Privacy Policy

1. The short version

Your dating life never leaves your phone. Datey is built so that the entries, people, photos, notes, moods, and patterns you create stay on your device, in your private storage (Apple’s SwiftData and Keychain). We do not have an account system. We do not run our own servers that hold your data. We cannot read your journal.

The only personal data that leaves your device is the minimum required for Apple to process your subscription purchase, which Apple and our subscription provider (RevenueCat) handle — never the contents of your journal itself.

This policy explains exactly what is collected, by whom, and what your rights are.

2. Who we are

Tortuga Global Tech LLC (“we,” “us,” “Datey,” “the studio”) is the data controller for the limited data described in this policy.

• Registered address: 1021 E Lincolnway, Suite 10348, Cheyenne, WY 82001, United States
• Contact: support@tortugatech.co

For users in the European Economic Area, the United Kingdom, or California, we act as the “controller” of your personal data within the meaning of the GDPR, UK GDPR, and CCPA respectively. Where this policy refers to processors (Apple, RevenueCat), they act on our behalf under their own published privacy policies.

3. What we collect

We have grouped the data Datey touches into three categories. Read each carefully — the distinctions matter.

3.1 Data that stays on your device (not “collected” by us)

Everything you enter into Datey lives in the app’s own private storage on your iPhone or iPad:

• Information you record about each person — nickname, birth date or age, gender, height and other body measurements you enter, eye and hair colour, body modifications, education and occupation, where they live, how you met, free-text notes, and (if you choose to enter them) phone number, WhatsApp number, or Instagram handle.
• Information you record about each date — when, where (city, country, venue type), what you did, your mood and ratings (vibe, attractiveness scored across several dimensions), intimacy data, amount spent and currency, and the relationship status at the time.
• Photos you add to a person’s profile or to a date entry.
• Photos you place in PrivateVault (see §7 for the stronger protections that apply to vault photos).
• Calendar entries Datey writes when you add upcoming dates.
• Aggregated patterns and insights the app computes from the above.

We do not receive this data. It is not transmitted to our servers (we don’t have any for journal content). We cannot recover it for you if you lose your device or delete the app. If you uninstall Datey, this data is removed with the app unless it is included in an Apple-managed device backup that you control through your own iCloud Backup settings.

A note about other people. The journal records information about people who have not themselves installed Datey or agreed to this policy. We never see that information. You are responsible, under the laws that apply to you and to them, for whether and how you record it. We recommend treating Datey as a private diary, not as a shared database, and being thoughtful about recording intimate details of people who have not consented.

3.2 Data processed by Apple when you buy a subscription or one-time purchase

When you purchase a Datey subscription (monthly or yearly) or the lifetime purchase, the transaction is processed entirely by Apple under Apple’s own privacy terms. Apple does not share your Apple ID, name, email, or payment details with us. The only purchase-related data we receive flows through our subscription processor (see §4.2):

• A randomly generated anonymous identifier created by that processor the first time you open the app. It is not your Apple ID, name, email, or device identifier.
• The product identifier and purchase / renewal events Apple reports to the processor.
• Basic device metadata (iOS version, device model, app version, country).

We use this only to confirm that your subscription is active when you launch the app and to honour “Restore Purchases” if you reinstall.

3.3 Data we deliberately do not collect

We want to be explicit:

• No accounts. Datey has no sign-up, login, email, or password.
• No analytics. We do not use Firebase, Mixpanel, Amplitude, Google Analytics, Segment, PostHog, or any equivalent. We do not track your screen views or button taps.
• No crash reporting tied to your identity. Apple’s standard, opt-in crash reporting may surface anonymised crash diagnostics to us via App Store Connect; you control this from iOS Settings → Privacy → Analytics & Improvements.
• No advertising. Datey contains no ads, no tracking pixels, no advertising identifiers.
• No social-media SDKs. No Facebook, no TikTok, no Snap, no Pinterest SDKs are embedded.
• Only one rendering library besides Apple’s. Datey bundles Lottie (an open-source animation library from Airbnb) to play decorative animations such as the launch screen. Lottie runs entirely inside the app from animation files we ship with the bundle. It does not make network requests and does not collect data.

4. Third-party processors

Datey relies on two third parties that handle personal data:

4.1 Apple Inc.

Apple processes your App Store purchases, hosts the app, and provides the iOS frameworks (SwiftData, Keychain, EventKit, PhotoKit, MapKit) Datey uses. Apple’s handling of your data is governed by the Apple Privacy Policy.

4.2 RevenueCat, Inc.

We use RevenueCat (revenuecat.com) to track subscription entitlements across devices. When you make a purchase or restore purchases, RevenueCat receives:

• A randomly generated, anonymous identifier we associate with your device (not your Apple ID, name, or email)
• The product identifier and purchase / renewal events Apple sends them
• Basic device metadata (iOS version, device model, app version, country)

RevenueCat acts as our processor under their Privacy Policy and Data Processing Addendum. They are SOC 2 Type II certified. They do not use this data for advertising or share it with third parties for marketing.

5. iCloud sync (off by default — opt-in only)

Datey can store its data in your own private iCloud container so that it is backed up and kept in sync across the Apple devices signed into your Apple ID. iCloud sync is off by default. You explicitly opt in from Datey’s Settings screen, and you can turn it off again at any time.

When iCloud sync is enabled:

• The data syncs inside your own private iCloud container. Tortuga Global Tech LLC has no key to that container and no way to access it.
• The synced data does not transit our servers.
• PrivateVault contents (see §7) sync as the same encrypted .enc blobs that live on your device — Apple’s iCloud never sees an unencrypted vault photo.
• You can revoke sync at any time from Datey’s Settings or from iOS Settings → [your name] → iCloud → Apps Using iCloud.

Standard iOS device backup. Independent of Datey’s in-app sync, the iOS device backup feature managed by Apple (Settings → [your name] → iCloud → iCloud Backup) may include Datey’s data as part of your overall device backup. That is between you and Apple. PrivateVault contents remain encrypted in any such backup because they are stored as .enc files on disk.

6. Permissions Datey may ask for

iOS will prompt you the first time Datey needs each of the following. You can deny any of them and most of the app continues to work. None of these are required to use Datey, with the partial exception noted below.

Permission	What we use it for	What happens if denied
Photos (read)	Add a photo to a person’s profile, to a date entry, or to PrivateVault. Photos are read into Datey’s own on-device storage.	Profile, date, and vault photos cannot be set; everything else still works.
Photos (add)	When you choose to export a photo from PrivateVault back to your Photos library, iOS shows a separate “save to Photos” prompt (write-only).	The export back to Photos is cancelled; the photo remains in your vault.
Camera	Take a profile photo directly inside Datey, or capture a photo straight into PrivateVault.	You can still pick existing photos from your library if Photos permission is granted.
Contacts	Optionally import a contact’s name when you’re adding a new date. We read only the contact’s name when you tap “Pick from Contacts”; we do not enumerate or store the rest of your address book.	You can type the name manually.
Calendars (read & write)	When you tag a date with an upcoming time, Datey can write the event to your calendar so it appears with your other events. iOS 17 grants calendar permission in a single full-access prompt; we use it only to write new events when you ask us to, and to confirm an event was created. We do not read other calendar entries or share calendar data anywhere.	Nothing is written to your calendar; the in-app date entry still works.
Location (when in use)	Auto-fill the city and country for a date entry from your current location. We do not log your location anywhere; the resolved city name is what gets stored locally on your device.	You can type the location manually.

We do not request push notifications, microphone, motion, Bluetooth, or HealthKit. We do not use any other sensitive permission.

7. Sensitive data

Datey is a private dating journal. The data you put into it can be sensitive — relationships, intimacy, mental state, sexual orientation, locations. We have designed the app so that this data stays on your device precisely because of how sensitive it is. We never see it, and we have built no mechanism by which we could.

PrivateVault, an in-app feature for storing photos you want kept apart from your main camera roll, applies a stronger protection than the rest of Datey’s data:

• Photos imported into the vault are written to Datey’s sandboxed app container as AES-encrypted .enc blobs (using Apple’s CryptoKit).
• The encryption key is held in iOS Keychain and gated by your device biometrics or passcode (Face ID / Touch ID). Even with the file off your device, the photos cannot be decrypted without unlocking the key on your hardware.
• Vault access inside the app is gated by a biometric prompt every time you open it.
• We have no copy of the key and no way to derive it. If you lose access to your device and have not enabled iCloud sync (§5), the vault contents are unrecoverable.

When you import a photo into the vault, the original remains in your iOS Photos library until you delete it. Datey shows a reminder; permanent removal from Photos → Recently Deleted is your responsibility. When you choose to export a vault photo back to Photos, iOS prompts for “add only” Photos permission and the decrypted image is written into your library at that moment.

If iCloud sync (§5) is enabled, the items that sync are the same encrypted .enc blobs that live on your device — Apple’s iCloud never holds an unencrypted copy.

8. Children’s privacy

Datey is rated 17+ on the App Store and is intended for adults. We do not knowingly collect any data from anyone under 17. If you believe a child has used Datey, please contact us at support@tortugatech.co and we will assist.

9. International users

9.1 European Economic Area and United Kingdom

If you are in the EEA or the UK, the General Data Protection Regulation (EU GDPR) or UK GDPR applies to the limited data described in §3.2 and §4.

Lawful basis. We process subscription data under Article 6(1)(b) GDPR — processing is necessary for performance of the contract you enter into when you purchase a subscription or lifetime licence.

Your rights under GDPR / UK GDPR include: access, rectification, erasure (“right to be forgotten”), restriction of processing, data portability, objection, the right to lodge a complaint with your national supervisory authority (e.g., the UK Information Commissioner’s Office at ico.org.uk), and the right to withdraw any consent you have given us (where we rely on consent — we currently do not). You also have the right not to be subject to a decision based solely on automated processing of your data — Datey does not make any such decisions about you.

Because we do not hold the contents of your journal — only an anonymous purchase identifier — exercising these rights primarily involves deleting your anonymous subscription record. Email support@tortugatech.co and we will process the request within 30 days.

International transfers. RevenueCat is a US company. We rely on the EU-U.S. Data Privacy Framework where applicable and on Standard Contractual Clauses for transfers from the UK and other EEA member states. Apple’s transfers are governed by Apple’s own arrangements.

EU representative. We have assessed our processing as falling within the Article 27(2)(a) GDPR exemption from the requirement to appoint an EU representative: the personal data we process is occasional, does not include special categories of data (the journal content, which could include special-category data, stays on your device and we never receive it), and presents minimal risk to the rights and freedoms of data subjects. If you are an EU data subject and you would prefer a local point of contact, email support@tortugatech.co and we will accommodate.

9.2 California residents

If you are a California resident, the California Consumer Privacy Act (CCPA, as amended by CPRA) applies. You have the right to know what personal information we have, request its deletion, correct inaccuracies, opt out of any “sale” or “sharing” (we do neither), and to non-discrimination for exercising these rights.

Categories of personal information we hold about California residents:

• Identifiers — an anonymous device-bound subscription ID. Source: created by our subscription processor on first launch. Purpose: confirming subscription status and honouring “Restore Purchases.”
• Commercial information — which Datey product you purchased and your subscription status. Source: Apple, via our subscription processor. Purpose: confirming you have access to the features you paid for.
• Device metadata — iOS version, device model, app version, country. Source: your device. Purpose: subscription processing and basic troubleshooting.

We do not sell or share personal information. We do not use it for cross-context behavioural advertising. We do not knowingly collect personal information from anyone under 16, and we do not have actual knowledge that we have done so. Because the journal content stays on your device and we do not receive it, we do not collect “sensitive personal information” within the meaning of CPRA §1798.140(ae).

Exercising your rights. Email support@tortugatech.co. Because we do not have your real identity, we will ask you to provide enough information to identify the specific subscription record we hold about you — typically the Apple receipt or the device-bound subscription identifier shown in Datey’s Settings → About. If you are using an authorized agent (such as a lawyer or family member) to make a request on your behalf, the agent must provide written, signed authorization from you and we may verify the request directly with you before acting. We will respond within 45 days as required by CCPA, with one 45-day extension if reasonably necessary.

10. Security

On-device data is protected by iOS — encrypted at rest when your device is locked, and gated by your device passcode, Face ID, or Touch ID. Photos in PrivateVault are stored inside Datey’s sandboxed container.

The minimal subscription data held by RevenueCat is encrypted in transit and at rest, and accessed by Tortuga Global Tech LLC personnel only when investigating a billing issue you have raised with us.

11. Changes to this policy

If we change this policy materially, we will update the “Last updated” date at the top, and — for a material change that affects your rights — we will display an in-app notice in Datey the next time you open it.

12. Contact us

For any privacy question or to exercise a right:

Tortuga Global Tech LLC 1021 E Lincolnway, Suite 10348, Cheyenne, WY 82001, USA support@tortugatech.co