← Back to CoupleClash

Privacy Policy

Last Updated: April 18, 2026

CoupleClash ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and share information when you use the CoupleClash mobile application (the "App").

By downloading or using the App, you agree to this policy. If you do not agree, please do not use the App.

1. Data Controller

The entity responsible for the processing of your data is: Julian Lundberg / LCode Location: Sweden Contact: [coupleclash.app@gmail.com]

2. Information We Collect

We adhere to the principle of data minimization. We only collect data necessary to provide our services.

A. Information You Provide to Us

* Account Information: Email address, username, password (hashed), and display name via Firebase Authentication. * Profile Data: Partner pairing details (Partner ID), relationship preferences (e.g., "Spice Level"), and dates of significance (e.g., anniversary). * User Content: Responses to daily quests, todo lists, chat messages, "Hot Flags," and completed challenge data. * Media (Protected): Photos or videos uploaded to challenges, chat, or the shared gallery. Media is stored securely in Firebase Storage with encryption at rest (AES-256, managed by Google). Access is restricted to you and your linked partner via time-limited signed URLs and security rules. * Support Data: Information contained in correspondence when you contact us for support.

B. Information Collected Automatically

* Device Information: IP address, device model, operating system (OS), and app version (via Expo Device). * Usage Data: Anonymized analytics regarding session length, screens viewed, and features used (via Firebase Analytics). * Purchase History: Subscription status and tier (Free, Premium, Deluxe) processed via RevenueCat and the respective Store (Google Play or Apple App Store). We do not store or process your credit card information directly.

C. AI Processing

* AI Interactions: Inputs provided to the "AI Quests" feature (powered by xAI/Grok) are processed to generate challenges. These inputs are anonymized where possible and are not used to train third-party models.

3. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases: 1. Contractual Necessity: To provide the App’s core features (pairing, chat, challenges). 2. Consent: For optional features (uploading photos, push notifications). 3. Legitimate Interests: To analyze app usage for improvements and security. 4. Legal Obligation: To comply with tax laws or law enforcement requests.

4. How We Use Your Information

* Service Delivery: To pair you with your partner, sync chats, and track XP/Levels. * Personalization: To generate AI quests tailored to your relationship preferences. * Communication: To send push notifications (e.g., "New Challenge") and transactional emails. * Security: To detect fraud, abuse, and enforce our Terms of Service. * Analytics: To understand how the App is used and improve stability.

5. Data Sharing and Third Parties

We do not sell your personal data. We share data only with the following trusted processors: * Google Firebase (USA/EU): Hosting, Database, Authentication, and Storage. * RevenueCat (USA): Subscription management infrastructure. * xAI (Grok): AI text generation (inputs are transient). * Google Analytics: Anonymized usage tracking.

International Transfers: Data may be processed outside the EEA (e.g., servers in the US). We rely on Standard Contractual Clauses (SCCs) and adequacy decisions to ensure data protection.

6. Data Security

We take reasonable and appropriate technical and organizational measures designed to protect your data: * Encryption at Rest: Data stored in Firebase is encrypted at rest using AES-256 encryption with Google-managed keys. * Encryption in Transit: Data transfers use TLS/SSL encryption. * Access Control: Role-based access is enforced via Firebase Security Rules. Media files are served via time-limited signed URLs (designed to expire after approximately 15 minutes) together with server-side authorization checks, so that access is designed to be limited to you and your linked partner. * Breach Notification: In the event of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and the relevant supervisory authorities without undue delay and, where required under GDPR Article 33, within 72 hours of becoming aware of the breach.

No Guarantee of Absolute Security. No method of electronic storage, transmission, or authentication is 100% secure. While we strive to use commercially reasonable means to protect your personal data, we cannot and do not guarantee its absolute security. You acknowledge that you provide personal data — and especially any intimate or otherwise sensitive content — at your own risk. Our responsibility for data security is further limited as set out in the Terms of Service, including the "Sensitive Content and Assumption of Risk," "Limitation of Liability," and "Force Majeure" sections, except to the extent such limitations are prohibited by applicable law (including GDPR Article 82).

Your Role in Security. You are responsible for keeping your account credentials and device secure, logging out of shared devices, and promptly reporting any suspected unauthorized access to [coupleclash.app@gmail.com].

7. Data Retention

* Account Data: Retained as long as your account is active. * Deleted Accounts: If you request deletion, data is removed from our live database immediately and from backups within 30 days. * Inactive Accounts: We reserve the right to delete accounts inactive for more than 24 months.

8. Your Rights

Depending on your location (EU/GDPR, California/CCPA), you have the right to: * Access: Request a copy of your data. * Rectification: Correct inaccurate data. * Deletion: Request the permanent deletion of your account and data ("Right to be Forgotten"). * Portability: Receive your data in a structured format. * Opt-Out: Stop receiving marketing communications.

To exercise these rights, email [coupleclash.app@gmail.com].

9. Children’s Privacy

The App is intended strictly for users aged 18 and older. We do not knowingly collect data from minors. If we discover a user is under 18, we will delete the account immediately.

10. Changes to This Policy

We may update this policy. Material changes will be notified via the App or email. Continued use implies acceptance.