Privacy Policy

Rekindle ("we," "us," or "our") operates the Rekindle mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the App. Please read this policy carefully.

1. Information We Collect

1.1 Information You Provide

• Account information: When you create an account, we collect your name, email address, and authentication credentials (via Apple Sign In or Google Sign In). We do not store passwords — authentication is handled entirely by Apple or Google.
• Answers to daily questions: Your text, option, or slider responses. All answers are encrypted with AES-256-GCM using a unique key derived from your couple ID before storage — we cannot read your answers.
• Custom questions: If you use a power-up to write a custom question, the question text and category are stored and visible only to you and your partner.

1.2 Information Collected Automatically

• Device information: Device model, operating system version, and unique device identifiers for push notifications (FCM tokens).
• Usage analytics: Anonymous analytics events such as screen views, question answered timestamps, and feature usage (e.g., swaps, power-up usage). These are not tied to your answer content.
• Timezone: Used to deliver daily questions and notifications at the right local time.

1.3 Information We Do Not Collect

• Location data (GPS, Wi-Fi, or Bluetooth)
• Contacts or address book
• Photos, camera, or microphone access
• Browsing history or data from other apps
• Health or fitness data

2. How We Use Your Information

• To provide, operate, and maintain the App and its features
• To pair you with your partner using invite codes
• To deliver daily questions and push notifications
• To track your answer streak and question history
• To process subscription payments (via Apple's App Store; we never see your payment details)
• To improve the App through anonymous, aggregated analytics
• To respond to support requests

3. Data Encryption

All answers are encrypted at rest using AES-256-GCM. Each couple receives a unique encryption key derived via HKDF (HMAC-based Key Derivation Function) from their couple identifier. This means:

• Only you and your partner can decrypt your answers
• The Rekindle team cannot read answer content
• Even in the event of a data breach, encrypted answers remain unreadable without the derived key

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share data only in these circumstances:

• With your partner: Answers are shared with your linked partner only after both of you have responded (the "reveal" mechanic).
• Service providers: We use Firebase (Google Cloud) for authentication, database, and push notifications; RevenueCat for subscription management; and anonymous analytics services. These providers process data under strict contractual obligations.
• Legal requirements: We may disclose information if required by law, regulation, or legal process.

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, all personal data — including your answers, couple data, and encryption keys — is permanently deleted within 30 days. Anonymous, aggregated analytics data may be retained indefinitely.

6. Your Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict certain data processing
• Data portability (receive your data in a portable format)
• Withdraw consent at any time

To exercise any of these rights, contact us at hello@rekindleapp.com. We will respond within 30 days.

7. Children's Privacy

Rekindle is not intended for anyone under the age of 17. We do not knowingly collect personal information from children. If we become aware that a child under 17 has provided us with personal data, we will delete it immediately.

8. Third-Party Services

• Firebase (Google Cloud): Authentication, Firestore database, Cloud Functions, and Firebase Cloud Messaging. Firebase Privacy Policy
• RevenueCat: Subscription and purchase management. RevenueCat Privacy Policy
• Apple: Sign In with Apple and App Store payment processing. Apple Privacy Policy
• Google: Google Sign In. Google Privacy Policy

9. International Data Transfers

Your data may be transferred to and processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place, including standard contractual clauses where required by GDPR.

10. Security

We implement industry-standard security measures including AES-256-GCM encryption, HTTPS/TLS for data in transit, Firebase Security Rules for access control, and secure authentication via OAuth 2.0. However, no method of electronic transmission or storage is 100% secure.

11. GDPR Compliance (EEA Users)

If you are in the European Economic Area, our legal bases for processing are: (a) contract performance (providing the App), (b) legitimate interests (improving the App, preventing fraud), and (c) consent (for optional analytics). You may contact our data protection contact at privacy@rekindleapp.com.

12. CCPA Compliance (California Users)

California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at hello@rekindleapp.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the App or by email. Your continued use of the App after changes take effect constitutes acceptance.

14. Contact Us

If you have questions or concerns about this Privacy Policy or your data, please contact us:

• Email: hello@rekindleapp.com
• Privacy inquiries: privacy@rekindleapp.com