Privacy Policy

Last updated: June 19, 2026

This Privacy Policy describes how Still Us ("we", "our", or "us") collects, uses, and discloses your personal information when you use our application.

1. Information We Collect

We collect information you provide directly to us, information we collect automatically, and information from third-party sources.

Information You Provide

  • Account Information: Email address, password, name, nickname
  • Profile Information: Timezone, love language preference
  • Relationship Information: Partner's name, relationship details, memories, stories (Special Category Data)
  • Content: Messages, notes, check-ins, dreams, gifts, milestones
  • Location Data: GPS coordinates, city, country (with explicit consent)

Information Collected Automatically

  • Device information (IP address, user agent, browser type)
  • Usage data (pages visited, features used)
  • Session cookies and tokens

Information from Third Parties

We may receive information from Google when you connect your Google Calendar, and from authentication providers when you sign up using OAuth.

2. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve our services
  • Authenticate and authorize users
  • Enable communication between couples
  • Personalize your experience
  • Analyze usage patterns to improve our application
  • Comply with legal obligations

Relationship Support, Not Therapy

Still Us is a private relationship support app for reflection, shared planning, and couple communication. It is not therapy, not crisis monitoring, not medical advice, and not a diagnosis. AI-assisted features, when enabled by consent, provide optional reflection prompts and may be incomplete or wrong.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal bases for processing your personal information are:

  • Contractual Necessity (Article 6(1)(b)): Authentication data required to provide the service
  • Consent (Article 6(1)(a)): Profile data, location data, integrations, content (freely given, specific, informed, unambiguous)
  • Explicit Consent (Article 9(2)(a)): Relationship stories and special category data
  • Legitimate Interest (Article 6(1)(f)): Analytics and service improvement (where not overridden by your rights)

4. Special Category Data

Certain information you may provide reveals intimate details about your personal life and relationships. This includes:

  • How you met your partner
  • Your relationship stories and memories
  • Details about your first date
  • Favorite memories together

This information constitutes special category personal data under GDPR Article 9 and requires your explicit consent. You can withdraw this consent at any time through your privacy settings.

5. How We Share Your Information

We do not sell your personal information. We may share information:

  • With your partner (for the purpose of couple communication)
  • With service providers who help us operate the application (Google Calendar API, Supabase storage)
  • When required by law or to protect our rights
  • With your explicit consent

6. Data Retention

We retain your personal information for as long as necessary to provide our services and as described in our Data Retention Policy:

  • Account data: Retained while account is active, deleted after account deletion
  • Consent records: Anonymized after 6 years (legal requirement)
  • Application logs: 30 days

7. Your Rights Under GDPR

If you are located in the EEA, you have the following rights:

  • Right to Access (Article 15): Request a copy of your personal data. You can download your data at any time from your Privacy Settings.
  • Right to Rectification (Article 16): Correct inaccurate personal data through your account settings.
  • Right to Erasure (Article 17): Request deletion of your personal data. You can delete your account from your Privacy Settings.
  • Right to Restrict Processing (Article 18): Request restriction of processing under certain conditions.
  • Right to Data Portability (Article 20): Receive your data in a machine-readable format. Available through data export.
  • Right to Object (Article 21): Object to processing based on legitimate interest.
  • Right to Withdraw Consent (Article 7): Withdraw consent at any time through your Privacy Settings.

8. Consent Management

You can manage your consent preferences at any time through your Privacy Settings page. This includes:

  • Granting consent for specific data processing purposes
  • Revoking previously granted consent
  • Viewing your consent history and current status

Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • All data transmitted over TLS 1.2+ encryption
  • Sensitive data encrypted at rest
  • Session cookies configured with Secure, HttpOnly, and SameSite=Lax flags
  • Passwords hashed with bcrypt
  • Regular security audits and monitoring

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States. We ensure appropriate safeguards are in place:

  • Google services: Standard Contractual Clauses
  • Supabase: Standard Contractual Clauses

11. Children's Privacy

Our service is not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page with the effective date.

13. Contact Us

For questions about this Privacy Policy or your personal information, please contact us:

This Privacy Policy is maintained in compliance with GDPR and other applicable data protection laws.

Back to Privacy Settings