Privacy Policy — Jarly
Обновлено: 2026-07-17
This Privacy Policy describes how Jarly ("the App", "we", "us", or "our") handles information when you use our mobile application on iOS. Jarly is a private app for couples: you link with one partner and share hearts for kind acts, moods, wishes, and reconciliation letters. To make that work, we need a user account and a server-backed profile, so some of your data is stored in the cloud rather than only on your device.
By installing or using Jarly you agree to the practices described below. If you do not agree, please uninstall the App and request account deletion as described in section 9.
1. Who we are
Jarly is developed and operated by PYF App, an independent iOS studio. For any privacy-related questions, requests, or complaints you can contact us at:
- Email: jarly.support@gmail.com
- Studio: pyf.app
2. Summary at a glance
- You need an account to use Jarly (email and password).
- Your profile, pair link, hearts, moods, wishes, and reconciliation letters are stored in our cloud backend (Supabase, hosted in the European Union) so they can sync between you and your partner in real time.
- Jarly is built for exactly two people: your content is visible to your linked partner and to no one else. There are no public profiles, feeds, or leaderboards.
- Secret wishes are visible only to you — this is enforced on the server, not just hidden in the interface.
- Reconciliation letters are sealed and revealed to both partners strictly simultaneously; the server guarantees nobody reads first.
- We use third-party services for cloud storage, crash reporting, and transactional email.
- We do not sell your personal data, we do not show ads, and we do not track you across other apps or websites.
- You can delete your account at any time from the App (Settings → Delete account). It is deactivated immediately and permanently deleted after 30 days.
3. Data we process
3.1 Information you provide directly
- Account information — email address and password. The password is stored only as a secure hash by our authentication provider; we never see it in plain text.
- Profile information — display name, unique @nickname, your side in the pair ("him"/"her"), optional birthday, and optional profile photo. Stored in our cloud database so your partner can see who you are.
- Pair link and invitations — when you invite or accept a partner by @nickname, we store the invitation and the resulting pair link.
- Hearts and acts — the kind acts you claim, your partner's confirmations, and the monthly heart counters of your pair.
- Moods — the mood value and the "what I need" options you choose to share with your partner.
- Wishes — title, optional photo, description, link, price and currency, category, done/secret flags. Wishes marked secret are readable only by your own account — access is enforced by server-side row-level security.
- Reconciliation letters — the letters both partners write during the "Let's make peace" flow. Letters remain sealed until both are ready and are revealed to both partners at the same time.
- Support correspondence — if you email us, we receive your email address and the contents of your message in order to respond.
3.2 Information collected automatically
- Identifiers — the authentication user ID (UID). Used to associate your account with your data and your pair.
- User content — profile fields, hearts, moods, wishes, and letters (as listed above). Used to operate the shared jar between you and your partner.
- Diagnostics — crash logs, stack traces, app version, OS version, device model. Used to detect, diagnose, and fix bugs and stability issues (Sentry).
- Technical metadata — database timestamps and network metadata (IP address) processed by Supabase to handle your requests. Used to operate and secure the backend and prevent abuse.
We do not collect your precise location, contacts, microphone audio, browsing history, government identifiers, health or financial information. We do not use advertising SDKs and we do not track you across other companies' apps or websites.
The App opens your photo library (via the system photo picker) only when you choose a profile photo or attach a photo to a wish. Only the image you explicitly select is uploaded to our cloud storage. No other photos are accessed.
4. How we use the data
- To operate the App — create and authenticate your account, link your pair, sync hearts, moods, wishes, and letters between the two of you in real time.
- To keep the App reliable — automatic crash and error reports through Sentry.
- To send you transactional email — for example a password-reset code when you request one (delivered via our email provider, Resend). We do not send marketing emails.
- To respond to you — when you contact support.
- To comply with the law — when we are required to keep or disclose information in response to a lawful request.
We do not use your data to build advertising profiles, and there is no advertising inside the App.
5. What your partner (and others) can see
Jarly is an app for two, so sharing is deliberately narrow:
- Your linked partner sees your display name, @nickname, photo, birthday, side, your hearts and confirmed acts, the moods you share, your non-secret wishes, and reconciliation content according to the flow's rules (statuses while writing; letters only after the simultaneous reveal).
- Your secret wishes are never shown to your partner — the server will not return them to any account but yours.
- During pairing, a person who types your exact @nickname can see your display name and nickname in order to send or find an invitation. That is the only "discovery" surface in the App.
- Your email address and password are never visible to anyone, including your partner.
There are no public profiles, no search by name, no leaderboards, and no content visible outside your pair.
6. Legal bases for processing (EEA / UK users)
- Performance of a contract — to provide the App's core functionality (account, pair, hearts, moods, wishes, reconciliation).
- Legitimate interests — to keep the App secure, stable, and improved in a way that does not override your privacy rights (for example, crash reporting).
- Consent — for optional actions such as picking a photo from your library. You may withdraw consent at any time by not using the feature.
7. Where your data lives and how it is protected
Your data is stored with Supabase in the European Union. Connections use TLS encryption in transit; data is encrypted at rest. Access between accounts is separated by server-side row-level security policies: every request is checked against your authenticated identity, so only you and your linked partner can read your pair's data — and only you can read your secret wishes.
8. Third-party processors
- Supabase (EU) — authentication, database, file storage, and realtime sync. Processes your account, profile, pair content, uploaded photos, and IP/technical metadata.
- Sentry — crash and error reporting. Processes crash logs, device model, and OS/app version (no account content).
- Resend — transactional email delivery. Processes your email address and the content of system emails (e.g. a password-reset code).
We do not share your data with any other third parties, and we never sell it.
9. Data retention and account deletion
- Your data is kept for as long as your account is active.
- You can delete your account at any time in the App: Settings → Delete account. The account is deactivated immediately: pending invitations are withdrawn and you are signed out. If you change your mind, signing in again within 30 days restores everything. After 30 days the account and its data are permanently deleted.
- You can also request deletion by emailing us from the address linked to your account.
- Aggregated, non-identifying diagnostics (crash statistics) may be retained by Sentry according to its retention settings.
Note: content that inherently belongs to the pair (for example, the pair's shared heart history) may remain visible to your partner in anonymized or historical form until the pair data itself is deleted.
10. Your rights
Depending on your jurisdiction (including the EEA/UK under GDPR), you may have the right to access, correct, export, restrict, object to the processing of, or delete your personal data. You can exercise most of these directly in the App (profile editing, account deletion) or by contacting us at the address in section 1. You also have the right to lodge a complaint with your local data-protection authority.
11. Children
Jarly is intended for adults in a relationship and is not directed at children. We do not knowingly collect personal data from anyone under 16. If you believe a child has created an account, contact us and we will delete it.
12. Changes to this policy
We may update this Privacy Policy from time to time. The "last updated" date at the top reflects the latest revision. For material changes we will inform you inside the App. Continued use of the App after changes take effect constitutes acceptance of the updated policy.
13. Contact
- Email: jarly.support@gmail.com
- Studio: pyf.app
Контакты
Вопросы? Напишите нам: jarly.support@gmail.com.