Privacy Policy

1. Introduction

Lockett ("we", "our", "us") is a private messaging application designed for intimate, one-to-one communication. We are committed to protecting your privacy and being transparent about how we handle your data. This Privacy Policy describes how we collect, use, store, and share information when you use the Lockett mobile application and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

• Phone number: We collect your phone number for account creation and authentication via one-time password (OTP) verification.
• Profile information: Your first name and optional profile photo, which you provide during account setup.
• Moment content: The text messages ("moments") and optional emoji reactions you create and send to your connections. This content is stored on our servers to enable the sealed/reveal functionality.
• Connection data: Information about the one-to-one connections you create with other users, including relationship labels you assign (e.g., partner, best friend, sibling).

2.2 Information Collected Automatically

• Device information: Device type, operating system version, and unique device identifiers necessary for push notifications and app functionality.
• Usage data: Interaction data such as when you create moments, initiate reveal sessions, and the timestamps of these activities. This is used to enforce usage quotas (3 moments per day, 10 per week) and maintain service functionality.
• Reveal session data: Real-time hold signals and heartbeat timestamps during the mutual reveal process. This ephemeral data is used to coordinate the simultaneous reveal experience and is not retained after the reveal completes.

2.3 Contact Information

With your explicit permission, we access your device's contact list to help you discover friends who are already on Lockett. Phone numbers from your contacts are hashed before being transmitted to our servers for matching purposes. We do not store your raw contact list on our servers.

3. How We Use Your Information

We use the information we collect to:

• Provide the Service: Authenticate your identity, create and manage your account, facilitate connections between users, store and deliver sealed moments, and coordinate the real-time reveal experience.
• Enforce limits: Apply daily and weekly moment quotas to maintain the intentional scarcity that is core to the Lockett experience.
• Improve the Service: Analyze aggregate usage patterns to identify bugs, improve performance, and enhance features. We do not read the content of your moments for this purpose.
• Communicate with you: Send push notifications related to your connections (e.g., when someone has sealed a moment for you or is ready to reveal), and occasional service announcements.
• Ensure safety: Detect and prevent abuse, fraud, and violations of our Terms of Service.

4. How We Protect Your Data

• Row-level security (RLS): Our database enforces row-level security policies, meaning users can only access data related to their own connections and moments. Even at the database level, your content is isolated.
• Content masking: Sealed moments are masked at the database query level. Until a mutual reveal is completed, the receiving party's queries return obfuscated content ("...") — the actual text is never transmitted to a user who hasn't participated in a reveal.
• Secure authentication: We use phone-based OTP authentication through our infrastructure provider (Supabase Auth), with no passwords stored.
• Encrypted connections: All data transmitted between the app and our servers uses TLS encryption.
• Hashed contacts: Contact phone numbers are hashed before comparison, ensuring raw contact data is not exposed to our servers.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your information in the following limited circumstances:

• With your connections: Your first name, profile photo, and revealed moment content are shared with users you have established a connection with, according to the app's design (sealed content is only shared upon mutual reveal).
• Service providers: We use Supabase as our backend infrastructure provider for database hosting, authentication, and real-time services. Supabase processes data on our behalf and is contractually obligated to protect your information.
• Legal requirements: We may disclose information if required by law, legal process, or government request, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
• Business transfers: If Lockett is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify users via the app or email before your information becomes subject to a different privacy policy.

6. Data Retention

• Account data: We retain your account information (phone number, profile name, avatar) for as long as your account is active.
• Moment content: Sealed and revealed moments are retained as long as the connection exists. Users can delete individual moments or entire connections, which removes associated content.
• Reveal session data: Ephemeral hold signals and heartbeat data are transient and are reset or overwritten with each new reveal session. This data is not retained for historical purposes.
• Account deletion: Upon account deletion, we will delete your profile information, moments, and connections within 30 days. Some data may be retained in encrypted backups for up to 90 days before permanent deletion.

7. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Update or correct inaccurate profile information directly in the app.
• Deletion: Delete your account and all associated data through the app settings or by contacting us.
• Portability: Request your data in a portable format.
• Opt-out of notifications: Manage push notification preferences through your device settings.
• Revoke contact access: You can revoke contact list permissions at any time through your device settings. Existing connections will not be affected, but new contact-based suggestions will stop.

To exercise any of these rights, contact us at privacy@lockett.app.

8. Children's Privacy

Lockett is not intended for use by anyone under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under the applicable minimum age, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@lockett.app.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from your jurisdiction. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy, including standard contractual clauses where applicable.

10. Third-Party Services

Our Service may contain links to third-party services (such as app stores). This Privacy Policy does not apply to third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you interact with.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the app or by other appropriate means before the changes take effect. The "Effective date" at the top of this page indicates when this policy was last revised. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@lockett.app
• General inquiries: hello@lockett.app

Terms of Service

Effective date: March 27, 2026

1. Acceptance of Terms

By downloading, installing, or using the Lockett application ("Service"), you agree to be bound by these Terms of Service ("Terms"). If you do not agree to these Terms, do not use the Service.

2. Eligibility

You must be at least 13 years old (or the minimum age required in your jurisdiction) to use the Service. By using Lockett, you represent that you meet this age requirement. If you are under 18 (or the age of majority in your jurisdiction), you represent that your parent or legal guardian has reviewed and agreed to these Terms on your behalf.

3. Account Registration

• You must provide a valid phone number to create an account.
• You are responsible for maintaining the security of your account and phone number.
• You may not create accounts for other people without their permission.
• You may not use the Service if you have been previously banned or removed.

4. Use of the Service

Lockett is designed for private, one-to-one communication. You agree to use the Service in accordance with these Terms and all applicable laws. You agree not to:

• Use the Service for any unlawful, harassing, abusive, threatening, or fraudulent purpose.
• Send content that is illegal, harmful, hateful, sexually exploitative of minors, or that promotes violence or discrimination.
• Impersonate another person or misrepresent your identity.
• Attempt to gain unauthorized access to the Service, other user accounts, or our systems.
• Use automated means (bots, scrapers, etc.) to access or interact with the Service.
• Interfere with or disrupt the Service, servers, or networks.
• Reverse-engineer, decompile, or disassemble any part of the Service.
• Circumvent or manipulate moment quotas, reveal mechanisms, or other limitations.

5. Content

5.1 Your Content

You retain ownership of the content (moments, messages) you create on Lockett. By using the Service, you grant us a limited license to store, process, and transmit your content solely for the purpose of providing the Service to you and your connections.

5.2 Content Removal

We reserve the right to remove content that violates these Terms or applicable law, without prior notice. You may delete your own moments at any time through the app.

6. The Reveal Mechanism

The simultaneous hold-to-reveal feature is a core part of the Lockett experience. You acknowledge and agree that:

• Sealed moments are not accessible to the recipient until a mutual reveal is completed.
• Once revealed, moments become visible to both participants and this action cannot be undone.
• The reveal process requires real-time participation from both users.
• Network conditions may affect the reveal experience; we are not liable for incomplete reveals due to connectivity issues.

7. Moment Quotas

Lockett enforces limits on the number of moments you can create (currently 3 per day and 10 per week per connection). These quotas are part of the product experience and may be adjusted at our discretion. Attempting to circumvent these limits may result in account suspension.

8. Connections and Invitations

• Creating a connection requires mutual consent — the other person must accept your invitation.
• Either user may delete a connection at any time, which removes shared content.
• When inviting contacts who are not yet on Lockett, you are responsible for ensuring you have a legitimate relationship with that person.

9. Intellectual Property

The Lockett name, logo, design system, and Service are owned by Lockett and protected by intellectual property laws. You may not copy, modify, distribute, or create derivative works based on our Service without explicit permission.

10. Disclaimers

The Service is provided "AS IS" and "AS AVAILABLE" without warranties of any kind, whether express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, and non-infringement. We do not warrant that the Service will be uninterrupted, error-free, or secure.

11. Limitation of Liability

To the maximum extent permitted by applicable law, Lockett and its officers, directors, employees, and agents shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits or revenues, whether incurred directly or indirectly, or any loss of data, use, goodwill, or other intangible losses resulting from:

• Your access to or use of (or inability to access or use) the Service.
• Any conduct or content of any third party on the Service.
• Any content obtained from the Service.
• Unauthorized access, use, or alteration of your transmissions or content.

12. Termination

We may suspend or terminate your account at any time for any reason, including violation of these Terms, with or without notice. Upon termination, your right to use the Service ceases immediately. You may delete your account at any time through the app settings. Provisions of these Terms that by their nature should survive termination will survive (including sections on intellectual property, disclaimers, and limitation of liability).

13. Governing Law

These Terms shall be governed by and construed in accordance with the laws of the jurisdiction in which Lockett operates, without regard to conflict of law principles. Any disputes arising under these Terms shall be resolved in the courts of that jurisdiction.

14. Changes to Terms

We may revise these Terms at any time. Material changes will be communicated through the app or other appropriate means at least 14 days before they take effect. Continued use of the Service after changes become effective constitutes acceptance of the revised Terms.

15. Contact

For questions about these Terms, contact us at hello@lockett.app.