Privacy Policy for Exless
Last Updated: December 1, 2025
Effective Date: December 1, 2025
Introduction
Welcome to Exless ("we," "our," or "us"). We are committed to protecting your privacy and being transparent about how we collect, use, and safeguard your personal information.
This Privacy Policy explains:
- What information we collect when you use the Exless mobile application
- How we use and protect that information
- Your rights regarding your personal data
- How to contact us with questions or concerns
By using Exless, you agree to the collection and use of information in accordance with this policy.
Important Notes
Exless is NOT a Medical Service
Exless is a self-help tool for breakup recovery. It is not a substitute for professional mental health care, therapy, or medical advice. If you are experiencing a mental health crisis, please contact a qualified healthcare provider or call a crisis helpline immediately.
Age Requirement: You must be at least 13 years old to use Exless. If you are under 18, you should review this Privacy Policy with a parent or guardian.
1. Information We Collect
1.1 Information You Provide Directly
Account Information:
- Email address (for authentication)
- Display name (optional)
- Password (encrypted and never stored in plain text)
Onboarding & Recovery Data:
- Your ex's first name (for personalization)
- Relationship details (length, who ended it, time since breakup)
- Contact status and social media habits
- Recovery goals you select
- Symptom checklist responses
- Why your relationship ended (free text response)
- Last contact date with your ex
User-Generated Content:
- Draft messages you write to your ex (stored but never sent)
- Conversations with the AI Coach
- Goal exercise completion tracking
- Daily check-in responses
- Streak and progress data
1.2 Information Collected Automatically
Usage Data:
- App features you use (e.g., Coach Chat, Text Your Ex, SOS tools)
- Frequency and duration of app sessions
- Device type and operating system version
- App version number
- Crash logs and error reports
Authentication Data:
- Firebase authentication tokens
- Login method used (email, Google Sign-In, Apple Sign-In)
- Account creation and last login timestamps
1.3 Information We Do NOT Collect
- We do NOT track your location
- We do NOT access your contacts, photos, or other device data
- We do NOT collect your real ex's contact information
- We do NOT share your data with advertisers
- We do NOT sell your personal information to third parties
2. How We Use Your Information
We use the information we collect to:
Provide Core Services:
- Authenticate your account and keep it secure
- Personalize your recovery experience (using your ex's name, relationship context)
- Generate AI Coach responses tailored to your situation
- Track your no-contact streak and progress
- Save your draft messages and conversation history
- Monitor your recovery goal completion
Improve the App:
- Analyze usage patterns to improve features
- Debug technical issues and crashes
- Develop new features based on user needs
Communicate With You:
- Send important account notifications (if you enable them)
- Respond to your support requests
- Notify you of policy changes or app updates
Legal Compliance:
- Comply with applicable laws and regulations
- Respond to legal requests (e.g., court orders, subpoenas)
- Protect our rights and prevent fraud or abuse
3. Third-Party Services We Use
3.1 Firebase / Firestore (Google)
Purpose: User authentication, database storage, and app infrastructure
Data Stored:
- User account information (email, display name, user ID)
- All user-generated content (messages, goals, streak data)
- Authentication tokens and session data
Privacy: Firebase is GDPR-compliant and SOC 2 certified. Your data is encrypted in transit and at rest.
Firebase Privacy Policy: https://firebase.google.com/support/privacy
3.2 OpenAI API (Coach Chat)
Purpose: Generate AI Coach responses to support your recovery
Data Sent:
- Your conversation messages with the Coach
- Context from your onboarding (ex's name, relationship details, goals)
- Recent conversation history (last 10 messages for context)
Important:
- We do NOT send your full name, email, or account ID to OpenAI
- Conversations are anonymized (referred to as "user" in API requests)
- OpenAI may temporarily log requests for abuse prevention but does NOT use your data to train their models (per our business agreement)
OpenAI Privacy Policy: https://openai.com/privacy
3.3 Google Sign-In / Apple Sign-In
Purpose: Optional authentication methods
Data Shared:
- Google/Apple provides your email address and name (if you authorize it)
- We receive an authentication token to verify your identity
- We do NOT receive your Google/Apple password
Google Privacy Policy: https://policies.google.com/privacy
Apple Privacy Policy: https://www.apple.com/legal/privacy/
4. Data Storage & Security
4.1 Where Your Data is Stored
Your data is stored in Firebase Firestore databases located in us-central1 (United States). All data is encrypted:
- In Transit: TLS/SSL encryption for all network communication
- At Rest: AES-256 encryption for stored data
4.2 Data Isolation
Your data is isolated per user account. When you log in:
- You can only access YOUR conversations, messages, and progress
- Other users cannot see your data
- We use Firebase security rules to enforce strict access control
4.3 Security Measures
We implement industry-standard security practices:
- Secure authentication (Firebase Auth with encrypted passwords)
- API keys protected in secure storage
- Regular security audits
- Automatic logout after extended inactivity
4.4 Data Retention
We retain your data for as long as your account is active. When you delete your account:
- All personal data is permanently deleted within 30 days
- Anonymized usage statistics may be retained for analytics
- Deletion is irreversible - we cannot recover your data after deletion
5. Your Privacy Rights
Depending on your location, you may have the following rights:
5.1 Access & Portability
- Right to Access: Request a copy of your personal data
- Right to Portability: Export your data in a machine-readable format
- How to Exercise: Contact us at exlessapp@gmail.com
5.2 Correction & Updates
- Right to Correction: Update or correct your personal information
- How to Exercise: Edit your profile in the app or contact support
5.3 Deletion
- Right to Deletion: Delete your account and all associated data
- How to Exercise: Go to More → Settings → Account → Delete Account
- Timeline: Data is permanently deleted within 30 days
5.4 Objection & Restriction
- Right to Object: Object to certain data processing activities
- Right to Restrict: Request limited processing of your data
- How to Exercise: Contact us at exlessapp@gmail.com
5.5 Withdraw Consent
- You can withdraw consent for data processing at any time by deleting your account
- Note: Withdrawing consent may prevent you from using certain app features
6. International Data Transfers
If you are located outside the United States, please note:
- Your data may be transferred to and processed in the United States
- We rely on Firebase's compliance with GDPR and standard contractual clauses
- Your data receives the same protections regardless of location
7. Children's Privacy
Exless is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us immediately and we will delete it.
8. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do:
- We will update the "Last Updated" date at the top
- We will notify you via the app or email (for material changes)
- Continued use of the app after changes means you accept the updated policy
We encourage you to review this Privacy Policy periodically.
9. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: What personal information we collect and how we use it
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt out of the sale of personal information (Note: We do NOT sell your data)
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights
To exercise these rights, contact us at exlessapp@gmail.com.
10. European Privacy Rights (GDPR)
If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):
Legal Basis for Processing:
- Consent: You consent to data collection when creating an account
- Legitimate Interest: We process data to provide and improve our services
- Legal Obligation: We may process data to comply with laws
Your GDPR Rights:
- Right to access, correct, and delete your data
- Right to data portability
- Right to object to processing
- Right to restrict processing
- Right to withdraw consent
- Right to lodge a complaint with your supervisory authority
To exercise these rights, contact us at exlessapp@gmail.com.
11. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
Email: exlessapp@gmail.com
App: More → Help & FAQ → Contact Support
Response Time: We aim to respond within 48 hours
12. Consent
By using Exless, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.
If you do not agree with this Privacy Policy, please do not use the app.
This policy was last updated on December 1, 2025.