Skip to main content
Colloquies logo Colloquies

Privacy Policy

Last updated: April 2026

1. Who We Are

Colloquies is operated by Stojanov Ventures, a company registered in Germany (the "Controller" within the meaning of the GDPR).

Contact:
Stojanov Ventures
Email: hello@stojanovventures.com
For full company details, see our Imprint.

Colloquies is a private reflection and conversation app for small circles of 2–8 people. We built the app with end-to-end encryption at its core because we believe your conversations with the people who matter most should remain truly private.

2. What Data We Collect

2.1 Account Information

When you create an account, we collect:

  • Your email address
  • Your username
  • Your display bio (if you provide one)
  • Your profile picture (if you provide one)
  • Your public encryption key (used by other circle members to encrypt messages for you)

If you sign in using Apple Sign-In, we receive your email address and name from Apple.

2.2 Encrypted Content (We Cannot Read This)

Your messages, responses to weekly Colloquies, reactions, and any media you share (images, videos, voice messages) are end-to-end encrypted using a hybrid RSA-2048 + AES-256-GCM scheme. This content is encrypted on your device before transmission. We store the encrypted data on our servers, but we cannot decrypt or read it. Only you and the members of your circle hold the decryption keys.

Media files are encrypted before upload and stored with a .enc extension in our storage. They can only be decrypted by circle members on their devices.

2.3 Metadata

To provide the service, we necessarily process certain metadata:

  • Which circles you belong to and your role (admin or member)
  • When you send or receive messages (timestamps)
  • Circle membership information (who is in which circle)
  • Chapter metadata (type, week number, status)
  • Read receipt indicators
  • Your subscription status

2.4 Device & Technical Data

  • Push notification tokens (Firebase Cloud Messaging)
  • Device platform (iOS or Android)
  • App version
  • Crash reports and performance data (via Firebase Crashlytics)
  • Anonymous usage analytics — such as which features are used and how often (via TelemetryDeck). These signals contain no personal identifiers, message content, or advertising IDs

This data does not include the content of your messages or reflections.

2.5 Payment Information

Subscriptions are processed through Apple App Store or Google Play Store via RevenueCat. We do not directly collect or store your payment details. We receive confirmation of your subscription status only.

2.6 Newsletter

If you subscribe to our newsletter on our website, we collect your email address only. We use a double opt-in process: after you enter your email, we send a confirmation email and your subscription becomes active only after you click the confirmation link.

Our newsletter is sent via Brevo (see "Data Sharing & Third Parties"). Brevo may use tracking pixels and links to measure email open rates and click-through rates. This data is aggregated and used solely to improve our newsletter content. You can prevent tracking by disabling image loading in your email client.

2.7 Data We Do Not Collect

Colloquies does not collect:

  • Location data
  • Contact lists
  • Biometric data
  • Health data
  • Browsing history
  • Advertising identifiers

We access your camera, microphone, and photo library only when you explicitly choose to take a photo, record a voice message, or select media to share in a conversation. We do not access these in the background.

3. Legal Bases for Processing (Art. 6 GDPR)

We process your personal data on the following legal bases:

Processing Activity Legal Basis
Account creation and authentication Performance of contract — Art. 6(1)(b)
Providing the messaging service (storing and transmitting encrypted content) Performance of contract — Art. 6(1)(b)
Processing metadata (timestamps, membership, read receipts) Performance of contract — Art. 6(1)(b)
Push notifications Performance of contract — Art. 6(1)(b)
Crash reporting and app stability (Firebase Crashlytics) Legitimate interest — Art. 6(1)(f)
Anonymous usage analytics (TelemetryDeck) Legitimate interest — Art. 6(1)(f)
Subscription management (RevenueCat) Performance of contract — Art. 6(1)(b)
Marketing communications (email) Consent — Art. 6(1)(a)
Responding to support requests Legitimate interest — Art. 6(1)(f)
Compliance with legal obligations (e.g., law enforcement requests) Legal obligation — Art. 6(1)(c)

Where we rely on legitimate interest, our interest is maintaining and improving the stability, security, and quality of the Service, and understanding how features are used so we can improve the app. You may object to processing based on legitimate interest at any time (see "Your Rights" below).

4. End-to-End Encryption

Your messages, reflections, shared media (images, videos, voice messages), and emoji reactions are encrypted on your device using a hybrid encryption scheme (RSA-2048 + AES-256-GCM) before being transmitted to our servers. Only members of your circle can decrypt this content.

What this means:

  • We cannot read your messages, reflections, or media
  • We cannot share your message content with anyone, including law enforcement
  • If you lose access to your encryption key, your encrypted data is permanently inaccessible to you

Your private encryption key is stored securely on your device (iOS Keychain or Android Keystore). Your public key is uploaded to our servers so that other circle members can encrypt messages for you.

Push notification metadata: When you receive a push notification, certain unencrypted metadata (such as the sender's username and circle name) passes through Google's Firebase Cloud Messaging servers to deliver the notification. The actual message content in the notification payload remains encrypted and is decrypted only on your device.

5. Device Permissions

Colloquies may request the following device permissions. Each is used only when you initiate the relevant action:

  • Camera — To take photos or videos to share in conversations, and to scan circle invite QR codes
  • Microphone — To record voice messages to share in conversations
  • Photo Library — To choose existing photos or videos to share in conversations
  • Notifications — To receive push notifications about new messages and activity

You can revoke any permission at any time through your device settings. Revoking a permission will disable the related feature but will not affect the rest of the app.

6. AI-Generated Content

Some content in the app, including weekly Colloquy prompts, may be generated or assisted by artificial intelligence. This content is created and curated by us independently of user data.

We do not use your data to train AI models. Your messages, reflections, and personal information are never used for machine learning or AI training purposes.

7. Data on Your Device

Colloquies uses an offline-first architecture. A local database on your device stores your data for fast access and offline use. The local database is encrypted at rest using SQLCipher (AES-256), with a unique encryption key stored in your device's secure keychain. This includes:

  • Your circle and chapter data
  • Encrypted message blobs (as received from the server)
  • Decrypted message content (stored within the encrypted database for display purposes)
  • Your notification preferences and settings

Your private encryption key is stored separately in your device's secure keychain (iOS Keychain / Android Keystore), which is protected by your device's lock screen and hardware security.

When you sign out, the local database remains on your device to allow re-sync on your next login. When you delete your account, we recommend uninstalling the app to remove all local data.

8. Data Storage & Security

Your data is stored on servers located in the European Union (via Supabase, hosted on AWS eu-central-1). We implement appropriate technical and organizational measures to protect your data, including:

  • End-to-end encryption for all message content and media
  • Encryption at rest and in transit for all server-side data
  • Local database encryption at rest (SQLCipher AES-256) on your device
  • Access controls and authentication for all backend systems
  • Secure key storage using platform-native keychains

9. Data Sharing & Third Parties

We do not sell your personal information. We do not share your data with third parties for their marketing purposes.

We use the following service providers (data processors) to operate Colloquies:

Provider Purpose Data Location
Supabase (via AWS) Database, authentication, file storage, edge functions EU (Frankfurt)
Firebase (Google) Push notifications (FCM) and crash reporting (Crashlytics) US (see International Transfers)
RevenueCat Subscription and in-app purchase management US (see International Transfers)
Brevo Transactional and marketing email communications EU
TelemetryDeck Anonymous, privacy-friendly usage analytics — no personal identifiers or advertising IDs EU
Apple / Google App distribution and payment processing Various

We have entered into data processing agreements with each of these providers in accordance with Art. 28 GDPR.

We may share information with authorities only when legally required. However, due to end-to-end encryption, we can only provide metadata (such as account information and the existence of communications) — not the content of your messages.

10. International Data Transfers

Our primary data storage is in the European Union. Some of our service providers (Firebase/Google, RevenueCat, Apple) may process data outside the EU. Where this occurs, we ensure appropriate safeguards are in place:

  • EU-US Data Privacy Framework (for certified US companies)
  • Standard Contractual Clauses approved by the European Commission

Note that message content transferred internationally (e.g., via push notification payloads through Firebase) remains end-to-end encrypted and cannot be read by the service provider.

11. Data Retention

Data Type Retention Period
Account data (email, username, profile) Until you delete your account
Encrypted messages and media Until the circle is deleted (see below)
Circle membership records 90 days after removal (sync propagation)
Push notification tokens 90 days after last refresh (auto-cleaned)
Crash reports 90 days (Firebase Crashlytics default)
Subscription records Managed by RevenueCat per their retention policy
Newsletter email address Until you unsubscribe, then deleted within 30 days

When You Delete Your Account

  • Your account data (profile, email, encryption keys) is deleted immediately from our servers
  • Your memberships are removed from all circles
  • Your FCM tokens and subscription data are removed

Important: Because messages are end-to-end encrypted and distributed to circle members' devices, encrypted messages you previously sent will remain in those circles. These messages can no longer be attributed to your account. We cannot selectively delete encrypted messages from other members' devices — this is an inherent property of end-to-end encryption.

Local Data

Data may remain on your device or other circle members' devices until they sync with the server. Uninstalling the app removes all local data. When you are removed from a circle, locally cached data for that circle is removed on your next sync.

12. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR) and German data protection law, you have the following rights:

  • Access (Art. 15) — Request a copy of the personal data we hold about you
  • Rectification (Art. 16) — Correct inaccurate personal data
  • Erasure (Art. 17) — Request deletion of your personal data
  • Restriction (Art. 18) — Limit how we process your data
  • Data Portability (Art. 20) — Export your data in a portable format
  • Object (Art. 21) — Object to processing based on legitimate interest
  • Withdraw Consent (Art. 7) — Withdraw consent for marketing communications at any time

To exercise these rights, contact us at hello@stojanovventures.com. We will respond within 30 days.

Note: Due to end-to-end encryption, we cannot provide copies of your encrypted message content — only you and your circle members can decrypt it. For data access requests, we can provide all unencrypted data we hold about you (account information, metadata, membership records). You can also export your data directly from the app (Profile → Export My Data), which includes your decrypted messages since the export is generated on your device.

You also have the right to lodge a complaint with a supervisory authority. The relevant authority for our company is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit).

13. Age Requirement

Colloquies is intended for users aged 16 and older. By creating an account, you confirm that you are at least 16 years of age. We do not knowingly collect personal information from anyone under 16. If we learn that we have collected data from someone under 16, we will delete it promptly.

14. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes through the app or via email at least 30 days before they take effect.

Continued use of Colloquies after changes take effect constitutes acceptance of the updated policy. If you do not agree to the changes, you should stop using the Service and delete your account.

15. Contact Us

If you have questions about this privacy policy, your data, or wish to exercise your rights:

Stojanov Ventures
Email: hello@stojanovventures.com

For full company details, see our Imprint.

For EU consumers: You may also use the European Commission's Online Dispute Resolution platform at ec.europa.eu/consumers/odr.

Stay in the loop

Thoughtful essays on connection, friendship, and building deeper relationships. No spam, unsubscribe anytime.