Privacy Policy

We collect as little as a product like this can. No email, no phone number, no real-name requirement, no third-party analytics or trackers. Content is encrypted at rest, your lock screen never shows content, and deleting a room destroys its encryption key forever.

Account: the display name you choose and a cryptographic hash of your access code (we never store the code itself).

Room content — asks, notes, limits, game answers, inspirations — is encrypted at rest with a key unique to your room (AES-256-GCM).

Operational metadatais stored unencrypted so the service can function: timestamps, event types (for example “an ask was sent”), response statuses, and session records. It never includes what was written.

Push subscriptions(the address your browser gives us for notifications) are stored encrypted. Notifications themselves never contain content or the app’s name.

Room keys are held server-side, wrapped by a master key we control. That means Beer Holding LLC could technically decrypt stored content. Our commitment: we do not read, scan, or analyze room content, and we will access it only if the law requires it or you explicitly ask us to while we help you with a problem. If we ever ship end-to-end encryption, this section will get stronger.

We compute aggregate, content-free statistics from operational metadata — counts like “rooms created this week” — to understand whether the product is healthy. There is no per-user behavioral tracking, no advertising profile, and no analytics script in the app.

Either partner can schedule room deletion (with a 7-day undo window). When it completes, the room’s encryption key is destroyed — content becomes permanently unreadable, including in our backups. You can also delete your account in Settings, which removes your data immediately; feedback you sent us is kept but un-linked from you. Sessions on devices you choose to remember last 90 days, renewed by use; otherwise they expire after 7 days of inactivity (30-day cap). “Sign out everywhere” in Settings revokes every device at once.

No analytics, advertising, or tracking third parties receive anything. Infrastructure providers (hosting, push delivery) carry encrypted or content-free data as described above. If the service ever shows affiliate product links, tapping one takes you to the merchant — we send them nothing about you, and nothing loads before you tap.

We require valid legal process before disclosing anything, and we can only disclose what exists — see the honest inventory above. We have no email addresses, phone numbers, or payment records to give.

Questions or requests: feedback@getpillowtalk.app. Material changes to this policy will be announced with an in-app notice before they take effect.