Privacy Policy

This Privacy Policy explains how Relivance LLC collects, uses, discloses, retains, and protects information in connection with the Relivance iOS application (the “App”), the relivance.app website (the “Website”), and any related services or APIs (collectively, the “Service”). It is written to comply with the EU General Data Protection Regulation (GDPR), the German Bundesdatenschutzgesetz (BDSG), the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), the U.S. Children’s Online Privacy Protection Act (COPPA), Apple App Store Review Guideline 5.1, and Wyoming consumer-protection statutes.

1. Who We Are

Relivance is a relationship-intelligence platform operated by Relivance LLC, a Wyoming limited liability company (the “Company,” “we,” “us,” “our”).

Privacy contact: privacy@relivance.app.

Relivance LLC is the “controller” of your personal data within the meaning of GDPR and the “business” within the meaning of the CCPA/CPRA.

2. Scope of This Policy

This policy applies to all data we process in connection with the Service. The Service currently consists of two distinct surfaces, each with its own data practices:

• The Website (relivance.app) — a pre-launch information site that includes an early-access email-capture form. The App is not yet generally available; the Website is informational only.
• The App (Relivance for iOS) — the relationship-intelligence application, currently in private early-access distribution via Apple’s TestFlight platform and (when generally available) the Apple App Store.

By submitting your email on the Website, creating an account in the App, or otherwise using the Service, you confirm you have read and understood this policy. If you do not agree, do not use the Service.

3. Eligibility & Children’s Privacy

The Service is intended exclusively for adults aged 18 or older. We do not knowingly collect personal information from anyone under the age of 18.

If we learn that we have inadvertently collected personal data from a person under 18, we will delete that information promptly. To request deletion of a minor’s information, contact privacy@relivance.app.

Relivance is not directed at children, does not feature child-targeted content, and complies with the U.S. Children’s Online Privacy Protection Act (COPPA) and the GDPR provisions governing children’s data.

4. What We Collect on the Website

On the Website, the only personal information we collect is the email address you choose to submit through the early-access form, together with the date and time of submission. We do not run advertising trackers, cross-site fingerprinting scripts, or analytics scripts on the Website. We do not use cookies on the Website for tracking.

Standard server logs at our hosting provider may briefly record routine request data (IP address, browser type, referring page) for security and abuse prevention. Web font files for the Roboto typeface are served directly from relivance.app — we do not load fonts, stylesheets, or scripts from third-party content-delivery networks such as Google Fonts, so visiting the Website does not expose your IP address to a font provider.

The email address you submit is used only for: (a) sending you early-access updates about Relivance, (b) inviting you to use the App when private access opens, and (c) sending launch and service announcements. We do not sell, rent, or trade early-access email addresses, and we do not use them for unrelated marketing.

5. What We Collect in the App

We collect the following categories of personal information in the App. All of these are processed solely to provide and operate the Service for you, never for third-party advertising or behavioural profiling.

• Account & identity data: email address, hashed password (when you sign up with email), full name, organisation, professional title, timezone, and (optionally) a secondary email address. If you choose Sign in with Apple, we receive an Apple-issued identifier and the email and name you authorise Apple to share with us.
• Contacts data: names, email addresses, phone numbers, postal addresses, professional roles, employer history, educational history, social-media handles, profile photographs, custom fields, and free-text notes for individuals you add to or import into your network.
• Interaction data: dates, times, locations, participants, summaries, and free-text notes for meetings, calls, messages, and other shared-time events you log or sync from your Apple Calendar.
• Tasks & commitments: descriptions, due dates, recurrence settings, and participant associations for items you track within the Service. If you enable Apple Reminders sync, we mirror tasks between Relivance and your “Relivance” list in iOS Reminders.
• Goals & strategy data: free-text goal descriptions, milestones, intentions, and any files you attach to a goal (PDF, DOCX, XLSX, CSV, text, or images). Goal attachments auto-expire after 30 days unless promoted into a milestone.
• Recap audio: optional voice recordings you create within the App to log meetings or interactions, plus the AI-generated transcripts derived from them.
• Imported third-party data: contact lists from CSV / Excel / vCard files you upload; LinkedIn connection archives that you export from LinkedIn and upload manually (we do not access LinkedIn’s API directly); Apple Contacts (when you authorise import); content from screenshots you submit to OCR.
• Google integration data (only if you explicitly connect a Google account): Gmail thread metadata and message content for sync, Google Calendar events, Google Tasks lists, and OAuth refresh tokens for ongoing access. You may disconnect at any time from the App’s Settings.
• Device permissions you grant (device-side only unless the resulting content is uploaded by you): Apple Contacts framework reads (with your authorisation), EventKit calendar and reminders access, microphone (for recap audio), camera (for contact avatars), photo library (for avatars and OCR), speech recognition (for on-device transcription support).
• Subscription & purchase data: Apple StoreKit transaction identifiers, product identifiers, original-transaction IDs, expiry dates, environment (Sandbox/Production), and entitlement status. We do not collect or store payment-card numbers — Apple processes all payments. We also receive Apple App Store Server Notifications about renewals, refunds, and revocations on your subscription.
• Diagnostic data: crash reports, performance metrics, application hangs, and stack traces, collected via Sentry when an error occurs. We have configured Sentry to minimise personal data collection where reasonably practicable, but stack traces, breadcrumbs, and contextual data may contain incidental personal information.
• Derived intelligence: relationship-health scores, behavioural signals, AI-generated briefs, suggested outreach drafts, and milestone recommendations. These are computed from the items above and stored under your account.

We do not collect: precise device location, biometric identifiers, browsing history, advertising identifiers, financial-account numbers, government-issued identifiers, health data, or content from any service you have not explicitly connected.

6. Sources of Information

• Directly from you: Website email submission, account registration, profile completion, contact entry, file uploads, goal creation, voice recordings, manual notes.
• From your devices, with your permission: Apple Contacts, Apple Calendar, Apple Reminders, microphone, camera, photo library, speech recognition.
• From integrations you authorise: Google (Gmail, Calendar, Tasks via OAuth), Apple StoreKit (subscription state), LinkedIn (only via files you upload yourself — we do not access LinkedIn directly).
• Automatically generated by the Service: timestamps, device-type metadata included in crash reports, and derived-intelligence outputs.

7. Legal Bases for Processing (EU / UK / EEA Users)

If you are located in the European Union, the European Economic Area, the United Kingdom, or Switzerland, we process your personal data on the following legal bases under GDPR Article 6:

• Performance of a contract (Art. 6(1)(b)): processing necessary to provide the Service you have signed up for — account, contacts, interactions, goals, AI-generated outputs, subscription handling.
• Consent (Art. 6(1)(a)): for the early-access email-capture form, optional integrations (Google), microphone access, camera access, and any feature you must explicitly enable. You may withdraw consent at any time without affecting the lawfulness of prior processing.
• Legitimate interests (Art. 6(1)(f)): for security monitoring, fraud and abuse prevention, debugging via crash reports, and aggregate product analytics — balanced against your rights and freedoms.
• Compliance with legal obligations (Art. 6(1)(c)): retention of certain financial records as required by law.

8. How We Use Your Information

We use the personal information described above strictly for the following purposes:

• Provide the Website and the early-access programme, including sending you launch updates if you submitted your email through the early-access form.
• Provide the core App: authentication, contact management, interaction logging, task tracking, goal planning, and AI-generated relationship intelligence.
• Operate integrations you authorise: sync with Google Calendar, Gmail, and Google Tasks; mirror to Apple Calendar and Apple Reminders.
• Process subscriptions: validate Apple StoreKit transactions against Apple’s pinned root certificates, track entitlement status, and handle renewals, refunds, and revocations via Apple’s App Store Server Notifications.
• Improve the Service: aggregate, anonymised usage analytics (if and when we enable a product-analytics provider — see Section 9), debugging, and error correction via crash reports.
• Communicate with you: service notifications (purchase receipts, password resets, security alerts), responses to your support inquiries, and early-access announcements if you opted in via the Website.
• Comply with law: respond to lawful requests from authorities, enforce these terms, and prevent fraud or abuse.

We do not use your information for: targeted advertising, behavioural profiling for third parties, sale to data brokers, training of any third-party AI model on your personal data, or automated decision-making with legal or similarly significant effects.

9. Third-Party Sub-Processors

We use the following service providers to operate the Service. Each receives only the data necessary to perform its function and is contractually bound to confidentiality and appropriate data protection.

Website sub-processors:

• Formspree, Inc. (United States) — processes the email submissions you make through the early-access form on the Website, forwards them to our internal inbox, and stores them in Formspree’s dashboard. Subject to Formspree’s privacy policy.
• GitHub, Inc. (a Microsoft subsidiary, United States) — hosts the static Website on GitHub Pages. May keep standard request logs for the files we publish.

App sub-processors:

• Supabase, Inc. (Delaware, United States) — primary backend infrastructure: PostgreSQL database, authentication, file storage, and Edge Functions. Row-level-security policies isolate each user’s data at the database level.
• OpenAI, L.L.C. (California, United States) — large-language-model API used for narrative generation, brief generation, text classification, intent extraction, and natural-language goal analysis. Relevant portions of your data (contact context, goal text, interaction summaries, recap-audio transcripts) are transmitted to OpenAI for inference. OpenAI is contractually obligated under their API data-usage policy not to retain or train on API inputs.
• Anthropic, PBC (California, United States) — large-language-model API (Claude) used for goal analysis, key-people compression, and select intelligence flows. Same data-handling principles as OpenAI; Anthropic does not train on API inputs.
• Apple Inc. (California, United States) — App Store distribution, StoreKit in-app purchase processing, Apple ID authentication (when you choose Sign in with Apple), App Store Server Notifications for subscription state changes, EventKit for on-device calendar and reminders, the Speech framework for on-device transcription support.
• Google LLC (California, United States) — only if you explicitly connect a Google account: OAuth 2.0 authentication, Gmail API, Google Calendar API, Google Tasks API. Subject to Google’s privacy policy.
• Functional Software, Inc. (d/b/a Sentry, California, United States) — crash reporting and performance monitoring. Receives stack traces, device-model metadata, and (rarely) anonymised identifiers required to deduplicate errors.

We are not currently using a product-analytics provider (such as PostHog or similar). If we add one, this section will be updated at least 30 days before activation and existing users will be notified by email or in-app notice.

We will update this list at least 30 days before adding any new sub-processor that materially affects your personal data.

10. International Data Transfers

Relivance LLC is established in the United States and our sub-processors are predominantly U.S.-based. By using the Service, your personal data will be transferred to, stored in, and processed in the United States.

If you are located in the EU, EEA, UK, or Switzerland, we rely on the following safeguards for international transfers, as applicable:

• Standard Contractual Clauses (SCCs) approved by the European Commission, executed with each non-EU sub-processor that processes EU personal data.
• Supplementary technical measures including encryption in transit (TLS 1.2+), encryption at rest, row-level access controls, and minimum-necessary access by personnel.

If you would like a copy of the SCCs we have executed, please email privacy@relivance.app.

Our EU representative for the purposes of GDPR Art. 27 will be appointed prior to broadly admitting EU residents to the App. Until that representative is in place, EU residents may exercise their rights by contacting privacy@relivance.app directly.

11. Data Retention

We retain your personal data only as long as necessary for the purposes for which it was collected, with the following per-category schedule:

• Early-access email addresses (Website): retained until you ask us to remove them, or until twelve months after Relivance has publicly launched and the early-access list is no longer in active use, whichever comes first.
• Account data (App): for as long as your account is active.
• Contacts, interactions, tasks, goals, recap audio, and derived intelligence: for as long as your account is active. Soft-deleted items remain recoverable for up to 30 days, after which they are permanently deleted.
• Account-deletion grace period: when you request deletion (from Settings → Delete Account in the App, or by emailing privacy@relivance.app), your account is immediately disabled and you are signed out. After a 30-day grace period, all user-generated content is permanently deleted from our active systems. Encrypted backup copies may persist for up to 60 additional days before being purged.
• Subscription and transaction records: retained in pseudonymised form for up to seven years to comply with U.S. tax law and Apple’s audit requirements.
• Crash and analytics data: retained for up to 90 days, then aggregated or deleted.
• Logs (web request logs, security logs): retained for up to 30 days.

We may retain personal data longer where required by law, regulation, or to establish, exercise, or defend legal claims.

12. Your Rights

Depending on your jurisdiction, you have some or all of the following rights with respect to your personal data:

• Right to access (“Right to Know”): request a copy of the personal information we hold about you. The App includes an in-app data-export feature (Settings → Your Data → Export My Data) that delivers a ZIP archive containing your data in JSON and vCard formats.
• Right to rectification: correct inaccurate or incomplete personal data. Most fields are user-editable in the App; for anything you cannot edit, contact privacy@relivance.app.
• Right to erasure (“Right to Delete”): request deletion of your personal data. Use the in-app account-deletion flow or email privacy@relivance.app. To remove your email from the early-access list, email privacy@relivance.app and we will remove it within 30 days.
• Right to data portability: receive your personal data in a structured, commonly used, machine-readable format. The in-app export delivers this.
• Right to restrict processing: ask us to limit how we use your data while a question or correction is pending.
• Right to object: object to processing based on our legitimate interests.
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.
• Right to non-discrimination: we will not discriminate against you for exercising any of these rights — your access to the Service will not be reduced and we will not charge you a different price.
• Right to lodge a complaint: if you are in the EU/EEA/UK and believe our handling of your personal data violates applicable law, you may lodge a complaint with your local supervisory authority. In Germany, this is typically the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI) or your state-level Landesdatenschutzbehörde.

We will respond to verifiable rights requests within the timeframes required by applicable law (30 days under GDPR, 45 days under CCPA, extendable once by an additional 45 days where reasonably necessary).

13. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the rights described in Section 12. In addition:

• Sale and sharing: We do not sell your personal information for monetary or other valuable consideration. We do not share your personal information for cross-context behavioural advertising. We have not sold or shared your personal information in the preceding 12 months and have no plans to do so.
• Sensitive personal information: certain data we collect — for example, recap audio, contact records about identified individuals, free-text notes — may constitute “sensitive personal information” under CPRA. We use sensitive personal information only for the purposes for which it was collected (i.e., providing the Service) and will not use or disclose it for any purpose other than as permitted by CPRA §1798.121.
• Authorised agents: you may use an authorised agent to submit a request on your behalf. We require verification of the agent’s authority and your identity before responding.
• Shine the Light Law: California Civil Code §1798.83 permits California residents to request information about disclosures of personal data to third parties for direct-marketing purposes. We do not engage in such disclosures.

14. Data Security

We implement administrative, technical, and physical safeguards designed to protect your personal data, including:

• Encryption in transit (TLS 1.2 or higher) for all client–server communication.
• Encryption at rest for our primary database and file storage.
• Row-level-security policies that isolate each user’s data at the database level.
• Apple-hardened cryptographic verification of in-app purchase transactions, validated against Apple’s pinned root certificates.
• Principle of least privilege for personnel access, with access logs reviewed periodically.
• Regular dependency updates and security patching of our infrastructure.

No system is perfectly secure. We cannot guarantee that unauthorised access will never occur. If we become aware of a security incident affecting your personal data, we will notify you and any required regulators in accordance with applicable law (GDPR Art. 33–34: 72 hours to the lead supervisory authority where feasible; state-level breach-notification statutes in the United States).

15. Cookies & Tracking

The Website does not use cookies for tracking. The App does not use cookies. The App does not perform cross-app or cross-site tracking. We have not enabled Apple’s App Tracking Transparency framework because we do not engage in any tracking that would require it.

Our backend uses session tokens (JWTs issued by Supabase Auth) to maintain your authenticated session in the App. These are not advertising or tracking identifiers.

16. Changes to This Policy

We may update this Privacy Policy as the Service evolves or as required by law. The “Effective” date at the top of this document indicates the date of the most recent revision.

We will provide at least 30 days’ advance notice before any material change takes effect, by email or in-app banner, unless a shorter notice period is required to address a security or legal issue. Your continued use of the Service following the effective date of a revised policy constitutes acceptance.

17. Contact Us

Privacy questions, rights requests, or concerns? Reach us at:

Email: privacy@relivance.app