OurBase

Privacy Policy

Last Updated: December 5, 2025

Your relationship data is sensitive. We treat it with the same standards used in financial services.

1. Introduction

OurBase ('we,' 'us,' or 'our') operates love.ourbase.app (the 'Service'). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy. Your relationship data is sensitive, and we treat it with the same standards used in financial services.

Data Controller:

OurBase, Luxembourg

Email: privacy@ourbase.app

2. Information We Collect

Information You Provide:

  • Email address (for account creation)
  • Relationship assessments (your responses to questions)
  • Journal entries (text you write)
  • Life events (events you log)
  • Messages (if you choose to import them)

Automatically Collected Information:

  • Device information (browser type, operating system)
  • Usage data (pages visited, time spent)
  • IP address (for security purposes only)

What We DON'T Collect:

  • Phone number (not required)
  • Home address (never requested)
  • Real names of partners (you can use pseudonyms)
  • Social security numbers (never)
  • Payment information (handled by Stripe)

3. How We Use Your Information

We use your information to:

  • Provide pattern analysis and relationship insights
  • Detect behavioral patterns across your relationships
  • Generate weekly check-ins and accountability conversations
  • Improve our Service and develop new features
  • Communicate with you about your account
  • Ensure security and prevent fraud

We do NOT use your information to:

  • Sell or rent to third parties
  • Train AI models (your data is not used for AI improvement)
  • Target advertising
  • Share with data brokers

4. Data Processing & Anonymization

Before AI Analysis:

All personally identifiable information (PII) is automatically stripped:

  • Names → Generic identifiers (User_A, User_B)
  • Phone numbers → Removed
  • Locations → Removed
  • Profile photos → Not used in analysis

The AI analyzes behavioral patterns, not your identity.

5. Data Storage & Security

Location:

All data stored in Frankfurt, Germany (EU jurisdiction)

Encryption:

  • At rest: AES-256 (banking-grade)
  • In transit: TLS 1.3 (military-grade)

Access Control:

  • Row-level security (you only see your data)
  • No human reads your journal or messages
  • Team access limited to debugging only (encrypted data)

Backups:

  • Daily encrypted backups
  • 30-day retention
  • Removed immediately upon account deletion

6. Third-Party Services

We use GDPR-compliant services. All partners have signed Data Processing Agreements (DPAs) making them legally responsible for GDPR compliance:

Supabase (Database)

Purpose: Data storage

Location: Frankfurt, Germany

Clerk (Authentication)

Purpose: Login and account management

Location: EU data residency enabled

Stripe (Payments)

Purpose: Payment processing for premium features

Data Shared: Payment information (we never see card numbers)

Vercel (Hosting)

Purpose: Website hosting

Location: EU edge network

7. Your GDPR Rights

Under GDPR, you have the following rights:

Right to Access

Download all your data as JSON (Settings → Export Data)

Right to Rectification

Edit or delete any entry anytime

Right to Erasure (Right to be Forgotten)

Delete your account permanently. All data removed from servers and backups within 24 hours.

Right to Portability

Export data in machine-readable format

Right to Object

Stop all processing by deleting your account

Right to Withdraw Consent

Cancel anytime, no questions asked

Right to Lodge a Complaint

Contact your national data protection authority if you believe your rights have been violated

To exercise your rights: Email privacy@ourbase.app or use in-app settings.

8. Data Retention

Active Accounts:

We retain your data as long as your account is active.

Deleted Accounts:

All data permanently deleted within 24 hours of account deletion request, including:

  • Database records
  • Encrypted backups
  • AI analysis results
  • Cached data

Exception:

We may retain anonymized, aggregated analytics (e.g., 'X% of users improved their attachment security') but this data cannot be linked back to you.

9. Contact Us

For privacy questions or to exercise your GDPR rights:

Data Protection

Email: privacy@ourbase.app

Response time: Within 48 hours (GDPR requirement)

Last Updated: December 5, 2025 | By using OurBase, you agree to this Privacy Policy.