privacy policy

What stays between you, stays between you.

Effective: May 28, 2026.

The short version

• Notes about your moments are end-to-end encrypted on your devices. Our servers store ciphertext only.
• We do not sell, share, or train any model on your private data.
• No advertising trackers. Analytics are aggregate and pseudonymous.
• You can export your data or delete your account at any time.

What we collect

• Account identifiers — Apple/Google subject ID or a hashed email.
• Device metadata — platform, encrypted push token, public key for E2E key exchange.
• Moment metadata — timestamp, initiator, location chip, rating, style tags.
• Notes — stored as ciphertext only. We cannot read them.

What we do not collect

• Your email address (stored only as a salted hash for sign-in dedup).
• Your phone’s location, contacts, microphone, or camera.
• Plaintext notes, photos, or voice memos.

How we use it

To run the app: sync between you and your partner, send the gentle reminders you opt into, and produce the weekly observation (which is generated from aggregate stats — never note content).

Subprocessors

• Cloudflare — hosting, database, object storage
• Anthropic — generating the weekly observation from aggregate stats
• Stripe — payments (only if you subscribe to Premium)
• Resend — transactional email (invites, magic-link codes)
• Expo — push notifications (content-hidden)

Contact

Questions about privacy? Write to [email protected].