Skip to main content
Colloquies logo Colloquies

Privacy Policy

Last updated: January 2026

Who We Are

Colloquies is operated by Stojanov Ventures, a company registered in Germany. Our contact details can be found on our Imprint page.

Colloquies is a private reflection and conversation app for small circles of 2–8 people. We believe your conversations with the people who matter most should remain truly private—which is why we built the app with end-to-end encryption at its core.

Information We Collect

Account Information

When you create an account, we collect:

  • Your email address
  • Your display name (if you provide one)
  • Your encrypted private encryption key (encrypted with your password and stored securely)

If you sign in using Google or Apple Sign-In (when available), we receive basic profile information (email, name) from these providers.

Encrypted Content (We Cannot Read This)

Your responses to weekly Colloquies, messages within Chapters, and any media you share are end-to-end encrypted. This content is encrypted on your device before transmission. We store this encrypted data on our servers, but we cannot decrypt or read it. Only you and the members of your circle have access to the decryption keys.

Metadata

To provide the service, we necessarily collect certain metadata:

  • Which circles you belong to
  • When you send or receive messages (timestamps)
  • Circle membership information
  • Your subscription status

Usage & Analytics Data

We collect anonymized usage data to improve the app experience:

  • App opens, feature usage, and navigation patterns (via Google Analytics)
  • Crash reports and performance data (via Firebase Crashlytics)

This data does not include the content of your messages or reflections.

Payment Information

Subscriptions are processed through Apple App Store or Google Play Store via RevenueCat. We do not directly collect or store your payment details. We receive confirmation of your subscription status only.

How We Use Your Information

  • To provide, maintain, and improve the Colloquies service
  • To send you important updates about your account and the service
  • To send you marketing communications (only with your consent, via Brevo)
  • To respond to your questions and support requests
  • To detect and prevent fraud, abuse, and security issues
  • To comply with legal obligations

End-to-End Encryption

Your messages, reflections, and shared media are encrypted on your device using your private encryption key before being transmitted to our servers. Only members of your circle can decrypt this content.

What this means:

  • We cannot read your messages or reflections
  • We cannot share your message content with anyone, including law enforcement
  • If you lose your password (and have no recovery method), your encrypted data is permanently inaccessible

Your private encryption key is encrypted with your account password and stored on our servers. As long as you remember your password, you can access your encryption key on any device. For social logins, you'll need to use a Passkey or provide a separate encryption password.

AI-Generated Content

Some content in the app, including weekly Colloquy prompts, may be generated or assisted by artificial intelligence. This AI-generated content is created and managed by us—it does not involve your personal data.

We do not use your data to train AI models. Your messages, reflections, and personal information are never used for machine learning or AI training purposes.

Data Storage & Security

Your data is stored on servers located in the European Union (via Supabase). We implement appropriate technical and organizational measures to protect your data, including:

  • End-to-end encryption for all message content
  • Encryption at rest and in transit for all data
  • Regular security assessments
  • Access controls and authentication

Data Sharing & Third Parties

We do not sell your personal information. We do not share your data with third parties for their marketing purposes.

We use the following service providers to operate Colloquies:

  • Supabase (EU) — Database and authentication infrastructure
  • Google Analytics — Anonymized usage analytics
  • Firebase Crashlytics — Crash reporting and app stability
  • Brevo — Email communications and marketing
  • RevenueCat — Subscription management
  • Apple / Google — App distribution and payment processing

We may share information with authorities only when legally required. However, due to end-to-end encryption, we can only provide metadata (such as account information and the existence of communications between users)—not the content of your messages.

Data Retention & Deletion

When you delete your account:

  • Your account data is deleted immediately from our servers
  • If you are an admin of a circle, the entire circle is deleted
  • Encrypted content associated with your account is removed from our servers

Offline data: Colloquies uses an offline-first approach. Data may remain on your device or other circle members' devices until they sync with the server. Once synced, deleted data will be removed from all devices.

If you are removed from a circle: You will lose access to that circle immediately. Any locally cached data will be removed upon your next sync with the server.

Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR) and German data protection law, you have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Rectification — Correct inaccurate personal data
  • Erasure — Request deletion of your personal data
  • Data portability — Export your data in a portable format
  • Restrict processing — Limit how we use your data
  • Object — Object to certain processing activities
  • Withdraw consent — Withdraw consent for marketing communications at any time

To exercise these rights, contact us at hello@stojanovventures.com.

You also have the right to lodge a complaint with a supervisory authority, such as the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit).

Age Requirement

Colloquies is intended for users aged 16 and older. We do not knowingly collect personal information from anyone under 16. If we learn that we have collected data from someone under 16, we will delete it promptly.

International Data Transfers

Our primary data storage is in the European Union. Some of our service providers (such as Google and Apple) may process data outside the EU. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes through the app or via email. Continued use of Colloquies after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this privacy policy, your data, or wish to exercise your rights, please contact us:

Stojanov Ventures
Email: hello@stojanovventures.com

For full company details, see our Imprint.