Privacy Policy for Stoke

Last Updated: October 2025

1. Introduction

Welcome to Stoke ("we," "our," or "us"). Stoke is a relationship-building app designed for couples to strengthen their connection through daily actions, secure messaging, and personalized insights.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the application.

2. Information We Collect

2.1 Personal Information You Provide

Account Information:

• Email address (required for authentication)
• Full name
• Profile photo (optional)
• Connection code (unique 6-character code for partner invitations)
• Timezone and notification preferences
• Action reminder time preferences

Relationship Data:

• Couple connection information
• Partner relationship status
• Relationship assessment survey responses
• Love language assessment results
• Relationship scores across five categories: Communication, Intimacy, Trust, Fun, and Support

Messages and Communication:

• Text messages sent to your partner (end-to-end encrypted)
• Photos and media shared with your partner (end-to-end encrypted)
• Message metadata (timestamps, sender information)

Activity and Progress Data:

• Completed daily and weekly relationship-building actions
• Skipped actions and skip reasons
• Custom action descriptions
• Streak tracking (consecutive weeks of activity)
• Action completion timeline

Survey Responses:

• Baseline relationship survey (22 questions across 5 categories)
• Monthly follow-up surveys
• Love language rankings and preferences
• Relationship satisfaction ratings

2.2 Information Collected Automatically

Device Information:

• Device type and model
• Operating system version
• App version
• Push notification tokens
• Device identifiers

Usage Information:

• App interactions and navigation patterns
• Last active screen and timestamp
• Feature usage statistics
• Error logs and crash reports (via Sentry)

3. How We Use Your Information

We use the information we collect to:

• Provide and maintain the Service: Create and manage your account, enable partner connections, deliver notifications
• Personalize your experience: Recommend relevant daily actions based on your love languages and relationship data
• Enable communication: Facilitate secure, encrypted messaging between you and your partner
• Generate insights: Calculate relationship scores, identify perception gaps between partners, track progress over time
• Improve the Service: Analyze usage patterns, fix bugs, develop new features
• Send notifications: Deliver push notifications for new messages, action reminders, partner activity, and streak celebrations
• Provide AI features: Generate AI friend responses using relationship context (scores, love languages, general activity data - not raw message content)
• Manage subscriptions: Process payments and manage your premium subscription status via RevenueCat
• Ensure security: Detect and prevent fraud, abuse, and security incidents

4. How We Share Your Information

4.1 Within the App

With Your Partner:
All relationship data is shared between connected partners, including:

• Survey responses and relationship scores
• Completed actions and activity timeline
• Messages and shared media (encrypted)
• Love language preferences
• Streak and progress data

4.2 With Third-Party Service Providers

We share your information with the following trusted third-party services:

Supabase (Database, Authentication, Storage):

• Purpose: Hosts all app data, manages authentication, stores encrypted media
• Data shared: All user data, messages (encrypted), survey responses, actions, profile information
• Location: Cloud infrastructure
• Privacy Policy: https://supabase.com/privacy

RevenueCat (Subscription Management):

• Purpose: Manages in-app purchases and subscription status
• Data shared: User ID, device platform, subscription status, purchase history
• Privacy Policy: https://www.revenuecat.com/privacy

Sentry (Error Tracking):

• Purpose: Monitors app performance, tracks crashes and errors
• Data shared: User ID, email, error logs, crash reports, performance metrics, app version, device information
• Privacy Policy: https://sentry.io/privacy/

Anthropic AI (AI Friend Feature):

• Purpose: Generates conversational AI friend responses with personality
• Data shared: User and partner names, relationship scores, love language preferences, action completion rates, AI conversation history, selected personality traits
• Data NOT shared: Raw message content from private couple messages
• Privacy Policy: https://www.anthropic.com/privacy

Expo (App Updates):

• Purpose: Delivers over-the-air app updates
• Data shared: Device platform, app version, project ID
• Privacy Policy: https://expo.dev/privacy

4.3 What We Do NOT Do

• We do NOT sell your personal information to third parties
• We do NOT share your data with advertisers or advertising networks
• We do NOT track you across other apps or websites for advertising purposes
• We do NOT access or read your encrypted messages (only you and your partner can decrypt them)

5. Data Security

We take the security of your data seriously and implement industry-standard security measures:

5.1 Encryption

End-to-End Encryption for Messages:

• All messages and shared media are encrypted using AES-256-CBC encryption
• Encryption keys are generated uniquely per couple (256-bit random keys)
• Keys are stored securely in device secure storage (Expo SecureStore)
• Only you and your partner can decrypt your messages - we cannot read them

Data in Transit:

• All data transmitted between the app and servers uses HTTPS/TLS encryption

Data at Rest:

• Messages and media are stored in encrypted form
• Database connections are secured with encryption

5.2 Access Controls

• Row Level Security (RLS): Database policies ensure users can only access their own data and their partner's data
• Authentication required: All API requests require valid authentication tokens
• Session management: Automatic token refresh and secure session handling

5.3 Data Retention

• Message media: Automatically expires and is deleted after 90 days
• Survey data: Retained to track relationship progress over time
• Action history: Retained for progress tracking and insights
• Account data: Retained until you delete your account

6. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information and account
• Data Portability: Request a copy of your data in a machine-readable format
• Withdraw Consent: Withdraw consent for data processing where applicable
• Opt-out of Communications: Disable push notifications in app settings

To exercise these rights, please contact us at the email address provided in Section 11.

7. Children's Privacy

Stoke is designed for adults in romantic relationships. Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information.

8. Data Transfers

Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. By using Stoke, you consent to the transfer of your information to our facilities and the third parties with whom we share it as described in this policy.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy in the app
• Updating the "Last Updated" date at the top of this policy
• Sending you a push notification for material changes (if applicable)

Your continued use of the Service after changes become effective constitutes your acceptance of the revised policy.

10. Third-Party Links

The app may contain links to third-party websites, services, or resources (such as external articles in action recommendations). We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: help@stokeus.com
Website: https://stokeus.com
Support: https://stokeus.com/help

12. Additional Information for Specific Regions

12.1 California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know whether personal information is sold or disclosed and to whom
• Right to say no to the sale of personal information (Note: We do not sell personal information)
• Right to access your personal information
• Right to equal service and price, even if you exercise your privacy rights

12.2 European Union Residents (GDPR)

EU residents have rights under the General Data Protection Regulation (GDPR):

• Legal basis for processing: Consent, contract performance, legitimate interests
• Right to access, rectify, erase, restrict processing, data portability, and object to processing
• Right to lodge a complaint with your local data protection authority
• Data Protection Officer contact: [If applicable]

12.3 Other Jurisdictions

We comply with applicable privacy laws in all jurisdictions where we operate. If you have questions about your specific rights, please contact us.

---