Privacy

Amorelle is built on a simple promise: your relationship is yours. This page explains exactly what we collect, why, who sees it, how to delete it, and how we protect it. If anything is unclear, write to [email protected].

The data controller is Amorelle ([email protected]). For EU/UK residents, you may contact us with any GDPR/UK-GDPR request at the same address.

1 · What we collect

• Account info. Email address (required), display name (optional), date of birth (optional), profile photo (optional), preferred language, theme.
• Couple content. Chat messages (text, photos, voice notes), love letters, shared notes, quiz responses, mood check-ins, album media, trip plans. Visible only to you and your paired partner.
• Memory-map location pins. When you add a pin to the memory map, we store the latitude/longitude you choose plus your title and note. If you grant location permission, the app can center the map on your current position; otherwise you place pins manually. Location is used only for the memory-map feature and is shared with your paired partner. We do not track your location in the background.
• Pairing data. The relationship link between you and your partner (couple id, role, joined date).
• AI-feature inputs. Only when you opt in to a feature: the specific text or summary that feature needs (see Section 3).
• Push tokens. Apple/Google push notification tokens, used only to send notifications you've opted into.

No third-party trackers. Amorelle does not run advertising or analytics SDKs. There is no Meta Pixel, Google Analytics, advertising ID collection, or cross-app tracking of any kind.

What we do NOT collect: background location, contacts, browser history, background microphone, advertising IDs, or biometric data.

2 · How we use it

• To run the app — show your messages to your partner, sync your album, place your memory-map pins, etc.
• To send notifications you've enabled.
• To detect and prevent abuse (e.g. brute-force pairing attempts).
• To meet legal obligations (responding to lawful requests).

We do not sell or share your data, share it with advertisers, build advertising profiles, or train machine-learning models on your messages or content.

3 · AI features and what each one sees

Every AI feature is opt-in, per feature, in Settings → AI. When enabled, only the minimum context needed is sent to the AI provider. We never send raw chat history except where explicitly noted below.

4 · Sub-processors

We use the following service providers to run the product. Each is bound by a Data Processing Agreement.

• Supabase (USA) — database, authentication, storage, and edge functions. Supabase processes account data and couple content as our data processor.
• Cloudflare (USA) — web hosting (amorelle.ai), CDN.
• Expo (USA) — push notification delivery.
• Apple / Google — App Store / Play Store distribution and email/Apple sign-in.
• Groq (USA) — fast AI inference for opt-in AI features.
• Anthropic (USA) — safety-critical AI inference (crisis-flagged counseling, mediator).

We do not use any advertising or analytics sub-processors.

5 · International transfers

Our infrastructure is hosted in the United States. If you are outside the US, your data is transferred to the US under Standard Contractual Clauses (EU/UK) or equivalent safeguards.

6 · Retention

• Account & content (including chat, media, voice notes, and memory-map pins): kept until you delete the item or your account.
• Backups: purged within 30 days of account deletion.
• Audit log of deletions: retained as needed for security and abuse-prevention (user id only, no other personal data).

When you delete your account in-app (Settings → Delete account) or via amorelle.ai/delete-account, your content is removed from the live service immediately and from backups within 30 days.

7 · Your rights

Wherever you are, you can:

• Access a copy of your data — email [email protected] and we'll send a machine-readable export within 30 days.
• Rectify / correct inaccurate data — most fields are editable in Settings.
• Erase / delete your account and content — Settings → Delete account, or on the web, or by emailing [email protected].
• Port your data — the export above is provided in a structured, commonly used, machine-readable format.
• Object to or restrict processing where it applies.
• Withdraw consent at any time for any AI feature (Settings → AI) or location permission (your device settings). Withdrawing consent does not affect processing already carried out.

8 · GDPR / UK GDPR — legal basis & EEA rights

If you are in the European Economic Area, the UK, or Switzerland, the data controller is Amorelle ([email protected]). We process your personal data on these legal bases:

• Performance of a contract — to provide the core service (your account, pairing, chat, album, memory map) under our Terms.
• Consent — for opt-in AI features and for using your device location to center the memory map. You can withdraw consent at any time.
• Legitimate interests — to keep the service secure and prevent abuse, balanced against your rights.
• Legal obligation — to respond to lawful requests.

You have the rights listed in Section 7 (access, rectification, erasure, portability, restriction, objection, and withdrawal of consent). You may also lodge a complaint with your local supervisory authority (e.g. the ICO in the UK, or your national Data Protection Authority in the EU). We aim to respond to all requests within 30 days and do not charge a fee for reasonable requests.

9 · Your California privacy rights (CCPA / CPRA)

We do not sell or share your personal information.

Amorelle has not sold, and does not sell, your personal information, and we do not "share" it for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act (as amended by the CPRA). We do not run advertising or analytics trackers, and we do not disclose your personal information for any third party's marketing purposes. Because we do not sell or share personal information, there is no "Do Not Sell or Share My Personal Information" action you need to take — but you may still confirm this with us at any time.

If you are a California resident, you have the right to:

• Know / access the categories and specific pieces of personal information we have collected about you.
• Delete personal information we hold about you (see Section 7).
• Correct inaccurate personal information.
• Opt out of sale/sharing — not applicable, because we do not sell or share personal information.
• Non-discrimination — we will not discriminate against you for exercising any of these rights.

To exercise any California right, email [email protected]. We will verify your request using the email associated with your account. You may use an authorized agent to submit a request on your behalf.

10 · Other U.S. state privacy rights

If you are a resident of a U.S. state with a comprehensive consumer privacy law — including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others — you have rights similar to those described above, generally including the right to access, delete, and correct your personal data, and to opt out of its sale, sharing, or use for targeted advertising or profiling.

Amorelle does not sell or share your personal information and does not use it for targeted advertising.

Because we do not engage in any of those activities, there is no opt-out for you to exercise — but you may still confirm this and exercise your access, deletion, and correction rights by emailing [email protected]. We will verify your request using the email associated with your account, and you may use an authorized agent to submit a request on your behalf. We will not discriminate against you for exercising any of these rights.

11 · International data transfers

Amorelle operates globally. Your personal data may be processed and stored in the United States and in other countries where Amorelle or our service providers operate. In particular, our infrastructure provider Supabase hosts account data and couple content in the United States as our data processor (see Section 4 · Sub-processors).

If you are located in the European Economic Area, the United Kingdom, or Switzerland, transfers of your personal data outside your region are protected by appropriate safeguards — including the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum) or an equivalent lawful transfer mechanism. You can request more information about these safeguards by emailing [email protected].

12 · Children

Amorelle is not intended for users under 13 (or under the digital-consent age in your country). We do not knowingly collect data from children. If you believe a child has created an account, contact us and we'll delete it.

13 · Security

Data is encrypted in transit (TLS 1.2+). Database is encrypted at rest. Authentication uses industry-standard JWTs with short expiry + refresh rotation. Row-level security ensures only members of your couple can read your shared content. We run regular security reviews and welcome reports at [email protected].

14 · Changes

If we change this policy in a way that materially affects you, we'll notify you in-app and by email at least 14 days before it takes effect.

15 · How to contact us

For any privacy question or to exercise a right under this policy, email [email protected]. You can also write to us by post: