Privacy Policy.

Engage Digital Projects Ltd, trading as Us Unlocked (“we”, “us”, “our”), is the data controller of the personal data described in this policy.

Registered office: 20–22 Wenlock Road, London, N1 7GU, England.
Company number: 07923233.
ICO registration: in progress; we will publish the registration number here once issued.
Privacy contact: use the contact form on our home page and select the “Privacy / data” topic.

We are not currently required to appoint a Data Protection Officer under Article 37 UK GDPR, but our privacy contact handles all data-protection enquiries.

Account data: email address, hashed password (only if you sign in with email/password), Apple or Google account identifier (only if you sign in with those providers), first name, year of birth (year only — not full date), couple identifier.

Couple content: the answers you write to questions; reactions; memories you create (text, photos, voice notes); journey progress; spontaneous Moments you send your partner. This content is end-to-end isolated to the two paired user accounts via Postgres row-level security.

Subscription data: plan selected, trial start/end timestamps, entitlement status. Card details are handled by Apple — we never see them.

Technical data: device model, OS version, app version, crash reports, performance traces, anonymous analytics events (pre-defined allowlist only — no autotrack).

Communications: messages you send us via the contact form or by email.

Under Article 6 UK/EU GDPR we rely on the following legal bases:

(a) Performance of a contract — to provide the service you have signed up for: account creation, pairing, daily questions, reveal mechanics, memories, journeys, billing, customer support.

(b) Legitimate interests — to keep the service safe and reliable: abuse prevention, fraud detection, security monitoring, crash diagnostics, aggregate retention metrics. We balance these against your rights and you may object at any time.

(c) Consent — for any AI feature that reads couple content. Consent is recorded per partner, per feature, per policy version. You may withdraw consent at any time; withdrawal does not affect lawfulness of prior processing. Both partners must have consented for the feature to operate; if either withdraws, the feature stops for the couple.

(d) Legal obligation — to comply with tax, consumer-protection, and lawful-disclosure requirements.

We use AI in two opt-in features: a date-idea conversation and a suggested-questions feature. For suggested questions we never send raw answer text to the AI provider — only abstract theme vectors derived server-side from clustering.

No decision producing a legal or similarly significant effect on you is made solely by automated means within the meaning of Article 22 UK GDPR.

We use the following processors, each bound by a written data processing agreement that meets Article 28 UK GDPR:

Supabase Inc. — Postgres database, file storage, authentication, realtime, edge functions. EU-region hosting.
Vercel Inc. — web hosting and edge compute for the marketing site, admin portal, and serverless functions.
Anthropic PBC— Claude language model for AI-conversational features. Operates under Anthropic's no-training Data Processing Addendum: your inputs are not used to train models.
Apple Inc. — App Store, push-notification delivery (APNs), in-app purchase processing, Sign in with Apple.
Google LLC — Sign in with Google (authentication only; no other data flows).
Mixpanel Inc. — anonymous product analytics (allowlisted events only, no `$people` profiles, EU residency).

We do not sell or rent your personal data. We do not share it with advertisers, brokers, or aggregators. Support staff and engineers cannot read couple content (answers, memories, voice notes, reactions, Moments) — only billing and abuse metadata.

Some of our processors are based in or transfer data to the United States. Where personal data leaves the UK or EEA, we rely on:
(i) the European Commission's Standard Contractual Clauses (2021) and the UK International Data Transfer Addendum;
(ii) supplementary measures including encryption in transit and at rest, pseudonymisation where practical, and access controls; and
(iii) Data Privacy Framework certifications where the processor holds them.

A copy of the relevant transfer mechanisms is available on request via our contact form (Privacy / data topic).

Account data and couple content: for as long as your account is active.
After account deletion: a 7-day grace period during which you can sign in to cancel the deletion; after that, hard-deletion within 30 days. Encrypted backups are retained for up to 30 days and then destroyed in the normal rotation.
After decoupling: 30 days (free) or 90 days (paid) recovery window during which you may reconnect; after that the couple-only data is hard-deleted.
Billing records: 7 years (UK statutory retention for accounting records).
Abuse-report metadata: 24 months from report date.
Crash and analytics events: 13 months, aggregated thereafter.

TLS 1.2+ in transit. Postgres at-rest encryption. Row-Level Security enabled and forced on every user-data table — enforced at the database, not just the application layer. Service-role database keys are never used in code paths reachable from end-user requests. Pre-signed storage URLs expire within 15 minutes per object. Admin access requires MFA and is logged to an append-only audit log. Security incidents that put your rights at risk are reported to the ICO within 72 hours and to affected users without undue delay, in line with Articles 33–34 UK GDPR.

Under the UK GDPR and EU GDPR, you have the right to:

(i) access the personal data we hold about you;
(ii) have inaccurate data corrected;
(iii) have your data erased (the “right to be forgotten”);
(iv) restrict our processing;
(v) port your data to another controller in a structured, commonly-used, machine-readable format;
(vi) object to processing carried out on the basis of our legitimate interests; and
(vii) withdraw any consent you have given, at any time.

You can exercise rights (i), (iii), and (v) directly inside the iOS app: Settings → Account contains a one-tap data export and a permanent account deletion flow with a 7-day grace period. For all other rights, use the contact form on our home page (Privacy / data topic). We respond within 30 days (extendable by a further 60 days for complex requests, with notice).

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) or your local EU supervisory authority.

Our website uses strictly necessary cookies to keep you signed in and to protect against cross-site request forgery. We do not use advertising cookies, third-party tracking pixels, or behavioural-profiling technologies on the marketing site. Where additional cookies are added in future, we will request your consent first.

The service is for adults. You must be 18 or older to create an account. We do not knowingly collect personal data from anyone under 18; if you become aware that a minor has created an account, please contact us and we will delete it.

When we make changes that affect your rights or the way we process your data, we will post the updated policy here and notify you in-app and by email at least 30 days before the changes take effect. Material changes that depend on consent require fresh consent before the new processing begins.

For privacy enquiries, requests, or complaints please use the contact form on our home page and select the “Privacy / data” topic.