This site is not public yet.

Legal

Privacy Policy

Last updated: 25 February 2026

Subtext ("we", "us", "our") is operated by Subtext UG (haftungsbeschränkt), registered in Berlin, Germany. We take data privacy seriously — especially because the data you share with us is among the most personal information you have.

This policy explains what data we collect, why we collect it, how we process it, and your rights under the General Data Protection Regulation (GDPR) and applicable law.

1. What Data We Collect

Account Data

  • Email address (if you sign in with email)
  • Google or Apple account identifier (if you use social sign-in)
  • Anonymous user ID (if you use the app without signing in)
  • Platform preference (Android/iOS)

Chat Export Data

  • WhatsApp chat exports you upload (text content only — no images, audio, or video)
  • Participant names as they appear in the export
  • Message timestamps, sender attribution, and message text

Survey Data

  • Personality survey responses (communication style self-assessment)
  • Communication style quiz results (from the website quiz)

Usage Data

  • Firebase Analytics events (anonymized, aggregated)
  • Crash reports via Firebase Crashlytics
  • Device type, OS version, app version

2. How We Use Your Data

  • Analysis: We process your chat exports using AI (Anthropic Claude) to generate relationship insights, communication profiles, and narrative reports.
  • Improvement: Aggregated, anonymized analytics help us improve the product. We never use individual chat data for model training.
  • Communication: We send transactional emails (report ready, account updates) and, only with consent, marketing communications.
  • Safety: We run automated safety classification to detect indicators of harm. See Section 6.

3. How We Store and Protect Your Data

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
  • Location: All data is stored in the European Union (Google Cloud Platform, Frankfurt region).
  • Access: Only automated systems process your chat data. No human reads your messages unless you explicitly request support assistance and grant permission.
  • Retention: Chat exports are retained only for the duration needed to generate your analysis. Raw uploads are deleted after processing. Reports and insights are retained until you delete them or your account.

4. Third-Party Processing

  • Anthropic (Claude AI): Chat data is sent to Anthropic's API for analysis. Anthropic does not retain prompt data for model training under their commercial terms. Data is processed in Anthropic's US and EU infrastructure.
  • OpenAI (Image Generation): Anonymized theme data (no raw messages) is sent to OpenAI to generate relationship arc images.
  • Google Cloud Platform: Infrastructure hosting (Firestore, Cloud Storage, Cloud Functions).
  • Firebase: Authentication, analytics, crash reporting, push notifications.

We do not sell, rent, or share your personal data with any third party for advertising, marketing, or data brokerage purposes.

5. Your Rights Under GDPR

As a data subject in the EU, you have the right to:

  • Access: Request a copy of all personal data we hold about you (Article 15).
  • Rectification: Correct inaccurate personal data (Article 16).
  • Erasure: Request deletion of your data ("right to be forgotten") (Article 17). We will delete all account data, chat exports, reports, and derived insights.
  • Portability: Receive your data in a structured, machine-readable format (Article 20).
  • Objection: Object to processing based on legitimate interest (Article 21).
  • Withdraw consent: Where processing is based on consent, withdraw at any time.

To exercise any of these rights, contact us at privacy@subtext.love. We will respond within 30 days.

6. Content Safety

Subtext runs automated safety classification during chat processing to detect potential indicators of domestic violence, self-harm, coercive control, and child safety concerns. This processing is done in the legitimate interest of user safety.

When safety concerns are detected, we surface relevant helpline information to the user. We do not report to authorities or share this information with third parties. The safety classifier runs locally on our servers — no raw messages are shared for this purpose.

7. Cookies and Tracking

The Subtext website uses only essential first-party cookies (session management). We use Firebase Analytics for aggregated usage data. No third-party advertising cookies or tracking pixels are used.

8. Children

Subtext is not intended for users under 16 years of age. We do not knowingly collect data from minors. If we become aware that we have collected data from a user under 16, we will delete it promptly.

9. Changes to This Policy

We will notify registered users of material changes via email at least 30 days before they take effect. The current version is always available at this URL.

10. Contact

Subtext UG (haftungsbeschränkt)
Berlin, Germany
privacy@subtext.love