Privacy Policy

You give it an exported chat. It reads the conversation once, writes a reading about the relationship, and shows it to you. Then it forgets the conversation.

Last updated: 15 July 2026

Who we are

CICERO 27 S.R.L. — Via Marcantonio Colonna 54, 00192 Roma (RM), Italy. P.IVA / C.F. IT 17831221001. We are the data controller for this website and for the DoYouLoveMe iOS app. Contact: tommaso@cicero27.com.

What happens to your chat — the part that matters

  1. You upload the .zip or .txt. It is parsed in memory.
  2. The conversation is sent once, transiently, to Amazon Bedrock (region eu-central-1, inside the EEA), which runs the model that writes your reading.
  3. The reading is saved. The conversation is not: we do not store the export or the message text in our database, and we keep no copy once the reading is written.
  4. We never use your conversation to train a model.

We built it this way on purpose: the conversation is the most sensitive thing you own, so the service is designed not to hold it.

What we process

  • The chat export you upload — message text, the names or nicknames as they appear in it, timestamps. It contains data about you and the other person in it.
  • The reading we generate. This is what we keep.
  • A device identity — an anonymous identifier so your reading comes back to you (an httpOnly cookie on the web, an anonymous Firebase identifier in the app). Not linked to who you are unless you log in.
  • Your email — only if you choose to give it, to save a reading to an account. It is optional and skippable.
  • Aggregate usage events (a reading opened, a chapter viewed, a share tapped). They carry no chat content.
  • Crash diagnostics, in the iOS app only.

Who else processes your data

AWS Bedrock (writes the reading, eu-central-1), Vercel (hosting), Supabase (the stored reading and the optional account), Google Firebase (iOS: anonymous identity, aggregate analytics, crash reports), and — when payments are enabled — Stripe or Apple.

The analysis runs in the EEA. Firebase, and when enabled Stripe and Apple, involve transfers to the United States, based on Standard Contractual Clauses and/or the EU-US Data Privacy Framework where the provider adheres to it.

Legal basis

  • Writing your reading: your explicit consent, given by uploading the chat. You can withdraw it by deleting the reading.
  • Keeping the reading available to you: performance of the service you asked for.
  • Optional account: your consent.
  • Aggregate analytics and crash diagnostics: our legitimate interest in knowing the product works, using data with no chat content.

The other person in the chat

A conversation is not only yours. When you upload an export it contains the other person’s messages and name, and they have not agreed to anything.

By uploading, you confirm you have the right to do so. We minimise the consequences on our side: the conversation is never stored, your reading is private by default, and nothing is published anywhere unless you share it yourself.

Sensitive content

Real conversations mention health, sex, beliefs, politics — “special categories” under Article 9 GDPR, which get stricter protection. Do not upload a conversation if you are not comfortable with it being read once by the model that writes your reading.

How long we keep things

  • The chat export and message text: not retained. Read once.
  • The reading: until you delete it.
  • Optional email / account: until you delete the account.

Your rights

You can ask for access, rectification, erasure, restriction, portability, and you can object to processing based on legitimate interest. Write to tommaso@cicero27.com. You can also complain to the Garante per la protezione dei dati personali (garanteprivacy.it).

Changes

If we change who processes your data, or why, that is a material change: we bump the version and ask for your consent again for the new part. We do not carry an old consent onto new processing.

See also our Terms.