Just between you two ♡
Privacy Policy
Effective date: July 19, 2026the short version ♡
- No account, no email, no phone number — you stay anonymous to us.
- Your note is text-only and each new one replaces the last. We keep no archive.
- No ads, no third-party analytics, no data selling. Ever.
- This website sets zero cookies.
- Want everything gone? Unlink in the app and email us — done.
This summary is for convenience; the full policy below is the binding version.
1.Who we are
Couple Notes (the “App”) is made by Appurium (“we”, “us”). We operate the App, its backend service, and this website at stickylove.app (together, the “Service”). For the purposes of the EU/UK General Data Protection Regulation (GDPR), Appurium is the data controller for the processing described in this policy.
Questions, requests, or complaints: support@stickylove.app.
2.Our approach: as little as possible
Couple Notes is a private space for two people. It was designed so that we know as little about you as technically possible: there are no user accounts. We never ask for your name, email address, or phone number. Your phone is identified by a randomly generated identifier that says nothing about who you are.
3.What we collect
When you use the App, our servers store the following — and nothing more:
| Data | What it is | Why |
|---|---|---|
| Device record | A random device identifier (UUID), a device secret (stored only as a cryptographic hash), platform (iOS), app version, creation and last-seen timestamps, and your notification on/off preference. | To recognize your device without an account and keep your note space connected to your partner’s. |
| Your shared note | The text of the current note (up to 180 characters). Notes are text-only — no photos, no attachments. Each new note replaces the previous one; we do not keep a history of past notes. | To show the note on your partner’s device and widget. |
| Pairing data | The fact that two device identifiers are linked, when the pair was created, and short-lived invite tokens (they expire after 20 minutes). | To connect exactly two devices into one shared note space. |
| Push token | A push notification token issued by Apple/Google for your device — only if you enable notifications. | To deliver the “You have a new note ♥” notification. |
| Purchase state | If you buy Premium: the product purchased, trial/renewal/expiry status, and store transaction identifiers, keyed to your random device identifier. Payment is handled entirely by Apple — we never see your name, card number, or billing address. | To unlock Premium for you and your partner and to honor trials, renewals, and refunds. |
| Service events | A first-party technical log of service events (for example “pair created” or “purchase received”), keyed to the same random identifiers. | To keep the Service reliable, debug problems, and prevent abuse. |
4.What we never collect
- No name, email address, phone number, or postal address.
- No contacts, photos, files, or precise location.
- No advertising identifiers and no cross-app tracking.
- No third-party analytics or advertising SDKs in the App.
- This website sets no cookies, loads no third-party fonts, scripts, or trackers, and collects no personal data.
5.How we use it (and our legal bases)
| Purpose | Legal basis (GDPR) |
|---|---|
| Running the Service: pairing your devices, storing and syncing the current note, showing it in the widget. | Performance of a contract (Art. 6(1)(b)) |
| Sending the new-note push notification. | Consent (Art. 6(1)(a)) — you grant it through the iOS notification permission and can withdraw it at any time in Settings. |
| Managing Premium purchases, trials, and the partner unlock. | Performance of a contract (Art. 6(1)(b)) |
| Security, rate limiting, abuse prevention, and debugging. | Legitimate interests (Art. 6(1)(f)) — keeping a small, anonymous service safe and working. |
We do not use your data for advertising, profiling, or automated decision-making, and we do not train AI models on your notes.
6.Who we share data with
We never sell personal information and never share it for cross-context behavioral advertising. Your note is shared with exactly one person: the partner you paired with. Beyond that, we use a small number of service providers (processors) to run the Service:
| Provider | What they do for us | Privacy policy |
|---|---|---|
| Railway Corp. | Hosts our backend server and database. | railway.com/legal/privacy |
| Google (Firebase Cloud Messaging) | Delivers push notifications to your device. | firebase.google.com/support/privacy |
| RevenueCat, Inc. | Processes App Store purchase receipts and keeps subscription state in sync. | revenuecat.com/privacy |
| Apple Inc. | Processes payments for Premium and delivers push notifications (APNs). Apple acts as an independent controller for your Apple account and payment data. | apple.com/legal/privacy |
We may also disclose information if required by law, or to protect the rights, safety, and security of our users or the Service.
7.International transfers
Our servers and providers may process data in the United States and the European Union. Where personal data is transferred out of the EEA, the UK, or Switzerland, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses and, where the provider is certified, the EU–US Data Privacy Framework.
8.How long we keep things
- Your note — until it is replaced by the next note, cleared by either of you, or you unlink; unlinking deletes the shared note.
- Invite tokens — expire 20 minutes after creation.
- Device record & pairing data — for as long as your device is registered; deleted or irreversibly anonymized on request.
- Push token — until you disable notifications or the device is deleted.
- Purchase records — for as long as needed to provide Premium and to meet legal (e.g. tax and accounting) obligations.
- Service events — kept for a limited period for reliability and abuse prevention, then deleted or anonymized.
9.Deleting your data
- Unlink your partner in the App’s Settings — this disconnects the pair and deletes the shared note from our servers.
- Delete the App — this removes the device credentials stored in your phone’s keychain; without them, nobody (including us) can access that note space again.
- Ask us at support@stickylove.app to erase your device record and related server data. Because we don’t know your name or email, we may ask you to send the request from the device (or include your device identifier from the App) so we can find the right record — this protects your data from being deleted by someone who isn’t you.
10.Security
All traffic between the App and our servers is encrypted with TLS. Device secrets are stored only as cryptographic hashes and, on your phone, in the iOS Keychain. We collect so little data that the most sensitive thing on our servers is the one note you have written — and even that is gone the moment it is replaced. No system is perfectly secure, but a system that holds almost nothing has very little to lose.
11.Your rights
Depending on where you live, you have some or all of the following rights:
- EEA / UK / Switzerland (GDPR): access, rectification, erasure, restriction of processing, data portability, objection, and the right to withdraw consent at any time. You may also lodge a complaint with your local data protection supervisory authority.
- California (CCPA/CPRA) and other US states: the right to know, correct, and delete personal information, and the right to opt out of “sale” or “sharing” of personal information. We do not sell or share personal information as those terms are defined by the CCPA, and we do not use sensitive personal information beyond what is necessary to provide the Service. We will never discriminate against you for exercising your rights.
To exercise any right, email support@stickylove.app. We respond within the timelines required by applicable law (one month under GDPR, 45 days under CCPA).
12.Children
Couple Notes is not directed at children under 13 (or the higher minimum age required in your country), and we do not knowingly collect personal data from them. If you believe a child has used the Service, contact us and we will delete the related data.
13.Push notifications
Notifications are strictly opt-in. You can turn them off at any time in the App’s Settings or in iOS Settings; we then stop using your push token and delete it.
14.Changes to this policy
If we change this policy in a meaningful way, we will update the effective date above and, for significant changes, let you know in the App. The current version always lives at stickylove.app/privacy.
15.Contact
Appurium
Email: support@stickylove.app