Privacy Policy

1. Who We Are

Smirk is operated by Jonas Kundrotas ("we," "us," "our"), an individual based in the Netherlands. If you have questions about this policy, contact us at support@usesmirk.com.

2. Data We Collect

We collect the minimum data needed to provide and improve Smirk:

We do not collect location data, contacts, photos, or health data.

3. How We Use Your Data

• Generate AI responses and score your messages during practice conversations
• Track your progress (XP, streaks, levels, performance analytics)
• Send push notifications you've opted into (streak reminders, daily practice)
• Process subscriptions and gem purchases
• Improve the app through anonymized, aggregated usage analytics
• Respond to support requests

4. AI Processing

What data is sent to AI

When you practice a conversation, the messages you type are sent to an AI language model to generate character responses and evaluate your message quality. The AI also receives the conversation context (scenario type, character personality, mood state) to produce relevant responses.

AI providers

We use Google Gemini models accessed through OpenRouter (an API routing service). Your messages are processed in real time and are not stored by these providers beyond what is necessary to complete the API request. Per Google's API Terms of Service, data sent through the Gemini API is not used to train Google's models.

What AI does not do

• AI does not access your email, contacts, or any data outside the active conversation
• AI does not make decisions about your account, billing, or access
• AI-generated scores are informational and do not affect your account standing
• AI does not create profiles about you that persist across sessions

5. Sub-Processors

We share data with the following service providers, each under their own data processing agreements:

6. Data Retention

• Conversations: Stored while your account is active. Deleted when you delete your account.
• Performance data: Stored while your account is active. Anonymized aggregates may be retained for analytics.
• Analytics events: Retained for 12 months, then deleted.
• Account data: Deleted within 30 days of account deletion request.

7. Your Rights (GDPR)

If you are in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Ask us to correct inaccurate data.
• Erasure: Request deletion of your data. You can delete your account in the app (Profile → Delete Account) or email us.
• Portability: Request your data in a machine-readable format.
• Restriction: Ask us to limit processing in certain circumstances.
• Objection: Object to processing based on legitimate interests.
• Withdraw consent: You can withdraw AI processing consent at any time by deleting your account.

To exercise any of these rights, email support@usesmirk.com. We will respond within 30 days.

Legal basis for processing: consent (AI processing, marketing), contract performance (account, conversations), legitimate interest (analytics, security).

8. EU AI Act Transparency

In compliance with the EU AI Act (Regulation 2024/1689):

• Smirk is classified as a limited-risk AI system (conversational AI).
• All conversations are with AI-generated characters, not real people. This is made clear throughout the app.
• AI models used: Google Gemini (via OpenRouter). No proprietary training data from users.
• Content moderation is handled through prompt-level safety rules and category-based filtering.

9. Age Requirement

Smirk is intended for users aged 18 and older. We verify age during registration and enforce age restrictions at the App Store level. We do not knowingly collect data from anyone under 18. If we learn we have collected data from a minor, we will delete it promptly.

10. Security

We protect your data with:

• Encryption in transit (TLS) and at rest
• Row-level security on all database tables
• Hashed passwords (never stored in plain text)
• Rate limiting and request validation
• Access controls and audit logging

11. Cookies

Smirk is a mobile app and does not use browser cookies. This website uses no tracking cookies. Analytics on the website (if any) use privacy-friendly, cookieless methods.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the app. Continued use of Smirk after changes constitutes acceptance.

13. Contact

For privacy-related questions, data requests, or complaints:

Email: support@usesmirk.com
Operator: Jonas Kundrotas, Netherlands

If you are unsatisfied with our response, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.