Privacy Policy
Last updated: May 3, 2026
Applies to: Fliq iOS & Android app, fliqapp.co
The Short Version
- ✓Your chat screenshots are processed instantly by AI and never stored on our servers.
- ✓We never sell your data. We never share personal content with other users.
- ✓Analytics only track anonymous events — never the text of your messages or AI replies.
- ✓Tracking (ATT) is optional. The app works fully if you decline.
- ✓You can delete your account and all associated data at any time, directly from the app.
Table of Contents
1. Overview
Fliq ("we," "our," or "us") is an AI-powered dating assistant built to help you communicate more authentically and confidently. We help you craft better messages — not collect your personal life.
This Privacy Policy explains exactly what personal information we collect when you use Fliq, why we collect it, how it is used and protected, what third-party services receive it, and what rights you have over your data.
By using Fliq, you agree to the practices described in this policy. If you do not agree, please discontinue use of the app. This policy applies to the Fliq mobile application (iOS and Android) and the website at fliqapp.co.
2. What We Collect
We collect only what is necessary to provide the service. Here is a precise breakdown:
Account Information
When you register, we collect your email address and optional profile details you provide — such as your name, gender, and dating context. This is managed through Supabase Auth using industry-standard JWT-based sessions stored securely on your device.
If you sign in with Google or Apple, we receive only the basic profile data that provider shares (name and email). We do not receive your passwords from these providers.
Onboarding Profile Data
During onboarding, you may optionally answer questions about your attachment style, love languages, and communication patterns. This psychological profile is stored in your account and used exclusively to personalize the tone and context of AI-generated suggestions. It is never shared, sold, or used for advertising profiling.
Screenshots You Upload
When you upload a conversation screenshot, the image is transmitted over an encrypted connection to our Cloudflare Worker, which forwards it to Google Gemini for AI processing. The suggestion is returned to your device.
⚠ Important: Screenshots are processed in real-time and are never written to permanent storage. We do not retain your images after generating suggestions.
Conversation Session Data
If you save a conversation session, we store a structured summary (context, tone selections, and extracted context — not raw message text) in your private account database. This data is isolated behind row-level security: only your authenticated session can access it. You can delete individual sessions or all sessions at any time.
Usage Analytics (Anonymous)
We track anonymized behavioral events such as "reply generated," "session started," "paywall viewed," and "challenge completed" through Mixpanel (EU data residency). These events contain no message content, no AI reply text, and no screenshots. All input fields are excluded from any session replay functionality by default.
Device & Technical Data
Like most apps, we automatically collect limited technical data to keep the service running and to diagnose crashes — including your device OS version, app version, anonymous session identifiers, and error stack traces via Sentry. No message content, screenshots, or profile data is ever included in crash reports.
Payment & Subscription Status
Fliq subscriptions are purchased through the Apple App Store or Google Play Store and managed by RevenueCat. We never see, receive, or store your credit card number, billing address, or any raw payment details. We only receive your subscription tier and entitlement status from RevenueCat.
3. How We Use Your Data
Every piece of data we collect has a specific, limited purpose:
| Data | Purpose | Legal Basis |
|---|---|---|
| Email address | Account login, password reset, service emails | Contract performance |
| Profile & onboarding data | Personalize AI tone and suggestions | Contract performance |
| Uploaded screenshots | Real-time AI suggestion generation | Contract performance |
| Session data | Conversation memory for follow-up suggestions | Contract performance |
| Anonymous usage events | App improvement, feature prioritization | Legitimate interest |
| Crash & error logs | Bug fixing, reliability monitoring | Legitimate interest |
| Subscription status | Unlock Pro features, entitlement gating | Contract performance |
| IDFA (if ATT granted) | Install attribution (which ad/channel drove install) | Consent |
| Push token | Send notifications you have opted into | Consent |
4. What We Never Do
- ✕Sell, rent, or broker your personal data to any third party — ever.
- ✕Store your chat screenshots after AI processing is complete.
- ✕Log the content of AI-generated reply suggestions in analytics, error monitoring, or logs.
- ✕Include personal conversation data in URL parameters, query strings, or server logs.
- ✕Use your onboarding psychological profile for advertising targeting.
- ✕Send push notifications without your explicit opt-in.
- ✕Share your data with other Fliq users.
- ✕Train AI models on your conversation content.
- ✕Collect data from users under 18.
- ✕Access your microphone or camera without an active in-app action requiring it.
5. AI Processing & Third-Party AI Service
Third-Party AI Service Disclosure
Fliq uses Google Gemini Flash, a third-party AI service operated by Google LLC, to generate all AI-powered suggestions. When you use any AI feature, certain data is transmitted to Google for processing as described below.
What data is sent to Google Gemini Flash
| Data type | When sent |
|---|---|
| Screenshots (image data) | When you upload a chat or profile screenshot for reply suggestions or bio analysis |
| Voice recordings (audio data) | When you use voice analysis or the live Shadow Wingman practice feature |
| Text descriptions | When you describe a conversation in text instead of uploading a screenshot |
| Profile preferences | Your texting style, attachment style, love language, and coaching preference — included with every AI request to personalize tone |
| Conversation history | Up to 5 previous turns from your active session, used for follow-up suggestion continuity |
| Emotional notes (Catalyst mode) | Raw notes and partner messages you enter in the couples communication feature |
| Thoughts & situations (Mental mode) | Text you enter in the Reality Gap or Stoic Mentor features describing your situation or anxious thoughts |
How data is transmitted
- You provide input (screenshot, audio, or text) inside the app.
- The data is sent over HTTPS to our Cloudflare Worker proxy, which verifies your identity via your Supabase JWT.
- The Worker forwards the data to Google Gemini Flash with a structured system prompt.
- Google returns the AI-generated suggestions. The Worker passes these back to your device.
- Input data (screenshots, audio, text) is not written to any database or file storage. It exists only in memory during processing and is discarded immediately after the response is returned.
Google's Data Handling
Google Gemini processes your data under Google's API terms. Google does not use API input data to train its public AI models by default. You can review Google's privacy policy at policies.google.com/privacy and Google's generative AI terms at policies.google.com/terms/generative-ai.
6. Advertising Attribution & iOS Tracking (ATT)
Fliq uses AppsFlyer to measure which marketing campaigns lead users to download the app. This is called mobile attribution — it helps us know whether a user came from a social media ad, an organic search, or a referral, so we can allocate our marketing budget responsibly.
On iOS 14.5 and later, Apple requires apps to ask your explicit permission before accessing your device's Advertising Identifier (IDFA) — this is the App Tracking Transparency (ATT) prompt you may see when you first open Fliq.
If you allow tracking
AppsFlyer receives your IDFA and can attribute your install to a specific campaign. This helps us measure ad performance.
If you decline tracking
The app works completely as normal. AppsFlyer receives only an anonymous, aggregate signal. No IDFA is shared. Nothing in the app changes.
We do not use tracking for individual ad targeting.
Attribution data is used only in aggregate — to see which marketing channels are effective overall. We do not build advertising profiles of individual users, and we do not share IDFA data with any advertising networks.
You can change your ATT decision at any time: iOS Settings → Privacy & Security → Tracking → Fliq. On Android, you can opt out of ads personalization in Settings → Google → Ads.
7. Push Notifications
Fliq may send push notifications through OneSignal to deliver product updates, tips, or reminders. Push notifications are entirely opt-in — you will be asked for permission before any notification is sent, and you can revoke this permission at any time through your device settings.
When you opt in, your device push token is registered with OneSignal. OneSignal does not receive any of your conversation content, profile data, or usage history. It only receives your push token and any notification preferences you set.
To disable: iOS Settings → Notifications → Fliq → Allow Notifications (off) | Android: Settings → Apps → Fliq → Notifications
8. Data Security
We have designed Fliq with security as a foundational requirement, not an afterthought. The key protections in place:
Row-Level Security (RLS)
Every table in our database enforces row-level security at the database level. Even if there were an application bug, one user's data cannot be accessed by another user's session.
JWT Authentication at the Edge
Every API request is verified against your Supabase JWT token at the Cloudflare Worker layer before touching the database. Unauthenticated requests are rejected immediately.
Encrypted Transit
All data in transit — between your device, Cloudflare Workers, and our database — is encrypted via TLS 1.2/1.3. No data is sent over unencrypted connections.
Encrypted Local Storage
Session tokens and sensitive preferences stored on your device use encrypted storage (Expo SecureStore / MMKV with encryption). Tokens are automatically refreshed and never stored in plaintext.
No API Keys in the App
The Google Gemini API key, database credentials, and all secrets live exclusively on our Cloudflare Worker — never in the app binary. Even a fully decompiled app exposes no credentials.
Rate Limiting
All API endpoints are rate-limited per user and per IP at the edge to prevent abuse and protect your account.
9. Third-Party Services
Fliq relies on the following third-party services to operate. Each service is listed with the data it receives, its purpose, and a link to its privacy policy.
Data received: Email address, hashed password (if using email/password login), session tokens
Purpose: Manages account creation, login, and session lifecycle. All data stored in EU-region database.
Data received: Account profile, onboarding answers, conversation session summaries
Purpose: Stores your personal data with row-level security. Only your authenticated session can read your rows.
Data received: Conversation screenshots (in-memory, transient), prompt context from your profile
Purpose: Generates reply suggestions in real-time. Does not retain images after processing under API terms.
Data received: Request metadata (IP address, headers) for rate-limiting and JWT verification
Purpose: Routes API traffic, verifies authentication, and protects against abuse. No user content stored.
Data received: Anonymous user ID, subscription tier, purchase receipts from App Store / Play Store
Purpose: Manages entitlements and subscription state. Never receives payment card details.
Data received: Anonymous user ID, event names (e.g. 'reply_generated'), app version, device OS
Purpose: Measures feature usage and retention to improve the product. EU data residency. No message content captured.
Data received: Device ID, IDFA (only if ATT permission granted), install timestamp, referral source
Purpose: Attributes app installs to marketing campaigns in aggregate. Not used for individual ad targeting.
Data received: Device push token (only if notifications opted in)
Purpose: Delivers push notifications you have explicitly opted into. No conversation data shared.
Data received: Error stack traces, device OS version, app version, anonymous session ID
Purpose: Diagnoses crashes and performance issues. Message content and personal data are explicitly excluded from all breadcrumbs and payloads.
10. Data Retention
We keep your data only as long as necessary:
| Data Type | Retention Period |
|---|---|
| Uploaded screenshots | Not retained — deleted from memory after processing |
| Account & profile data | Until you delete your account |
| Conversation sessions | Until you delete them, or your account |
| Anonymous analytics events | Up to 24 months (Mixpanel default) |
| Crash & error logs | 90 days (Sentry default) |
| Subscription records | As required by applicable tax and financial regulations (typically 7 years) |
11. Your Rights
You have meaningful control over your data. Here is what you can do:
Request a copy of all personal data we hold about you.
How: Email hello@fliqapp.co
Request that inaccurate data be corrected.
How: Update in app or email us
Delete your account and all associated data permanently.
How: App Settings → Account → Delete Account, or email us
Request your data in a structured, machine-readable format.
How: Email hello@fliqapp.co
Revoke analytics or tracking consent at any time.
How: App Settings → Privacy, or iOS Settings → Privacy → Tracking
Disable push notifications at any time.
How: iOS/Android system notification settings
Object to data processing based on legitimate interest (e.g. analytics).
How: Email hello@fliqapp.co
We respond to all data requests within 30 days. In most cases, deletion happens within 7 business days.
12. GDPR & CCPA
For Users in the European Economic Area (GDPR)
If you are located in the EEA or UK, you have additional rights under the General Data Protection Regulation (GDPR). The legal bases for our processing activities are detailed in the table in Section 3 above. Our primary analytics provider (Mixpanel) uses EU data residency. Our primary database (Supabase) can be configured for EU-region storage.
You have the right to lodge a complaint with your local data protection authority. For EU users, the relevant authority is the supervisory authority in your country of residence.
For Users in California (CCPA)
If you are a California resident, the California Consumer Privacy Act (CCPA) grants you specific rights regarding your personal information:
- Right to Know: You may request to know what personal information we collect, use, disclose, or sell.
- Right to Delete: You may request deletion of personal information we have collected from you (with certain exceptions).
- Right to Opt-Out of Sale: We do not sell personal information. There is nothing to opt out of.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.
To exercise any of these rights, contact us at hello@fliqapp.co. We will respond within 45 days as required by law.
13. Children's Privacy
Fliq is strictly intended for users aged 18 and older. The app requires users to confirm their age at first launch. We do not knowingly collect personal information from anyone under the age of 18. If we learn that we have inadvertently collected data from a minor, we will delete that account and all associated data immediately. If you believe a minor has created an account, please contact us at hello@fliqapp.co.
14. Changes to This Policy
We may update this Privacy Policy as the app evolves or as legal requirements change. When we make material changes — such as adding a new third-party service, changing how we use your data, or modifying retention practices — we will:
- Update the "Last updated" date at the top of this page
- Send an in-app notification for significant changes
- Where required by law, request fresh consent
Continued use of Fliq after the effective date of any changes constitutes your acceptance of the revised policy. We encourage you to review this page periodically.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, we want to hear from you.
Email: hello@fliqapp.co
Website: fliqapp.co
Response time: We aim to respond to all privacy inquiries within 5 business days, and all formal data requests within 30 days.