1. Introduction

Love2Love ("we", "our", "the application") respects your privacy and is committed to protecting your personal data. This policy explains how we collect, use, store and protect your information when you use our iOS application.

2. Information We Collect

2.1 Authentication Data (Apple Sign In)

When you sign in with Apple ID, we receive:

• Unique Apple identifier: An encrypted and anonymized identifier provided by Apple
• Full name: Only if you choose to share it with us
• Email address: Only if you choose to share it (may be a private email address generated by Apple)
• Verification status: Confirmation that your Apple account is verified

Legal basis: Contract performance (necessary to create and manage your account)

2.2 User Profile Data

During the registration process, we collect:

• First name: To personalize your experience
• Date of birth: To verify that you are over 18 and adapt content
• Profile photo: Optional photo you can upload during onboarding
• Relationship start date: To calculate relationship duration and anniversary
• Relationship goals: Your preferences among the proposed options (e.g., "Get to know my partner better", "Address sensitive topics")
• Relationship duration: Chosen category (less than a year, 1-3 years, more than 3 years, or single)
• Partner connection data: Partner code for connecting with your partner's account

Legal basis: Consent and contract performance

2.3 Subscription and Payment Data

To manage your premium subscription:

• Subscription status: Active, expired, trial period
• Subscription and expiration dates
• Apple transaction identifier: Provided by StoreKit to verify purchases
• Purchase history: Managed by Apple, we only receive confirmations
• Payment receipts: Temporarily stored for validation

Legal basis: Contract performance and legal obligations (billing)

2.4 Application Usage Data

• Favorite questions: Questions you mark as favorites
• Viewed categories: To improve recommendations
• Last connection dates: For data synchronization
• Display preferences: User interface settings
• Local cache: Recently viewed questions (stored only on your device)
• Question progression: Your progress through question packs and categories
• Usage analytics: Anonymous interaction data to improve the application

Legal basis: Legitimate interest (service improvement)

2.5 Communication and Messages Data

For the daily question chat feature:

• Text messages: Messages you and your partner exchange through daily questions
• Message timestamps: When messages were sent and received
• Photo messages: Images shared in daily question conversations (if supported)
• Message status: Read/unread status for synchronization

Legal basis: Contract performance (essential application functionality)

2.6 Journal and Memory Data

For the couple's journal feature:

• Journal entries: Text content of your shared memories
• Entry photos: Images you upload to journal entries
• Entry dates: When journal entries were created
• Location data: GPS coordinates associated with journal entries (if you grant permission)

Legal basis: Consent and contract performance

2.7 Location Data

With your explicit permission, we collect:

• Precise location: GPS coordinates for journal entries and partner distance
• Location history: Previous locations associated with your memories
• Partner distance: Distance calculation between connected partners, protected by HTTPS/TLS

Legal basis: Explicit consent

2.8 Photos and Images

For profile customization and journal features:

• Profile photos: Optional photos you can upload during registration or in settings
• Journal images: Photos you attach to your journal entries
• Image metadata: EXIF data is automatically removed for privacy
• Local image cache: Temporary storage for faster loading (device only)
• App Group sharing: Images cached for widget display functionality

Legal basis: Consent and contract performance

2.9 Security and Audit Data

For security monitoring and compliance:

• Security events: Login attempts, partner connections/disconnections
• Access logs: When sensitive data is accessed (anonymized)
• Audit trails: Security-related actions for compliance
• Push notification tokens: FCM tokens for delivering notifications
• IP addresses: Anonymized for rate limiting and security (not stored long-term)

Legal basis: Legitimate interest (security and legal compliance)

2.10 Technical and Diagnostic Data

• Unique device identifier: Automatically generated for synchronization
• Application version: To ensure compatibility
• iOS version: To optimize performance
• Error logs: In case of malfunction (anonymized)
• Performance data: Loading times, memory usage (anonymized)

Legal basis: Legitimate interest (maintenance and service improvement)

3. How We Use Your Data

3.1 Application Functionality

• Secure authentication: Verify your identity and secure your account
• Personalization: Adapt content to your relationship goals
• Synchronization: Back up your data between your Apple devices and with your partner
• Recommendations: Suggest relevant questions based on your preferences
• Partner connection: Link your account with your partner for shared experiences
• Real-time messaging: Enable daily question conversations between partners
• Memory preservation: Store and organize your couple's journal entries and photos
• Location features: Associate memories with places and calculate partner distance

3.2 Subscription Management

• Purchase validation: Verify the validity of your premium subscription
• Trial period management: Track your 3-day free trial
• Renewals: Manage recurring subscriptions via Apple
• Customer support: Resolve purchase-related issues

3.3 Service Improvement and Analytics

• Usage analysis: Understand which features are most used (anonymized data via Firebase Analytics)
• Bug fixes: Identify and resolve technical issues
• Development: Create new features based on user needs
• Revenue analytics: Track subscription metrics via RevenueCat for business insights
• User engagement tracking: Monitor how users interact with questions, journal, and messaging features

3.4 Communication

• Push notifications: Reminders and new features (with your consent)
• Technical support: Answer your questions and resolve issues
• Important updates: Policy or service changes

4. Data Sharing and Disclosure

4.1 General Principle

4.2 Necessary Sharing with Technical Partners

Apple Inc.

• Authentication: Verification of your Apple ID identity
• In-app purchases: Processing subscriptions via the App Store
• Distribution: App downloads and updates
• Shared data: Transaction identifiers, subscription status

Google Firebase (Google LLC)

• Cloud storage: Secure backup of your profile data, messages, and journal entries
• Authentication: Secure management of user sessions
• Database: Synchronization between your devices and with your partner
• Analytics: Anonymous usage data collection for service improvement
• Shared data: Profile data, preferences, favorites, messages, journal entries, location data
• Location: Servers located in the United States and Europe with GDPR protection

RevenueCat (RevenueCat Inc.)

• Subscription analytics: Purchase and subscription tracking for business insights
• Revenue optimization: Understanding subscription patterns and user lifecycle
• Shared data: User ID, subscription status, purchase events, transaction data
• Purpose: Analytics only - no advertising or data selling

Realm (MongoDB Inc.)

• Local storage: Question cache on your device only
• No transmission: Data remains on your iPhone

4.3 Legal Disclosure

We may disclose your data if required by:

• Court orders: Binding judicial decisions
• Applicable laws: Legal obligations in France and the EU
• Rights protection: Defense of our legitimate rights or those of others
• Public safety: Prevention of illegal or dangerous activities

5. Data Security and Protection

5.1 Technical Measures

• Encryption in transit: All communications use HTTPS/TLS 1.2+ with AES-256 encryption
• Encryption at rest: Data stored with AES-256 encryption by Firebase/Google Cloud
• Strong authentication: Apple Sign In with biometric validation and SHA-256 hashing of nonces
• Data isolation: Each user has a separate data space with strict access controls
• Secure backup: Encrypted replication across multiple certified Google Cloud data centers
• Message protection: Messages protected by HTTPS/TLS in transit and database-level isolation. Additional end-to-end encryption in development
• Location protection: GPS coordinates protected by HTTPS/TLS and secure Firebase storage. Additional encryption in development
• Partner isolation: Data is only shared between explicitly connected partners via strict Firestore rules

5.2 Organizational Measures

• Limited access: Only authorized developers can access systems
• Regular audits: Quarterly security checks
• Training: Team awareness of data protection
• Incident response: Procedures in case of data breaches

5.3 Storage and Location

• Main data: Stored on Firebase (Google Cloud, United States)
• GDPR protection: Standard contractual clauses with Google
• Local data: Cache stored only on your device

6. Your Rights (GDPR and French Laws)

6.1 Right of Access

You can request a copy of all data we hold about you.

How to exercise: Contact us at contact@love2loveapp.com with your Apple identifier.

6.2 Right of Rectification

You can correct or update your personal data.

How to exercise: Directly in the application or by email.

6.3 Right to Erasure ("Right to be Forgotten")

You can request complete deletion of your account and data.

How to exercise:

1. In the app: Settings > Delete My Account
2. By email: contact@love2loveapp.com

Deadline: Deletion within 30 days maximum

6.4 Right to Data Portability

You can retrieve your data in a structured and readable format.

Format provided: JSON or CSV according to your preference

6.5 Right to Object

You can object to the processing of your data for legitimate reasons.

Exceptions: Data necessary for application functionality

6.6 Right to Restriction

You can request temporary suspension of your data processing.

6.7 Right to Withdraw Consent

You can withdraw your consent at any time for consent-based processing.

7. Data Deletion and Account Closure

7.1 Deletion Upon Request

When you delete your account:

1. Immediate deletion: Profile data, preferences, favorites, journal entries, messages
2. Deletion within 7 days: Cache, synchronization data, and partner connection data
3. Deletion within 30 days: Backup data, logs, and RevenueCat analytics data

7.2 Data Retained After Deletion

• Anonymized data: Usage statistics without possible identification
• Legal data: Invoices and receipts (legal obligation)
• Security data: Anonymized security logs (6 months)

8. Cookies and Tracking Technologies

8.1 Our Approach

8.2 Technologies Used

• iOS local storage: Preferences and cache (on your device only)
• Session identifiers: To maintain your connection (temporary)
• No tracking: No cross-app or website tracking
• No advertising: No advertising networks integrated

8.3 Analytics Data

• Firebase Analytics: ENABLED for service improvement with strict privacy settings
• RevenueCat Analytics: Subscription and purchase tracking for business insights
• Apple Analytics: Only standard anonymous iOS data
• No advertising tracking: We do not use IDFA or advertising identifiers
• No profiling: No advertising profile creation or cross-app tracking
• Data anonymization: All analytics data is anonymized and cannot be linked to your identity

9. Protection of Minors

9.1 Minimum Age

9.2 Age Verification

• Registration control: Date of birth verification
• Automatic blocking: Access denied if insufficient age

9.3 Reporting

If you discover that a minor is using the application, contact us immediately at contact@love2loveapp.com.

10. International Data Transfers

10.1 Data Location

• Main servers: Google Cloud (United States)
• Protection: EU-US standard contractual clauses
• Certification: Google Cloud is ISO 27001, SOC 2 certified

10.2 Protection Guarantees

• Privacy Shield: Although the program is suspended, Google maintains equivalent protections
• GDPR compliance: Google commits to respecting GDPR for all European clients
• Encryption: All data is encrypted in transit and at rest

11. Changes to This Policy

11.1 Change Notification

• Minor changes: Notification in the application
• Major changes: Email + push notification + banner in the app
• Notice period: 30 days minimum before effective date

11.2 Version History

• Version 1.0: Initial policy (June 2024)
• Version 2.0: Added messaging, journal, location, analytics features (January 2025)
• Version 2.1: Updated security and encryption section - clarification of current technical measures (January 2025)

11.3 Acceptance of Changes

• Continued use: Constitutes acceptance of new terms
• Right to refuse: You can delete your account if you don't accept the changes

12. Legal Basis for Processing (GDPR Summary)

13. Contact and Complaints

13.1 Data Protection Officer

13.2 Required Information for Your Requests

• Your Apple identifier (last 4 characters are sufficient)
• Nature of your request (access, rectification, deletion, etc.)
• Identity proof if necessary

13.3 Supervisory Authority

If you are not satisfied with our response, you can contact:

13.4 Publisher Contact Information

14. Compliance and Certifications

14.1 Regulations Respected

• GDPR: General Data Protection Regulation (EU)
• Data Protection Act: French law of January 6, 1978 as amended
• Apple App Store Guidelines: Apple's privacy guidelines
• CCPA: California Consumer Privacy Act (for California users)

14.2 Audits and Certifications

• Security audit: Conducted quarterly by an independent third party
• ISO 27001 certification: In progress
• Privacy by Design: Integration of data protection from conception