Privacy Policy
Effective Date: January 1, 2026
-
Last Updated: May 5, 2026
Cirano ("we," "our," "us") is committed to protecting your privacy through privacy-by-design architecture. This Privacy Policy explains how we handle information in connection with our mobile application ("App") and related services (collectively, the "Services").
Our Privacy Commitment: Cirano is built with on-device processing. All analysis of your data occurs entirely on your device. Under our current architecture, all analysis of your data occurs on your device. We do not intentionally collect, transmit, store, or have access to your personal data, communication patterns, or behavioral insights, except as described in this Privacy Policy. Your data never leaves your phone. Not because we promised. Because we believe your digital life belongs to you, and we built Cirano that way from the ground up.
By using Cirano, you acknowledge and agree to this Privacy Policy. If you do not agree, please do not use the Services.
Document Tabs
1. Introduction
2. Information collection
3. How we use information
4. Data storage and security
5. Data retention and deletion
6. Data sharing and third parties
7. Connected platform access
8. Your privacy rights
9. Children's privacy
10. Changes to this privacy policy
11. Contact information
12. Transparency and trust
13. Dispute resolution
14. Additional information
15. Acknowledgment
1. Introduction
2. Information Collection
3. How We Use Information
4. Data Storage And Security
5. Data Retention And Deletion
6. Data Sharing And Third Parties
7. Connected Platform Access
8. Your Privacy Rights
9. Children's Privacy
10. Changes To This Privacy Policy
11. Contact Information
12. Transparency And Trust
13. Dispute Resolution
14. Additional Information
15. Acknowledgment
Privacy Policy
Effective Date: January 1, 2026
Last Updated: May 5, 2026
Cirano ("we," "our," "us") is committed to protecting your privacy through privacy-by-design architecture. This Privacy Policy explains how we handle information in connection with our mobile application ("App") and related services (collectively, the "Services").
Our Privacy Commitment: Cirano is built with on-device processing. All analysis of your data occurs entirely on your device. Under our current architecture, all analysis of your data occurs on your device. We do not intentionally collect, transmit, store, or have access to your personal data, communication patterns, or behavioral insights, except as described in this Privacy Policy. Your data never leaves your phone. Not because we promised. Because we believe your digital life belongs to you, and we built Cirano that way from the ground up.
By using Cirano, you acknowledge and agree to this Privacy Policy. If you do not agree, please do not use the Services.
1. Introduction
1. Introduction
This Privacy Policy describes how Cirano ("Cirano," "we," "us," or "our") handles information in connection with our mobile application (the "App") and related services (collectively, the "Services").
Our Privacy Commitment: Cirano is built with privacy by design. All analysis of your data occurs entirely on your device. We do not intentionally collect, transmit, store, or have access to your personal data, communication patterns, or behavioral insights, except as described in this Privacy Policy. Your data never leaves your phone. Not because we promised. Because we believe your digital life belongs to you — and we built Cirano that way from the ground up.
By using the Services, you acknowledge and agree to this Privacy Policy. If you do not agree, please do not use the Services.
2. Information Collection
2. Information Collection
2.1 Personal Information We Do NOT Collect
Cirano does not intentionally collect, transmit, or store any of the following personal information via our Services, and our App is designed not to send this information to any external servers or third-party services:
Content from any platform you connect to Cirano
Your contacts or address book
Communication patterns, metrics, or behavioral data
RelationShape visualizations or derived insights
Location data or precise geolocation
Voice recordings or call data
Photos, videos, or media files
Payment information (handled exclusively by Apple when applicable)
Name or phone number
2.2 Information We Do Collect
Email Address: We collect your email address when you create a Cirano account. We use it solely to manage your account and, if you choose, to let you know when platforms you have requested become available. Nothing else. We do not use your email for advertising, and we do not share it with third parties. Ever.
Platform Interest Preferences: When you tell us which platforms you would like added to Cirano, we collect that preference. This is how we decide what to build next, your voice directly shapes the product. This information is never sold or shared for cross-context marketing.
2.3 Data Processed Locally on Your Device
To provide relationship intelligence insights, the App processes activity metadata from platforms you connect to, entirely on your device. This data never leaves your device and includes:
Timestamps (when interactions occur)
Frequency and volume of activity per connection
Response time calculations
Participant identifiers (for local display only)
Initiation patterns (who starts interactions)
How This Works:
All processing uses on-device algorithms
Data is stored only in your device's local encrypted storage
No data is transmitted externally
No data is backed up to the cloud
Data cannot be accessed remotely by Cirano or any third party
2.4 Minimal Technical Information
To maintain app stability and improve performance, we may collect limited, anonymous technical data that is not intended to directly identify you:
Device type and model (e.g., "iPhone 14")
Operating system version (e.g., "iOS 18.2")
App version (e.g., "Cirano 1.0")
Crash logs and error reports (anonymous, no personal data)
Anonymous usage statistics (e.g., "the app was opened")
Important: This technical data:
Is completely anonymous and aggregated
Cannot be linked to you or your device
Does not include any data from connected platforms
Is collected through standard platform tools and select third-party services (PostHog, Sentry)
Can be disabled in your device settings
To opt out: iOS: Settings > Privacy & Security > Analytics & Improvements > Share iPhone Analytics (toggle off)
We take steps to minimize the risk of re‑identification, but no de‑identification method is perfect. To the extent our third‑party analytics tools collect similar technical data, you may also opt out where those tools provide such options or by contacting us.
2.1 Personal Information We Do NOT Collect
Cirano does not intentionally collect, transmit, or store any of the following personal information via our Services, and our App is designed not to send this information to any external servers or third-party services:
Content from any platform you connect to Cirano
Your contacts or address book
Communication patterns, metrics, or behavioral data
RelationShape visualizations or derived insights
Location data or precise geolocation
Voice recordings or call data
Photos, videos, or media files
Payment information (handled exclusively by Apple when applicable)
Name or phone number
2.2 Information We Do Collect
Email Address: We collect your email address when you create a Cirano account. We use it solely to manage your account and, if you choose, to let you know when platforms you have requested become available. Nothing else. We do not use your email for advertising, and we do not share it with third parties. Ever.
Platform Interest Preferences: When you tell us which platforms you would like added to Cirano, we collect that preference. This is how we decide what to build next, your voice directly shapes the product. This information is never sold or shared for cross-context marketing.
2.3 Data Processed Locally on Your Device
To provide relationship intelligence insights, the App processes activity metadata from platforms you connect to, entirely on your device. This data never leaves your device and includes:
Timestamps (when interactions occur)
Frequency and volume of activity per connection
Response time calculations
Participant identifiers (for local display only)
Initiation patterns (who starts interactions)
How This Works:
All processing uses on-device algorithms
Data is stored only in your device's local encrypted storage
No data is transmitted externally
No data is backed up to the cloud
Data cannot be accessed remotely by Cirano or any third party
2.4 Minimal Technical Information
To maintain app stability and improve performance, we may collect limited, anonymous technical data that is not intended to directly identify you:
Device type and model (e.g., "iPhone 14")
Operating system version (e.g., "iOS 18.2")
App version (e.g., "Cirano 1.0")
Crash logs and error reports (anonymous, no personal data)
Anonymous usage statistics (e.g., "the app was opened")
Important: This technical data:
Is completely anonymous and aggregated
Cannot be linked to you or your device
Does not include any data from connected platforms
Is collected through standard platform tools and select third-party services (PostHog, Sentry)
Can be disabled in your device settings
To opt out: iOS: Settings > Privacy & Security > Analytics & Improvements > Share iPhone Analytics (toggle off)
We take steps to minimize the risk of re‑identification, but no de‑identification method is perfect. To the extent our third‑party analytics tools collect similar technical data, you may also opt out where those tools provide such options or by contacting us.
3. How We Use Information
3. How We Use Information
3.1 On-Device Data Processing
Metadata processed locally on your device is used exclusively to:
Generate your RelationShape visualization
Calculate behavioral metrics (Reply Speed, Conversational Balance, Message Rhythm, Consistency, Initiation)
Provide relationship intelligence insights
Update visualizations in real-time based on your activity
All of this happens on your device. We never see, access, or store this data.
3.2 Technical Data Usage
The minimal anonymous technical data we may collect is used only to:
Identify and fix bugs or crashes
Improve app performance and stability
Understand general usage patterns (not individual behavior)
Ensure compatibility across devices and OS versions
3.3 Email and Platform Preferences
If you provide your email address, we use it solely to:
Manage your Cirano account
Notify you when requested platforms become available, if you have opted in
Respond to support inquiries
We do not add you to marketing lists without your explicit consent.
3.1 On-Device Data Processing
Metadata processed locally on your device is used exclusively to:
Generate your RelationShape visualization
Calculate behavioral metrics (Reply Speed, Conversational Balance, Message Rhythm, Consistency, Initiation)
Provide relationship intelligence insights
Update visualizations in real-time based on your activity
All of this happens on your device. We never see, access, or store this data.
3.2 Technical Data Usage
The minimal anonymous technical data we may collect is used only to:
Identify and fix bugs or crashes
Improve app performance and stability
Understand general usage patterns (not individual behavior)
Ensure compatibility across devices and OS versions
3.3 Email and Platform Preferences
If you provide your email address, we use it solely to:
Manage your Cirano account
Notify you when requested platforms become available, if you have opted in
Respond to support inquiries
We do not add you to marketing lists without your explicit consent.
4. Data Storage and Security
4. Data Storage and Security
4.1 Local Storage Only
All your personal data is stored exclusively on your device using iOS Secure Enclave, Keychain, and encrypted app sandbox storage. Your device's operating system encrypts this data automatically. Because we process most personal data locally on your device and store only limited account and technical data through third-party providers, we reduce, but do not eliminate, the risk of a data breach.
4.2 Account Data Storage
Your email address and platform preferences are stored securely via Supabase solely for account management purposes. This data is not used for advertising and is never sold or shared with third parties.
4.3 No Personal Data on Servers
Cirano does not:
Operate servers that store your personal data
Use cloud storage services for your behavioral or relationship information
Back up your data to external systems
Sync your data across devices
Transmit your personal data over the internet
This is not just a policy, it is our architecture. Our design is intended to prevent us from accessing your personal data. However, no security or technical design is perfect, and we cannot guarantee absolute security.
4.4 Security Measures
We protect your information through:
On-device processing: No data transmission eliminates transmission-based attacks
No centralized database: No servers to breach
Platform-level encryption: Your device's built-in security protects your data
Minimal permissions: We only request necessary permissions
Secure development practices: Regular code reviews and security testing
4.5 Your Responsibility
Your data security also depends on:
Using a strong device passcode or biometric lock (Face ID, Touch ID, fingerprint)
Keeping your operating system updated
Only downloading Cirano from the official Apple App Store
Not sharing your unlocked device with others
4.1 Local Storage Only
All your personal data is stored exclusively on your device using iOS Secure Enclave, Keychain, and encrypted app sandbox storage. Your device's operating system encrypts this data automatically. Because we process most personal data locally on your device and store only limited account and technical data through third-party providers, we reduce, but do not eliminate, the risk of a data breach.
4.2 Account Data Storage
Your email address and platform preferences are stored securely via Supabase solely for account management purposes. This data is not used for advertising and is never sold or shared with third parties.
4.3 No Personal Data on Servers
Cirano does not:
Operate servers that store your personal data
Use cloud storage services for your behavioral or relationship information
Back up your data to external systems
Sync your data across devices
Transmit your personal data over the internet
This is not just a policy, it is our architecture. Our design is intended to prevent us from accessing your personal data. However, no security or technical design is perfect, and we cannot guarantee absolute security.
4.4 Security Measures
We protect your information through:
On-device processing: No data transmission eliminates transmission-based attacks
No centralized database: No servers to breach
Platform-level encryption: Your device's built-in security protects your data
Minimal permissions: We only request necessary permissions
Secure development practices: Regular code reviews and security testing
4.5 Your Responsibility
Your data security also depends on:
Using a strong device passcode or biometric lock (Face ID, Touch ID, fingerprint)
Keeping your operating system updated
Only downloading Cirano from the official Apple App Store
Not sharing your unlocked device with others
5. Data Retention and Deletion
5. Data Retention and Deletion
5.1 Data Retention
Your personal data exists only on your device for as long as you have the App installed. We do not retain any personal data externally, except for the limited account data described in Section 4.2.
Your email address and platform preferences are retained until you delete your account.
5.2 How to Delete Your Data
You have complete control. To permanently delete all Cirano data:
Option 1: Delete Your Account Contact support@cirano.us or use the designated section within the App for full account deletion. Your email address and platform preferences will be permanently removed from Supabase.
Option 2: Delete the App Uninstall Cirano from your device — either directly from the app or via iOS Settings > General > iPhone Storage > Cirano > Delete App. All personal data is immediately and permanently erased.
Important: Once deleted, your data cannot be recovered by anyone, including us. There are no external copies because we never made any.
5.1 Data Retention
Your personal data exists only on your device for as long as you have the App installed. We do not retain any personal data externally, except for the limited account data described in Section 4.2.
Your email address and platform preferences are retained until you delete your account.
5.2 How to Delete Your Data
You have complete control. To permanently delete all Cirano data:
Option 1: Delete Your Account Contact support@cirano.us or use the designated section within the App for full account deletion. Your email address and platform preferences will be permanently removed from Supabase.
Option 2: Delete the App Uninstall Cirano from your device — either directly from the app or via iOS Settings > General > iPhone Storage > Cirano > Delete App. All personal data is immediately and permanently erased.
Important: Once deleted, your data cannot be recovered by anyone, including us. There are no external copies because we never made any.
6. Data Sharing and Third Parties
6. Data Sharing and Third Parties
6.1 We Do Not Sell Our Data
We do not sell your personal information. Period. We disclose limited anonymized information to service providers who process it on our behalf for the purposes described in this Policy.
Specifically:
No data brokers
No advertisers
No social media platforms
No marketing partners
No government agencies (unless legally required and only if we have data to share)
6.2 Third-Party Services We Use
The tools below help us keep the app stable and improve the experience. None of them ever touch your personal data or anything from the platforms you connect to Cirano. That stays on your device, always. We take steps to minimize the risk of re‑identification, but no de‑identification method is perfect.
Apple App Store Required for app distribution. Apple collects standard app download and purchase information per their own privacy policies. We do not control their data practices.
Payment Processing Subscription payments are processed by Apple (App Store). We never receive your credit card information. Payment data is governed by Apple's privacy policy.
RevenueCat We use RevenueCat to manage in-app subscriptions and paywall functionality. RevenueCat receives your App Store receipt and subscription status only. No personal data or payment card information is ever shared — Apple handles all payment processing directly. RevenueCat's privacy policy is available at revenuecat.com.
PostHog We use PostHog for anonymous app analytics. This includes general usage patterns such as which features are used and how often. No personal data or platform data is involved. Data is aggregated and is not intended to directly identify you. PostHog's privacy policy is available at posthog.com.
Sentry We use Sentry for anonymous crash reporting and error tracking. Sentry captures technical error logs only — no personal data, nothing from your connected platforms. This helps us identify and fix bugs to build a more stable app. Sentry's privacy policy is available at sentry.io.
These providers may receive information such as device identifiers, app installation ID, subscription status, and error logs. They act as our service providers/processors and are contractually restricted from using this information for their own purposes.
To the extent our third‑party analytics tools collect similar technical data, you may also opt out where those tools provide such options or by contacting us.
6.3 No Advertising or Tracking
Cirano does not:
Integrate advertising networks or ad SDKs
Track your activity across other apps or websites
Place cookies, pixels, or similar tracking technologies
Use your data for targeted advertising in any form
6.4 Legal Requirements
We may be required to disclose information if compelled by law, court order, or government request. However, given our architecture:
We do not possess your personal data or behavioral patterns
We cannot provide what we do not have
Any legally required disclosure would be limited to your email address, platform preferences, and the minimal anonymous technical data described in Section 2.4
If we receive a legal request for user information, we will:
Carefully review the request for legal validity
Provide only the minimum information required by law
Notify affected users when legally permitted
6.1 We Do Not Sell Our Data
We do not sell your personal information. Period. We disclose limited anonymized information to service providers who process it on our behalf for the purposes described in this Policy.
Specifically:
No data brokers
No advertisers
No social media platforms
No marketing partners
No government agencies (unless legally required and only if we have data to share)
6.2 Third-Party Services We Use
The tools below help us keep the app stable and improve the experience. None of them ever touch your personal data or anything from the platforms you connect to Cirano. That stays on your device, always. We take steps to minimize the risk of re‑identification, but no de‑identification method is perfect.
Apple App Store Required for app distribution. Apple collects standard app download and purchase information per their own privacy policies. We do not control their data practices.
Payment Processing Subscription payments are processed by Apple (App Store). We never receive your credit card information. Payment data is governed by Apple's privacy policy.
RevenueCat We use RevenueCat to manage in-app subscriptions and paywall functionality. RevenueCat receives your App Store receipt and subscription status only. No personal data or payment card information is ever shared — Apple handles all payment processing directly. RevenueCat's privacy policy is available at revenuecat.com.
PostHog We use PostHog for anonymous app analytics. This includes general usage patterns such as which features are used and how often. No personal data or platform data is involved. Data is aggregated and is not intended to directly identify you. PostHog's privacy policy is available at posthog.com.
Sentry We use Sentry for anonymous crash reporting and error tracking. Sentry captures technical error logs only — no personal data, nothing from your connected platforms. This helps us identify and fix bugs to build a more stable app. Sentry's privacy policy is available at sentry.io.
These providers may receive information such as device identifiers, app installation ID, subscription status, and error logs. They act as our service providers/processors and are contractually restricted from using this information for their own purposes.
To the extent our third‑party analytics tools collect similar technical data, you may also opt out where those tools provide such options or by contacting us.
6.3 No Advertising or Tracking
Cirano does not:
Integrate advertising networks or ad SDKs
Track your activity across other apps or websites
Place cookies, pixels, or similar tracking technologies
Use your data for targeted advertising in any form
6.4 Legal Requirements
We may be required to disclose information if compelled by law, court order, or government request. However, given our architecture:
We do not possess your personal data or behavioral patterns
We cannot provide what we do not have
Any legally required disclosure would be limited to your email address, platform preferences, and the minimal anonymous technical data described in Section 2.4
If we receive a legal request for user information, we will:
Carefully review the request for legal validity
Provide only the minimum information required by law
Notify affected users when legally permitted
7. Connected Platform Access
7. Connected Platform Access
7.1 Permissions Required
To generate your relationship intelligence insights, Cirano requests permission to access platforms you choose to connect (currently WhatsApp, with additional platforms actively in development).
What This Permission Allows:
Reading activity metadata (timestamps, frequency, participants)
Local processing of this metadata to generate insights
Display of insights within the App
What This Permission Does NOT Allow:
Cirano cannot see your content (what you write or share)
Cirano is read-only — it cannot send, reply to, or interact with any connected platform on your behalf
Cirano cannot share your data with third parties
Cirano cannot upload your data externally
7.2 Platform Privacy Policies
Your use of any platform you connect to Cirano is governed by that platform's own privacy policies. Cirano can only access what these platforms permit, and all access is limited to local, on-device processing.
7.3 Managing Permissions
You can revoke permissions at any time via iOS: Settings > Cirano > [Permission Type]
Revoking permissions:
Stops all data analysis immediately
Prevents the App from accessing that platform's data
Does not delete data already processed (you must delete the App separately)
7.1 Permissions Required
To generate your relationship intelligence insights, Cirano requests permission to access platforms you choose to connect (currently WhatsApp, with additional platforms actively in development).
What This Permission Allows:
Reading activity metadata (timestamps, frequency, participants)
Local processing of this metadata to generate insights
Display of insights within the App
What This Permission Does NOT Allow:
Cirano cannot see your content (what you write or share)
Cirano is read-only — it cannot send, reply to, or interact with any connected platform on your behalf
Cirano cannot share your data with third parties
Cirano cannot upload your data externally
7.2 Platform Privacy Policies
Your use of any platform you connect to Cirano is governed by that platform's own privacy policies. Cirano can only access what these platforms permit, and all access is limited to local, on-device processing.
7.3 Managing Permissions
You can revoke permissions at any time via iOS: Settings > Cirano > [Permission Type]
Revoking permissions:
Stops all data analysis immediately
Prevents the App from accessing that platform's data
Does not delete data already processed (you must delete the App separately)
8. Your Privacy Rights
8. Your Privacy Rights
8.1 Access Your Data
All your personal data is accessible within the Cirano app on your device. You can view your RelationShape and insights at any time. To access your account data (email, platform preferences), contact support@cirano.us.
8.2 Delete Your Data
Delete the App (see Section 5.2) to permanently remove all personal data from your device. To delete your account and associated email and preference data, contact support@cirano.us.
8.3 Correct Your Data
Your relationship data is derived from your actual activity. To update it, simply continue using your connected platforms normally — your RelationShape updates in real-time. To update your email address or platform preferences, contact support@cirano.us.
8.4 Export Your Data
Your personal data remains on your device. You can take screenshots of your insights for personal records. We do not provide formal data export because your data never leaves your device.
8.5 Opt-Out of Data Collection
To opt out of all data processing:
Revoke App permissions in device settings
Disconnect platforms within the App
Delete the App
8.6 California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act (collectively, the CCPA). This section describes those rights and explains how to exercise them:
Categories of Personal Information We Collect. In the preceding 12 months, we have collected the following categories of personal information, as those terms are defined in the CCPA:
Identifiers (such as email address and unique user ID).
Platform Interest Preferences: When you tell us which platforms you would like added to Cirano, we collect that preference.
Internet or other electronic network activity information and device information (such as device type, operating system version, app version, crash logs, and limited usage metrics), collected through PostHog (analytics) and Sentry (crash reporting). This data is completely anonymous and aggregated and cannot be linked to you or your device.
Commercial information, such as your subscription status and App Store receipt data, is processed by RevenueCat solely for subscription management purposes.
We do not collect personal information from your connected platforms or the content of your communications, as described in Section 2.
Sources and Purposes. We collect these categories of personal information directly from you (when you create an account or contact us) and automatically from your device (through the App and our analytics and crash‑reporting tools). Account data is stored and managed through Supabase. We use this information to provide the Service, maintain security, debug and improve the App, and comply with legal obligations.
Disclosures of Personal Information. We do not “sell” or “share” your personal information as those terms are defined under the CCPA. We may disclose personal information to service providers (such as our account management (Supabase), subscription management, analytics, and crash‑reporting providers) that process it on our behalf for the limited purposes described in this Privacy Policy, under contracts that restrict their use of the information. Your CCPA Rights. Subject to certain exceptions, California residents have the following rights:
Right to Know: You can request information about the categories of personal information we collect about you, the purpose for collecting it, categories of third parties to whom we disclose it, and the specific pieces of personal information we hold about you. As detailed in Section 2, we collect your email address, unique user ID, and platform preferences, minimal anonymous technical data, and no personal information from connected platforms.
Right to Correct. You can request that we correct inaccurate personal information that we maintain about you.
Right to Delete: You can request that we delete personal information we collected from you, subject to certain exceptions (for example, where we need the information to comply with a legal obligation or detect security incidents). Request deletion of personal information by deleting the App (see Section 5.2) or contacting support@cirano.us to delete your account data.
Right to Opt-Out of Sale or Sharing: We do not sell or share personal information. If that ever changes, we will update this Privacy Policy and provide you with any required notices and opt‑out mechanisms.
Right to Limit Use of Sensitive Personal Information. At this time, we do not collect sensitive personal information as defined under the CCPA.
Right to Non-Discrimination: We do not discriminate based on privacy rights exercised.
How to Exercise Rights: Contact support@cirano.us. We will verify your identity prior to fulfilling your request, which may include confirming your email address or other information associated with your account. We will respond within the applicable law, generally within 45 days.
Appeals. If we deny your request in whole or in part, you may appeal our decision by contacting us at support@cirano.us with the subject line "CCPA Appeal." We will review your appeal and respond within 45 days. If your appeal is denied, you may contact the California Attorney General at https://oag.ca.gov for further assistance.
8.7 European Users (GDPR)
If you are located in the European Union, you may have additional rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, or erase your personal data, and the right to data portability. Under the GDPR, “personal data” means any information relating to an identified or identifiable natural person. Our App is designed so that your messaging data is processed locally on your device and is not intentionally transmitted to or stored externally. However, we do collect and store limited personal data necessary to operate the Service through third-party providers, as described below. In particular:
We do not intentionally collect or store the content of your communications or other personal data from the third‑party platforms you connect to.
For account management and support, we may process limited contact information that you choose to provide to us (such as your email address), and minimal technical information (such as app version or error logs) where this is strictly necessary to operate and improve the App.
Personal Data We Hold. Notwithstanding our on-device architecture, we do process the following categories of personal data: (i) your email address and unique user ID, collected at account creation and stored via Supabase; (ii) your optional display name, stored via Supabase; (iii) your platform interest preferences, stored via Supabase; (iv) subscription status and App Store receipt data, processed by RevenueCat; and (v) anonymous technical data including device type, OS version, app version, crash logs, and usage statistics, collected via PostHog and Sentry.
To the extent we act as a “controller” of any personal data under the GDPR (for example, your account email address or support correspondence), you have the rights to:
Request access to, and a copy of, the personal data we hold about you.
Request correction of inaccurate personal data.
Request deletion of your personal data, in whole or in part, where applicable.
Object to or request restriction of our processing in certain circumstances.
Request that we provide your personal data to you or to another organization in a structured, commonly used, and machine-readable format (data portability), where technically feasible.
Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal.
Object to processing based on legitimate interests.
We rely on one or more of the following legal bases to process personal data for these limited purposes: (i) performance of a contract with you (providing the App and managing your account), (ii) our legitimate interests (for example, maintaining and improving the App, preventing abuse), and/or (iii) your consent where required.
You can exercise your GDPR rights or ask questions regarding your rights under GDPR by contacting us at support@cirano.us. We may need to request certain information from you in order to verify your identity before acting on your request. If you are not satisfied with our response, you may lodge a complaint with your local data protection authority.
Appeals. If we deny your request in whole or in part, we will explain our reasons. You may appeal our decision by contacting us at support@cirano.us with the subject line "GDPR Appeal." We will review your appeal and respond within 30 days. If you remain unsatisfied, you have the right to lodge a complaint with your local data protection authority. A list of EEA supervisory authorities is available at edpb.europa.eu. UK residents may contact the Information Commissioner's Office at ico.org.uk.
8.1 Access Your Data
All your personal data is accessible within the Cirano app on your device. You can view your RelationShape and insights at any time. To access your account data (email, platform preferences), contact support@cirano.us.
8.2 Delete Your Data
Delete the App (see Section 5.2) to permanently remove all personal data from your device. To delete your account and associated email and preference data, contact support@cirano.us.
8.3 Correct Your Data
Your relationship data is derived from your actual activity. To update it, simply continue using your connected platforms normally — your RelationShape updates in real-time. To update your email address or platform preferences, contact support@cirano.us.
8.4 Export Your Data
Your personal data remains on your device. You can take screenshots of your insights for personal records. We do not provide formal data export because your data never leaves your device.
8.5 Opt-Out of Data Collection
To opt out of all data processing:
Revoke App permissions in device settings
Disconnect platforms within the App
Delete the App
8.6 California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act (collectively, the CCPA). This section describes those rights and explains how to exercise them:
Categories of Personal Information We Collect. In the preceding 12 months, we have collected the following categories of personal information, as those terms are defined in the CCPA:
Identifiers (such as email address and unique user ID).
Platform Interest Preferences: When you tell us which platforms you would like added to Cirano, we collect that preference.
Internet or other electronic network activity information and device information (such as device type, operating system version, app version, crash logs, and limited usage metrics), collected through PostHog (analytics) and Sentry (crash reporting). This data is completely anonymous and aggregated and cannot be linked to you or your device.
Commercial information, such as your subscription status and App Store receipt data, is processed by RevenueCat solely for subscription management purposes.
We do not collect personal information from your connected platforms or the content of your communications, as described in Section 2.
Sources and Purposes. We collect these categories of personal information directly from you (when you create an account or contact us) and automatically from your device (through the App and our analytics and crash‑reporting tools). Account data is stored and managed through Supabase. We use this information to provide the Service, maintain security, debug and improve the App, and comply with legal obligations.
Disclosures of Personal Information. We do not “sell” or “share” your personal information as those terms are defined under the CCPA. We may disclose personal information to service providers (such as our account management (Supabase), subscription management, analytics, and crash‑reporting providers) that process it on our behalf for the limited purposes described in this Privacy Policy, under contracts that restrict their use of the information. Your CCPA Rights. Subject to certain exceptions, California residents have the following rights:
Right to Know: You can request information about the categories of personal information we collect about you, the purpose for collecting it, categories of third parties to whom we disclose it, and the specific pieces of personal information we hold about you. As detailed in Section 2, we collect your email address, unique user ID, and platform preferences, minimal anonymous technical data, and no personal information from connected platforms.
Right to Correct. You can request that we correct inaccurate personal information that we maintain about you.
Right to Delete: You can request that we delete personal information we collected from you, subject to certain exceptions (for example, where we need the information to comply with a legal obligation or detect security incidents). Request deletion of personal information by deleting the App (see Section 5.2) or contacting support@cirano.us to delete your account data.
Right to Opt-Out of Sale or Sharing: We do not sell or share personal information. If that ever changes, we will update this Privacy Policy and provide you with any required notices and opt‑out mechanisms.
Right to Limit Use of Sensitive Personal Information. At this time, we do not collect sensitive personal information as defined under the CCPA.
Right to Non-Discrimination: We do not discriminate based on privacy rights exercised.
How to Exercise Rights: Contact support@cirano.us. We will verify your identity prior to fulfilling your request, which may include confirming your email address or other information associated with your account. We will respond within the applicable law, generally within 45 days.
Appeals. If we deny your request in whole or in part, you may appeal our decision by contacting us at support@cirano.us with the subject line "CCPA Appeal." We will review your appeal and respond within 45 days. If your appeal is denied, you may contact the California Attorney General at https://oag.ca.gov for further assistance.
8.7 European Users (GDPR)
If you are located in the European Union, you may have additional rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, or erase your personal data, and the right to data portability. Under the GDPR, “personal data” means any information relating to an identified or identifiable natural person. Our App is designed so that your messaging data is processed locally on your device and is not intentionally transmitted to or stored externally. However, we do collect and store limited personal data necessary to operate the Service through third-party providers, as described below. In particular:
We do not intentionally collect or store the content of your communications or other personal data from the third‑party platforms you connect to.
For account management and support, we may process limited contact information that you choose to provide to us (such as your email address), and minimal technical information (such as app version or error logs) where this is strictly necessary to operate and improve the App.
Personal Data We Hold. Notwithstanding our on-device architecture, we do process the following categories of personal data: (i) your email address and unique user ID, collected at account creation and stored via Supabase; (ii) your optional display name, stored via Supabase; (iii) your platform interest preferences, stored via Supabase; (iv) subscription status and App Store receipt data, processed by RevenueCat; and (v) anonymous technical data including device type, OS version, app version, crash logs, and usage statistics, collected via PostHog and Sentry.
To the extent we act as a “controller” of any personal data under the GDPR (for example, your account email address or support correspondence), you have the rights to:
Request access to, and a copy of, the personal data we hold about you.
Request correction of inaccurate personal data.
Request deletion of your personal data, in whole or in part, where applicable.
Object to or request restriction of our processing in certain circumstances.
Request that we provide your personal data to you or to another organization in a structured, commonly used, and machine-readable format (data portability), where technically feasible.
Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal.
Object to processing based on legitimate interests.
We rely on one or more of the following legal bases to process personal data for these limited purposes: (i) performance of a contract with you (providing the App and managing your account), (ii) our legitimate interests (for example, maintaining and improving the App, preventing abuse), and/or (iii) your consent where required.
You can exercise your GDPR rights or ask questions regarding your rights under GDPR by contacting us at support@cirano.us. We may need to request certain information from you in order to verify your identity before acting on your request. If you are not satisfied with our response, you may lodge a complaint with your local data protection authority.
Appeals. If we deny your request in whole or in part, we will explain our reasons. You may appeal our decision by contacting us at support@cirano.us with the subject line "GDPR Appeal." We will review your appeal and respond within 30 days. If you remain unsatisfied, you have the right to lodge a complaint with your local data protection authority. A list of EEA supervisory authorities is available at edpb.europa.eu. UK residents may contact the Information Commissioner's Office at ico.org.uk.
9. Children's Privacy
9. Children's Privacy
9.1 Age Requirement
The Services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information (such as an email address) from a child under 13, we will delete it as soon as reasonably practical.
9.2 Parental Notice
If you believe a child under 13 has used the App or provided personal information to us:
Delete the App from the child's device.
This will remove data stored locally in the APP, and
Contact support@cirano.us so we can delete any associated account or contact information we may have received (for example, an email address used to contact support).
Our App is designed so that most personal data is processed locally on the user’s device and is not intentionally transmitted to or stored externally. However, to the extent we receive any personal information from or about a child under 13 (for example, via email or support requests), we will handle it in accordance with applicable children’s privacy laws, including deleting it once discovered.
9.1 Age Requirement
The Services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information (such as an email address) from a child under 13, we will delete it as soon as reasonably practical.
9.2 Parental Notice
If you believe a child under 13 has used the App or provided personal information to us:
Delete the App from the child's device.
This will remove data stored locally in the APP, and
Contact support@cirano.us so we can delete any associated account or contact information we may have received (for example, an email address used to contact support).
Our App is designed so that most personal data is processed locally on the user’s device and is not intentionally transmitted to or stored externally. However, to the extent we receive any personal information from or about a child under 13 (for example, via email or support requests), we will handle it in accordance with applicable children’s privacy laws, including deleting it once discovered.
10. Changes to This Privacy Policy
10. Changes to This Privacy Policy
10.1 Updates
We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements.
10.2 How We Notify You
When we make changes:
We will update the "Last Updated" date at the top
For material changes, we will provide notice through the App or via email (if we have your email)
The current version is always available at https://www.cirano.us/privacy-policy
10.3 Your Acceptance
Continued use of the Services after changes are posted means you accept the updated Privacy Policy. If you do not agree, please stop using the Services.
10.4 Material Changes
For changes that significantly expand data collection beyond what is described here, we will obtain your explicit consent before implementing such changes. We will update the policy before materially expanding categories of data or processing, and obtain consent where the law requires. If we ever decide to introduce cloud‑based features that require additional data processing, we will update this Privacy Policy and, where required, seek your consent before activating those features.
10.1 Updates
We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements.
10.2 How We Notify You
When we make changes:
We will update the "Last Updated" date at the top
For material changes, we will provide notice through the App or via email (if we have your email)
The current version is always available at https://www.cirano.us/privacy-policy
10.3 Your Acceptance
Continued use of the Services after changes are posted means you accept the updated Privacy Policy. If you do not agree, please stop using the Services.
10.4 Material Changes
For changes that significantly expand data collection beyond what is described here, we will obtain your explicit consent before implementing such changes. We will update the policy before materially expanding categories of data or processing, and obtain consent where the law requires. If we ever decide to introduce cloud‑based features that require additional data processing, we will update this Privacy Policy and, where required, seek your consent before activating those features.
11. Contact Information
11. Contact Information
For privacy questions, concerns, or requests:
Support: support@cirano.us
Website: https://www.cirano.us
We will respond to privacy inquiries within 5 business days.
12. Transparency and Trust
12. Transparency and Trust
12.1 Our Promise
Cirano is built on a simple promise: your data is yours, and only yours.
Most apps ask you to trust them with your data. We have designed Cirano, so trust is not necessary, we physically cannot access your data because it never leaves your device. The only data we hold externally is the minimum required to run your account, stored securely through Supabase.
12.2 No Hidden Practices
We do not:
Collect data for "research purposes" and sell it
Use "anonymized" data in ways that could re-identify you
Employ dark patterns to trick you into sharing more data
Change privacy settings without your knowledge
Make privacy features hard to find or use
12.3 Transparency Report
As of this policy's effective date:
We have received zero government requests for user data
We have disclosed zero user records to law enforcement
We have experienced zero data breaches involving user data
We operate zero Cirano-owned servers containing user personal data
We commit to updating this section annually.
12.1 Our Promise
Cirano is built on a simple promise: your data is yours, and only yours.
Most apps ask you to trust them with your data. We have designed Cirano, so trust is not necessary, we physically cannot access your data because it never leaves your device. The only data we hold externally is the minimum required to run your account, stored securely through Supabase.
12.2 No Hidden Practices
We do not:
Collect data for "research purposes" and sell it
Use "anonymized" data in ways that could re-identify you
Employ dark patterns to trick you into sharing more data
Change privacy settings without your knowledge
Make privacy features hard to find or use
12.3 Transparency Report
As of this policy's effective date:
We have received zero government requests for user data
We have disclosed zero user records to law enforcement
We have experienced zero data breaches involving user data
We operate zero Cirano-owned servers containing user personal data
We commit to updating this section annually.
13. Dispute Resolution
13. Dispute Resolution
13.1 Governing Law
This Privacy Policy is governed by the laws of the United States and the State of Delaware, without regard to conflict of law principles.
13.2 Informal Resolution
Before taking any legal action, please contact us at support@cirano.us to allow us the opportunity to resolve your concern informally within 30 days.
13.3 Disputes
Any dispute, claim, or controversy arising out of or relating to this Privacy Policy or your use of the App will be resolved as set forth in our Terms and Conditions.
13.1 Governing Law
This Privacy Policy is governed by the laws of the United States and the State of Delaware, without regard to conflict of law principles.
13.2 Informal Resolution
Before taking any legal action, please contact us at support@cirano.us to allow us the opportunity to resolve your concern informally within 30 days.
13.3 Disputes
Any dispute, claim, or controversy arising out of or relating to this Privacy Policy or your use of the App will be resolved as set forth in our Terms and Conditions.
14. Additional Information
14. Additional Information
14.1 Do Not Track
We do not engage in cross‑site or cross‑app tracking for advertising purposes, and our App does not respond to "Do Not Track" browser signals.
14.2 Data Breach Notification
In the unlikely event of a data breach affecting the minimal technical data or account data we collect, we will comply with applicable breach notification laws. Your personal data cannot be breached because it never leaves your device.
14.3 Geographic Availability
Cirano is currently available to users in the United States. Your relationship and communication data is never transferred internationally. Account data is stored via Supabase on AWS in the United States. If you are located in the European Union, please refer to Section 8.7 for information about your rights under GDPR.
14.1 Do Not Track
We do not engage in cross‑site or cross‑app tracking for advertising purposes, and our App does not respond to "Do Not Track" browser signals.
14.2 Data Breach Notification
In the unlikely event of a data breach affecting the minimal technical data or account data we collect, we will comply with applicable breach notification laws. Your personal data cannot be breached because it never leaves your device.
14.3 Geographic Availability
Cirano is currently available to users in the United States. Your relationship and communication data is never transferred internationally. Account data is stored via Supabase on AWS in the United States. If you are located in the European Union, please refer to Section 8.7 for information about your rights under GDPR.
15. Acknowledgment
By using Cirano, you acknowledge that you have read, understood, and agree to this Privacy Policy.
Your digital mirror is private. Always.
Join Our Newsletter
Copyright ©Cirano 2026. All Rights Reserved.
Copyright ©Cirano 2026. All Rights Reserved.