Privacy Policy

1. Information We Collect

Data you provide: Contact names, conversation messages, dating profile information, notes, and screenshots you choose to import into the App.

Automatically collected: A device identifier (used for account identity), usage statistics (feature usage counts, AI generation counts), subscription status, and anonymous analytics events (screen views, feature interactions).

We do NOT collect: Your real name, email address, phone number, precise location, health data, financial information, or contacts from your device address book. We do not use the Apple Identifier for Advertisers (IDFA) or any cross-app tracking technologies.

2. How We Use Your Data

• AI Analysis (Server-Side Processing): Conversation messages and profile data you import are transmitted to our servers and processed using Google's Gemini AI API to generate message suggestions, conversation analyses, coaching advice, date gameplans, and insights. This processing occurs on remote servers, not on your device.
• Screenshot Processing: When you upload conversation screenshots, the images are sent to our servers where AI extracts relevant text and profile information. The extracted data is stored to provide app functionality. Raw screenshot images are processed in-memory and are not permanently stored on our servers.
• Personalization: Your style preferences, tone settings, and writing patterns are used to personalize AI-generated suggestions to match your authentic voice.
• Analytics: We collect anonymous, aggregate usage analytics to understand how features are used and to improve the App. This data cannot be used to identify you personally.

3. Data Storage & Security

Your data is stored in a PostgreSQL database hosted on our own dedicated server infrastructure in Germany (Hetzner Online GmbH, EU region). Your account is identified by a cryptographic HMAC-SHA256 hash derived from your device identifier — we never store your raw device identifier.

All communication between the App and our servers is encrypted via HTTPS/TLS. Server-side authentication uses HMAC-SHA256 signatures to prevent identity spoofing. API endpoints are protected by rate limiting to prevent abuse.

Sensitive credentials (API keys, device identifiers) are stored in the iOS Keychain, Apple's secure on-device storage.

4. Third-Party Services

Auralyze uses the following third-party services to provide its functionality:

• Google Gemini AI: Conversation messages, profile data, and screenshot content you import are sent to Google's Gemini API for AI processing. Google processes this data according to their Gemini API Terms of Service and Privacy Policy. Data sent to Google via the Gemini API is not used by Google to train their models.
• Hetzner Online GmbH: Our backend application and database are hosted on Hetzner's dedicated server infrastructure in Germany (EU region). Hetzner processes data according to their Privacy Policy.
• Apple App Store: Subscription management and payment processing is handled entirely by Apple through StoreKit.
• PostHog: We use PostHog for anonymous product analytics (screen views, feature usage counts, and aggregate engagement metrics). PostHog does not receive your conversation content, contact names, or any personally identifiable information. PostHog processes data according to their Privacy Policy.

We do not sell, rent, trade, or share your personal data with any third parties for marketing or advertising purposes.

5. Data Retention & Deletion

Your data is retained as long as your account is active. You have full control over your data:

• Export your data at any time from Settings → Export All Data (provides a JSON copy of all your data)
• Delete all data from Settings → Reset All Data (removes all contacts, messages, and AI-generated content)
• Delete your account from Settings → Delete My Account (permanently and irreversibly removes all server-side data associated with your account)

Upon account deletion, all data is permanently removed from our database within 30 days. Anonymized, aggregate analytics data that cannot be linked to your account may be retained.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right to Access: Request a copy of the data we hold about you by using the Export All Data feature in Settings.
• Right to Rectification: You can edit or update your data at any time within the App.
• Right to Deletion: Request deletion of your data by using the Delete My Account feature in Settings, or by contacting us at [email protected].
• Right to Data Portability: Export your data in a machine-readable format (JSON) from Settings.
• Right to Opt Out of Sale: We do not sell your personal data. No opt-out is required.
• Non-Discrimination: We will not discriminate against you for exercising any of your data rights.

If you are a resident of California (CCPA/CPRA), the European Economic Area (GDPR), or the United Kingdom (UK GDPR), these rights apply to you. To exercise any right, contact us at [email protected].

7. International Data Transfers

Your data is processed and stored on servers located in Germany (European Union). If you are accessing the App from outside the European Union, please be aware that your data is stored within the EU, which maintains strong data protection standards under the GDPR.

Some data is transmitted to Google's Gemini AI API (which may process data in the United States) for AI analysis purposes only. By using the App, you consent to this limited data transfer. We take appropriate measures to ensure your data is treated securely and in accordance with this Privacy Policy.

8. Children's Privacy

Auralyze is rated 17+ and is not intended for use by anyone under the age of 17. We do not knowingly collect personal data from minors. If we learn that we have collected data from a user under 17, we will promptly delete that data.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the “Last updated” date above and, where practicable, providing notice within the App. Continued use of the App after changes constitutes acceptance of the updated policy.

10. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of England and Wales, United Kingdom.

11. Contact

For privacy-related questions, data requests, or concerns, contact us at [email protected].