Last updated: 12 July 2026
The short version: your conversations, photos, voice notes, and memories are end-to-end encrypted — our servers store only ciphertext and can never read them. Some planning features (to-dos, dates, expenses) are stored readable on the server by design so reminders can work; we say so plainly below. We show no ads, run no trackers, use no third-party analytics, and never sell data.
PairNook is a private couple app operated from India on single-tenant, self-hosted infrastructure (AWS Asia Pacific, Mumbai region). Contact: support@pairnook.com.
The following content is end-to-end encrypted on your device before it is sent. The server stores and relays ciphertext only and does not hold the keys (see the Security Whitepaper for the full design):
| Data | Why |
|---|---|
| Account email, display name, password hash, avatar | To operate your account and show your partner who you are. |
| Life & activity items — by design not E2EE: titles and content of to-dos, chores, groceries, reminders, important dates, calendar entries, expenses, notes, date plans, shared links and the watchlist, travel lists, photo captions, game boards and scores, and your answers to the daily Question for Two | So the server can send you reminders and notifications at the right time even when your app is closed, and coordinate shared activities between your devices. This is a deliberate trade-off, stated honestly: if you write it in Life planning or a daily answer, our server can read it. |
| Encrypted media blobs | Storage and delivery of your photos/videos/voice notes — ciphertext only; we cannot view them. |
| Push notification tokens (APNs/FCM) | To deliver notifications to your devices. |
| Ciphertext-only notification previews | Queued briefly for delivery; unreadable to us. |
| Couple link + device records, message routing metadata | Required to run an encrypted messaging service (who is paired with whom, which devices to deliver to). |
| Encrypted key backup + recovery-key escrow blob | So you can restore your message history on a new device. Encrypted; usable only with your recovery key. See the whitepaper. |
| Location shares | Only while you actively share your location or use arrive-home alerts; only visible to your partner. |
| Moderation reports you file | To act on abuse reports. |
Our processors — the complete list: Amazon Web Services (hosting, Mumbai region; plus one operational secret kept in Singapore for disaster recovery — see section 7); the Apple Push Notification service and Google Firebase Cloud Messaging (delivery of push tokens and ciphertext-only notification payloads); and OpenAI (only for the explicit-request features described in section 5).
PairNook includes an optional assistant and voice-transcription feature. These use OpenAI's API only when you explicitly invoke them — e.g. when you ask the assistant a question or request a transcript. Only the text/audio you submit for that specific request is sent to OpenAI, per request, and it is not used to train their models under our API terms. Nothing is sent to OpenAI in the background. Besides the assistant and transcription, one feature involves chat content: the optional Memorial companion — enabled only after your explicit, revocable in-app consent — sends excerpts of your decrypted chat history (style samples and your conversation with it) to OpenAI to generate its replies; we never store that text. The assistant's scan-recent-messages action sends up to 25 recent decrypted messages to our own server for in-memory suggestion extraction; they are not stored and are not sent to OpenAI.
Deleting your account (Settings → Delete account) permanently removes your account record, your couple link, your Life planning items, media blobs, push tokens, key backups, and escrow blobs from our servers, and deactivates your messaging identity. Backups age out on a rolling schedule (within 30 days). You can also disconnect from a partner without deleting your account, which deletes the couple's shared server-side data. For step-by-step instructions, see our Account & Data Deletion page.
All user data is stored in the AWS Mumbai (ap-south-1) region on infrastructure we operate ourselves — single-tenant, no shared SaaS databases. One operational secret (the key that wraps recovery-key escrow blobs — see the Security Whitepaper, section 4) is additionally kept in AWS Parameter Store in Singapore (ap-southeast-1) for disaster recovery; no user content leaves Mumbai. All traffic uses TLS 1.2+ (TLS 1.3 preferred). Encryption design details, including exactly what is and is not end-to-end encrypted, are documented in the Security Whitepaper.
You may access, correct, export, or delete your data. Most of this is self-serve in the app; for anything else, email support@pairnook.com and we will respond within 30 days. We comply with India's Digital Personal Data Protection Act, 2023, and honour equivalent rights for users elsewhere.
PairNook is for adults (18+). We do not knowingly collect data from minors; if we learn we have, we delete it.
We will announce material changes to this policy in the app or by email before they take effect.