Privacy Policy
Last updated: April 28, 2026
Relief is a private, end-to-end encrypted app for couples. This policy describes what we collect, what we don't, and why.
The encryption model
Almost everything you and your partner write or upload is encrypted on your device before it leaves it. Notes, photos, and intimate content are transformed into ciphertext using AES-GCM with a key derived from your couple code (PBKDF2-SHA256, 200,000 iterations, per-couple salt). The decrypted form exists only on your device. Our server holds the ciphertext and never sees the key, so we cannot read your private content even if compelled to.
What we collect
- Display names — the names you and your partner choose. Visible in plaintext to us so the app can render the UI.
- Optional gender — used only to filter mood emoji. Plaintext.
- Optional email address — per partner, used solely for security alerts (new device sign-ins, account-recovery flows). You can add or remove your email from Settings at any time. We don't market to you, share it with anyone, or use it for anything beyond app-driven alerts.
- Couple code hash — a one-way bcrypt hash of your shared code so you can sign in.
- Encrypted blobs — note bodies, photos, and similar. Stored as ciphertext; we cannot decrypt these.
- Timestamps and metadata — created-at dates, mood/act labels (you author these), tap counters, and similar housekeeping data needed to render the app.
- Push notification tokens — provided by your device's OS so we can deliver the generic alerts you opt into.
- Auth attempt logs — IP address and endpoint, kept for up to 24 hours for rate limiting. Auto-deleted after that window.
What we don't collect
- No analytics. No third-party trackers. No ad SDKs.
- No location data.
- No contact list, calendar, or other device data.
- No plaintext copy of your couple code, ever. Only its bcrypt hash.
- No marketing or newsletter emails. The email address you add (if any) is used only for security alerts.
Push notifications
When the app surfaces a push notification on your device, the visible text is intentionally generic (e.g. "💕 a moment from your love · Open Relief to see"). Sensitive content lives behind authentication inside the app, never on the lock screen.
Data retention
We hold your data until you delete it. Specific photos, notes, moods, or memories you remove from the app are deleted immediately on our server. If you delete your couple's account from Settings, every couple-scoped record is removed permanently.
Account deletion
Open Settings inside the app and tap "Delete account." You'll be asked to type your couple code to confirm. Both partners' accounts, every photo, message, mood, and memory are removed. This is permanent.
Children
Relief is intended for adult couples. The app is not directed at children under 17, and we do not knowingly collect data from them.
Couple code is the key
Your couple code is what derives your encryption key. Anyone you give it to can read your private content. Treat it like a password — share it only with the partner you intend to use the app with, and not by storing it in plaintext anywhere a third party could see (a sticky note, an unlocked notes app, a shared browser tab).
To soften the consequences of a leaked code, the app refuses to activate a new device until either an already-approved device approves it, or 24 hours pass with no rejection. New device sign-ins also trigger a notification to the affected partner's email. If a third party tries to use a leaked code on their device, you'll see and can reject it.
Where data lives
Application data is stored on shared web hosting in the United States. Push tokens are passed through Apple Push Notification service or equivalent OS-level push services for notification delivery only.
Changes
We'll update the date at the top of this page when we change anything material. Substantive changes will be surfaced in-app before they take effect.
Contact
Questions? Reach us through the support form.