Privacy Policy — Unspoken

Last updated: 30 April 2026

1. Data Controller

Oxidium
Email: unspoken@oxidium.de

2. What data we process

On your device (never leaves the device):

• Your preference answers (yes / maybe / no) in clear text
• Optionally, a personal message attached to a pairing invitation

Sent from the device to our server (encrypted in transit):

• An anonymous pseudonym (random device-generated identifier)
• HMAC hashes of your "yes" and "maybe" answers — cryptographic fingerprints, never the answers themselves in clear text
• Push notification token (Firebase Cloud Messaging / Apple Push Notification service) used to deliver match notifications
• In-app-purchase receipt (used to validate paid features)
• IP address in server logs (Cloud Run, automatically deleted after 30 days)

What our server does NOT receive:

• Your answers in clear text
• Your "no" answers in any form
• Any link between the pseudonym and your person

3. Purposes of processing

• Establishing a connection between two devices (pairing)
• Computing the intersection of your preferences via hash comparison
• Delivering match notifications via push
• Validating in-app purchases

4. Legal basis

Processing under Art. 6 (1) lit. b GDPR (performance of a contract); for server logs additionally Art. 6 (1) lit. f GDPR (legitimate interest in operation and security of the app).

5. Recipients

• Google Cloud (hosting Cloud Run, Firestore, Firebase Cloud Messaging) — under EU Standard Contractual Clauses
• Apple App Store / Google Play (for in-app-purchase receipts)

6. Retention

• Pairings + hashes: as long as the pairing is active + 30 days
• Push tokens: until pairing is dissolved
• IAP receipts: 90 days (statutory retention)
• Server logs: 30 days

7. Your rights (GDPR Art. 15–21)

You have the right to access, correction, deletion ("Delete all data" inside the app), restriction of processing, data portability, and objection. You also have the right to lodge a complaint with a data protection supervisory authority. Contact: unspoken@oxidium.de

8. Children

This app is intended exclusively for adults (18+). We do not knowingly process any data of persons under 18.