Privacy Policy

Effective Date: October 6, 2025 | Version 1.0

Reluma ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App"). Please read this policy carefully.

            Key Principle: We collect only the data necessary to help you remember and manage your relationships. Your data is yours—we provide tools to export or delete it at any time.
        

1. Information We Collect

1.1 Data You Provide Directly

Account Information: Email address, display name, profile photo (via Firebase Authentication with Google Sign-In)
Relationship Data: Names, notes, life events, and contextual information you add about people in your network
Voice Notes: Audio recordings temporarily processed for speech-to-text conversion (audio is never stored; only the transcribed text is saved)
User-Generated Content: Journal entries, reflections, questions, and other textual data you create in the App

1.2 Data Collected Automatically

Contacts (Optional): If you grant permission, we access your device contacts to suggest people you might want to add to your relationship network. Contact data is processed locally and stored in Firebase Firestore only for contacts you explicitly add.
Location (When in Use): If you grant permission, we collect your location when you're actively using the App to tag life events with places. Location is never tracked in the background.
Device Information: Device type, operating system version, unique device identifiers (via Firebase App Check for security), and app version
Usage Analytics: App interactions, screen views, feature usage, and performance metrics (via Firebase Analytics and Firebase Performance Monitoring)
Crash Reports: Stack traces, device state, and error logs when the App crashes (via Firebase Crashlytics)

1.3 Third-Party Permissions

The App requests the following iOS permissions:

Microphone: To capture voice notes for transcription
Speech Recognition: To convert voice input to text (processed on-device)
Notifications: To send optional reminders to reflect on relationships
Contacts: To suggest people to add (only if you grant permission)
Location (When in Use): To tag events with places (only if you grant permission)

2. How We Use Your Information

We use your data for the following purposes:

Core Functionality: To store and display your relationship network, life events, and notes
AI-Powered Features (Optional): To analyze text and generate insights about relationship dynamics using Google Gemini AI (only if you enable AI features in Settings)
Personalization: To provide context-aware prompts and reminders based on your usage patterns
Security: To verify device authenticity via Firebase App Check and prevent abuse
Improvement: To analyze usage trends, fix bugs, and improve app performance (anonymized aggregated data only)
Compliance: To comply with legal obligations, resolve disputes, and enforce our Terms of Service

3. Data Sharing and Disclosure

3.1 Service Providers (Google/Firebase)

We use Firebase (Google Cloud Platform) to host and process your data. Firebase services act as data processors on our behalf:

Firebase Firestore: Database storage for your relationship data
Firebase Storage: Secure storage for photos and attachments (if used)
Firebase Authentication: User authentication and session management
Firebase Cloud Functions: Backend processing for AI features and data operations
Firebase Analytics & Crashlytics: Anonymized usage and crash data
Google Gemini AI (Optional): AI text analysis (only if you enable this feature)

Google processes your data in accordance with the Google Cloud Data Processing Agreement and Firebase Privacy & Security policies.

3.2 No Third-Party Advertising or Tracking

✅ We do NOT use advertising SDKs (no AdMob, Facebook Ads, etc.)
✅ We do NOT collect or share Identifier for Advertisers (IDFA)
✅ We do NOT sell your personal data to third parties
✅ We do NOT share your data with social media platforms

3.3 Legal Disclosures

We may disclose your information if required by law, court order, or to:

Comply with legal processes (subpoena, warrant)
Protect our rights, property, or safety
Investigate fraud, security issues, or violations of our Terms
Prevent harm to users or the public

4. Data Retention and Deletion

4.1 How Long We Keep Your Data

Active Accounts: We retain your data as long as your account is active or as needed to provide services
Deleted Accounts: When you delete your account, all personal data is permanently deleted within 30 days
Analytics Data: Anonymized analytics are retained for up to 14 months for service improvement
Crash Logs: Retained for 90 days for debugging purposes

4.2 How to Delete Your Data

You can delete your account and all associated data at any time:

Open the Reluma app
Go to Settings → Account → Delete Account & Data
Confirm deletion (this action is irreversible)

Upon deletion, we will permanently erase:

All relationship data (names, notes, events)
Your Firebase Authentication profile
All photos and attachments in Firebase Storage
All AI-generated insights and questions

Note: Anonymized analytics data (with no personal identifiers) may remain for up to 14 months.

5. Security Measures

We implement industry-standard security practices:

Encryption in Transit: All data is transmitted over HTTPS with TLS 1.3
Encryption at Rest: Firebase Firestore and Storage encrypt data at rest
Firebase Security Rules: Database access is restricted to authenticated users and validated via server-side rules
App Check: Device attestation to prevent unauthorized API access
Authentication: Google Sign-In with OAuth 2.0
No Password Storage: We rely on Google's authentication; we never store passwords

However, no system is 100% secure. If you suspect a security breach, please contact us immediately at security@reluma.app.

6. Your Privacy Rights

6.1 General Rights (All Users)

Access: View all your data in the app (Settings → Data Export)
Correction: Edit your data directly in the app
Deletion: Delete your account and all data (Settings → Delete Account)
Portability: Export your data in JSON format (Settings → Data Export)
Opt-Out: Disable analytics and AI features in Settings

6.2 GDPR Rights (European Users)

If you are in the European Economic Area (EEA), you have additional rights under GDPR:

Right to be Forgotten: Request complete erasure of your data
Right to Restrict Processing: Limit how we use your data
Right to Object: Object to data processing for specific purposes
Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, contact us at privacy@reluma.app.

6.3 CCPA/CPRA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA/CPRA):

Right to Know: Request disclosure of categories and specific personal data we collect
Right to Delete: Request deletion of your personal data
Right to Opt-Out: We do not "sell" personal data, but you can disable data sharing with analytics providers in Settings
Non-Discrimination: We will not discriminate against you for exercising your rights

To submit a request, email privacy@reluma.app with "CCPA Request" in the subject line.

7. Children's Privacy

Reluma is not intended for children under 13 (or under 16 in the EEA). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@reluma.app, and we will delete it immediately.

8. International Data Transfers

Your data is stored in Firebase's cloud infrastructure, which may involve processing in the United States and other countries. Google complies with the EU-U.S. Data Privacy Framework and other international data transfer mechanisms. For more details, see Google Cloud GDPR Compliance.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will:

Update the "Effective Date" at the top of this page
Notify you via in-app banner or email (if you have opted in)
Require your consent for significant changes (e.g., new data uses)

Your continued use of the App after changes constitutes acceptance of the updated policy. Check this page periodically for updates.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us:

Email: privacy@reluma.app
Support: https://ecomind-13ba8.web.app/support
App Developer: Reluma Team
Mailing Address: [Your business address for GDPR compliance]

Data Protection Officer (DPO): If you are in the EEA, you can contact our DPO at dpo@reluma.app.

11. Third-Party Links

The App may contain links to third-party websites or services (e.g., Google Sign-In). We are not responsible for the privacy practices of these third parties. Please review their privacy policies before providing any personal information.

12. Do Not Track (DNT)

Some browsers support "Do Not Track" (DNT) signals. The App does not currently respond to DNT signals. However, you can disable analytics in Settings → Privacy → Analytics to limit data collection.