Privacy.

What we collect, and how long we keep it

Push tokens (APNs and FCM). When you install the app, Apple or Google issues a token that lets us wake your phone for new messages. We store the token while you keep the app installed; reinstalling rotates it.

Encrypted message blobs. Every message — text, photo, or voice recording — is sealed on your phone with Curve25519 / NaCl before upload. Neither we nor any hosting provider can read its contents, see who it is from, or distinguish a text from a photo. Blobs live in Vercel Blob and auto-expire after 48 hours, whether or not the other device picked them up.

Message envelopes. A small piece of delivery metadata — blob id, recipient device id, timestamp — sits in Upstash KV until the recipient's device acknowledges receipt, then it is deleted.

Device id. A random opaque identifier the app generates on first launch. It is not tied to any account, email, phone number, or advertising id. It exists only so the relay can route messages between two paired phones.

Partner profile (your name, city, country, timezone). Chosen during onboarding so the chat can show the partner's name and frame messages in their local time. These details are encrypted on your phone and travel only inside an end-to-end encrypted handshake to your paired partner — the relay never sees them and no third party stores them.

Local-only state. The app keeps a few things on your device that never reach the server: your message history (in an on-device SQLite database), the daily-message counter, the streak counter, your reminder preferences, and cached photo / voice files. Uninstalling the app erases all of it.

We do not collect emails, phone numbers, contacts, location data, browsing history, message content, or any analytics or advertising identifier. None of that ever leaves your device unencrypted, because the app never asks for it.

Third parties data flows through

Four services touch your data while a message is in flight. Each only ever sees ciphertext or opaque ids; none of them can decrypt anything.

• Apple Push Notification service (APNs). Delivers wake-up pushes to iOS devices.
• Firebase Cloud Messaging (FCM, by Google). Delivers wake-up pushes to Android devices.
• Vercel Blob (by Vercel Inc.). Short-term encrypted blob storage; objects auto-expire after 48 hours.
• Upstash KV (by Upstash Inc.). Short-term envelope queue; entries are deleted on delivery acknowledgement.

In-app purchases

Subscriptions and one-off purchases (including the optional partner-gift tier that extends Pro to your paired partner) are handled by Apple StoreKit on iOS and Google Play Billing on Android. We never see your card details, billing address, or Apple / Google account. Entitlements are verified locally against the store receipt; when a partner-gift state changes, a small encrypted envelope is sent to your partner so their gifted Pro can flip on or off — the relay forwards it as opaque ciphertext, the same way it forwards messages.

Notifications

Message notifications. Pushed silently from the relay so your phone wakes the app to ingest a new ciphertext blob. The notification payload contains only routing ids — never the message content, sender name, or any preview text.

Reminder notifications (daily nudge, streak warning, sealed-message reveal). These are scheduled locally on your phone by the app — they never round-trip through our server, and we never know whether one fired or whether you tapped it.

Children

Relation Link is rated 12+. The app is not directed at children under 13 and we do not knowingly collect data from them. Because there is no account or profile, there is also nothing to tie a piece of data to a specific person.

Your rights

Under GDPR and similar laws you have the right to access, correct, or delete your personal data. Because Relation Link has no account system, the simplest expression of that right is built in: uninstall the app and the push token is invalidated, your encrypted blobs expire within 48 hours, and any outstanding envelope is deleted on its next delivery cycle. There is nothing held under your name to "request deletion" of separately — it is automatic.

If you want a stronger guarantee or have a specific question, write to contact@nare.li and we will respond.

Updates to this policy

If this policy changes materially we'll update the date above; substantive changes will also be flagged on next app launch.

Contact

Questions, concerns, or data requests: contact@nare.li.