Privacy Policy

1. Introduction & Scope

Reev Tech Inc. ("Duolove", "we", "us", "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, store, and protect information when you use the Duolove mobile application, website, APIs, and any related services (collectively, the "Service").

By installing, accessing, or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, you must not use the Service.

This Policy should be read together with our Terms of Service. In case of conflict, applicable privacy law controls how we handle your personal data.

2. Data We Collect

We designed Duolove to minimize the personal data we collect. We do not require email, phone number, or address to use the core Service.

• Account & Profile Data: Anonymous user ID (UUID), nickname, account creation date.
• Connection Data: Room ID, pairing codes used, partner ID, partner nickname, pairing timestamps, unpair events.
• Content Data: Hand-drawn images (PNG or similar formats), limited text messages (if used), content metadata (timestamps, expiry setting, basic device context), streak history.
• Device & Technical Data: Firebase Cloud Messaging (FCM) token, Apple Push Notification Service (APNs) token, device model, OS version, app version, basic diagnostic and performance data required to operate the Service securely.
• Subscription & Transaction Data: Purchase receipts, product identifiers, subscription status, renewal and expiration dates, as provided via Apple and RevenueCat. We do not receive your full payment card details.

We do not intentionally collect: email addresses (for core use), phone numbers, contact lists, precise GPS location, health data, microphone/audio content, SMS, or full unrestricted access to your photo library. Image selection uses system pickers that limit what we can see.

3. How We Use Your Data

We use the data described above for the following purposes:

• To create and maintain your device-based account and paired room.
• To transmit drawings and messages between you and your chosen partner.
• To implement drawing expiry, widgets, streaks, and related features.
• To send push notifications about new drawings or relevant app events (if enabled).
• To validate and manage Duolove+ subscriptions and restore purchases.
• To maintain security, prevent abuse, detect anomalies, and protect the Service and users.
• To understand performance issues and improve reliability, using aggregated and strictly necessary technical data.

We do not use your data to build advertising profiles, perform cross-app tracking, or run targeted ads.

4. No Sale or Rental of Personal Data

We do not sell, rent, or lease your personal data to third parties. We do not share your personal data with data brokers.

5. Third-Party Services & Data Sharing

We use trusted third-party processors to provide core functionality. These providers may process your data on our behalf or as independent controllers under their own privacy terms.

We may also disclose information when required by law, court order, or to protect our rights, users, or the public, consistent with applicable legal standards.

Third-party policies: Firebase · RevenueCat · Apple

6. Data Storage & Security

We apply reasonable technical and organizational measures to protect your data against unauthorized access, loss, misuse, or alteration.

• All API traffic uses HTTPS.
• Authentication tokens and IDs are stored using platform mechanisms such as Keychain where available.
• Cloud-stored drawings and metadata are access-controlled on our servers and Firebase.

Important limitations:

• Drawings and messages are not end-to-end encrypted. Our servers can technically access them as needed to operate the Service.
• Device-based tokens may remain valid until revoked or changed; we periodically review token practices for security.
• No system can guarantee perfect security. By using the Service, you understand there is residual risk inherent in online services.

7. Data Retention

We retain data only for as long as necessary for the purposes described in this Policy or as required by law.

• Drawings & in-room content: Configured to expire from active display within approximate 12–48 hours based on settings. Technical remnants (logs, backups) may persist for a limited period.
• Account & pairing data: Retained while your account is active and for a reasonable period after, unless deletion is requested and legally permitted.
• Subscription & transaction records: Retained as required for accounting, fraud prevention, and legal obligations.
• Security logs: Retained for a limited period to detect and investigate abuse or incidents.

Where we rely on consent and you withdraw it, or where you exercise valid deletion rights, we will remove or de-identify data unless we must keep it for legal or legitimate reasons.

8. Legal Basis for Processing (EU/UK GDPR and Similar Laws)

For users in the EU/EEA, UK, and similar jurisdictions, we process personal data on the following legal bases:

• Performance of a contract: To provide the Service, including pairing, messaging, drawing delivery, expiry, and Duolove+ features.
• Legitimate interests: To secure the Service, prevent abuse, improve reliability, and respond to support requests, in a way that does not override your fundamental rights.
• Consent: For optional features such as push notifications, access to camera or photos, and where local law treats such permissions as consent. You may withdraw by changing device settings or contacting us.
• Legal obligations: To comply with accounting, tax, and law-enforcement requirements.

9. Your Rights (GDPR, UK GDPR, LGPD, PIPEDA and Others)

Depending on your location, you may have some or all of the following rights:

• Access: obtain confirmation whether we process your personal data and receive a copy.
• Rectification: request correction of inaccurate or incomplete data (e.g. nickname).
• Erasure: request deletion of your data where legally permitted.
• Restriction: request we limit processing in certain cases.
• Portability: request data you provided in a structured, commonly used format where applicable.
• Objection: object to processing based on legitimate interests in certain circumstances.
• Withdraw consent: where we rely on consent, withdraw it at any time.

To exercise rights, contact [email protected]. We may request additional information to verify your identity and will respond within deadlines set by applicable law.

Implementation note: Some in-app tools (such as self-service account deletion or export) are not yet available. We will handle valid requests manually and may retain limited data where required by law, for security, or to defend legal claims.

You also have the right to lodge a complaint with your local data protection authority if you believe our processing violates applicable law.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to:

• Request to know the categories and specific pieces of personal information we have collected about you.
• Request deletion of your personal information, subject to legal exceptions.
• Not be discriminated against for exercising your privacy rights.

We do not "sell" or "share" your personal information as defined by CCPA/CPRA.

To exercise your rights, contact [email protected] with sufficient details to verify your request.

11. User-Generated Content & Confidentiality

Drawings and messages are intended to be visible only within your private room with your chosen partner.

• You retain ownership of your drawings and messages.
• We do not use your content for marketing or unrelated product training.
• We may process content internally only as necessary to deliver the Service, secure it, enforce our Terms, or comply with law.

No absolute guarantee: While we restrict access and do not make your content public, we cannot control what your partner chooses to capture (screenshots, screen recording, device backups). You should only share content with partners you trust.

12. Children’s Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal data from children under 13.

If we learn that a child under 13 (or a higher age threshold where required by law) has used the Service, we will take reasonable steps to delete associated data.

Parents or guardians who believe their child has used Duolove may contact us at [email protected].

13. International Data Transfers

We may store and process data in Canada, the United States, and other countries where our service providers operate. These locations may have different data protection laws than your country.

Where required (for example for EU/UK users), we rely on appropriate safeguards for international transfers, such as Standard Contractual Clauses or equivalent mechanisms, and contractual protections with our processors.

14. Data Breach & Incident Response

We monitor for unauthorized access and security incidents. If we become aware of a breach that affects your personal data, we will investigate promptly and notify you and relevant authorities when required by law, including describing steps taken to mitigate potential harm.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements.

• The updated Policy will be posted at https://duolove.app/privacy with a revised "Last updated" date.
• If changes materially affect your rights, we will provide additional notice within the app or by other reasonable means, where required by law.

Your continued use of the Service after the effective date of an updated Policy constitutes your acknowledgment of the changes.

16. Contact Information

For questions, requests, or concerns about this Privacy Policy or our data practices, you can contact us at:

• Email: [email protected]
• Legal: [email protected]
• Website: https://duolove.app
• Address: Reev Tech Inc., Toronto, Ontario, Canada