1. Scope and Summary

We collect the information you provide directly (profiles, diaries, chats, unlock requests), the information created automatically when you use Atrable (device details, security events, notification logs), and limited data from service providers that help us operate the platform. We do not sell personal data, and we only share it with others in the ways described below.

2. Data We Process

Account and identity data

• Display name, username, email, and optional profile bio.
• Password hashes (salted and stored via Firebase Authentication) or tokens from social sign-in providers such as Apple or Google.
• Optional phone numbers or multi-factor verification data when you enable additional security checks; phone numbers may also be used to help friends find you.
• Support correspondence and documents you send to hi-law@atrable.com or through in-app support flows.

Profile, social, and discovery data

• Friendship status, follows, and block lists.
• Unlock diary balances and view events stored in Firebase Data Connect (Cloud SQL) so we can enforce sharing limits and provide analytics like mutual unlock counts and leaderboards.
• Profile metadata mirrored into Neo4j Aura (display name, displayId, avatar URL, short bio) to power friend search and ranking. Neo4j stores relationship nodes but not your diaries or chats.
• Contacts you choose to share for friend recommendations; matching is performed against existing accounts and the contact data is immediately discarded right after the recommendation logic is processed.

Content you create

• Diaries, media attachments, captions, reactions, and edit history stored in Cloud Firestore and replicated to Firebase Data Connect for fast queries.
• Chat messages and attachments delivered through Signal-compatible end-to-end encryption. We store the encrypted message payload, delivery state, and attachment blobs in Firebase Realtime Database and Cloud Storage until they sync to your devices.
• Unlock diary actions, diary views, and ledger entries that record who accessed which diary and when.

Device, security, and diagnostics data

• Registered device identifiers, platform, model, OS version, and status so you can review or revoke devices in the settings.
• Signal identity keys, registration IDs, signed pre-keys, and pre-key statistics stored in Firestore to operate end-to-end encrypted chat sessions.
• Device credential salts and hashes.
• Biometric challenge results (Face ID or Touch ID pass/fail only) used to confirm sensitive actions such as account or diary deletion; raw biometric data stays on your device.
• Security events (identity resets, suspicious logins, unlock audit logs) and App Check attestations so we can detect abuse.
• Crash reports, basic performance metrics, and server logs (IP address, timestamps, request headers) from Firebase Hosting, Cloud Logging, and Vercel when you visit our web properties.

Payment and commerce data

Atrable does not currently process payments in the consumer app. If that changes, we will update this section before collecting payment information.

3. How We Use Data

• Operate, personalize, and improve diaries, chat, and unlock experiences.
• Confirm sensitive actions using device biometrics when available.
• Maintain account security, verify device enrollment, and prevent spam or abuse.
• Deliver notifications by push or email.
• Suggest friends by temporarily matching provided contacts to existing accounts.
• Sync profile information into discovery features like Neo4j and Data Connect.
• Develop new features and debug issues using aggregated or de-identified logs.
• Comply with legal obligations, enforce our Terms, and investigate safety reports.

4. When We Share Data

• With other users: Diaries, chats, and reactions are shared with the people you choose or the audiences you configure (public, friends, private). Unlock balances and diary view counts are visible to the account owners involved.
• With service providers: We share data with vendors that host infrastructure, deliver push notifications, detect fraud, or provide customer support. They may only use the information to provide contracted services to Atrable.
• For legal reasons: We may preserve or disclose data to law enforcement, regulators, or third parties if required by law or if we believe it is necessary to protect someone from harm, prevent fraud, or defend Atrable.
• Business changes: If we are involved in a merger, acquisition, financing, or sale of assets, your data may be transferred as part of that transaction, subject to this policy.

We do not sell personal data or allow third-party ads in Atrable.

5. Service Providers and Infrastructure

Key processors we rely on today include:

• Firebase and Google Cloud: Authentication, Firestore, Realtime Database, Cloud Storage, Cloud Functions, App Check, Cloud Messaging, Cloud Logging, and Firebase Data Connect (backed by Cloud SQL) host most of your account and content data in the United States.
• Neo4j Aura: Stores profile graph data to power relationship-aware friend discovery.
• Apple Push Notification service (APNs) and Firebase Cloud Messaging: Deliver mobile push notifications to your devices.
• Vercel: Hosts our public website and legal documents. Vercel collects standard web logs when you visit those pages.

These providers act as processors on our behalf and must follow our instructions. They may also process limited metadata (such as IP addresses) under their own privacy policies to provide their services.

6. Data Retention

• Account information is kept while your account remains active and for a short period after deletion so we can process your request and meet legal obligations.
• Diaries, media, and reactions are retained until you delete them or delete your account. Replicas in caches or backups are removed on a rolling basis.
• Chat content remains on our servers only as encrypted ciphertext needed for delivery. When you delete a chat, associated encrypted payloads are queued for deletion.
• Device security records, unlock ledgers, and audit trails are retained as long as necessary to protect the service, usually no longer than is needed for investigation or legal compliance.
• Server logs and diagnostic data are kept for a limited period (for example, weeks or months) unless we need to retain them for security, analytics, or legal reasons.
• Contacts submitted for friend recommendations are discarded right after matching completes and are not stored in databases or logs.

7. Your Choices and Rights

• Update profile, notification, and privacy settings in the app.
• Manage diaries from the creation screens or by following our guide on deleting a diary.
• Delete your entire account (including diaries and chat metadata) by following account deletion steps. Deleting an account also removes mirrored data from Neo4j and Firebase Data Connect after a short processing period.
• Revoke device sessions or push tokens from the in-app security settings.
• If you live in the EEA, UK, or a region with data rights laws, you may request access, correction, portability, restriction, or objection by emailing hi-law@atrable.com. We may ask you to verify your identity before processing the request.

You can also submit complaints to your local data protection authority.

8. Security

Atrable uses multiple layers of security, including TLS encryption in transit, encryption at rest provided by Google Cloud, Signal-based end-to-end encryption for chats, hashed and salted authentication data, device credential verification, App Check enforcement, and access controls that limit employee access to the minimum necessary to operate the service. No system is perfectly secure, so we encourage you to keep your devices updated, review active sessions, and use strong passwords.

9. International Transfers and Legal Bases

We store most data in Google Cloud regions located in the United States. When we transfer personal data internationally, we rely on mechanisms such as Standard Contractual Clauses, and we implement safeguards like encryption.

For users in the EEA or UK, we process personal data based on one or more of the following legal grounds: (a) to perform the contract with you, (b) to comply with legal obligations, (c) to pursue legitimate interests such as securing Atrable, and (d) with your consent when required (for example, when you enable optional features).

10. Children's Privacy

Atrable is not directed to children under 13, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, contact us so we can delete it.

11. Changes to This Policy

We may update this Privacy Policy as our products evolve or laws change. If we make material changes, we will notify you by email, in the app, or through our website, and we will ask you to review and agree to the updated Privacy Policy the next time you launch the app after the update goes live. Continued use of Atrable after the effective date means you accept the revised policy.

12. Contact Us

Email hi-law@atrable.com with any privacy questions or requests.