Privacy Policy

Last updated: April 2026

Overview

Carry ("we", "us", or "our") is a household management app for couples. We take your privacy seriously. This policy explains what personal data we collect, how we use it, who we share it with, and your rights under applicable law.

The data controller is Carry (sitekiks.com). Questions about this policy can be directed to support@carry.app.

Data We Collect

  • Account information: Your email address and a secure password hash for authentication. If you sign in with Apple, we receive an anonymised Apple user identifier and, only if you choose to share it, your email address. Your display name and avatar colour preference are stored on our servers and synced across your devices.
  • Household data: Tasks, shopping lists, events, compliments, and activity history you create are stored on our servers to enable real-time sync between you and your paired partner. All members of your household can see this data. Data created by your partner is also visible to you.
  • Voice and transcript data: If you use voice capture, audio is processed entirely on your device using Apple's on-device speech recognition — we never receive raw audio. The resulting text transcript is sent to our servers and forwarded to OpenAI for AI-powered task parsing (extracting title, category, priority, and due date). We do not store transcripts beyond the parsing request. OpenAI's privacy policy is available at openai.com/privacy.
  • Push notification tokens: If you grant notification permission, we store an Expo push token on our servers to deliver compliment notifications and trial reminders. This token is associated with your account and transmitted via Expo's notification service. You can revoke permission at any time in your device settings.
  • Subscription data: Purchases are processed by Apple via the App Store and managed through RevenueCat. We receive confirmation of your subscription status (active, expired, or free) but do not store payment card details. RevenueCat's privacy policy is available at revenuecat.com/privacy.

Data We Do Not Collect

We do not collect analytics data, advertising identifiers, location data, contacts, or browsing history. We do not use your data for advertising or sell, rent, or share your personal data with third parties for marketing purposes.

Third-Party Services

The following third-party services process data on our behalf:

  • Supabase — secure cloud database and authentication (supabase.com/privacy)
  • OpenAI — AI parsing of voice transcripts (openai.com/privacy)
  • Expo / Expo Push — delivery of push notifications (expo.dev/privacy)
  • RevenueCat — subscription management (revenuecat.com/privacy)
  • Apple — App Store payments, Sign in with Apple, on-device speech recognition (apple.com/privacy)

International Data Transfers

Carry is operated from the United Arab Emirates. Some of the third-party services listed above — including Supabase, OpenAI, Expo, and RevenueCat — are based in the United States and process data on servers located there. When your data is transferred outside the UAE or the European Economic Area (EEA), it is subject to the privacy laws of the receiving country, which may differ from those in your country of residence.

Where such transfers involve personal data of users in the EEA or UK, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission. For all other transfers, we take reasonable steps to ensure your data is handled securely and in accordance with this policy. By using Carry, you acknowledge that your data may be transferred to and processed in the United States and other countries in accordance with this policy.

Lawful Basis for Processing

We process your personal data on the following bases. For users in the EEA and UK, these bases are defined under the EU GDPR and UK GDPR respectively:

  • Contract performance — to provide the Carry service you have signed up for
  • Legitimate interests — to maintain security, prevent abuse, and improve reliability
  • Consent — for push notifications (you may withdraw consent at any time)

Data Storage & Security

Your data is stored on secure cloud servers (Supabase) with encryption in transit (HTTPS/TLS) and at rest. Access is restricted to authenticated household members. A local cache is maintained on your device for offline use and is cleared when you sign out or uninstall the app.

We retain your account and household data for as long as your account is active. If you request deletion, we will remove your personal data within 30 days, subject to any legal obligations to retain certain records.

Children's Privacy

Carry is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us at support@carry.app and we will delete it promptly.

Your Rights

Depending on where you are located, you may have the following rights regarding your personal data:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Object to or restrict certain processing
  • Data portability

If you are located in the EEA or UK, these rights are guaranteed under the EU GDPR and UK GDPR respectively. You also have the right to lodge a complaint with your local data protection authority — for example, your national supervisory authority within the EEA, or the Information Commissioner's Office (ICO) at ico.org.uk if you are in the UK.

To exercise any of these rights, email support@carry.app. For subscription data held by RevenueCat or Apple, please contact those services directly.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes within the app. Continued use of the app after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this policy or your data, please contact us at:

support@carry.app