Privacy Policy
Last updated: June 8, 2026
1. Our commitment to privacy
SharedCalm is built on the principle that the most intimate communications between two people should stay private. Our Safe Drop, Mutual Wants, and journal-sharing features are designed with end-to-end encryption at the foundation.
2. End-to-end encryption
The following content is end-to-end encrypted on your device before it reaches our servers. We hold only ciphertext and nonces; you and your partner hold the keys:
- Safe Drop message bodies and thread replies on a drop.
- Scheduled drop drafts (until they are sent as a Safe Drop).
- Journal entries and journal excerpts you choose to share with a partner.
- Survey ("Mutual Wants") answer payloads.
- Weekly reflection answers.
- Mood check-in notes, when you add one.
- Promise-ledger agreement text and check-in notes.
- Your private reflection fields after a hard moment (each field encrypted separately).
- Partner operating-manual sections you write.
Smart Rewrite exception: if you tap Smart Rewrite on a draft, that single draft (plus heat and intent tags) is sent to our cloud rewrite provider to suggest softer wording. We require zero-data-retention routing for that request. We do not store the draft or the suggestions on our servers — only anonymized usage counts for abuse prevention. The rule-based softener and sending your original text remain fully encrypted.
SharedCalm cannot read the encrypted content above, and cannot be compelled to provide it in readable form.
3. Information we collect
To run the product we also store some information in our database that is not end-to-end encrypted. A copy of our database would expose these fields, so we treat them as sensitive but not secret:
- Account information: email address (held by our auth provider, with hashed passwords), display name, nickname, and birth date if you provide one.
- Cryptographic data: your public key, and your master key wrapped by a key derived from your password (your password is never sent in plaintext).
- Connection metadata: short connection codes, who is linked to whom, and timestamps for requests and approvals.
- Presence and readiness: talk-readiness state, bandwidth/workload labels, and related timestamps — not the content of your messages.
- Mood scores: the numeric mood value and emoji you select on a mood check-in. Optional free-text notes are end-to-end encrypted (see section 2).
- Survey activity metadata: which prompts you swiped on, which sessions exist, and which prompts you have hidden. The answers you give inside a survey session are end-to-end encrypted.
- Safe Drop metadata: heat level, intent mode, topic category or label, scheduling and delivery times, and read timestamps. The message body is encrypted (see section 2).
- Drop activity metadata: small structured signals around each message (whether you acknowledged it, which kind of repair action you chose, and similar) — not the text of your drops.
- Push notifications: device push tokens so we can notify you that something is waiting. Notification text does not include message content; opening the app decrypts on your device.
- Smart Rewrite usage: anonymized token counts and timestamps for abuse prevention and spend caps — not your draft text or suggested rewrites.
- Mutual reflection summaries: when both partners approve, a neutral summary is stored in readable form so you can revisit it together. Your private reflection fields stay encrypted until you choose what to share.
- Anonymized usage: we may collect aggregate statistics (for example, feature usage counts) to improve the product. We do not track your location and do not use third-party advertising cookies.
4. Data deletion and retention
SharedCalm provides a "Right to be Forgotten." When you initiate an account deletion in the app:
- Your account record and personal profile are permanently purged.
- Your private journal entries are permanently deleted.
- Any shared Safe Drops sent to a partner will be removed from your device and the server. Data already delivered to a partner's device remains under their control.
- Mutual Wants swipe metadata is pruned after 180 days, and hidden-question metadata is pruned after 365 days.
5. Age restrictions
SharedCalm is intended for use by adults (18+). We do not knowingly collect data from individuals under the age of 18. If we become aware of such data, we will take immediate steps to delete it.
6. Contact us
If you have any questions regarding this policy or your data rights, please contact our privacy officer at privacy@sharedcalm.com.