← Back to CoupleClash

Privacy Policy

Last Updated: November 25, 2025 CoupleClash ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and share information when you use the CoupleClash mobile application (the "App"). By downloading or using the App, you agree to this policy. If you do not agree, please do not use the App.

1. Data Controller

The entity responsible for the processing of your data is: Julian Lundberg / LCode Location: Sweden Contact: [coupleclash.app@gmail.com]

2. Information We Collect

We adhere to the principle of data minimization. We only collect data necessary to provide our services.

A. Information You Provide to Us

* Account Information: Email address, username, password (hashed), and display name via Firebase Authentication. * Profile Data: Partner pairing details (Partner ID), relationship preferences (e.g., "Spice Level"), and dates of significance (e.g., anniversary). * User Content: Responses to daily quests, todo lists, chat messages, "Hot Flags," and completed challenge data. * Media (Protected): Photos or videos uploaded to challenges, chat, or the shared gallery. Media is stored securely in Firebase Storage with encryption at rest (AES-256, managed by Google). Access is restricted to you and your linked partner via time-limited signed URLs and security rules. * Support Data: Information contained in correspondence when you contact us for support.

B. Information Collected Automatically

* Device Information: IP address, device model, operating system (OS), and app version (via Expo Device). * Usage Data: Anonymized analytics regarding session length, screens viewed, and features used (via Firebase Analytics). * Purchase History: Subscription status and tier (Free, Premium, Deluxe) processed via RevenueCat and the respective Store (Google Play or Apple App Store). We do not store or process your credit card information directly.

C. AI Processing

* AI Interactions: Inputs provided to the "AI Quests" feature (powered by xAI/Grok) are processed to generate challenges. These inputs are anonymized where possible and are not used to train third-party models.

3. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases: 1. Contractual Necessity: To provide the App’s core features (pairing, chat, challenges). 2. Consent: For optional features (uploading photos, push notifications). 3. Legitimate Interests: To analyze app usage for improvements and security. 4. Legal Obligation: To comply with tax laws or law enforcement requests.

4. How We Use Your Information

* Service Delivery: To pair you with your partner, sync chats, and track XP/Levels. * Personalization: To generate AI quests tailored to your relationship preferences. * Communication: To send push notifications (e.g., "New Challenge") and transactional emails. * Security: To detect fraud, abuse, and enforce our Terms of Service. * Analytics: To understand how the App is used and improve stability.

5. Data Sharing and Third Parties

We do not sell your personal data. We share data only with the following trusted processors: * Google Firebase (USA/EU): Hosting, Database, Authentication, and Storage. * RevenueCat (USA): Subscription management infrastructure. * xAI (Grok): AI text generation (inputs are transient). * Google Analytics: Anonymized usage tracking. International Transfers: Data may be processed outside the EEA (e.g., servers in the US). We rely on Standard Contractual Clauses (SCCs) and adequacy decisions to ensure data protection.

6. Data Security

We implement robust security measures: * Encryption at Rest: All data stored in Firebase is encrypted at rest using AES-256 encryption (Google-managed keys). * Encryption in Transit: All data transfers use TLS/SSL encryption. * Access Control: Strict role-based access via Firebase Security Rules. Media files are protected by time-limited signed URLs (expire after 15 minutes) and server-side authorization checks. Only you and your linked partner can access your shared data. * Breach Notification: In the event of a data breach, we will notify affected users and authorities within 72 hours in accordance with GDPR.

7. Data Retention

* Account Data: Retained as long as your account is active. * Deleted Accounts: If you request deletion, data is removed from our live database immediately and from backups within 30 days. * Inactive Accounts: We reserve the right to delete accounts inactive for more than 24 months.

8. Your Rights

Depending on your location (EU/GDPR, California/CCPA), you have the right to: * Access: Request a copy of your data. * Rectification: Correct inaccurate data. * Deletion: Request the permanent deletion of your account and data ("Right to be Forgotten"). * Portability: Receive your data in a structured format. * Opt-Out: Stop receiving marketing communications. To exercise these rights, email [coupleclash.app@gmail.com].

9. Children’s Privacy

The App is intended strictly for users aged 18 and older. We do not knowingly collect data from minors. If we discover a user is under 18, we will delete the account immediately.

10. Changes to This Policy

We may update this policy. Material changes will be notified via the App or email. Continued use implies acceptance.