Our Commitment to Privacy

At realxreal, we distinguish between Data We Store (to manage your account) and Data We Process (to verify your identity). We operate on a "Zero-Retention" principle for all sensitive memory challenges.

1. Information We Collect

1.1 Account Information (Stored)

To manage your subscription and enable contact discovery, we store the following standard account data in Google Firebase:

• Identity: First Name, Last Name, Email Address, Phone Number.
• Technical IDs: Firebase User ID (UID), Device ID (UUID), Push Notification Tokens.
• Security: Your Public Key (used by other users to encrypt messages to you).
• Status: Subscription tier and renewal date.

1.2 Memory Challenges (Transient Processing)

The core feature of realxreal involves comparing memory challenges (e.g., "Where did we eat lunch?") using AI. Currently, this process works as follows:

1. Your challenge text is encrypted in transit (TLS 1.3) and sent to our secure inference server.
2. Our server converts the text into a mathematical vector (embedding).
3. The text and the vector are immediately discarded from server memory.
4. We return only the mathematical result to your device.

We do not write your memory challenges to disk, database, or permanent logs.

1.3 Information Stored ONLY on Your Device

• Your Private Key: Stored in the iOS Secure Enclave. We physically cannot access this, meaning we cannot impersonate you.
• Contact List: We do not upload your address book. Connections are made manually or via QR code.

2. How We Use Your Information

2.1 Core Functionality

• Identity Verification: We use your phone number and email to ensure you are a real person and to prevent spam/bot accounts.
• Notifications: We use FCM Tokens to wake your device when a friend sends a challenge.

2.2 Analytics (Privacy-Preserving)

We use TelemetryDeck to collect anonymous usage data (e.g., "Daily Active Users" or "Crash Rates"). TelemetryDeck does not collect personally identifiable information (PII) and creates anonymous hashes that cannot be traced back to you.

2.3 What We Never Do

• We do not sell your data.
• We do not use your memory challenges to train public AI models.
• We do not track your location.

3. Data Storage and Security

3.1 Cloud Infrastructure

Account data is stored in Google Firebase (US Region). All data is encrypted at rest and in transit.

3.2 The "Zero-Retention" Guarantee

While we must process your memories to generate embeddings, our backend is designed to be stateless regarding this content. Once the HTTP request finishes, the memory data ceases to exist on our infrastructure.

4. Data Sharing and Third Parties

We use the following processors to run the service:

• Google Firebase: Authentication, Database, and Cloud Functions.
• TelemetryDeck: Anonymous analytics.
• Apple: Subscription management (StoreKit) and Push Notifications (APNS).

We may disclose Account Information (Name/Email/IP) if compelled by a valid court order. However, we cannot disclose memory content because we do not store it.

5. Your Rights and Controls

You have full control over your data:

• Delete Account: You can delete your account directly inside the app settings. This immediately wipes your data from Firebase.
• Export Data: Since most data (memories/contacts) lives on your device, you already possess it.

6. Children's Privacy

realxreal is not intended for users under 13 years of age. We do not knowingly collect information from children under 13.

7. Changes & Evolution

We are building towards a strictly on-device future. We anticipate updating this policy in Q1 2026 to reflect the removal of our server-side embedding service. We will notify you via the app when this architecture change occurs.

9. Contact Us

Email: privacy@realxreal.ai

10. California Privacy Rights (CCPA)

California residents have the right to know, delete, and opt-out. You may exercise these rights by emailing us or using the in-app deletion tools.

11. European Privacy Rights (GDPR)

We process your data based on Contractual Necessity (to provide the app features) and Legitimate Interest (fraud prevention). You have the right to erasure and portability. Contact us at privacy@realxreal.ai.

Terms of Service

Last Updated: December 30, 2025

1. Beta Services Disclaimer

Please read carefully: realxreal is currently in a Beta/MVP state. By using the App, you acknowledge that:

• The App may contain bugs, errors, or security vulnerabilities.
• Verification is probabilistic (based on AI) and not guaranteed to be 100% accurate.
• We are not responsible for financial losses or damages resulting from failed verifications or identity theft.

2. Acceptance of Terms

By downloading or using realxreal, you agree to these Terms. If you do not agree, strictly do not use the App.

3. Description of Service

realxreal verifies identity through memory-based challenges. It is intended as a supplementary security layer, not a replacement for common sense or standard authentication methods.

4. User Responsibilities

You agree to provide accurate registration information (Name/Phone). You are responsible for keeping your device secure. You must not use the App to harass others or generate fake challenges.

5. "As Is" and "As Available" Disclaimer

THE APP IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

6. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, REAL RECOGNIZES REAL AI SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS OR REVENUES.

7. Governing Law

These Terms are governed by the laws of the State of Colorado, USA.

Contact: legal@realxreal.ai