Privacy Policy
1. Introduction
myso (“myso”, “we”, “us”, or “our”) is a private mobile application for couples. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the choices and rights you have.
This Policy applies to the myso mobile app on iOS and Android (the “App”) and any related services we provide (together, the “Service”).
myso is operated by [LEGAL ENTITY NAME], located at [BUSINESS ADDRESS]. If you have any questions, contact us at [PRIVACY CONTACT EMAIL].
By creating an account or using the Service, you agree to the practices described in this Policy. If you do not agree, please do not use the Service.
2. Who can use myso / Children’s privacy
The Service is intended for adults in a relationship and is not directed to children. You must be at least [16 / 18] years old to create an account. We do not knowingly collect personal information from children under that age. If we learn that we have collected information from a child below the minimum age, we will delete it. If you believe a child has provided us information, contact us at [PRIVACY CONTACT EMAIL].
3. Information we collect
3.1 Information you provide directly
| Data | Where it comes from | Why |
|---|---|---|
| Email address | Sign up (email/password, or via Apple/Google Sign In) | Account creation, login, verification, password reset |
| Password | Sign up / login (email-password accounts) | Authentication. Stored only as a salted hash — we never see your plaintext password |
| Display name | Profile setup | Shown to you and your partner |
| Profile photo (avatar) | Optional, profile setup | Shown to you and your partner |
| Relationship start date | Optional, in-app | Relationship-duration counter and anniversary reminders |
3.2 Content you and your partner create (“Couple Content”)
myso is a shared space for two connected users. The following content is created in the App and shared with your connected partner:
- Mail — letters (text), drawings (images), hearts (a feeling plus an optional note), and voice notes (short audio recordings)
- Daily photos — one shared photo per day, with an optional caption
- Calendar events — event names, dates, times, notes, and icons
- Game activity — daily trivia, Wordsy, and Higher or Lower answers, guesses, and lifetime scores
Some of this content may be personal or intimate. We treat all Couple Content as private to the two members of a couple (see Section 5).
3.3 Information collected automatically
- Device push token — from Expo Push Service, used to deliver push notifications.
- Time zone — your device’s IANA time zone, used to anchor “today” and midnight rollovers for daily features.
- Usage timestamps — e.g. account creation time, last time you opened the App, and timestamps on content you create.
- Notification preferences — your per-type notification toggles.
We do not use third-party advertising or analytics SDKs to track you across other apps and websites, and we do not sell your data.
3.4 Information we do not collect
- We do not collect precise GPS location.
- We do not access your contact list — partner pairing uses a 6-character code you share manually.
- We do not store your payment card details (see Section 4).
4. Payments and subscriptions
myso offers an optional premium subscription. Purchases are processed entirely by the Apple App Store or Google Play, through their in-app purchase systems (managed for us by RevenueCat). We do not receive or store your credit card or full payment details.
We do receive a record of your subscription status (whether premium is active, the plan, and renewal/expiry) so we can unlock premium features for you and your partner.
5. How we use your information
- Create and secure your account and authenticate logins;
- Connect you with your partner via the invite-code pairing flow;
- Provide the core features — mail, daily photos, calendar, and games;
- Deliver push notifications you have enabled;
- Run automated content safety screening on submitted daily photos (Section 6);
- Operate, maintain, debug, and improve the Service;
- Enforce our Terms and prevent abuse, fraud, or misuse;
- Comply with legal obligations.
Where GDPR/UK GDPR applies, we rely on: performance of our contract with you, your consent (e.g. optional profile photo, push notifications), our legitimate interests (security, abuse prevention, improvement), and compliance with legal obligations.
6. Automated content screening
To keep the shared space safe, every submitted daily photo is automatically screened for explicit or unsafe content before it is stored permanently. The image is uploaded to a temporary location, analyzed by Google Cloud Vision (SAFE_SEARCH), and only moved to permanent storage if it passes. Rejected photos are deleted and you are asked to choose another image.
This check is automated. We do not manually review your photos as part of this process. Google processes the image as our service provider under its own terms.
7. How we share your information
We do not sell your personal information, and we do not share it with advertisers. We share information only as described here.
- With your connected partner. Couple Content and your display name, avatar, and relationship duration are shared with the one partner you are connected to.
- With service providers (sub-processors) who operate the Service on our behalf:
| Provider | Purpose | Data involved |
|---|---|---|
| Supabase | Authentication, database, realtime sync, server-side functions | Account data, Couple Content metadata and text |
| Cloudflare R2 | Private file storage | Photos, drawings, voice notes, avatars |
| Google Cloud Vision | Automated daily-photo safety screening | Daily photos (transiently) |
| Expo (Push Service) | Push notification delivery | Push token, notification content |
| Apple / Google | App distribution, sign-in, in-app purchases | Account and subscription data |
| RevenueCat | Subscription management | Subscription status |
- For legal reasons. We may disclose information if required by law or to protect rights, safety, or property.
- Business transfers. If myso is involved in a merger, acquisition, or sale of assets, your information may be transferred; we will notify you.
8. Data storage, location, and security
- Storage. Account data and content metadata are stored in Supabase (Postgres). Files are stored in private Cloudflare R2 buckets, reachable only through short-lived, signed URLs.
- Access controls. Data is isolated per couple using database Row-Level Security so only the two members of a couple can access their shared data.
- International transfers. Our providers may process data in the United States and other countries; where required we rely on appropriate safeguards such as Standard Contractual Clauses.
- Security. We use encryption in transit (HTTPS/TLS), hashed passwords, private storage buckets, and signed-URL access. No method is 100% secure.
9. Data retention and deletion
- Active content. Kept while your account is active and you are connected to a partner.
- Dismissed mail. When you open and dismiss mail without saving, it is deleted; for voice notes the audio file is deleted too.
- Disconnecting from a partner. Either partner can disconnect at any time. This permanently deletes all shared Couple Content — mail, daily photos, calendar events, game history and scores, and the associated files. This cannot be undone. Your individual account is retained so you can pair with a new partner.
- Deleting your account. Request deletion [describe in-app path] or by contacting [PRIVACY CONTACT EMAIL].
- Backups. Residual copies may persist in encrypted backups for a limited period or where required by law.
10. Your rights and choices
Depending on where you live, you may have rights to access, correct, delete, port, object to, or restrict processing of your personal data, and to withdraw consent. To exercise any of these, contact us at [PRIVACY CONTACT EMAIL]. You may also lodge a complaint with your local data protection authority.
Note on Couple Content: because content is shared between two people, a request from one partner to delete shared content may affect content the other partner relies on. We will handle such requests consistent with applicable law.
Notice for U.S. (California / state privacy laws)
We do not sell your personal information and do not share it for cross-context behavioral advertising. To exercise your rights, contact [PRIVACY CONTACT EMAIL].
11. Push notifications
If you enable notifications, we send pushes for events such as new mail, a daily photo being added, calendar events, reminders, and disconnects. You can turn types on or off in the App’s Settings, or disable notifications entirely in your device settings.
12. Third-party sign-in
The App lets you sign in with Apple or Google. Those providers handle authentication under their own privacy policies. We receive only the information needed to create and identify your account.
13. Changes to this Policy
We may update this Policy from time to time. When we make material changes, we will update the “Last updated” date and, where appropriate, notify you in the App or by email. Continued use after changes take effect means you accept the updated Policy.
14. Contact us
[LEGAL ENTITY NAME]
[BUSINESS ADDRESS]
Email: [PRIVACY CONTACT EMAIL]