Your dates are private. We built it that way.
We take your privacy and security very seriously. This page explains exactly what happens to your data at every step.
The short version
We record your date, transcribe it, generate personalized insights, and then permanently delete the recording and transcript. The only things we keep are your insights and anonymized conversation metrics. You can delete your entire account and all associated data at any time.
Your data is protected by row-level security policies, meaning even if someone gained access to our database, they could only see their own data. We never sell your data, we never share your recordings, and we never will.
Data lifecycle
Every piece of data has a defined lifecycle. Here is exactly what we store, for how long, and why.
Audio Recordings
DeletedAudio is recorded on your device in 1-minute chunks, uploaded to secure cloud storage for transcription, and then permanently deleted from both the cloud and local device once insights are generated. We do not keep your audio.
Transcripts
DeletedThe transcript text, utterances, speaker mapping, and raw transcription response are all nullified and wiped after insights are generated. We keep only a metadata row (date ID, processing status, confidence score) for system health. The actual content of your conversation is gone.
Insights
RetainedThe AI-generated insights are kept so you can revisit them. These are written by AI personas and do not contain verbatim quotes of your date partner. Your own words may be quoted, but your partner's words are always paraphrased.
Conversation Metrics
RetainedAnonymized metrics like speaking time percentage, number of questions asked, and engagement scores are retained to power your trend analysis. These contain no conversation content.
Account Data
Until you deleteYour email, profile, and session history are stored as long as you have an account. Delete your account and it is all gone.
How the upload flow works
The exact sequence of events from the moment you tap “Record” to when you see your insights.
Recording starts on your device
Audio is captured locally in 1-minute chunks using high-quality AAC encoding (16kHz, mono). Chunks are saved to your device's private app storage, not your photo library or shared storage. Each chunk is deleted from your device once it has been uploaded.
Chunks upload to secure storage
Each chunk uploads to our Supabase Storage bucket over HTTPS. The storage path is scoped to your user ID, so other users cannot access your files even with a direct URL. Failed uploads retry automatically with exponential backoff (up to 5 attempts).
You end the date
When you stop recording, a transcription job is queued. Your audio chunks are sent to our cloud transcription service with speaker diarization (identifying who said what).
Transcript is processed
The raw transcript is stored temporarily while we run speaker identification. You're asked “Which speaker are you?” so we can attribute your words correctly. This is the only human step in the pipeline.
AI generates your insights
Claude (by Anthropic) reads your transcript and generates personalized insights in multiple formats. Your partner's words are paraphrased, never quoted verbatim. The AI has no memory between sessions and does not train on your data.
Audio and transcript are permanently deleted
Once insights are generated and notifications sent, audio files are deleted from cloud storage, audio chunk metadata is removed from the database, and transcript content (full text, utterances, speaker mapping, raw response) is nullified. Only insights and anonymized metrics remain.
Permanently deleted after this stepData deletion in detail
Audio file deletion
After insights are generated, our system queries all audio chunks associated with your date session, deletes each file from cloud storage, and then removes the database records that referenced them. This is automated and happens within seconds of your insights being ready.
Storage path pattern: {your_user_id}/{date_id}/chunk_001.aac — these paths are deleted entirely.
Transcript content deletion
After insights are generated, we set:
full_text→ nullutterances→ empty arrayraw_response→ nullspeaker_mapping→ null
The transcript row is kept only for status tracking (e.g., “completed”) and system health. No conversation content remains.
Local device deletion
Audio chunks on your device are stored in the app's private document directory, not in your photo library or any shared location. Once chunks are uploaded and confirmed, local audio files are deleted. If you uninstall the app, all local data is automatically removed by your operating system.
Temporary data expiration
- Pairing codes — expire after 5 minutes
- Guest insight links — expire 24 hours after the date ends
- Speaker ID reminders — sent once and then cleared
Encryption & security
Data in transit
All communication between the app and our servers uses HTTPS (TLS 1.2+). This includes audio uploads, API calls, authentication tokens, and real-time subscriptions. No data is ever sent in plaintext.
Data at rest
Our database and storage infrastructure is hosted on Supabase, which runs on AWS with encrypted storage volumes. All data at rest is encrypted using AES-256 at the infrastructure level.
Storage isolation
Audio files in cloud storage are stored in user-scoped directories. Storage access policies enforce that you can only read, write, and delete files in your own directory. The path is derived from your authenticated user ID, making it impossible for another user to access your files.
Access control
Row-level security (RLS)
Every table containing user data has row-level security policies enforced at the database level. This means the database itself prevents unauthorized access, even if application code were compromised. You can only query your own sessions, transcripts, insights, and metrics.
Service role isolation
Backend processing (transcription, AI insights) uses a service-level key stored as an encrypted secret in our edge function environment. This key is never exposed to the client app or included in any client-side bundle.
API key security
The Anthropic API key used for generating insights is stored exclusively as a server-side secret. No AI provider credentials are ever sent to or stored on your device. All AI processing happens server-side in isolated edge functions.
AI processing
How we use AI
We use Claude (by Anthropic) to read your transcript and generate personalized dating insights. The AI processes your conversation once to generate insights, then the transcript is deleted. The AI does not have persistent memory between sessions.
No training on your data
Your conversations are never used to train AI models. Anthropic's API terms explicitly state that API inputs and outputs are not used for model training. Your date conversations are processed, insights are generated, and the input data is deleted.
Partner privacy in insights
Our AI prompts explicitly instruct the model to paraphrase your date partner's words, never quote them verbatim. Your own words may be quoted directly in your insights, but your partner's words are always rephrased.
Authentication
Save the Date uses Sign in with Apple and Google Sign-In for authentication. We never handle or store your password. Your session is managed via JWT tokens that automatically refresh and are stored in your device's secure storage.
When you sign out, your session tokens are immediately invalidated and cleared from local storage.
Account deletion
You can delete your account at any time from within the app. When you do, here is what happens:
- All audio files in cloud storage are deleted (if any remain from in-progress sessions)
- All your insight threads are deleted
- All your date sessions, metrics, and trends are cascade-deleted
- All transcript records associated with your sessions are cascade-deleted
- All push notification tokens for your devices are removed
- Your user profile and authentication record are permanently deleted
This is a complete, irreversible deletion. We use database cascade rules to ensure no orphaned data remains.
Local device data
Stored on your device
- Session tokens — JWT for auth, stored in platform-secure storage (Keychain on iOS, encrypted shared preferences on Android)
- Temporary audio chunks — in the app's private directory, not accessible to other apps, cleaned up after upload
NOT stored on your device
- Transcripts are never stored locally
- Insights are fetched on demand, not cached
- No data is written to your photo library, shared storage, or iCloud
Uninstalling the app
If you uninstall Save the Date, all local data (tokens, temporary audio) is automatically removed by your operating system. Your server-side data remains until you delete your account.
Third parties
We use a minimal set of trusted infrastructure providers.
Supabase
Database, auth, storage, edge functions
Hosted on AWS. SOC 2 Type II compliant. All data encrypted at rest and in transit.
Anthropic (Claude)
AI insight generation
API inputs are not used for model training. Data processed and discarded. SOC 2 Type II compliant.
Expo
Push notifications, app builds
Receives only push tokens and notification payloads. No access to conversation data.
Vercel
Web hosting
Hosts this website. No access to user conversation data.
Data retention summary
| Data Type | Retention | Details |
|---|---|---|
| Audio recordings | Deleted after processing | Minutes to hours, depending on processing time |
| Transcript content | Deleted after processing | Full text, utterances, and speaker mapping all nullified |
| Insights | Until account deletion | AI-generated insights you can revisit |
| Metrics | Until account deletion | Anonymized scores, no conversation content |
| Account data | Until account deletion | Email, profile, session history |
| Pairing codes | 5 minutes | Auto-expire |
| Guest insight links | 24 hours | Expire after date ends |
Questions?
If you have questions about how your data is handled, want to request a data export, or need anything else:
privacy@getsavethedate.comPrivacy Policy
For our formal privacy commitments, data collection practices, and your rights:
Read Privacy Policy →