Privacy Policy

1. Who we are

Pairly Life is operated by Nimavera Inc., a Delaware corporation (“Nimavera”, “we”, “us”). For data-protection enquiries, contact privacy@pairlylife.com or support@pairlylife.com. A postal address for service of notice is available on request and will be published here once our Delaware registered-agent address is finalised.

If you are in the European Economic Area, the United Kingdom, or Switzerland, Nimavera Inc. acts as the data controller for the personal data you provide to the Service. If you are a California resident, Nimavera Inc. acts as the business that determines the purposes and means of processing your personal information under the California Consumer Privacy Act.

2. Categories of data we collect

Account data — email address, name, display name, hashed password (bcrypt — we never see the plaintext), role, and account creation/login timestamps.

Board & card content — boards (name, description, emoji), cards (title, description, type, status, priority, tags, target dates, ratings), checklist items, comments, photo memories, and emoji reactions you create or upload.

Couple Pulse check-ins — daily mood, energy score (1–5), the “needs” chips you select, and any short note you write. Visible only to members of the boards you tagged the check-in to (you can submit without a board, in which case it is private to you).

Expenses — when you log a card expense: amount, currency, description, payer, occurrence date, and the split percentages between board members. We do not store any payment-card details for these — they are simply your record of who paid for what.

Location data — (a) approximate city/country derived from your IP address at sign-in (via ipapi.co), used to show nearby community ideas; (b) precise latitude/longitude that you choose to attach to a card or your profile (e.g. for the map view), provided by your browser only with your permission.

Subscription data — your tier (Free / Premium / Lifetime), Stripe customer ID, subscription status, and renewal/expiry dates. Payment-card details are processed by Stripe directly and never reach our servers.

Notification preferences — your per-event email and push toggles, plus a record of any web-push subscriptions you have authorised (browser endpoint + cryptographic keys, no message contents).

Diagnostic data — basic server logs (request URL, status, timing) and, when configured, anonymised error reports via Sentry. We do not track you with analytics SDKs.

3. How we use your data and our legal bases (GDPR)

• To provide the Service (account creation, syncing your boards, powering invites, notifications, exports) — contractual necessity.
• To process payments and manage subscriptions via Stripe — contractual necessity.
• To send transactional emails (invite accepted, weekly summary, password reset, comment on your card) — contractual necessity; you can disable per-event email in Settings.
• To run AI features (Date Night Tonight, Memory Lane narrative, daily prompts, AI suggestions, AI itineraries, card enrichment) — contractual necessity when you ask for them; templates are served when no AI provider is configured or you are on the Free tier.
• To prevent abuse and enforce our Terms (rate limits, content moderation, the per-user daily AI call quota) — legitimate interests.
• To improve the product (bug-tracking, performance) — legitimate interests; no profiling or marketing analytics.
• To comply with legal obligations (e.g. tax records on payments) — legal obligation.

We do not sell, trade, or rent your personal data, and we do not use your data to train AI models.

4. Sub-processors and other recipients

Some data flows to third parties strictly to deliver the features you use. Where the data centre is outside the EEA/UK we rely on the provider's Standard Contractual Clauses or equivalent transfer mechanism.

• Stripe — payment processing for Premium and Lifetime purchases.
• Anthropic, OpenAI, or OpenRouter — when AI features run, the prompt and a small amount of contextual data (board name, card titles, your stated mood/budget for Date Night, etc.) are sent to whichever provider the operator has configured. Outputs are returned to you and stored on the relevant card or response. None of these providers retain your data for model training under our use of their API.
• Wikipedia, TMDB, Yelp, Spotify, MusicBrainz, OpenStreetMap, RAWG, Unsplash, Google Places — card-enrichment lookups when you click “Enrich” on a card. We send the title (and sometimes a short description) of the card.
• Ticketmaster — for the local-events feature: we send the latitude/longitude and date range you specified to retrieve nearby events.
• ipapi.co — approximate IP-based geolocation at sign-in.
• Sentry — anonymised error reports, when configured by the operator.
• PostHog (EU region) — aggregate product-funnel analytics (signup → first card → trial → paid). Only when you opt in via the cookie banner; declining keeps the entire pipeline off. We do not send IPs, payment data, or message content to PostHog.
• SMTP / email provider — to deliver transactional email.
• Object storage (Cloudflare R2 / S3-compatible) or local disk — for storing photos you upload.
• Web Push services (Apple, Google, Mozilla) — only if you opt in to push notifications; we send the notification payload to the push endpoint your browser registered.

We may also share information when legally required (court order, lawful request) or to protect the rights, safety, or property of users or the public.

5. Sharing inside the Service

Boards are explicitly collaborative: when you invite a partner, they can read and edit cards, comments, photos, ratings, reactions, and expenses on that board. Cards you mark as “discoverable” appear in the public Discover feed visible to other Pairly Life users (typically other couples nearby), without your name unless you choose to attribute the card. Memberships and the public board slug appear in the URL for board pages you visit.

6. Retention

We keep your data for as long as your account is active. Cards you delete are immediately hidden from your view and from any shared boards, but the underlying record is kept in a soft-deleted state and can be restored from the trash view at any time — there is no automatic purge window. Photos and uploads are kept with the soft-deleted card so a restore brings everything back. Reports of community content (CardReport rows) are retained indefinitely for moderation history. Stripe transaction records are kept as long as required for tax and accounting law (typically 6–10 years depending on jurisdiction). Activity logs are automatically deleted after 90 days; login IP addresses are nullified 30 days after your last sign-in.

When you delete your account, your personal information (name, email, avatar, location, last-login IP) is cleared immediately and your account is deactivated. The deactivated record is retained so shared boards and partner-side history remain coherent. If you want the remaining record permanently removed beyond the immediate PII clearance described above, email us at support@pairlylife.com and we will action the request manually.

7. Security

We use industry-standard practices including TLS in transit, bcrypt password hashing, JSON Web Token authentication, account lockout after repeated failed logins, security headers, and row-level access checks on every API endpoint. Despite this, no system is impossible to breach; please use a strong, unique password and report suspicious activity to support@pairlylife.com.

8. Your rights

Subject to local law, you may:

• Access the personal data we hold about you (use the in-app data export).
• Rectify inaccurate data via Settings → Profile.
• Erase your account and associated data (Settings → Account → Delete account).
• Export your data in a portable JSON format (Settings → Export, or /export/board/{id}).
• Object to or restrict processing based on legitimate interests.
• Withdraw consent for optional features (push notifications, location).
• Lodge a complaint with your supervisory authority (e.g. your national data-protection regulator in the EU).

9. Children

The Service is intended for users aged 16 or over. We do not knowingly collect personal information from children under 13 years of age (as defined by the U.S. Children's Online Privacy Protection Act, “COPPA”). If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information promptly.

Users between 13 and 15 years old may use the Service only with verifiable consent from a parent or legal guardian, and only where permitted by their local law. Some jurisdictions (including parts of the EU) require users to be 16 or older to consent on their own to the processing of personal data; in those jurisdictions we apply that higher age. If you believe a child has created an account in violation of these rules, please contact privacy@pairlylife.com and we will delete the account and associated data.

10. International transfers

Nimavera Inc. is established in the United States. Our application infrastructure is hosted in the United States and, where required to serve EU users, the European Union. Several sub-processors (Stripe, Anthropic, OpenAI, Sentry) are headquartered in the United States. For transfers of personal data from the EEA, the United Kingdom, or Switzerland to the United States, we rely on the European Commission's Standard Contractual Clauses (SCCs), the UK Addendum, and the EU-U.S. Data Privacy Framework (where the sub-processor is certified), supplemented by appropriate technical and organisational safeguards.

11. Cookies and local storage

See our separate Cookie Policy for the full list of what we store in your browser and why.

12. Changes to this policy

We may update this Privacy Policy. Material changes (e.g. a new sub-processor or new data category) will be notified via email or an in-app banner. The “Last updated” date at the top always reflects the current revision.