your.move (the “app”) is a private messaging and game app for two consenting partners. This policy explains what we collect, why, and what we do not.
What we collect
Account info: your email address, used only to sign you in with a one-time 6-digit code (passwordless — there is no password) and to let you recover your game on a new device. Sign-in is handled by Supabase Auth; login codes are delivered by our email provider Resend. We never use your email for marketing or advertising.
Couple link: a randomly generated code that links your account to your partner’s account.
Profile fields: optional display name, sex, relationship type. You enter these; you can edit or remove them anytime.
Message, reward, and wishlist text: stored on our servers end-to-end encrypted. Only you and your partner hold the keys. We cannot read message contents, reward text, or wishlist items. When you set up a new device, the encryption key is transferred directly from your partner’s device to yours, encrypted so that our servers never hold a key that could read your messages.
Gameplay metadata: to run the game we store some move data unencrypted — which card was played, its category, status, timestamps, and deadlines. This lets us deliver and display moves, but it is not the private text you write.
Custom photos / videos / voice notes: if you attach media to a move or reward, the file is encrypted on your device before upload. We store the encrypted bytes; we cannot decrypt them.
Push tokens: Apple / Google push tokens so we can deliver notifications. Notifications contain no message content — only a generic alert.
Diagnostics: minimal error logs (e.g. failed requests) to fix bugs. No message content.
What we do not collect
We do not read your messages.
We do not sell or share your data with advertisers.
We have no third-party analytics or ad SDKs in the app.
We do not collect contacts, calendar, location, or microphone unless you explicitly attach media or a voice note.
Who has access
You and your linked partner — full access to your shared content via the app.
Our servers (hosted on Supabase) — store the encrypted blobs; cannot read content.
Our email provider (Resend) — delivers your one-time login codes; sees only your email address and the code, never message content.
Apple / Google push services — receive the push token and a generic alert payload.
No one else.
Data retention
Your data lives until you delete it. You can delete individual moves and rewards from the app. You can also delete your entire account from Settings → Account; that wipes all your messages, moves, rewards, and profile data from our servers within 30 days.
Children
your.move is intended for users aged 18 and over. We do not knowingly collect data from anyone under 18. If you believe a minor has signed up, contact yourmove@donkeycat.com.
Your rights
Under GDPR / CCPA you have the right to access, correct, or delete your data, and to request a copy. Email yourmove@donkeycat.com and we’ll respond within 30 days.
Changes
If we change this policy materially we will surface a notice in the app and update the date above. Continued use after a change means you accept the updated policy.