Last updated: February 2026

Privacy Policy

This Privacy Policy describes what personal data Relora collects, how it is used, who it is shared with, and what rights you have as a user. Relora is an iOS application that helps people prepare for, navigate, and follow up on dates through personalised conversation topics and coaching.

Please read this policy carefully. If you do not agree with how we handle your data, please do not use the app.

1. Data controller

The data controller responsible for processing your personal data is:

Jonas Eifrém Strinnholm
Email: jonas.eifrem@gmail.com

If you are in the European Economic Area and believe your data has been handled unlawfully, you have the right to lodge a complaint with your national supervisory authority. In Sweden, this is the Integritetsskyddsmyndigheten (IMY).

2. What data we collect and why

Account credentials
When you create an account, we collect your email address and a password. Your password is never stored in readable form — it is processed through a one-way cryptographic hash (bcrypt) before being stored. We cannot recover your password. Your email address is stored in our database and is used to identify your account and allow you to log in.

Legal basis: performance of a contract.

Your profile data
During onboarding, you may optionally provide: how you identify (gender), your interests, and your hobbies. All of this is optional and can be skipped. It is used solely to personalise the conversation topics and coaching suggestions you receive. You can update or delete this data at any time.

Legal basis: performance of a contract.

Data about people you are dating
You may enter information about people you are dating — their name, age, occupation, interests, hobbies, where you met, and free-text notes. You may also log details about individual dates: a vibe rating, highlights, awkward moments, what you talked about, how long the date lasted, and where it took place. You enter all of this voluntarily and control what you include. See section 3 for important information about entering data that relates to other people.

Legal basis: performance of a contract.

Profile Scan uploads
The Profile Scan feature lets you photograph or screenshot a dating app profile (from apps such as Hinge, Bumble, or Tinder) and have relevant details extracted automatically. The image is sent directly to OpenAI's API for processing and is not stored on our servers. The extracted text (name, interests, etc.) may be saved as a person profile if you choose to keep it. See section 5 for details on OpenAI.

Legal basis: performance of a contract.

Subscription and purchase data
When you make an in-app purchase, Apple notifies our server with a transaction identifier. We store this identifier to verify and manage your subscription status and to prevent fraudulent use. We never receive or store your payment card details — these remain entirely with Apple.

Legal basis: performance of a contract; legitimate interests (fraud prevention).

Usage counters
We store daily usage counters per account (for example, how many sets of conversation topics you have generated today). These are used to apply usage limits on the free tier and are reset daily. They are not used for profiling or advertising.

Legal basis: legitimate interests (service management).

Server logs
Our server automatically records technical logs including IP addresses, HTTP request paths, response status codes, and timestamps. These logs are used for security monitoring and debugging. They are retained for a maximum of 30 days and then permanently deleted. They are never shared with third parties.

Legal basis: legitimate interests (security and stability).

Notifications
If you grant permission, the app schedules local notifications on your device — for example, a reminder before a date or a follow-up prompt after one. These notifications are generated and delivered entirely on your device using iOS's local notification system. No data is sent to any server or third party in connection with notifications. You can withdraw permission at any time in your device's Settings.

Legal basis: consent.

3. Data about other people

Relora is designed for personal use. When you enter information about someone you are dating, you are using the app in a personal capacity. Under GDPR Article 2(2)(c), processing carried out by a natural person in the course of a purely personal or household activity falls outside the scope of GDPR as it applies to that person's own processing.

As the service provider, we store and process this data on your behalf — solely to provide the features you have requested. We do not access, review, or use this data for any other purpose.

You are responsible for:

• Using this feature respectfully and not entering unnecessary or sensitive data about others.
• Complying with applicable law in your jurisdiction regarding how you record and use information about other people.
• Understanding that data you enter about others may be sent to OpenAI to generate personalised suggestions (see section 5).

4. Data we do not collect

We do not collect or request access to:

• Your location
• Your contacts
• Your camera or microphone (except when you initiate a Profile Scan, where you photograph a screen)
• Your browsing history or activity in other apps

We do not use advertising SDKs, analytics platforms, or tracking tools of any kind. We do not sell your data.

5. Third-party services that receive your data

We share personal data with only one external service provider:

OpenAI (openai.com)
OpenAI's API is used to generate personalised conversation topics, coaching suggestions, date ideas, follow-up guidance, rescue responses, and Profile Scan extractions. To do this, we send OpenAI relevant data from your account — including your profile (gender, interests, hobbies), person profiles (name, interests, notes), and date history. For Profile Scan, the uploaded image is also sent.

• Under our API agreement with OpenAI, data submitted through the API is not used to train their models.
• OpenAI is a US-based company. This constitutes a transfer of personal data outside the European Economic Area. This transfer is lawful under the EU-US Data Privacy Framework, an adequacy decision adopted by the European Commission in July 2023, under which OpenAI is certified. See OpenAI's Privacy Policy.

Apple
Apple processes in-app purchase transactions and sends us transaction identifiers to verify subscription status. Apple does not receive personal data from us beyond what is inherent in App Store transactions. See Apple's Privacy Policy.

No other third parties receive your personal data. We do not use advertising networks, crash reporting services, or analytics platforms.

6. Data storage and security

All user data is stored in a database on a private server located within the European Union. The server is dedicated to Relora and is not shared with other applications or services.

Security measures in place include:

• All communication between the app and server is encrypted using HTTPS (TLS).
• Passwords are hashed with bcrypt and are never stored or transmitted in readable form.
• Session tokens are stored securely in the iOS Keychain on your device.
• Server access is restricted to authorised personnel with firewall rules blocking all unnecessary ports.
• The application runs under a dedicated system user with minimal permissions.

No security system is infallible. If you suspect your account has been compromised, contact us immediately at jonas.eifrem@gmail.com.

7. Data retention

We retain your data for as long as your account exists. When you delete your account:

• Your email, password hash, profile data, person profiles, and date history are permanently deleted from our database within 30 days.
• Any residual copies in automated database backups are purged within 90 days.
• Server logs containing your IP address are deleted within 30 days of being recorded, regardless of your account status.

Apple transaction identifiers are retained as long as needed to manage your subscription, and deleted when your account is deleted.

8. Your rights under GDPR

If you are in the European Economic Area, you have the following rights:

• Right of access — you can request a copy of the personal data we hold about you.
• Right to rectification — you can request that inaccurate or incomplete data be corrected.
• Right to erasure — you can request that your personal data be deleted. You can also delete your account directly from within the app.
• Right to restriction — you can request that we restrict processing of your data in certain circumstances.
• Right to data portability — you can request your data in a structured, commonly used, machine-readable format.
• Right to object — you can object to processing based on legitimate interests.
• Right to withdraw consent — where we rely on consent (notifications), you can withdraw it at any time via your device's notification settings, without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at jonas.eifrem@gmail.com. We will respond within 30 days. We may ask you to verify your identity before acting on a request.

9. Children

Relora is rated 17+ on the App Store and is not intended for use by anyone under the age of 17. We do not knowingly collect personal data from minors. If you believe a minor has registered an account or submitted data, please contact us at jonas.eifrem@gmail.com and we will delete the data promptly.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will make reasonable efforts to notify users through the app. Continued use of Relora after changes are posted constitutes your acceptance of the updated policy.

11. Contact

For questions, requests, or concerns about this Privacy Policy or your personal data:

Jonas Eifrém Strinnholm
jonas.eifrem@gmail.com