Privacy Policy
Last updated: May 2026
1. Who We Are
Colloquies is operated by Stojanov Ventures, a company registered in Germany (the "Controller" within the meaning of the GDPR).
Contact:
Stojanov Ventures
Email: hello@stojanovventures.com
For full company details, see our Imprint.
Colloquies is a private reflection and conversation app for small circles of 2–8 people. We built the app with privacy as a core principle: your conversations with the people who matter most should remain truly yours. End-to-end encryption is available as an opt-in privacy mode for any circle that needs it.
2. What Data We Collect
2.1 Account Information
When you create an account, we collect:
- Your email address
- Your username
- Your display bio (if you provide one)
- Your birthday (optional) — you choose whether to share it with your circles, and whether to include the year; if you hide the year, it never leaves your device
- Your profile picture (if you provide one)
- Your public encryption key (used by other circle members to encrypt messages for you)
If you sign in using Apple Sign-In, we receive your email address and name from Apple.
2.2 Message Content
How your messages, responses to weekly Colloquies, reactions, and shared media (images, videos, voice messages) are stored depends on each circle's privacy mode, set at the moment the circle is created.
2.2a Private circles
Content is end-to-end encrypted on your device before transmission using a hybrid RSA-2048 + AES-256-GCM scheme. We store the encrypted data on our servers but cannot decrypt or read it. Only you and the members of your circle hold the decryption keys. Media files are encrypted before upload and stored with a .enc extension.
2.2b Standard circles
Content is stored in our database, encrypted in transit (TLS) and at rest (platform-level encryption by Supabase on AWS). Our staff does not access circle content as a matter of policy. We have no advertising business, no data brokerage, and no recommendation algorithm that would benefit from reading your messages. Media files are stored unencrypted within our storage so they can be displayed across devices without a shared key. Standard-circle content is subject to the same retention policy as Private-circle content (see §11).
2.3 Metadata
To provide the service, we necessarily process certain metadata:
- Which circles you belong to and your role (admin or member)
- When you send or receive messages (timestamps)
- Circle membership information (who is in which circle)
- Chapter metadata (type, week number, status)
- Read receipt indicators
- Your Circle Plus purchase status
2.4 Device & Technical Data
- Push notification tokens (Firebase Cloud Messaging)
- Device platform (iOS or Android)
- App version
- Crash reports and performance data (via Firebase Crashlytics)
- Anonymous usage analytics — such as which features are used and how often (via TelemetryDeck). These signals contain no personal identifiers, message content, or advertising IDs
This data does not include the content of your messages or reflections.
2.5 Payment Information
Purchases are processed through Apple App Store or Google Play Store via RevenueCat. We do not directly collect or store your payment details. We receive confirmation of your purchase status only.
2.6 Newsletter
If you subscribe to our newsletter on our website, we collect your email address only. We use a double opt-in process: after you enter your email, we send a confirmation email and your subscription becomes active only after you click the confirmation link.
Our newsletter is sent via Brevo (see "Data Sharing & Third Parties"). Brevo may use tracking pixels and links to measure email open rates and click-through rates. This data is aggregated and used solely to improve our newsletter content. You can prevent tracking by disabling image loading in your email client.
2.7 Data We Do Not Collect
Colloquies does not collect:
- Location data
- Contact lists
- Biometric data
- Health data
- Browsing history
- Advertising identifiers
We access your camera, microphone, and photo library only when you explicitly choose to take a photo, record a voice message, or select media to share in a conversation. We do not access these in the background.
3. Legal Bases for Processing (Art. 6 GDPR)
We process your personal data on the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| Account creation and authentication | Performance of contract — Art. 6(1)(b) |
| Providing the messaging service (storing and transmitting encrypted content) | Performance of contract — Art. 6(1)(b) |
| Processing metadata (timestamps, membership, read receipts) | Performance of contract — Art. 6(1)(b) |
| Push notifications | Performance of contract — Art. 6(1)(b) |
| Crash reporting and app stability (Firebase Crashlytics) | Legitimate interest — Art. 6(1)(f) |
| Anonymous usage analytics (TelemetryDeck) | Legitimate interest — Art. 6(1)(f) |
| Purchase management (RevenueCat) | Performance of contract — Art. 6(1)(b) |
| Marketing communications (email) | Consent — Art. 6(1)(a) |
| Responding to support requests | Legitimate interest — Art. 6(1)(f) |
| Compliance with legal obligations (e.g., law enforcement requests) | Legal obligation — Art. 6(1)(c) |
Where we rely on legitimate interest, our interest is maintaining and improving the stability, security, and quality of the Service, and understanding how features are used so we can improve the app. You may object to processing based on legitimate interest at any time (see "Your Rights" below).
4. Encryption
We use encryption in three places, depending on the circle's privacy mode:
4.1 In transit
Every connection between your device and our servers is encrypted using TLS. This applies to both Standard and Private circles, and to all metadata, account data, and media uploads.
4.2 At rest
All server-side data is stored on Supabase (AWS eu-central-1), which provides platform-level encryption at rest for the database and storage. This applies to both Standard and Private circles.
4.3 End-to-end (Private circles only)
For Private circles, message content, reactions, and media are additionally encrypted on your device using a hybrid scheme (RSA-2048 + AES-256-GCM) before being transmitted. Only members of that circle can decrypt the content.
What this means for Private circles:
- We cannot read your messages, reflections, or media
- We cannot share your message content with anyone, including law enforcement
- If you lose access to your encryption key, your encrypted data is permanently inaccessible to you
Your private encryption key is stored securely on your device (iOS Keychain or Android Keystore). Your public key is uploaded to our servers so that other circle members can encrypt messages for you. An optional cloud backup of your private key, wrapped with your password, is available to ease recovery across devices.
Push notification payloads. Push notifications transit Apple and Google notification servers. For Private circles, the message body in the push payload remains encrypted and is decrypted only on your device; only routing metadata (sender username, circle name) passes as plaintext to enable delivery. For Standard circles, the message body may also pass as plaintext in the push payload — the same content already stored on our servers.
5. Device Permissions
Colloquies may request the following device permissions. Each is used only when you initiate the relevant action:
- Camera — To take photos or videos to share in conversations, and to scan circle invite QR codes
- Microphone — To record voice messages to share in conversations
- Photo Library — To choose existing photos or videos to share in conversations
- Notifications — To receive push notifications about new messages and activity
You can revoke any permission at any time through your device settings. Revoking a permission will disable the related feature but will not affect the rest of the app.
6. AI-Generated Content
Some content in the app, including weekly Colloquy prompts, may be generated or assisted by artificial intelligence. This content is created and curated by us independently of user data.
We do not use your data to train AI models. Your messages, reflections, and personal information are never used for machine learning or AI training purposes.
7. Data on Your Device
Colloquies uses an offline-first architecture. A local database on your device stores your data for fast access and offline use. The database itself is stored unencrypted within your app's sandbox, but it is protected by your operating system's at-rest encryption: iOS Data Protection and Android File-Based Encryption, both of which require your device's passcode to unlock the underlying storage. The local database includes:
- Your circle and chapter data
- Message content for circles you belong to (decrypted for Private circles, stored as received for Standard circles)
- Your notification preferences and settings
For Private circles, your private encryption key is stored separately in your device's secure keychain (iOS Keychain / Android Keystore), which is protected by your device's lock screen and hardware security. Without this key, Private-circle messages cannot be read; even an attacker who copied the local database file off your device would still need this key to make sense of the encrypted content.
When you sign out, the local database remains on your device to allow re-sync on your next login. When you delete your account, we recommend uninstalling the app to remove all local data.
8. Data Storage & Security
Your data is stored on servers located in the European Union (via Supabase, hosted on AWS eu-central-1). We implement appropriate technical and organizational measures to protect your data, including:
- Encryption in transit (TLS) and at rest (Supabase platform encryption) for all server-side data
- Optional end-to-end encryption (RSA-2048 + AES-256-GCM) for Private circles, with keys generated and held only on member devices
- Operating-system-level at-rest encryption on your device (iOS Data Protection / Android File-Based Encryption)
- Access controls and authentication for all backend systems
- Secure key storage using platform-native keychains
9. Data Sharing & Third Parties
We do not sell your personal information. We do not share your data with third parties for their marketing purposes.
We use the following service providers (data processors) to operate Colloquies:
| Provider | Purpose | Data Location |
|---|---|---|
| Supabase (via AWS) | Database, authentication, file storage, edge functions | EU (Frankfurt) |
| Firebase (Google) | Push notifications (FCM) and crash reporting (Crashlytics) | US (see International Transfers) |
| RevenueCat | In-app purchase management | US (see International Transfers) |
| Brevo | Transactional and marketing email communications | EU |
| TelemetryDeck | Anonymous, privacy-friendly usage analytics — no personal identifiers or advertising IDs | EU |
| Apple / Google | App distribution and payment processing | Various |
We have entered into data processing agreements with each of these providers in accordance with Art. 28 GDPR.
We may share information with authorities only when legally required. For Private circles, end-to-end encryption means we can only provide metadata (such as account information and the existence of communications), not the content of messages. For Standard circles, we hold the message content on our servers and can produce it in response to a valid legal request.
10. International Data Transfers
Our primary data storage is in the European Union. Some of our service providers (Firebase/Google, RevenueCat, Apple) may process data outside the EU. Where this occurs, we ensure appropriate safeguards are in place:
- EU-US Data Privacy Framework (for certified US companies)
- Standard Contractual Clauses approved by the European Commission
For Private circles, message content transferred internationally (e.g., via push notification payloads through Firebase) remains end-to-end encrypted and cannot be read by the service provider. For Standard circles, message content in push payloads may transit Apple and Google notification servers as plaintext alongside the routing metadata.
11. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data (email, username, profile) | Until you delete your account |
| Message content and media (free circles, encrypted or plaintext depending on the circle's privacy mode) | 90 days after creation, then deleted from servers |
| Message content and media (circles with an active Circle Plus pass, encrypted or plaintext depending on the circle's privacy mode) | As long as the circle's Circle Plus pass is active, plus a 7-day grace |
| Circle membership records | 90 days after removal (sync propagation) |
| Push notification tokens | 90 days after last refresh (auto-cleaned) |
| Crash reports | 90 days (Firebase Crashlytics default) |
| Purchase records (Circle Plus) | Managed by RevenueCat per their retention policy |
| Newsletter email address | Until you unsubscribe, then deleted within 30 days |
Server-Side Content Retention
Colloquies uses an offline-first architecture: your device is the primary store of your data. Our servers hold copies for syncing and message delivery. These copies are end-to-end encrypted for Private circles and stored as plaintext (encrypted in transit and at rest by our infrastructure) for Standard circles.
For free circles (those without an active Circle Plus pass), message content and media files are automatically deleted from our servers 90 days after creation. Message metadata (timestamps, authorship, read receipts) is retained for sync purposes, but the content itself is permanently removed. Data already stored on your device is not affected by this cleanup.
For circles with an active Circle Plus pass (which any member can buy), full content is retained on our servers for as long as the pass is active, plus a short grace period, allowing new devices to sync the complete message history. When the pass ends, the 90-day retention policy applies going forward.
We do not provide cloud backups of your data. Your device's local database is your primary copy. If your device supports automatic backups (e.g., iCloud, Google), your local Colloquies data may be included, but this is managed by your device and operating system — not by us.
When You Delete Your Account
- Your account data (profile, email, encryption keys) is deleted immediately from our servers
- Your memberships are removed from all circles
- Your FCM tokens and purchase data are removed
Important: Messages you previously sent remain in the circles you sent them to, distributed to circle members' devices. After your account is deleted, these messages can no longer be attributed to you. For Private circles, we cannot selectively delete encrypted messages from other members' devices (an inherent property of end-to-end encryption). For Standard circles, the same is true of the local copies on members' devices; the server-side copies are removed when the circle's retention period expires or when other members remove the circle.
Local Data
Data may remain on your device or other circle members' devices until they sync with the server. Uninstalling the app removes all local data. When you are removed from a circle, locally cached data for that circle is removed on your next sync.
12. Your Rights (GDPR)
Under the General Data Protection Regulation (GDPR) and German data protection law, you have the following rights:
- Access (Art. 15) — Request a copy of the personal data we hold about you
- Rectification (Art. 16) — Correct inaccurate personal data
- Erasure (Art. 17) — Request deletion of your personal data
- Restriction (Art. 18) — Limit how we process your data
- Data Portability (Art. 20) — Export your data in a portable format
- Object (Art. 21) — Object to processing based on legitimate interest
- Withdraw Consent (Art. 7) — Withdraw consent for marketing communications at any time
To exercise these rights, contact us at hello@stojanovventures.com. We will respond within 30 days.
Note: For Private circles, end-to-end encryption means we cannot provide copies of message content: only you and your circle members can decrypt it. For Standard circles, we can provide the message content we hold on our servers. Either way, the simplest path is to export your data directly from the app (Profile → Export My Data), which generates a JSON file on your device including all messages your device can read.
You also have the right to lodge a complaint with a supervisory authority. The relevant authority for our company is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit).
13. Age Requirement
Colloquies is intended for users aged 16 and older. By creating an account, you confirm that you are at least 16 years of age. We do not knowingly collect personal information from anyone under 16. If we learn that we have collected data from someone under 16, we will delete it promptly.
14. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of material changes through the app or via email at least 30 days before they take effect.
Continued use of Colloquies after changes take effect constitutes acceptance of the updated policy. If you do not agree to the changes, you should stop using the Service and delete your account.
15. Contact Us
If you have questions about this privacy policy, your data, or wish to exercise your rights:
Stojanov Ventures
Email: hello@stojanovventures.com
For full company details, see our Imprint.
For EU consumers: You may also use the European Commission's Online Dispute Resolution platform at ec.europa.eu/consumers/odr.