Privacy Policy

Relivance helps users organise professional relationships, contacts, interactions, goals, tasks, and AI-assisted relationship insights. This Privacy Policy explains how Relivance LLC collects, uses, discloses, retains, and protects information in connection with the Relivance iOS application (the “App”), the relivance.app website (the “Website”), and any related services or APIs (collectively, the “Service”).

This Privacy Policy is intended to support compliance with applicable privacy and platform requirements, including requirements that may apply under the EU and UK GDPR, CCPA/CPRA, COPPA, Apple App Store rules, and other applicable laws. Your specific rights may vary depending on where you live.

1. Who We Are

Relivance is a relationship-intelligence platform operated by Relivance LLC, a Wyoming limited liability company (the “Company,” “we,” “us,” “our”).

Registered agent for service of process in Wyoming: Northwest Registered Agent Service, Inc., 30 N Gould St Ste N, Sheridan, WY 82801, USA.

Privacy and data-rights requests: privacy@relivance.app. General questions and user support: hello@relivance.app.

Relivance LLC is the “controller” of your personal data within the meaning of GDPR and the “business” within the meaning of the CCPA/CPRA.

2. Scope of This Policy

This policy applies to all data we process in connection with the Service. The Service currently consists of two distinct surfaces, each with its own data practices:

• The Website (relivance.app) — a pre-launch information site that includes an early-access email-capture form. The App is not yet generally available; the Website is informational only.
• The App (Relivance for iOS) — the relationship-intelligence application, currently in private early-access distribution via Apple’s TestFlight platform and (when generally available) the Apple App Store.

By submitting your email on the Website, creating an account in the App, or otherwise using the Service, you confirm you have read and understood this policy. If you do not agree, do not use the Service.

3. Eligibility & Children’s Privacy

The Service is intended exclusively for adults aged 18 or older. We do not knowingly collect personal information from anyone under the age of 18.

If we learn that we have inadvertently collected personal data from a person under 18, we will delete that information promptly. To request deletion of a minor’s information, contact privacy@relivance.app.

Relivance is not directed at children, does not feature child-targeted content, and complies with the U.S. Children’s Online Privacy Protection Act (COPPA) and the GDPR provisions governing children’s data.

4. What We Collect on the Website

On the Website, the only personal information we collect is the email address you choose to submit through the early-access form, together with the date and time of submission. We do not run advertising trackers, cross-site fingerprinting scripts, or analytics scripts on the Website. We do not use cookies on the Website for tracking.

Standard server logs at our hosting provider may briefly record routine request data (IP address, browser type, referring page) for security and abuse prevention. Web font files for the Roboto typeface are served directly from relivance.app — we do not load fonts, stylesheets, or scripts from third-party content-delivery networks such as Google Fonts, so visiting the Website does not expose your IP address to a font provider.

The email address you submit is used only for: (a) sending you early-access updates about Relivance, (b) inviting you to use the App when private access opens, and (c) sending launch and service announcements. We do not sell, rent, or trade early-access email addresses, and we do not use them for unrelated marketing.

5. What We Collect in the App

We collect the following categories of personal information in the App. All of these are processed solely to provide and operate the Service for you, never for third-party advertising or cross-context behavioural advertising.

• Account & identity data: email address, hashed password (when you sign up with email), full name, organisation, professional title, timezone, and (optionally) a secondary email address. If you choose Sign in with Apple, we receive an Apple-issued identifier and the email and name you authorise Apple to share with us.
• Contacts data: names, email addresses, phone numbers, postal addresses, professional roles, employer history, educational history, social-media handles, profile photographs, custom fields, and free-text notes for individuals you add to or import into your network.
• Interaction data: dates, times, locations, participants, summaries, and free-text notes for meetings, calls, messages, and other shared-time events you log or sync from your Apple Calendar.
• Tasks & commitments: descriptions, due dates, recurrence settings, and participant associations for items you track within the Service. If you enable Apple Reminders sync, we mirror tasks between Relivance and your “Relivance” list in iOS Reminders.
• Goals & strategy data: free-text goal descriptions, milestones, intentions, and any files you attach to a goal (PDF, DOCX, XLSX, CSV, text, or images). Goal attachments auto-expire after 30 days unless promoted into a milestone.
• Voice input you create in the App: optional voice recordings you make inside the App through Smart Input or Recap (your own dictation), plus the AI-generated transcripts derived from them. The App does not record meetings, calls, or conversations on your behalf; you record yourself.
• Audio you attach: audio files you voluntarily upload to the App as attachments. You are solely responsible for the lawfulness of any audio you attach, including obtaining any consents legally required from people whose voices appear in that audio under the laws applicable to you and to them.
• Imported third-party data: contact lists from CSV / Excel / vCard files you upload; LinkedIn connection archives that you export from LinkedIn and upload manually (we do not access LinkedIn’s API directly); Apple Contacts (when you authorise import); content from screenshots you submit to OCR.
• Google integration data (only if you explicitly connect a Google account): Gmail thread metadata and message content for sync, Google Calendar events, Google Tasks lists, and OAuth refresh tokens for ongoing access. You may disconnect at any time from the App’s Settings.
• Device permissions you grant (device-side only unless the resulting content is uploaded by you): Apple Contacts framework reads (with your authorisation), EventKit calendar and reminders access, microphone (for recap audio), camera (for contact avatars), photo library (for avatars and OCR), speech recognition (for on-device transcription support).
• Subscription & purchase data: Apple StoreKit transaction identifiers, product identifiers, original-transaction IDs, expiry dates, environment (Sandbox/Production), and entitlement status. We do not collect or store payment-card numbers — Apple processes all payments. We also receive Apple App Store Server Notifications about renewals, refunds, and revocations on your subscription.
• Diagnostic data: crash reports, performance metrics, application hangs, and stack traces, collected via Sentry when an error occurs. We have configured Sentry to minimise personal data collection where reasonably practicable, but stack traces, breadcrumbs, and contextual data may contain incidental personal information.
• Derived intelligence: relationship-health scores, behavioural signals, AI-generated briefs, summaries, scores, suggested outreach drafts, and milestone recommendations. These are computed from the items above and stored under your account as decision-support tools surfaced to you. They are not used to make legal or similarly significant automated decisions about you or about the contact subjects of your network, and they may be deleted in accordance with the app’s data controls and the retention schedule in Section 11.

We do not collect: precise device location, biometric identifiers, browsing history, advertising identifiers, financial-account numbers, government-issued identifiers, health data, or content from any service you have not explicitly connected.

6. Sources of Information

• Directly from you: Website email submission, account registration, profile completion, contact entry, file uploads, goal creation, voice recordings, manual notes.
• From your devices, with your permission: Apple Contacts, Apple Calendar, Apple Reminders, microphone, camera, photo library, speech recognition.
• From integrations you authorise: Google (Gmail, Calendar, Tasks via OAuth), Apple StoreKit (subscription state), LinkedIn (only via files you upload yourself — we do not access LinkedIn directly).
• Automatically generated by the Service: timestamps, device-type metadata included in crash reports, and derived-intelligence outputs.

7. Legal Bases for Processing (EU / UK / EEA Users)

If you are located in the European Union, the European Economic Area, the United Kingdom, or Switzerland, we process your personal data on the following legal bases under GDPR Article 6:

• Performance of a contract (Art. 6(1)(b)): processing necessary to provide the Service you have signed up for — account, contacts, interactions, goals, AI-generated outputs, subscription handling.
• Consent (Art. 6(1)(a)): for the early-access email-capture form, optional integrations (Google), microphone access, camera access, and any feature you must explicitly enable. You may withdraw consent at any time without affecting the lawfulness of prior processing.
• Legitimate interests (Art. 6(1)(f)): for security monitoring, fraud and abuse prevention, debugging via crash reports, and aggregate product analytics — balanced against your rights and freedoms.
• Compliance with legal obligations (Art. 6(1)(c)): retention of certain financial records as required by law.

8. How We Use Your Information

We use the personal information described above strictly for the following purposes:

• Provide the Website and the early-access programme, including sending you launch updates if you submitted your email through the early-access form.
• Provide the core App: authentication, contact management, interaction logging, task tracking, goal planning, and AI-generated relationship intelligence.
• Operate integrations you authorise: sync with Google Calendar, Gmail, and Google Tasks; mirror to Apple Calendar and Apple Reminders.
• Process subscriptions: validate Apple StoreKit transactions against Apple’s pinned root certificates, track entitlement status, and handle renewals, refunds, and revocations via Apple’s App Store Server Notifications.
• Improve the Service: product analytics, debugging, and error correction via crash reports.
• Communicate with you: service notifications (purchase receipts, password resets, security alerts), responses to your support inquiries, and early-access announcements if you opted in via the Website.
• Comply with law: respond to lawful requests from authorities, enforce these terms, and prevent fraud or abuse.

We do not use your information for: targeted advertising, cross-context behavioural advertising, sale to data brokers, training of any third-party AI model on your personal data, or automated decision-making that produces legal or similarly significant effects concerning you.

9. Third-Party Sub-Processors

We use the following service providers to operate the Service. Each receives only the data necessary to perform its function and is contractually bound to confidentiality and appropriate data protection.

Website sub-processors:

• Formspree, Inc. (United States) — processes the email submissions you make through the early-access form on the Website, forwards them to our internal inbox, and stores them in Formspree’s dashboard. Subject to Formspree’s privacy policy.
• GitHub, Inc. (a Microsoft subsidiary, United States) — hosts the static Website on GitHub Pages. May keep standard request logs for the files we publish.

App sub-processors:

• Supabase, Inc. (Delaware, United States; Relivance project hosted in Central EU / Frankfurt, Germany) — primary backend infrastructure: PostgreSQL database, authentication, file storage, and Edge Functions. Row-level-security policies isolate each user’s data at the database level. We use the EU-hosted Supabase project for Relivance production app data and rely on applicable data-processing terms, transfer safeguards, and technical measures to support GDPR compliance.
• OpenAI, L.L.C. (California, United States) — large-language-model API used for narrative generation, brief generation, text classification, intent extraction, and natural-language goal analysis. Relevant portions of your data (such as contact context, goal text, interaction summaries, recap-audio transcripts, notes, and uploaded text where applicable) are transmitted to OpenAI for inference. Under OpenAI’s API terms in effect at the time of this policy, API inputs and outputs are not used to train OpenAI’s models by default unless the customer opts in; provider processing and limited retention may occur for operational, security, abuse-prevention, or legal purposes according to the provider’s terms and our configuration. Relivance does not permit OpenAI to use user content for advertising.
• Anthropic, PBC (California, United States) — large-language-model API (Claude) used for goal analysis, key-people compression, and select intelligence flows. Relevant portions of your data are transmitted to Anthropic for inference on the same basis described above for OpenAI: under Anthropic’s API terms in effect at the time of this policy, API inputs and outputs are not used to train Anthropic’s models by default unless the customer opts in; provider processing and limited retention may occur for operational, security, abuse-prevention, or legal purposes according to the provider’s terms and our configuration. Relivance does not permit Anthropic to use user content for advertising.
• Deepgram, Inc. (Delaware / California, United States) — speech-to-text API used to transcribe voice input that you record inside the App via Smart Input and Recap. Audio is transmitted to Deepgram for transcription, and the transcript is returned to the App. Under Deepgram’s API terms in effect at the time of this policy, API audio and transcripts are not used to train Deepgram’s generalised models by default unless the customer opts in. Provider processing and limited retention may occur for operational, security, abuse-prevention, or legal purposes according to provider terms and our configuration. Relivance does not permit Deepgram to use your content for advertising.
• Apple Inc. (California, United States) — App Store distribution, StoreKit in-app purchase processing, Apple ID authentication (when you choose Sign in with Apple), App Store Server Notifications for subscription state changes, EventKit for on-device calendar and reminders, the Speech framework for on-device transcription support.
• Google LLC (California, United States) — only if you explicitly connect a Google account: OAuth 2.0 authentication, Gmail API, Google Calendar API, Google Tasks API. Subject to Google’s privacy policy.
• Functional Software, Inc. (d/b/a Sentry, United States, or EU region if configured for the applicable project) — crash reporting and performance monitoring. Sentry receives crash reports, stack traces, device-model metadata, performance metrics, and limited contextual data needed to diagnose errors, improve reliability, and monitor app performance. We configure Sentry to minimise personal data collection where reasonably practicable, and we do not use Sentry data for third-party advertising, cross-app tracking, retargeting, sale of personal data, or data-broker sharing.

PostHog Cloud EU (PostHog, Inc., hosted in Frankfurt, Germany) — product analytics and app-usage measurement. PostHog may receive user identifiers, device or distinct identifiers, event names, timestamps, screen or feature interaction data, and limited diagnostic context so we can understand feature usage, improve reliability, debug issues, and measure product performance. We do not use PostHog for third-party advertising, cross-app tracking, retargeting, sale of personal data, or data-broker sharing.

We will update this list at least 30 days before adding any new sub-processor that materially affects your personal data.

10. How AI Processing Works

Several App features rely on third-party large-language-model APIs (currently OpenAI and Anthropic) for inference. When you use these features, the App sends the relevant portions of your content needed to perform the task — for example, contact context, goal text, interaction summaries, recap-audio transcripts, notes, and uploaded text where applicable — to the AI provider for processing. We send the minimum content reasonably needed to produce the requested output.

The AI Output we receive back — including briefs, summaries, scores, suggestions, and drafts — is stored under your account so you can review, edit, share, or delete it. AI Output is retained under the same schedule as the underlying content it relates to and may be deleted using the app’s data controls. See Section 12 (Data Retention) for the full schedule.

Under our AI providers’ API terms in effect at the time of this policy, API inputs and outputs are not used to train the providers’ generalised models by default unless the customer opts in. Limited provider-side processing and retention may occur for operational, security, abuse-prevention, or legal purposes according to provider terms and our configuration. We do not permit our AI providers to use your content for advertising.

11. Google User Data — Limited Use

If you connect a Google account to the App, Relivance’s use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

• We use Google user data only to provide and improve user-facing features that you enable, such as Gmail, Google Calendar, and Google Tasks functionality inside the App.
• We do not sell Google user data.
• We do not use Google user data for advertising or cross-context behavioural advertising.
• We do not use Google user data to train generalised AI models.
• Human access to Google user data is limited to security, legal compliance, abuse investigation, user-requested support, or where you have given explicit permission.
• You may disconnect Google at any time in the App at Settings → Google → Disconnect, and from your Google account permissions at myaccount.google.com/permissions.

12. Third-Party Contact Data

When you use the Service to manage your professional network, you will inevitably upload, import, or enter information about other people who are not Relivance users (your contacts). Relivance processes this third-party information to provide the Service to you — for example, to store contact records, surface relationship-health signals, generate AI briefs, or remind you to follow up.

You are responsible for ensuring you have any required rights, permissions, or lawful basis to provide third-party contact data to Relivance, in particular where privacy laws such as the GDPR apply.

If you believe your information has been uploaded to Relivance by one of our users and you want to request access, correction, or deletion, contact privacy@relivance.app. We may need to verify your request and balance it against the rights and lawful interests of the user who provided the information.

13. International Data Transfers

Relivance LLC is a U.S. company, and some of our sub-processors remain U.S.-based. Our production app database, authentication, and file storage are hosted in Supabase Central EU / Frankfurt, Germany. Even so, some personal data may still be transferred to and processed by U.S.-based providers — for example Anthropic, OpenAI (if enabled), Sentry (if not EU-configured), Apple, Google (if you connect it), or providers supporting our support and legal operations. For users located in the EU, EEA, UK, or Switzerland, Relivance relies on Data Processing Agreements (DPAs), Standard Contractual Clauses (SCCs) where applicable, and supplementary technical safeguards for these international transfers.

If you are located in the EU, EEA, UK, or Switzerland, we rely on the following safeguards for international transfers, as applicable:

• Standard Contractual Clauses (SCCs) approved by the European Commission, executed with each non-EU sub-processor that processes EU personal data.
• Supplementary technical measures including encryption in transit (TLS 1.2+), encryption at rest, row-level access controls, and minimum-necessary access by personnel.

If you would like a copy of the SCCs we have executed, please email privacy@relivance.app.

Our EU representative for the purposes of GDPR Art. 27 will be appointed prior to broadly admitting EU residents to the App. Until that representative is in place, EU residents may exercise their rights by contacting privacy@relivance.app directly.

14. Business Transfers

We may disclose or transfer personal information in connection with a merger, acquisition, financing, reorganisation, bankruptcy, sale of assets, or similar transaction, subject to appropriate privacy protections or legally required notice. Where the transaction would materially affect how your personal information is processed, we will inform you in advance to the extent required by applicable law.

15. Data Retention

We retain your personal data only as long as necessary for the purposes for which it was collected, with the following per-category schedule:

• Early-access email addresses (Website): retained until you ask us to remove them, or until twelve months after Relivance has publicly launched and the early-access list is no longer in active use, whichever comes first.
• Account data (App): for as long as your account is active.
• Contacts, interactions, tasks, goals, recap audio, and derived intelligence: for as long as your account is active. Soft-deleted items remain recoverable for up to 30 days, after which they are permanently deleted.
• Account-deletion grace period: when you request deletion (from Settings → Delete Account in the App, or by emailing privacy@relivance.app), your account is immediately disabled and you are signed out. After a 30-day grace period, all user-generated content is permanently deleted from our active systems. Encrypted backup copies may persist for up to 60 additional days before being purged. The maximum ordinary retention period after a deletion request is therefore up to 90 days, subject to limited records we must retain for legal, tax, security, fraud-prevention, dispute-resolution, or accounting reasons.
• Apple subscriptions are managed separately. Deleting your Relivance account does not automatically cancel an Apple subscription, and cancelling an Apple subscription does not automatically delete your Relivance account or your account data. You must manage subscription cancellation through your Apple ID subscription settings (Settings → Apple ID → Subscriptions on your device, or apps.apple.com/account/subscriptions on the web). If you used Sign in with Apple to register, Relivance revokes the associated Sign in with Apple token during account deletion as required by Apple.
• Subscription and transaction records: retained in pseudonymised form for up to seven years to comply with U.S. tax law and Apple’s audit requirements.
• Crash and analytics data: retained for up to 90 days, then aggregated or deleted.
• Logs (web request logs, security logs): retained for up to 30 days.

We may retain personal data longer where required by law, regulation, or to establish, exercise, or defend legal claims.

16. Your Rights

Depending on your jurisdiction, you have some or all of the following rights with respect to your personal data:

• Right to access (“Right to Know”): request a copy of the personal information we hold about you. The App includes an in-app data-export feature (Settings → Your Data → Export My Data) that delivers a ZIP archive containing your data in JSON and vCard formats.
• Right to rectification: correct inaccurate or incomplete personal data. Most fields are user-editable in the App; for anything you cannot edit, contact privacy@relivance.app.
• Right to erasure (“Right to Delete”): request deletion of your personal data. Use the in-app account-deletion flow or email privacy@relivance.app. To remove your email from the early-access list, email privacy@relivance.app and we will remove it within 30 days.
• Right to data portability: receive your personal data in a structured, commonly used, machine-readable format. The in-app export delivers this.
• Right to restrict processing: ask us to limit how we use your data while a question or correction is pending.
• Right to object: object to processing based on our legitimate interests.
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.
• Right to non-discrimination: we will not discriminate against you for exercising any of these rights — your access to the Service will not be reduced and we will not charge you a different price.
• Right to lodge a complaint: if you are in the EU/EEA/UK and believe our handling of your personal data violates applicable law, you may lodge a complaint with your local supervisory authority. In Germany, this is typically the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI) or your state-level Landesdatenschutzbehörde.

We will respond to verifiable rights requests within the timeframes required by applicable law (30 days under GDPR, 45 days under CCPA, extendable once by an additional 45 days where reasonably necessary).

17. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the rights described in Section 16. In addition:

• Sale and sharing: We do not sell your personal information for monetary or other valuable consideration. We do not share your personal information for cross-context behavioural advertising. We have not sold or shared your personal information in the preceding 12 months and have no plans to do so.
• Sensitive personal information: certain data we collect — for example, recap audio, contact records about identified individuals, free-text notes — may constitute “sensitive personal information” under CPRA. We use sensitive personal information only for the purposes for which it was collected (i.e., providing the Service) and will not use or disclose it for any purpose other than as permitted by CPRA §1798.121.
• Authorised agents: you may use an authorised agent to submit a request on your behalf. We require verification of the agent’s authority and your identity before responding.
• Shine the Light Law: California Civil Code §1798.83 permits California residents to request information about disclosures of personal data to third parties for direct-marketing purposes. We do not engage in such disclosures.

18. Data Security & Human Access

We implement administrative, technical, and physical safeguards designed to protect your personal data, including:

• Encryption in transit (TLS 1.2 or higher) for all client–server communication.
• Encryption at rest for our primary database and file storage.
• Row-level-security policies that isolate each user’s data at the database level.
• Apple-hardened cryptographic verification of in-app purchase transactions, validated against Apple’s pinned root certificates.
• Principle of least privilege for personnel access, with access logs reviewed periodically.
• Regular dependency updates and security patching of our infrastructure.

Human access. We limit internal access to personal information to personnel and service providers who need access to operate, secure, support, or improve the Service, comply with law, or respond to your requests. We do not routinely review the contents of your contacts, notes, emails, transcripts, or uploaded files.

No system is perfectly secure. We cannot guarantee that unauthorised access will never occur. If we become aware of a security incident affecting your personal data, we will notify you and any required regulators in accordance with applicable law (GDPR Art. 33–34: 72 hours to the lead supervisory authority where feasible; state-level breach-notification statutes in the United States).

19. Cookies & Tracking

The Website does not use cookies for tracking. The App does not use cookies. The App does not perform cross-app or cross-site tracking. We have not enabled Apple’s App Tracking Transparency framework because we do not engage in any tracking that would require it.

Our backend uses session tokens (JWTs issued by Supabase Auth) to maintain your authenticated session in the App. These are not advertising or tracking identifiers.

20. Changes to This Policy

We may update this Privacy Policy as the Service evolves or as required by law. The “Effective” date at the top of this document indicates the date of the most recent revision.

We will provide at least 30 days’ advance notice before any material change takes effect, by email or in-app banner, unless a shorter notice period is required to address a security or legal issue. Your continued use of the Service following the effective date of a revised policy constitutes acceptance.

21. Contact Us

Privacy questions, rights requests, or concerns? Reach us at privacy@relivance.app. For general questions and user support, write to hello@relivance.app.