Privacy Policy

1. Who we are

MessageFuture is operated by Nukylabs LLC (“we”, “us”, “our”). We provide a platform for scheduling and delivering personal messages, managing trusted guardians, and creating AI digital twins. For privacy enquiries, contact us at support@messagefuture.com.

2. Data we collect

• Account data — your name, email address, phone number (optional), and timezone, collected when you sign up or update your profile.
• Message content — text, audio, and video messages you compose. All content is encrypted at rest using industry-standard encryption.
• Contact information — names, email addresses, and phone numbers of people you add as recipients or guardians.
• Guardian data — when you assign a guardian, we store their permissions (can view content, can set delivery date, can add recipients) and their relationship to your messages.
• Payment and purchase data — on the web, payments are processed by Stripe; we store only your Stripe customer ID and never see your card number. On mobile devices, purchases are processed through Google Play Billing (Android) or Apple StoreKit (iOS). We receive a purchase confirmation and receipt but do not access your payment method details.
• Credit and transaction history — records of credit purchases, usage, and subscription status for billing purposes.
• AI Twin data — if you create a digital twin, the personality description, training data you provide, and chat conversation history are encrypted at rest. This data is processed by a third-party AI service to generate responses.
• Push notification tokens — device tokens used to send you push notifications. Stored only while your account is active and deleted upon account closure.
• Media files — audio, video, and image files you upload are stored in encrypted cloud storage in the EU.
• Device and usage data — standard server logs including IP address, user agent, device type, and timestamps. Retained for 14 days. We also collect crash reports and performance data through Sentry for app stability.

3. How we use your data

• To deliver your scheduled and timeless messages to recipients on the dates you or your guardian sets.
• To process payments, manage your credit balance, and handle subscription billing.
• To verify in-app purchases made through Google Play or Apple App Store.
• To send you transactional emails (delivery confirmations, guardian notifications, account alerts, data export notifications).
• To generate AI Twin responses using a third-party AI service. Messages are transmitted securely over HTTPS. The AI provider does not use your data for model training.
• To allow guardians to manage messages according to the permissions you have granted them.
• To send push notifications about message deliveries, guardian actions, and account events (with your consent).
• To detect fraud, prevent abuse, and maintain platform security.
• To monitor app stability and fix errors through crash reporting (Sentry).

We do not sell your data. We do not use your message content for advertising, analytics, or AI model training.

4. Legal basis for processing (GDPR)

If you are in the EU, UK, or EEA, we process your data under the following legal bases:

• Contract — processing necessary to deliver the service you signed up for (message delivery, payments, AI Twin, guardian management).
• Legitimate interest — fraud prevention, security logging, service improvement, crash reporting.
• Consent — push notifications, optional marketing communications. You can withdraw consent at any time in Settings.

5. Data sharing

We share data only with the following sub-processors, each covered by appropriate data protection agreements:

• Database provider — hosting and authentication (EU region)
• Cloud infrastructure provider — computing, email delivery, and encrypted media storage (EU region)
• Stripe — web payment processing (PCI DSS Level 1 compliant)
• Google Play — in-app purchase processing on Android devices
• Apple — in-app purchase processing on iOS devices
• AI provider — AI Twin chat responses (your data is not used for model training)
• Push notification provider — delivering push notifications to your devices
• Error monitoring provider — crash reporting for app stability (no personal message content is sent)

We do not share your data with any other third parties. We do not sell, rent, or trade your personal information.

6. Guardian access to your data

When you assign a guardian to a message, you control exactly what they can access through permissions you set:

• Set delivery date — guardian can schedule when the message is delivered.
• Add recipients — guardian can add new recipients to the message (if permitted).
• View content — guardian can read the message content (only if you explicitly enable this).

By default, guardians cannot view message content. You can change or revoke guardian permissions at any time. Revoking a guardian removes their access immediately.

7. Data retention

• Your account, messages, and media are retained for as long as your account is active.
• Timeless messages are stored in vaults with horizons of 20, 40, or 60 years as selected during creation.
• When you request account deletion, your account enters a 30-day grace period. During this time you can cancel the deletion by logging in. After 30 days, all data is permanently and irreversibly deleted.
• Data exports are available for download for 7 days after generation, then automatically deleted from our servers.
• Stripe retains payment records as required by financial regulations (typically 7 years). Google Play and Apple retain purchase records per their respective policies.
• Server logs are retained for 14 days.

8. Your rights

Under GDPR (EU/UK users) and CCPA (California users) you have the right to:

• Access — request a copy of all data we hold about you.
• Portability — download your data in a portable format (CSV files in a ZIP archive, available from Settings).
• Rectification — correct inaccurate data in your profile settings.
• Erasure — permanently delete your account and all associated data (Settings → Delete Account, 30-day grace period).
• Restriction — ask us to stop processing your data in certain circumstances.
• Objection — object to processing based on legitimate interest.
• Withdraw consent — disable push notifications or other consent-based processing at any time.

To exercise any of these rights, email support@messagefuture.com. We will respond within 30 days. You can also export and delete your data directly from Settings in the app.

California residents (CCPA): We do not sell personal information. You may request access to or deletion of your data as described above.

9. Cookies

We use only strictly necessary cookies for authentication (session token). We do not use advertising, tracking, or analytics cookies. The mobile app does not use cookies.

10. Security

We take the security of your data seriously:

• Message content is encrypted at rest using industry-standard encryption with unique per-message keys.
• All data in transit is protected by TLS 1.2+.
• AI Twin conversations are encrypted at rest.
• Media files are stored in encrypted cloud storage.
• Authentication tokens are stored securely (Keychain on iOS, Keystore on Android, httpOnly cookies on web).
• Access to production infrastructure is restricted to authorised personnel only.
• We conduct regular security reviews of our codebase and infrastructure.

11. International data transfers

Your data is primarily stored and processed in the European Union. Some data may be processed in other regions by our sub-processors (e.g., AI Twin responses, payment processing). These transfers are protected by Standard Contractual Clauses or equivalent safeguards as required by GDPR.

12. Children

MessageFuture is not directed at children under 16. We do not knowingly collect data from anyone under 16 years of age. If you believe we have inadvertently collected data from a minor, please contact us immediately at support@messagefuture.com and we will delete it promptly.

13. Changes to this policy

We may update this policy from time to time. We will notify you by email and in-app notification of any material changes at least 14 days before they take effect. Continued use of the service after notification constitutes acceptance of the updated policy.