Privacy Policy
Last updated: April 29, 2026
This Privacy Policy describes how Circles ("we", "us", "our") collects, uses, and shares your information when you use the Circles mobile and web applications (the "Service"). By using Circles, you agree to the practices described here.
Plain-English summary: We collect only what we need to make Circles work. We never sell your data. Contacts and calendar access are optional. You can delete your account and all your data at any time from inside the app.
1. Information we collect
You give us
- Account info — your email address, name, and (optionally) profile photo when you sign up.
- Authentication identifiers — when you sign in with Apple or Google, we receive your email and a stable user ID from the provider. We do not receive your password.
- Dates and household info — birthdays, anniversaries, custom dates, and household member names you choose to add.
- Circle membership — the Circles you belong to and the people in them.
- eCard content — messages you write, optional video messages you record, and the recipient you choose.
- Gift card purchases — when you send a gift card, the brand, amount, and recipient delivery method (email or in-app).
- Support messages — anything you tell us when contacting support.
You grant us permission to access (optional)
- Contacts — only if you grant permission, and only to make it easier to invite friends. We do not upload your contact list to our servers.
- Calendar — only if you opt into device calendar sync. Circles writes Circle dates to your local device calendar; we do not read your existing calendar entries.
- Camera and photo library — only when you choose to record a video message or pick a photo for your profile.
- Recipient phone numbers (SMS invites) — when you choose to invite a friend by SMS, we send their phone number to our SMS provider (Twilio) to deliver the invite text. The number is not stored in your account or used for any other purpose.
We collect automatically
- Device and usage data — device type, operating system version, app version, crash logs, and product interaction events (which screens you visit, which buttons you tap). Used to fix bugs and improve features.
- Approximate location — derived from IP address (country-level only) for analytics. We do not collect precise GPS location.
- Install attribution — when you install via a deep link, we record which link you came from so we can credit invites correctly.
2. How we use your information
- Operate the Service — sign you in, sync your dates, deliver eCards and gift cards, send reminders.
- Personalize the experience — show you relevant Circles, dates, and eCard categories.
- Process payments for gift cards via Stripe.
- Communicate with you — verification codes, gift delivery confirmations, important account updates.
- Diagnose crashes and improve performance.
- Comply with legal obligations and prevent fraud or abuse.
3. Third-party processors
We share data with the following service providers strictly to operate the Service. Each is bound by data-processing obligations.
| Provider | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing for gift cards | Email, name, payment info (card data goes directly to Stripe — we never see it) |
| Tango Card (RaaS) | Gift card fulfillment + brand catalog | Recipient name, recipient email, gift amount, brand |
| SendGrid | Transactional email (verification codes, gift delivery) | Email address, message contents |
| Twilio | SMS invitations (only when you choose to invite a friend by phone number) | Recipient phone number, your name, Circle name, invite link |
| PostHog | Product analytics | Pseudonymous user ID, device info, in-app events, IP-based country |
| Branch.io | Deep links and install attribution | Device fingerprint, install source, link click data |
| Google Cloud Storage | Image and video asset hosting | Profile photos, eCard video messages |
| OpenAI | eCard message helper | Message prompts you type into the AI helper. Per OpenAI's API data policy, this content is not used to train their models. |
| Apple / Google | Sign-In identity providers | Email, name, stable user ID |
4. What we do NOT do
- We do not sell your personal information to third parties.
- We do not share your contacts list with anyone.
- We do not run cross-app advertising trackers.
- We do not read your existing device calendar entries.
- We do not store your payment card numbers — Stripe handles all card data.
5. Your choices and controls
- Permissions — you can revoke contacts, calendar, camera, and photo library access at any time from your device's Settings app.
- Privacy per date — you can mark any date as private so it is not shared with your Circles.
- Leave a Circle — at any time from inside the app.
- Delete your account — Settings → Account → Delete Account inside the app. We delete your profile, dates, gifts, and Circle memberships within 30 days. Circles you owned are transferred to another member or deleted if you are the only member.
- Export — email support@joinmycircles.app to request a copy of your data.
6. Data retention
We keep your account data while your account is active. After deletion, we remove your personal data within 30 days, except for records we are required to retain for legal, tax, or fraud-prevention reasons (for example, gift card transaction records retained for up to 7 years per IRS / financial-services rules).
7. Children
Circles is not directed to children under 13 (or under 16 in the EEA / UK). We do not knowingly collect personal information from children. If you believe a child has signed up, contact us and we will delete the account.
8. International data transfers
We are based in the United States. If you use the Service from outside the U.S., your data is transferred to and processed in the U.S. and other countries where our processors operate. By using the Service you consent to that transfer.
9. Your regional rights
EEA / UK (GDPR): you have the right to access, correct, delete, restrict, port, or object to processing of your personal data. To exercise these rights, email support@joinmycircles.app. You also have the right to lodge a complaint with your local data protection authority.
California (CCPA / CPRA): you have the right to know, delete, correct, and opt out of the sale or sharing of your personal information. We do not sell or share personal information for cross-context behavioral advertising.
10. Security
We use industry-standard safeguards including TLS encryption in transit, encrypted database storage, and access controls. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.
11. Changes to this policy
If we make material changes we will notify you by email or in-app notification before the change takes effect. The "Last updated" date above always reflects the current version.
12. Contact
Questions, requests, or complaints: support@joinmycircles.app.