1. Who we are
Namore is an independent app operated by Julian, based in Germany. For the purposes of the GDPR (DSGVO), the operator is the data controller (Verantwortlicher im Sinne des Art. 4 Nr. 7 DSGVO) for the personal data described in this policy. Full operator details are listed in the Impressum.
Contact for data-protection requests: privacy@namore.app
2. Anonymous mode: no account required
You can use Namore fully without providing any personal information.
When you open the app for the first time, we assign you an anonymous ID: a random UUID generated by Supabase Auth. This ID is stored on your device. It lets the app remember your votes and session between launches without knowing anything about who you are. No name, no email, no phone number.
Apple Sign In and Google Sign In are optional. If you choose to sign in, we receive your email address (see Section 3). If you don't, we never learn it.
3. What we collect
3a. Account information (optional)
If you choose to sign in with Apple or Google, or use email magic link, we receive:
- Your email address: used only to authenticate you and, where you opt in, to send app-related notifications. We do not use it for marketing unless you signed up to our waitlist and agreed to receive updates.
- A display name you enter during onboarding (e.g. "Lena" or "Partner A"). This is stored on your session record so your partner can see who they're paired with.
If you use anonymous sign-in, none of the above is collected.
3b. Session data
When you create or join a couples session, we store:
- A session ID and a 6-character join code you share with your partner
- The user IDs of both partners linked to the session
- Your display names (what you type in)
- Your name filters: gender preference, region, style tags, syllable count, etc. (stored as JSON on the session)
- Session status and timestamps
This data is the foundation of the matching mechanic. Without it, the app cannot sync your votes with your partner.
3c. Votes (swipes)
Every swipe you make (love or pass on a name) is saved server-side. We store:
- Which name you voted on
- Your vote result
- The session and your user ID
- A timestamp
Your partner cannot see your individual votes. Row-level security enforces this at the database level: partners can only read their own vote rows. Only mutual matches (both partners voted "love") are ever surfaced to either of you.
3d. Matches
When both partners vote "love" on the same name, a match record is created containing:
- The session ID
- The name
- When it matched
- Whether each partner has opened the reveal yet
- Whether the name was pitched by a partner (see below)
Both partners can read their shared match list.
3e. Pitches (name suggestions)
Either partner can "pitch" a name directly into the other's deck. When this happens, we store the session ID, the pitcher's user ID, the name, whether it's a super-like, and whether the partner has seen it yet.
Pitch authorship is kept blind until a match occurs: your partner doesn't know you suggested a name until you both love it.
3f. App preferences (stored locally on your device)
The following settings are stored in your device's local storage only and are never sent to our servers:
- Language preference
- Surname you enter for name preview
- Notification and haptics preferences
- Daily swipe counter and super-like usage counter
- Style tags you selected during onboarding
These stay on your device. Uninstalling the app removes them.
4. What we do NOT collect
- Location data: we never request or store your location
- Device contacts: we don't access your address book
- Advertising identifiers (IDFA, GAID): we run no ads and collect no ad IDs
- Real names: display names in the app are whatever you type; we never pull your legal name from Apple or Google
- Health or pregnancy data: we don't ask for it and don't infer it
- Browsing history or cross-app tracking
- Crash analytics or third-party tracking SDKs: there are none in the current version
5. How we use your data
| Data | Purpose |
|---|---|
| Email address | Authentication; sign-in links |
| User ID (anonymous or linked) | Identify your votes and session |
| Session data | Pair you with your partner; sync filters |
| Votes | Run the double-blind matching algorithm; prevent re-showing seen names |
| Matches | Show your shared shortlist |
| Pitches | Let you suggest names to your partner |
We do not use any of this data for advertising, profiling, or sale to third parties. We do not train AI models on your swipes.
6. Third-party services (Auftragsverarbeiter, Art. 28 GDPR)
We use the following processors to operate Namore. Each processor receives only the data needed for its specific purpose, under a Data Processing Agreement (DPA) compliant with Art. 28 GDPR.
Supabase (database + authentication)
All server-side data (sessions, votes, matches, pitches, push-notification tokens, and authentication identities) is stored on Supabase (Supabase Inc., supabase.com). Supabase provides the Postgres database, authentication service, realtime subscriptions, and Edge Functions.
- Supabase Privacy Policy: supabase.com/privacy
- Data is stored in the EU region (Ireland,
eu-west-1). - DPA: signed with Supabase under their standard terms.
Vercel (website hosting)
This website (www.namore.app — landing page, privacy policy, terms, waitlist form, Impressum, this page) is served by Vercel (Vercel Inc., vercel.com). Vercel processes standard web request metadata: IP address, user agent, request path. Vercel does not receive any in-app data — the mobile app talks directly to Supabase.
- Vercel Privacy Policy: vercel.com/legal/privacy-policy
- Vercel-internal access logs are retained per Vercel's standard policy.
Expo / EAS (build delivery)
The mobile app is built and distributed using Expo (Expo Inc., expo.dev) and Expo Application Services (EAS). Expo may process anonymous device metadata as part of over-the-air update delivery. No personal app data flows through Expo.
Expo Privacy Policy: expo.dev/privacy
RevenueCat (in-app purchases)
If you buy the €7.99 unlock, the purchase is processed by Apple's App Store or Google Play. Receipt validation and premium entitlement state run through RevenueCat (RevenueCat Inc., revenuecat.com).
- RevenueCat receives: the platform purchase token from Apple / Google, your Supabase user UUID (so the entitlement can be tied back to your account), and the resulting entitlement state.
- RevenueCat does not receive your name, email, partner names, votes, matches, or any in-app activity.
- RevenueCat Privacy Policy: revenuecat.com/privacy
Apple / Google (Sign In only)
If you use Apple Sign In or Google Sign In, those providers authenticate you and pass us a token and, optionally, your email address. We don't receive any other data from them.
- Apple: apple.com/legal/privacy
- Google: policies.google.com/privacy
Apple Push Notification Service / Firebase Cloud Messaging
If you enable notifications, your device's push token is generated by Apple (APNs) on iOS or Google (Firebase Cloud Messaging) on Android, stored on your Supabase user record, and used to deliver match notifications via our notify-match Edge Function. The push payload contains a short non-identifying message ("You both love a name 💛 — tap to reveal"); the matched name itself is never put on the wire and is fetched from Supabase only after you open the app.
PostHog (anonymous analytics)
We use PostHog (PostHog Inc., posthog.com) to understand how the app is used in aggregate — for example, what fraction of new users complete onboarding, or how often the paywall converts. PostHog data is hosted in the EU (Frankfurt, eu.i.posthog.com).
- PostHog receives: a small set of explicit behavioural events (such as signup_completed, first_match, paywall_viewed, purchase_completed) tagged with your Supabase user UUID and a small number of non-identifying properties (e.g. paywall mode, product id).
- PostHog does not receive your name, email, partner names, the names you swipe on, your matches, or the contents of your shortlist.
- Events are not used for advertising, profiling, or sale to third parties.
- You can disable analytics at any time in Settings → Anonymous analytics. When disabled, the SDK drops all subsequent events and any queued events.
- PostHog Privacy Policy: posthog.com/privacy
- Legal basis: legitimate interest in product improvement (Art. 6(1)(f) GDPR), with an opt-out mechanism in-app.
Sentry (crash + error reporting)
We use Sentry (Functional Software Inc. d/b/a Sentry, sentry.io) to capture app crashes and unhandled errors so we can fix bugs quickly.
- Sentry receives: a stack trace of the error, the device model, OS version, app version, and your Supabase user UUID (so we can correlate a crash with your account if you write to support).
- Sentry does not receive your name, email, partner names, votes, matches, or any in-app activity unrelated to the error.
- Sentry Privacy Policy: sentry.io/privacy
- Legal basis: legitimate interest in operating the app securely and fixing defects (Art. 6(1)(f) GDPR).
No advertising networks, no third-party trackers, and no cross-app or cross-site tracking SDKs are active in the app.
7. Data retention
| Data type | Retention period |
|---|---|
| Anonymous sessions with no activity | 90 days |
| Active sessions (votes, matches) | 24 months from last activity |
| Email (authenticated accounts) | Until you delete your account |
| Local device preferences | Until you uninstall the app |
After retention periods expire, data is deleted automatically. You can request earlier deletion at any time (see Section 9).
8. Legal basis for processing (GDPR)
If you are in the European Union or European Economic Area, we process your personal data under the following legal bases:
- Contract performance (Art. 6(1)(b) GDPR): Processing your votes, session data, and matches is necessary to provide the service you asked for.
- Legitimate interest (Art. 6(1)(f) GDPR): Session cleanup and fraud prevention serve our legitimate interest in operating the app securely.
- Consent (Art. 6(1)(a) GDPR): If you provide your email address for sign-in or opted into waitlist emails, processing is based on your consent. You can withdraw consent at any time.
9. Your rights
Under GDPR (and similar laws), you have the right to:
- Access: request a copy of all personal data we hold about you
- Correction: ask us to fix inaccurate data
- Erasure ("right to be forgotten"): ask us to delete your data entirely
- Portability: receive your data in a machine-readable format (JSON)
- Restriction: ask us to pause processing while a dispute is resolved
- Objection: object to processing based on legitimate interest
- Withdraw consent: where processing is based on consent, you can withdraw it at any time
To exercise any of these rights, email privacy@namore.app. We respond within 30 days. No fees, no bureaucracy. Just ask.
If you believe we are handling your data unlawfully, you have the right to lodge a complaint with your national data protection authority. In Germany, this is the Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (BfDI): bfdi.bund.de.
10. Data security
- All data in transit is encrypted via TLS.
- Data at rest is encrypted by Supabase infrastructure.
- Row-level security (RLS) is enforced at the database level: your votes are inaccessible to your partner and to anyone other than you.
- Anonymous sign-in means the default state has no email or identity tied to the account.
If you discover a security issue, please disclose it responsibly to support@namore.app before going public.
11. Children
Namore is for expecting couples and is not directed at children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us data, contact us and we will delete it promptly.
12. Changes to this policy
If we make material changes, we will update the "Last updated" date at the top and notify users via an in-app notice. The previous version will be available on request. Minor changes (typos, clarifications) may be made without notice. Continued use of Namore after a material change constitutes your acceptance of the revised policy.
13. Contact
Privacy questions: privacy@namore.app
Operator details: see Impressum
Namore. Find a name you both love.