CirclesMM is a small messaging app for staying in touch with people you actually know. This policy describes what data the app collects, who it goes to, and how to reach us if you want it removed. It is written in plain language. There is no fine print.
What we collect
- Your phone number — collected when you sign up so we can send you a one-time verification code by text message. We use it for sign-in only.
- Your profile — the display name you choose to show other members, and an optional avatar and bio if you add them. You can change all of these at any time on the Profile screen.
- Messages you send — chat messages in your circles, direct messages, and the circles you belong to are stored so the app can show them to you and to the people you sent them to.
- Photos you upload to Dynasty Tracker — if you use the Dynasty Tracker feature, the photos you upload (PS5 screenshots) are stored so the feature works for you, and the image is sent to our image-processing provider (see below) to read the roster data out of it.
- A push notification token — if you allow notifications, we store a device token so we can deliver them. Declining notifications means no token is stored.
- Premium purchase records — if you buy Premium, our payment provider (Stripe, see below) handles your card and billing details directly; we never see your card number. We store what's needed to know your purchase happened: payment status and your membership entitlement.
- Reports — if you report a message, we store the report (including a snapshot of the reported message) so we can act on it.
We do not collect your location. We do not collect your contacts. We do not run analytics or tracking SDKs inside the app. We do not use advertising identifiers.
Who we share it with
We do not sell your data. We do not share it with advertisers. We share data only with the service providers we need to operate the app:
- Supabase — our backend host. Stores your account, your messages, your circle memberships, and your uploaded photos.
- Twilio — delivers your one-time SMS verification code when you sign in. Receives your phone number to deliver that text.
- Anthropic — processes Dynasty Tracker photos to read the roster from the screenshot. Receives the photo and returns the extracted text data.
- Stripe — handles Premium payments. Your card and billing details go to Stripe directly through their checkout page; they never touch our servers.
- Expo — delivers push notifications, via Google and Apple's notification systems. A notification preview (the sender's name and the start of the message) passes through these services on its way to your phone.
- Resend — emails us an alert when a message is reported, so we can act on reports quickly. That email includes the report contents.
These providers are bound by their own terms and act on our behalf to operate the service. They are not permitted to use your information for their own marketing.
We do not sell, rent, or share mobile opt-in information or SMS consent data with any third parties or affiliates for their marketing or promotional purposes. No mobile information collected through SMS sign-in is shared with third parties for marketing. See our SMS Terms & Conditions for the full text-message program terms.
Your choices
- Delete your account: in the app, go to Profile → Delete account — it takes effect immediately. Your name and phone number are erased; messages you sent remain in their conversations attributed to "Deleted user." Full details (including deletion by email if you can't access the app) are on our account deletion page. We do not require a reason.
- Change your display name: edit it at any time on the Profile screen.
- Stop using the app: uninstall it. If you want your stored data removed, use the in-app deletion or email contact@circlesmm.com.
Children
CirclesMM is not directed to children under 13, and we do not knowingly collect data from anyone under 13. If you believe a child has signed up, email us at contact@circlesmm.com and we will delete the account.
Data retention
We keep your data while your account exists. When you ask us to delete it, we remove it from our active systems. Backups may retain copies for a short period before they roll off.
Security
Communications between your device and our backend are encrypted in transit using HTTPS (TLS). Data stored on our backend is encrypted at rest with AES-256, including backups. On your phone, your sign-in session is stored in the device's secure hardware-backed storage (Keychain on iOS, Keystore on Android), not in plain app data.
We do not encrypt messages end-to-end in this version of the app; that means we (and our backend provider) can technically read message contents on the server. We do not access them as a matter of practice, but you should treat the service accordingly.
Changes
If we change this policy in a meaningful way, we will update the effective date at the top of this page.
Contact
Questions, requests, or concerns: contact@circlesmm.com
SMS terms
The full terms for the CirclesMM text-message (SMS) verification program are published separately. See our SMS Terms & Conditions.