Privacy & Cookie Policy

Last updated: April 30, 2026

Overview

This policy explains how Care to talk collects, uses, and protects your personal information when you use our mobile app and associated web pages. We are a Swedish community app focused on enabling deeper conversations between matched users. We are committed to safeguarding your privacy and being transparent about how your data is handled.

Information You Provide

When you create an account we collect: email address, password (stored as a hash), display name, and a unique username. Your profile may include birth date, gender, biography, spoken languages, and a profile image. We also store your interest categories with interest levels (1–7), and your optional answers to reflection prompts like 'who am I' and 'why am I here'. You choose what to fill in; only the minimum needed to create an account is required.

Information from Sign-in Providers

If you sign in with Apple, we receive your name (only the first time, as Apple permits) and email address — we do not receive any other Apple data. If you sign in with Google, we receive your basic profile information (name, email, profile picture URL) used to populate your account. You can sign in with email and password instead if you prefer not to use a third-party provider. We never receive or request friend lists, contacts, or activity data from these providers.

Activity and Communication Data

We store the messages you send (text and images), reactions you add to messages, messages you save or pin, status updates you publish, and matches you accept or reject. We store records of users you have blocked and reports you have submitted. We store device push notification tokens and timestamps recording when you accepted our terms, email communications, and push notification consent.

How We Use Your Information

Your interest categories, spoken languages, and interest levels power the matching algorithm that suggests compatible users. We use your data to deliver messages, send push notifications you have opted into, and enable content moderation through admin review of user reports. We do not sell your personal data to third parties, and we do not use it to train external models.

Data Storage and Security

Your data is stored via Supabase (a managed PostgreSQL platform) with row-level security policies that enforce access controls at the database level. All connections are encrypted in transit. Profile images are stored in a public storage bucket; chat images are stored in a private bucket accessible only to participants of that chat. Account data export files are stored in a private bucket only you can access. Passwords are stored only as bcrypt hashes — we cannot recover or read them.

Third-Party Services

We use Supabase for database, authentication, file storage, and server-side functions. Push notifications are delivered through the Expo Push Notification Service operated by Expo. We support Sign in with Apple and Sign in with Google as optional authentication providers — when you use them, you authenticate directly with Apple or Google under their privacy policies. Our public web pages (the marketing site you are reading now) include privacy-friendly aggregate analytics from Vercel that count page views without using cookies or tracking individuals across sites; the mobile app contains no analytics, advertising, or behavioral tracking.

Push Notifications

Push notifications are entirely opt-in — you choose whether to enable them when prompted, and you can revoke that consent in your device settings or in the app at any time. Notifications may be triggered by new messages, new matches, profile reveals, and other in-app activity. Your device token is stored securely and used solely for delivering notifications to your devices via Expo's push service. You can mute notifications globally or per chat.

Your Rights

You can view and edit all your profile data inside the app. You can export a copy of your account data as a downloadable JSON file at any time, fulfilling your right to data portability. You can pause your account, which hides you from discovery without deleting any data. You can permanently delete your account; deletion enters a 30-day grace period during which you can sign in again to cancel, after which your account and all related data are automatically removed and your messages are anonymized. You can block other users at any time. For users in the EU, you have additional rights under GDPR including the right of access, rectification, and the right to object to data processing.

Cookies

The primary experience is through our mobile app, which does not use cookies. Our web pages use standard session cookies only for authentication and basic preferences (such as light/dark mode). We do not use third-party tracking cookies, advertising cookies, or cross-site identifiers.

Data Retention

Active account data is kept for as long as your account exists. Soft-deleted accounts are fully purged after a 30-day grace period. Push tokens are removed when you sign out or revoke notification permission. Reports submitted to the moderation team may be retained after review for safety-related record-keeping.

Contact

For any privacy-related questions or requests, please reach out using the contact form on our website. We will respond to your inquiry as promptly as possible.