Effective Date: February 25, 2026
Friendgarden is a personal friendship management app designed with privacy at its core. Your friendship data belongs to you, and we've built the app to ensure it stays that way.
We collect your email address for authentication purposes. Authentication is handled securely through Supabase Auth.
All friend data — including names, optional contact information, group assignments, interaction notes, and reflections — is stored locally on your device in an encrypted SQLite database. This data never leaves your device unless you explicitly enable cloud sync.
If you choose to enable cloud sync, your friend data is encrypted end-to-end before leaving your device using AES-256-GCM encryption. Your encryption keys are derived from your account and never leave your device in plaintext. This means we cannot read your synced data — it's encrypted in a way that only you can decrypt it.
When you use the contact picker feature, we temporarily access your device contacts to let you select friends to add. We only store the names you explicitly choose to add to your garden. Your full contact list is never uploaded or stored on our servers.
If you sign up for our waitlist, we store your email address to notify you when the app becomes available or when we have important updates to share.
We use PostHog for anonymous usage analytics to understand how people use the app and to improve it. This includes information like which screens you view and which features you use. No personal friend data is ever included in analytics.
If you enable push notifications, we use Apple Push Notification service (APNs) to send you reminders about friends you want to stay in touch with. Notification tokens are stored securely and are only used to deliver notifications you've requested.
We use the information we collect to:
Friend data is stored in an encrypted SQLite database on your device. Your device's built-in encryption provides an additional layer of security.
If you enable cloud sync, your data is encrypted end-to-end using AES-256-GCM encryption before being sent to our servers. Encryption keys are derived from your account using a recovery phrase that only you have access to. These keys never leave your device in plaintext.
We use industry-standard security practices to protect your data, including secure authentication, encrypted data transmission, and regular security updates. However, no method of electronic storage or transmission is 100% secure.
We use the following trusted third-party services:
These services have their own privacy policies, which we encourage you to review. We only share the minimum data necessary for these services to function.
You have complete control over your data:
Local data remains on your device until you delete it. Cloud-synced data is retained as long as your account is active. When you delete your account, all cloud data is permanently deleted within 30 days. Anonymized analytics data may be retained indefinitely.
Friendgarden is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us.
Friendgarden is operated in the United States. If you are located outside the U.S., please be aware that information we collect will be transferred to and processed in the U.S. By using the app, you consent to this transfer and processing.
We may update this privacy policy from time to time. We'll notify you of any significant changes through the app or via email. Your continued use of the app after changes are made constitutes acceptance of the updated policy.
If you have questions about this privacy policy or how we handle your data, please contact us at: