Back to home
Security Standard

Zero-Knowledge Privacy Policy

Last Updated: May 6, 2026

1. Our Core Principle: Complete Autonomy

At RECURIOUS, we believe intimacy cannot thrive under surveillance. Traditional applications track, aggregate, and store your relationship details, conversations, and preferences in plaintext databases. We do the opposite.

We have designed RECURIOUS as a **Zero-Knowledge Intimacy Facilitator**. We do not collect names, phone numbers, or emails during onboarding. Your relationship stays on your device and in your control.

2. Technical Implementation: Client-Side Encryption

To ensure absolute privacy, we use industry-standard client-side cryptography (Web Crypto API & OpenPGP.js) for all sensitive data:

  • Local Key Derivation: When you set up your profile, a cryptographic key is derived from a local user password. This key never leaves your device and is never stored on our servers.
  • Zero-Knowledge Syncing: Calibration vectors, response matrices, and category indicators are fully encrypted on your device *before* being transmitted to Supabase. Our server only hosts secure, unreadable ciphertext blobs.
  • Partner Pairing: When two accounts are paired, consent tokens and shared secrets are exchanged client-side using end-to-end encryption protocols.

3. Data We Collect and Why

Because your answers are encrypted, we can only view meta-statistics which do not reveal personal information:

  • App Mechanics: We track anonymous event triggers (e.g. total cards pulled, app install time, transaction status) to optimize general app performance.
  • Subscription Entitlements: We communicate securely with RevenueCat to check premium tiers, using an anonymous billing ID.
  • Waitlist Signups: If you explicitly submit your email on our landing page, we store it separately to invite you to our future cohorts. It is never associated with any app session data.

4. Play Store Compliance

In accordance with Google Play Store Developer Policies, this privacy policy serves as the official declaration of our user data safety standards. All application permissions (including local file access for offline caching) are restricted to functions essential to gameplay.

5. Contact and Auditing

We invite regular security audits from independent research sentinels. If you have questions about our cryptography or would like to request removal of your anonymous data token, contact us at: security@recuriousus.com.