Privacy Policy

1. Who we are

Pairly Life is operated by Sambade Consulting. For data-protection enquiries, contact support@pairlylife.com. If you are in the EEA or UK, we act as the data controller for the personal data you provide to the Service.

2. Categories of data we collect

Account data — email address, name, display name, hashed password (bcrypt — we never see the plaintext), role, and account creation/login timestamps.

Board & card content — boards (name, description, emoji), cards (title, description, type, status, priority, tags, target dates, ratings), checklist items, comments, photo memories, and emoji reactions you create or upload.

Couple Pulse check-ins — daily mood, energy score (1–5), the “needs” chips you select, and any short note you write. Visible only to members of the boards you tagged the check-in to (you can submit without a board, in which case it is private to you).

Expenses — when you log a card expense: amount, currency, description, payer, occurrence date, and the split percentages between board members. We do not store any payment-card details for these — they are simply your record of who paid for what.

Location data — (a) approximate city/country derived from your IP address at sign-in (via ipapi.co), used to show nearby community ideas; (b) precise latitude/longitude that you choose to attach to a card or your profile (e.g. for the map view), provided by your browser only with your permission.

Subscription data — your tier (Free / Premium / Lifetime), Stripe customer ID, subscription status, and renewal/expiry dates. Payment-card details are processed by Stripe directly and never reach our servers.

Notification preferences — your per-event email and push toggles, plus a record of any web-push subscriptions you have authorised (browser endpoint + cryptographic keys, no message contents).

Diagnostic data — basic server logs (request URL, status, timing) and, when configured, anonymised error reports via Sentry. We do not track you with analytics SDKs.

3. How we use your data and our legal bases (GDPR)

• To provide the Service (account creation, syncing your boards, powering invites, notifications, exports) — contractual necessity.
• To process payments and manage subscriptions via Stripe — contractual necessity.
• To send transactional emails (invite accepted, weekly summary, password reset, comment on your card) — contractual necessity; you can disable per-event email in Settings.
• To run AI features (Date Night Tonight, Memory Lane narrative, daily prompts, AI suggestions, AI itineraries, card enrichment) — contractual necessity when you ask for them; templates are served when no AI provider is configured or you are on the Free tier.
• To prevent abuse and enforce our Terms (rate limits, content moderation, the per-user daily AI call quota) — legitimate interests.
• To improve the product (bug-tracking, performance) — legitimate interests; no profiling or marketing analytics.
• To comply with legal obligations (e.g. tax records on payments) — legal obligation.

We do not sell, trade, or rent your personal data, and we do not use your data to train AI models.

4. Sub-processors and other recipients

Some data flows to third parties strictly to deliver the features you use. Where the data centre is outside the EEA/UK we rely on the provider's Standard Contractual Clauses or equivalent transfer mechanism.

• Stripe — payment processing for Premium and Lifetime purchases.
• Anthropic, OpenAI, or OpenRouter — when AI features run, the prompt and a small amount of contextual data (board name, card titles, your stated mood/budget for Date Night, etc.) are sent to whichever provider the operator has configured. Outputs are returned to you and stored on the relevant card or response. None of these providers retain your data for model training under our use of their API.
• Wikipedia, TMDB, Yelp, Spotify, MusicBrainz, OpenStreetMap, RAWG, Unsplash, Google Places — card-enrichment lookups when you click “Enrich” on a card. We send the title (and sometimes a short description) of the card.
• Ticketmaster — for the local-events feature: we send the latitude/longitude and date range you specified to retrieve nearby events.
• ipapi.co — approximate IP-based geolocation at sign-in.
• Sentry — anonymised error reports, when configured by the operator.
• SMTP / email provider — to deliver transactional email.
• Object storage (Cloudflare R2 / S3-compatible) or local disk — for storing photos you upload.
• Web Push services (Apple, Google, Mozilla) — only if you opt in to push notifications; we send the notification payload to the push endpoint your browser registered.

We may also share information when legally required (court order, lawful request) or to protect the rights, safety, or property of users or the public.

5. Sharing inside the Service

Boards are explicitly collaborative: when you invite a partner, they can read and edit cards, comments, photos, ratings, reactions, and expenses on that board. Cards you mark as “discoverable” appear in the public Discover feed visible to other Pairly Life users (typically other couples nearby), without your name unless you choose to attribute the card. Memberships and the public board slug appear in the URL for board pages you visit.

6. Retention

We keep your data for as long as your account is active. Cards you delete go to a soft-deleted state and are purged from our active database after 30 days. Photos and uploads are removed with their parent card. Reports of community content (CardReport rows) are retained for moderation history. Stripe transaction records are kept as long as required for tax and accounting law (typically 6–10 years depending on jurisdiction). When you delete your account, we delete or anonymise the rest of your personal data within 30 days.

7. Security

We use industry-standard practices including TLS in transit, bcrypt password hashing, JSON Web Token authentication, account lockout after repeated failed logins, security headers, and row-level access checks on every API endpoint. Despite this, no system is impossible to breach; please use a strong, unique password and report suspicious activity to support@pairlylife.com.

8. Your rights

Subject to local law, you may:

• Access the personal data we hold about you (use the in-app data export).
• Rectify inaccurate data via Settings → Profile.
• Erase your account and associated data (Settings → Account → Delete account).
• Export your data in a portable JSON format (Settings → Export, or /export/board/{id}).
• Object to or restrict processing based on legitimate interests.
• Withdraw consent for optional features (push notifications, location).
• Lodge a complaint with your supervisory authority (e.g. your national data-protection regulator in the EU).

9. Children

The Service is intended for adults aged 16 or over (18 where required by local law). We do not knowingly collect data from children under 16. If you believe a child has created an account, contact us and we will delete it.

10. International transfers

Our infrastructure may be hosted in the EU or US. Some sub-processors (Stripe, Anthropic, OpenAI, Sentry) are headquartered in the United States. We rely on Standard Contractual Clauses and equivalent safeguards for those transfers.

11. Cookies and local storage

See our separate Cookie Policy for the full list of what we store in your browser and why.

12. Changes to this policy

We may update this Privacy Policy. Material changes (e.g. a new sub-processor or new data category) will be notified via email or an in-app banner. The “Last updated” date at the top always reflects the current revision.