updated policy takes effect constitutes your acceptance of the changes. If you do not agree, you should stop using the Services and request account deletion.
16 Contact Us
If you have any questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how we handle your personal data, please contact us:
If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority: