InTouch — Privacy Policy

─────────────────────────────────── 

InTouch — Privacy Policy Effective Date: 13 June 2025 Last Updated: 13 June 2025 

───────────────────────────────────

• Who We Are InTouch is a private-group newsletter service operated by Cubby Labs, a Delaware corporation (“we,” “us,” “our”). This policy explains how we collect, use, disclose and safeguard your information when you use the InTouch mobile apps, website and related email digests (collectively, the “Service”).

• Information We Collect A. Information you provide • Account data – name, email address, password (hashed), profile photo. • Newsletter content – life-update text, photos/videos, Spotify links, questions & answers, comments and reactions. • Contacts (optional) – email addresses or phone numbers you choose to invite. • Support & feedback – messages you send to us.

B. Information we collect automatically • Device & log data – IP address, device model, OS version, app version, crash reports. • Usage data – which screens you view, buttons tapped, time stamps. • Cookies / local storage on the web landing page. Collected via Firebase Analytics, Crashlytics and Cloud Functions.

C. Information from third parties • Spotify metadata (track name, artist, album art) when you share a song. • Apple / Google sign-in ID when you use social login.

• How We Use Your Information • Create and maintain your account. • Generate and email group newsletters. • Authenticate and secure the Service. • Send you push or email reminders (e.g., “Digest released”). • Respond to support requests. • Analyze usage to fix bugs and improve features. • Enforce our Terms of Service and comply with law.

• Legal Bases (EU/UK users) We process personal data: (i) to perform our contract with you; (ii) with your consent (e.g., when you link Spotify or invite contacts); (iii) for our legitimate interests in providing a safe, enjoyable product.

• How We Share Information We do NOT sell your data. We share only: • With other members of the same newsletter group (your posts, name, photo). • With trusted service providers (Firebase, Google Cloud, SendGrid/Mailgun for emails, Stripe if you purchase in-app upgrades) bound by confidentiality. • In a business transfer (merger, acquisition) with prior notice. • To comply with legal requests or protect safety, rights or property.

• Data Storage & Security Data is stored on Google Firebase servers in the United States (or the region closest to you). All traffic is encrypted via TLS; files are encrypted at rest. No system is 100 % secure, so we cannot guarantee absolute security.

• Data Retention We keep your content until you delete it or your account, or the group admin deletes the newsletter. Back-up copies and log data are retained for up to 90 days, then purged or anonymized.

• Your Rights Subject to local law, you may: • Access or export your data. • Correct inaccurate data. • Delete your account and content (“Settings → Delete Account”) or email us. • Withdraw consent at any time (e.g., unlink Spotify). Contact privacy@intouch.app to exercise any right; we will respond within 30 days.

• Children’s Privacy InTouch is not directed to children under 13. If we learn we have collected personal data from a child under 13, we will delete it promptly.

• International Transfers Your information may be transferred to—and processed in—countries outside the one you live in, including the United States, where data protection laws may differ. We rely on Standard Contractual Clauses or equivalent safeguards for such transfers.

• Changes to This Policy We may update this policy. Material changes will be announced by email or in-app notice at least 7 days before they take effect. Continued use after the effective date constitutes acceptance.

• Contact Us Questions or concerns? Email: zenlabshelp@gmail.com