Is my relationship data private and secure?

Introduction

Absolutely. We understand that what you share in Cuddle is deeply personal. Your relationship data is protected with industry-standard security measures, and we never share, sell, or use your responses for advertising.

How We Protect Your Data

End-to-End Encryption

All sensitive data is encrypted:

• In transit: Data sent between your device and our servers uses TLS 1.3 encryption (the same security banks use)
• At rest: Your responses, quiz results, and check-ins are encrypted in our database
• During processing: Even our own systems can only access encrypted versions

This means even if someone intercepted data in transit or accessed our servers, they couldn't read your personal information.

Secure Infrastructure

• Cloud hosting: We use industry-leading cloud providers (AWS) with SOC 2 Type II compliance
• Regular security audits: Third-party penetration testing and vulnerability assessments
• Automatic updates: Security patches applied immediately
• Isolated environments: Development, testing, and production systems are completely separate

Authentication & Access Control

• Password protection: Industry-standard password hashing (bcrypt)
• Two-factor authentication: Optional 2FA for additional security (coming soon)
• Session management: Automatic logout after inactivity
• Device-level security: Support for biometric login (Face ID, Touch ID, fingerprint)

What We Never Do

We Don't Sell Your Data

Your relationship information is never:

• Sold to third parties
• Shared with advertisers
• Used to create marketing profiles
• Given to data brokers

Period. Your data is yours.

We Don't Use Your Responses for Ads

• We don't show you ads based on your relationship data
• We don't share your responses with advertising networks
• Your answers to personal questions stay private

We Don't Share with Other Users

• Your partner sees only what you choose to share
• Your data is never visible to other Cuddle users
• Comparison features (like quiz results) require explicit opt-in

Privacy from Your Partner

What Your Partner Can See

When paired, your partner can see:

• Responses you choose to share to specific questions
• Quiz results you mark as "shareable"
• Check-ins you complete (unless marked private)
• Activities you complete together
• Your participation in the Relationship Checkup

What Your Partner Cannot See

Your partner cannot access:

• Private responses or notes
• Individual question answers marked "for me only"
• Your account password or settings
• Check-ins marked as private
• Exercise reflections you keep private

You have full control over what you share.

Data Minimization

We only collect data that:

• Improves your experience
• Powers app features
• Helps us understand what content is most helpful

We don't collect:

• Your location (unless you explicitly share it in responses)
• Contact lists or photos (unless you choose to upload)
• Other apps on your device
• Browsing history outside Cuddle
• Social media connections (unless you login via social auth)

Third-Party Services

Services We Use

We work with trusted partners who help us run Cuddle:

OpenAI (ChatGPT):

• Powers AI-generated insights for Relationship Checkup
• Receives anonymized data (no names, emails, or identifying information)
• Responses processed according to OpenAI's privacy policy
• We don't use your data to train OpenAI models

RevenueCat:

• Manages subscription status
• Receives purchase information only
• Does not access relationship data

Firebase:

• Analytics to understand feature usage
• Crash reporting to fix bugs
• Push notifications
• Anonymized, aggregated data only

AWS:

• Cloud hosting infrastructure
• Data encrypted at rest and in transit
• SOC 2 Type II compliant

Third-Party Privacy

All partners sign data processing agreements requiring:

• GDPR and CCPA compliance
• Data encryption
• No unauthorized use of your data
• Immediate deletion upon request

Compliance & Certifications

GDPR (General Data Protection Regulation)

If you're in the EU/UK, you have rights to:

• Access your data: Request a copy anytime
• Rectify data: Correct inaccurate information
• Erase data: Delete your account and all data
• Data portability: Export your data in machine-readable format
• Withdraw consent: Opt out of optional data collection

See How do I export my data? and How do I delete my account?

CCPA (California Consumer Privacy Act)

If you're in California, you can:

• Know what data we collect
• Request deletion of your data
• Opt out of data sales (we don't sell data)
• Not be discriminated against for exercising your rights

HIPAA Note

Cuddle is not a healthcare app and is not HIPAA-compliant. We are a relationship wellness tool, not a medical or therapeutic service. If you need therapy, please consult a licensed professional.

Security Best Practices for Users

Protect Your Account

1. Use a strong password

   • At least 12 characters
   • Mix of letters, numbers, symbols
   • Unique to Cuddle (don't reuse)

2. Don't share your login

   • Your partner should have their own account
   • Don't share your password with anyone

3. Enable biometric login

   • Use Face ID, Touch ID, or fingerprint
   • Adds extra layer of security

4. Log out on shared devices

   • Don't stay logged in on others' phones
   • Use private browsing if accessing via web

Device Security

• Keep your phone's OS updated
• Use a screen lock (PIN, pattern, biometric)
• Don't jailbreak/root your device (reduces security)
• Be cautious on public WiFi (use VPN if possible)

Data Breaches

Our Commitment

In the unlikely event of a data breach:

1. Immediate notification: We'll email you within 72 hours
2. Transparent communication: Clear explanation of what happened
3. Remediation steps: What we're doing and what you should do
4. Free support: Help with account security and monitoring

Our Track Record

As of this article's date, Cuddle has never experienced a data breach. We take security seriously and continuously invest in protection measures.

Your Conversations Stay Private

AI-Generated Insights

When using AI features (like Relationship Checkup analysis):

• Your data is sent to OpenAI's servers for processing
• It's anonymized (no names, emails, or identifying details)
• Responses are not used to train AI models (per our agreement)
• Insights are generated and returned to you only
• No human at Cuddle or OpenAI reads your specific responses

Human Support

If you contact support:

• Support staff may access your account to troubleshoot
• They're bound by strict confidentiality agreements
• Access is logged and audited
• We never read your responses unless absolutely necessary for support

Children's Privacy

Cuddle is for adults only:

• You must be 18+ to use Cuddle
• We don't knowingly collect data from minors
• If we discover an underage user, the account is deleted immediately

Transparency

We believe in being open about our practices:

• Privacy Policy: Available at cuddle.health/privacy
• Terms of Service: Available at cuddle.health/terms
• Data practices: Explained in plain language (like this article)
• Updates: We notify you of significant policy changes

Questions About Privacy?

If you have concerns about your data:

• Review our full Privacy Policy
• See What data does Cuddle collect?
• Email our privacy team: privacy@cuddle.health
• Request your data: How to export
• Delete your account: How to delete

Bottom Line

Your relationship is personal. Your data should be too.

We've built Cuddle with the same privacy standards we'd want for our own relationships. We encrypt your data, never sell it, and give you full control over what you share.

Your trust is our top priority.

Related Articles

• What data does Cuddle collect?
• How do I export my data?
• How do I delete my account?