Privacy & discretion

SurrogateMatch is an early-access matching and coordination platform operating at surrogatematch.co. For the purposes of EU and UK data protection law, we act as the data controller for information you submit directly to us. We are a pre-launch platform and will update this page as our legal entity, DPO contact, and representative arrangements are finalized.

SurrogateMatch is for adults. You must be 18 or older to submit a form, join a waitlist, or use any part of this service. We ask you to confirm your age at the moment of submission — the "I confirm I am 18 or older" checkbox next to the privacy checkbox is part of our compliance record, and the timestamp of your confirmation is stored alongside your other information.

If we learn that someone under 18 has submitted information, we delete it promptly. If we can reach a parent or guardian, we will notify them first.

We only collect information you give us directly, either by filling out a form or by contacting us. We do not buy or scrape personal data from anywhere.

• ●Intended-parent intake: your name, email, preferred contact language, stage in your journey (e.g. exploring, embryos ready), and how you heard about us.
• ●Agency inquiry: your name, agency name, role, email, phone, number of available surrogates, states of operation, and any free-text context.
• ●Egg or sperm donation waitlist: your name, email, and current clinic status.
• ●Any message you send us at hello@surrogatematch.co or during a consultation call.

Some of our intake forms ask questions that can feel personal — your stage of the surrogacy journey, your clinic status, whether you're currently in treatment. Under some laws this is considered "special category" data (for example, EU GDPR Article 9) and gets extra legal protection.

Here's how we handle it:

• ●We don't sell it. Ever. Not to advertisers, not to brokers, not to anyone.
• ●We don't share it with authorities in countries where surrogacy is legally restricted, unless we're compelled by a court order in a jurisdiction where we operate.
• ●We share it with our trusted service providers only when strictly necessary to run the site and reply to you. The full list is in "Services that receive your data" below.
• ●Every optional field is actually optional. If a question feels too personal, leave it blank. Your form will still submit, and we'll still reply.

If you'd rather talk through a question in email instead of typing it into a form, reply to any message from us and we'll pick it up personally.

• ●To respond to your inquiry within 24 hours and schedule a consultation.
• ●To build your preference profile and match you with surrogates from our partner agency network when matching begins.
• ●To understand who we serve, which language matters most, and where our network needs to grow. We use aggregate, not individual, patterns for this.
• ●To comply with legal, tax, and fraud-prevention obligations.

We share your profile only with partner agencies whose surrogates you choose to be introduced to — never without your explicit approval. We do not sell your data. We do not share your data with advertisers. We do not disclose your use of SurrogateMatch to your home country's authorities. For the specific third-party service providers that touch your data on our behalf (hosting, database, email delivery, analytics, error tracking), see the detailed table in "Services that receive your data" below.

SurrogateMatch uses a small number of trusted third-party services to run the site, store your information, and reply to your messages. Each one has signed a data processing agreement with us.

We do not use Google Analytics, advertising networks, session-replay tools, or any other tracking service. We do not sell, rent, or share your data for marketing purposes.

We maintain an internal compliance register with each service's data processing agreement and SOC 2 or equivalent certification. You can request a current copy at any time by emailing hello@surrogatematch.co.

SurrogateMatch does not set any cookies for tracking, advertising, or profiling. We use Plausible Analytics — a privacy-first, cookieless analytics tool based in the European Union — to count page views and understand which parts of the site are most useful. Plausible does not store IP addresses, does not fingerprint your browser, and does not follow you across websites. Because we use no tracking cookies and no persistent client-side identifiers, the ePrivacy Directive does not require us to ask for your consent to analytics, and we do not. If you would prefer to opt out regardless, using a privacy-focused browser, your browser's Do Not Track setting, or a standard ad blocker will prevent the Plausible script from loading. We measure a small set of conversion events (form opens, form submissions, primary button clicks) so we can tell which parts of the site are working — these are aggregate counts, never tied to you personally. You can read more about how Plausible handles data at plausible.io/data-policy.

Depending on where you live, you have the following rights over your personal data. We honor them regardless of where you live if you ask.

• ●Access — see what data we hold about you.
• ●Correct — fix anything that's wrong.
• ●Delete — remove your data from our systems.
• ●Portability — take your data with you in a portable format.
• ●Object — tell us to stop processing your data.
• ●Withdraw consent — if we rely on consent for a specific use, you can withdraw it at any time.

Email hello@surrogatematch.co with the request. We will respond within 30 days.

We keep the information you submit for up to 18 months after your last interaction with us, whichever is more recent: the day you submitted a form, or the day we most recently replied to you. After 18 months your record is marked for deletion. Thirty days later, it's permanently erased — the entire process runs on a daily automated schedule so there's no manual step that can be skipped or forgotten.

If you want us to delete your information sooner, email us at hello@surrogatematch.co and we'll confirm the deletion within 30 days.

SurrogateMatch is hosted in the United States. If you are located in the European Economic Area, the United Kingdom, Israel, or another jurisdiction with data protection law, your data may be transferred to and processed in the United States. We rely on standard contractual clauses and similar mechanisms to protect your data in transit and at rest.

We encrypt data in transit (HTTPS) and at rest. We restrict access to your personal data to the small set of people who need it to respond to your inquiry. We are not yet HIPAA-compliant and we do not ask for health information during intake. If you accidentally share health information with us, we will not store it.

For any privacy question, data access request, or correction, email hello@surrogatematch.co. We are a small pre-launch team and we respond to every message personally.

hello@surrogatematch.co