# What we collect, in plain English

> We collect: an anonymous account, basic usage events (without your entries), crash reports, and subscription receipts. We don't collect: entry content, your real name, your email, your location, your contacts.

This is the plain-English version of our [privacy policy](https://www.myopenheart.co/privacy). The privacy policy is the legal document; this is the explanation.

## What we collect

### Identity

- **An anonymous account ID** — a random string of characters created when you first opened the app. Not tied to your name, email, or anything that identifies you in real life. You can see it in **Settings → About → User ID**.
- **A notification token** so we can deliver push notifications to your phone. Wiped when you delete your account.

### Usage events

Things like:

- **Onboarding events** — completed each step
- **Core actions** — wrote an entry, started a reveal, finished a reveal
- **Pairing events** — invite created, invite accepted, partner disconnected
- **Subscription events** — saw the paywall, started a trial, subscribed
- **Engagement events** — viewed an insight, viewed the journey tab, enabled biometric lock

What's in each event: the event name, your anonymous account ID, the time, and a small set of details (for "wrote an entry": the category and feeling, never the words).

What's **not** in any event: entry content, partner names, the words of feelings.

### Crash reports

If the app crashes, we receive:

- A description of where the crash happened
- A short list of recent actions (with sensitive details stripped)
- Your phone model, OS version, app version
- Your account ID so we can group crashes from the same person

What's **not** in a crash report: entry content, encryption keys, your recovery phrase, partner data.

Crash reporting is **off in development builds**. Only the live App Store and Play Store versions send anything.

### Subscription receipts

- Apple or Google's transaction ID for your subscription
- Plan tier (monthly or annual)
- Renewal status (active, in grace period, cancelled)

We need these to know who has premium and to honor inherited Pro. We're required to keep them for around seven years for tax records.

## What we never collect

- **Entry content.** Locked on your phone, gibberish on our servers.
- **Feeling content, intensity, category.** Same — locked.
- **Real names.** We use the first name you set; that's never sent to us.
- **Email addresses.** No account email is required. The only email we have is if you write to hello@myopenheart.co.
- **Phone numbers.**
- **Location.** No GPS, no coarse location.
- **Contacts.**
- **Photos** (other than the profile avatar you choose, which is locked into the couple record).
- **Microphone or camera** (other than for picking a profile photo).
- **Browsing history.** We're not on the web.

## Where data lives

- **Your phone**: locked entries, your encryption keys
- **Our backend** (hosted by Google Cloud in the US): scrambled entry data, anonymous account records, couple records
- **Analytics provider** (hosted in the EU): usage events
- **Crash reporting provider**: crash reports
- **Subscription provider**: subscription state
- **Apple App Store / Google Play**: billing

## Third-party data flows

We share data with these services because the app couldn't function without them:

- **Google Cloud** — runs our backend (your account, the scrambled entry data, push notifications)
- **An analytics provider** — usage events
- **A crash reporting service** — crash reports
- **A subscription management service** — subscription state
- **An AI provider** — handles AI calls (only after you've revealed; entry content goes through to the AI, then is forgotten)
- **Resend** — email (only if you write to hello@myopenheart.co)

We don't share data with anyone else. No advertising networks. No data brokers. No "marketing partners."

## What the AI provider sees

When AI features are on and you reveal:

1. Your phone unlocks both partners' entries locally.
2. Your phone sends a short summary of those entries plus your name and your partner's name, attachment style, and love language to the AI.
3. The AI returns the response.
4. The response shows up on your phone.

The AI provider doesn't keep a copy of the content after the response is sent.

You can turn AI features off in **Settings → AI features**. Without it, the app uses simpler pre-written responses.

## GDPR / CCPA

If you're in the EU or California:

- **Right to access**: email hello@myopenheart.co with your account ID. We'll send you everything we have. Most of it will be stuff we couldn't read anyway.
- **Right to delete**: Settings → Delete account. Done within 30 days.
- **Right to portability**: Settings → Export all entries gives you a file of your decrypted data.
- **Right to object**: email us. We don't run targeted advertising, so most opt-outs are already in place.

## Related

- [Full privacy policy](https://www.myopenheart.co/privacy)
- [Delete your account](/docs/account/delete-account)
- [How your privacy works](/docs/privacy/how-encryption-works)