Privacy Policy
Last updated: 25 April 2026. Questions? hello@wehumanhuman.com
What we collect and why
We collect the minimum needed to run the service.
| Data | Why |
|---|---|
| Email address | Account creation, sign-in, transactional emails (receipts, password reset). We do not send marketing email without separate consent. |
| Password | Stored as a hash by Firebase Auth. We never see your plain-text password. |
| Subscription tier | Free / Pro Solo / Pro Couple — determines which exercises you can access. |
| Exercise completions + ratings | Records which exercises you have completed and your 1–5 star rating. This is the core product record. |
| Partner invite records | Invite codes linking two accounts. Needed for the Pro Couple tier. |
| Session cookie (__session) | Keeps you signed in between page loads. Expires after 14 days or on sign-out. Strictly necessary — not subject to cookie consent. |
| Analytics (optional) | Google Analytics — only if you click “Accept” on the cookie banner. Page visits, no advertising ID, no cross-site tracking. You can decline without any feature loss. |
What we never do
- Sell or share your data with third parties for advertising.
- Use your relationship data or exercise responses to train any external AI model.
- Store more than we need to deliver the service.
- Send marketing email without your separate consent.
- Log or store relationship content you share during exercises beyond what the product requires.
Who processes your data
We use the following sub-processors. Each has its own privacy policy and data processing terms.
- Firebase / Google Cloud — authentication, database, and hosting (United States)
- Stripe — payment processing (United States). We never see or store card numbers.
- MailerSend — transactional email: receipts, password reset, welcome (not yet active)
- Google Analytics — optional site analytics, consent-gated
Your rights
You can request a copy of your data, correction of errors, or full account deletion at any time by emailing hello@wehumanhuman.com. We will respond within 30 days. Account deletion removes all personal data from our systems within 60 days (Stripe retains payment records per their legal obligations).
If you are in the EU or UK, you also have the right to lodge a complaint with your local data protection authority.
Data retention
Active accounts: data retained while the account exists. Deleted accounts: personal data removed within 60 days. Waitlist emails: retained until you unsubscribe or the product launches (whichever comes first).
Changes to this policy
If we make a material change, we will email you at the address on your account before the change takes effect. The “Last updated” date at the top always reflects the current version.