1. Introduction

Welcome to StarsTalk ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

2. Information We Collect

2.1 Information You Provide

• Account Information: When you create an account, we collect:
  • Email address (for email/password authentication) or Google account information (for OAuth)
  • User ID (circle user ID) and display name
  • Profile image (optional)
  • Device token (for push notifications)
• Content You Create:
  • Messages (end-to-end encrypted)
  • Event details (end-to-end encrypted descriptions)
  • Photos and media (encrypted when uploaded)
  • Voice echoes — short voice recordings you send to your Hearth members. Each echo is encrypted per-recipient with the Signal Protocol so only the intended listeners can decrypt the audio. The server stores the encrypted blob only; the underlying voice content is never readable to us.
  • Circle names and invitations
• Contacts: Information about users you add to your circles or contact list

2.2 Information Collected Automatically

• Device Information: Device type, operating system, unique device identifiers
• Usage Information: App features used, timestamps, interaction patterns
• Log Data: IP addresses, request timestamps, error logs

2.3 Information We Do NOT Collect

• We cannot read your encrypted messages
• We cannot access encrypted event descriptions
• We cannot view your encrypted photos
• We cannot listen to the encrypted voice echoes at rest on our servers — only the intended Hearth recipients can decrypt them
• We do not sell your data to third parties
• We do not use your data for advertising

3. How We Use Your Information

We use the information we collect to:

• Provide and Maintain Services: Deliver messages, manage circles, coordinate events
• Authentication: Verify your identity using Google OAuth or email/password
• Send Notifications: Push notifications for messages, events, and invitations
• Voice Echo Translation (Hearth): When a Hearth listener has the “Hear in original” toggle off and the echo’s spoken language differs from the listener’s preferred language, the decrypted audio is sent from the listener’s device to a translation service we operate on our own infrastructure to produce a translated voice rendering. The audio is processed only for the duration of the translation request and is not retained by the translation service. Listeners can disable this by toggling “Hear in original” in Hearth settings.
• Curtain Mode (Hearth privacy switch): A per-user toggle in Hearth Settings that pauses ALL AI processing of your data. When you turn curtain mode on:
  • Your incoming Hearth echoes are not translated — you hear them in the speaker’s original language and voice.
  • Your voice profile is not used for voice cloning. Listeners in different languages hear the original audio of your echoes instead of a voice-cloned translation.
  • Your previously-cloned voice cannot be served from cache to any listener, even renders we already generated. Existing cache rows are protected; no new renders can be created.
  • Star’s narration of “what’s new since yesterday” does not name you in any listener’s prose. Your echoes still count toward each listener’s total (the listener’s own inbox), but your handle never appears in Star’s prose for them.
  • Future AI features (Star, on-device LLM responses, summaries) will respect the same switch.
  Curtain mode is the privacy-first opt-out for users who want the social space without the AI layer on top. You can flip it at any time; the change takes effect immediately on the next request.
• Improve Services: Analyze usage patterns to enhance app functionality
• Security: Detect and prevent fraud, abuse, and security incidents
• Legal Compliance: Comply with applicable laws and legal processes

4. End-to-End Encryption

StarsTalk uses the Signal Protocol for end-to-end encryption:

• Messages are encrypted on your device before being sent
• Only the intended recipient can decrypt and read messages
• Event descriptions, photos, and Hearth voice echoes are encrypted per recipient
• We store encrypted content but cannot decrypt it
• Encryption keys are managed locally on your device

5. Data Storage and Security

5.1 Where We Store Data

• Database: PostgreSQL database for user accounts, circle memberships, metadata
• Object Storage: MinIO (self-hosted) or AWS S3 for encrypted media files
• Secrets Management: HashiCorp Vault for secure credential storage

5.2 Security Measures

• End-to-end encryption using Signal Protocol
• TLS/SSL encryption for data in transit
• Hashed passwords using bcrypt (for email/password accounts)
• Secure token-based authentication (JWT)
• Regular security audits and updates
• Access controls and permission management

6. Data Sharing and Disclosure

6.1 We Share Data With:

• Other Users: When you send messages, create events, or invite users to circles
• Service Providers:
  • Apple Push Notification Service (APNs) for push notifications
  • Google OAuth for authentication (if you choose Google login)
  • Brevo (email service) for verification codes and password resets
  • Stripe for payment processing (subscriptions)

6.2 We Do NOT Share:

• Encrypted message content (we cannot decrypt it)
• Your data for advertising or marketing purposes
• Your information with data brokers

6.3 Legal Disclosures

We may disclose information if required by law, subpoena, or legal process. However, due to end-to-end encryption, we cannot provide access to encrypted message content.

7. Your Rights and Choices

7.1 Access and Control

• Access: View your profile and account information in the app
• Update: Modify your profile, display name, and settings
• Delete (in-app): Remove contacts, leave circles, delete messages locally
• Account Deletion (right to erasure, GDPR Art. 17): Submit an in-app deletion request via Settings → Account → Delete My Account, or email [email protected]. Once received, your account, profile data, messages, payment records and uploaded media are deleted from production within 30 days. Encrypted backups containing your data are rotated out within their retention window (see §8 below).
• Account Data Export (right to portability, GDPR Art. 20): You can request a machine-readable export of your account data (profile, contacts, message metadata, settings, subscription history) by emailing [email protected]. We deliver the export within 30 days. End-to-end encrypted message content is exported in its encrypted form — only your device can decrypt it.

7.2 Communication Preferences

• Control push notifications in your device settings
• Opt-out of promotional emails (if any) by following unsubscribe links

7.3 AI Processing Controls

• Curtain mode: Flip in Hearth Settings → Curtain mode to pause all AI processing of your data (see §3 above for the full list of paths the switch gates). The effect is immediate and reversible at any time. No data is collected or processed in connection with the toggle itself — we only read your current preference from your account row when a request arrives.
• “Hear in original” (per-listener): Per-Hearth setting that disables only voice translation for your own playback. Use this when you want the social space and Star, but prefer to hear other people’s echoes in their original language.

8. Data Retention

• Active Accounts: Data retained as long as your account is active
• Account Deletion: Production data deleted within 30 days of a deletion request (see §7.1)
• Encrypted Content: End-to-end encrypted messages and media stored until manually deleted or account removed
• Audit log entries: Authentication events (login, registration, password reset) recorded with HMAC-hashed identifier, IP and User-Agent — used solely for security monitoring and abuse detection. Retained 30 days unless an active investigation requires longer.
• Sessions / authentication tokens: Access tokens (JWT) expire after 24 hours; refresh tokens after 7 days unless revoked sooner.
• Application logs (centralised): Pod logs (errors, request traces) retained 30 days for debugging. Sensitive fields (email addresses, tokens, codes) are redacted at the application layer before logs leave the pod.
• Backups: Encrypted nightly backups retained 7 daily, 4 weekly, 3 monthly. Account-deletion requests trigger a deletion-by-tag against the backup repository within the same retention window.

9. Children's Privacy

StarsTalk is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we discover we have collected information from a child under 13, we will delete it immediately.

10. International Data Transfers

If you are accessing StarsTalk from outside the United States, your information may be transferred to, stored, and processed in the United States where our servers are located. By using our services, you consent to this transfer.

11. Third-Party Services and Sub-Processors

StarsTalk uses the following sub-processors. We have data-processing terms in place with each. Where listed, the linked privacy policy describes how they handle your data:

11.1 Google (OAuth, Firebase Cloud Messaging)

Google OAuth 2.0 handles Google sign-in (we receive only your email and name). Firebase Cloud Messaging delivers Android push notifications (a device-issued FCM token + the notification payload — typically a sender ID and a deep-link target — are sent to Google's FCM servers). Google Privacy Policy

11.2 Apple (APNs, Sign in with Apple)

Apple Push Notification service delivers iOS push notifications (a device-issued APNs token + the notification payload). Sign in with Apple is offered as an authentication provider. Apple Privacy Policy

11.3 Stripe (Payment Processing)

Subscription and event-deposit payments are processed by Stripe Inc. We do not store your credit card information. Stripe receives your payment-method details directly from your device. We rely on Stripe under their standard Data Processing Addendum (DPA), which is incorporated by reference under their terms of service for all customers. Stripe Privacy Policy

11.4 Brevo (Transactional Email)

Account-related emails (verification codes, password resets, support replies) are delivered through Brevo. Brevo receives your email address and the message body. Brevo Privacy Policy

11.5 Cloudflare (Network / TLS Termination)

Public-facing API and web traffic transit Cloudflare's network for TLS termination and DDoS protection. Cloudflare may briefly process IP-level metadata as part of this routing. Cloudflare Privacy Policy

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending an in-app notification or email (for material changes)

Your continued use of StarsTalk after changes indicates acceptance of the updated policy.

13. Regional Privacy Rights

13.1 California Residents (CCPA)

California residents have the right to:

• Know what personal information is collected
• Know whether personal information is sold or disclosed
• Opt-out of the sale of personal information (we do not sell data)
• Request deletion of personal information
• Non-discrimination for exercising privacy rights

13.2 European Union / United Kingdom (GDPR / UK GDPR)

EU and UK residents have the following rights with respect to their personal data:

• Access (Art. 15): Request a copy of the personal data we hold — see §7.1 (Account Data Export).
• Rectification (Art. 16): Update profile fields directly in the app, or contact us for fields not exposed in-app.
• Erasure / right to be forgotten (Art. 17): Request account deletion — see §7.1 (Account Deletion). Production data is removed within 30 days; backups roll off in their retention window (see §8).
• Restriction (Art. 18) or objection (Art. 21): Email [email protected] describing the scope; we'll act within 30 days.
• Data portability (Art. 20): Machine-readable export of your data — see §7.1.
• Withdraw consent: Where processing is based on consent, you can withdraw it via in-app settings or by emailing us. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
• Lodge a complaint: You can file a complaint with your local supervisory authority. (UK: Information Commissioner's Office. EU: your country's data protection authority.)

13.3 Legal Basis for Processing (GDPR Art. 6)

Where GDPR applies, we rely on the following legal bases per category of processing:

• Contract (Art. 6(1)(b)) — for everything required to deliver the messaging service: account creation, message routing, push notification delivery, payment processing for subscriptions and event deposits.
• Legitimate interest (Art. 6(1)(f)) — for security monitoring (audit log entries on authentication events), abuse detection (rate limits, content reports), and product diagnostics (crash logs and bug reports you submit).
• Consent (Art. 6(1)(a)) — for any optional feature that requests explicit opt-in (e.g. submitting a bug report with attached breadcrumbs, granting photo-library access, enabling translation of incoming messages). You can withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)) — where we are required to retain or disclose information to comply with applicable law (see §6.3 above).

← Back to Home