Privacy Policy

Last updated: February 3, 2026

1. Introduction

VoiceBeam GmbH ("we", "us", "our") operates the Two Hearts mobile application and the website twoheartsapp.com (collectively, the "Service"). This Privacy Policy explains what personal data we collect, how we use it, and your rights regarding that data.

We are committed to protecting your privacy. Two Hearts is designed to collect only the minimum amount of data necessary to provide the Service.

2. Data We Collect

When you use Two Hearts, we collect and store only the following data:

• Username — chosen by you during account setup
• Display name — chosen by you during account setup
• Profile picture — optionally uploaded by you
• Heart rate data — read from Apple HealthKit through your Apple Watch or iPhone
• Friend connections — the list of users you choose to connect with

We do not collect your real name, email address (beyond what Apple provides through Sign in with Apple), phone number, location data, device identifiers for advertising, or any other personal information.

3. How We Use Your Data

Your data is used exclusively to provide the Two Hearts service:

• To display your heart rate to friends you have chosen to connect with
• To enable sending and receiving heartbeat notifications
• To display your profile to other users who search for you by username

We do not use your data for advertising, profiling, analytics, or any purpose other than providing the core features of the app.

4. Heart Rate Data Retention

Heart rate data is automatically deleted after 24 hours. We do not retain historical heart rate data beyond this period. Once deleted, heart rate data cannot be recovered.

5. Data Storage and Security

Your data is stored on Firebase (Google Cloud Platform) servers located in the United States. All data is transmitted over encrypted connections using HTTPS/TLS. We follow industry-standard security practices to protect your data from unauthorized access.

6. Third-Party Services

Two Hearts uses the following third-party services:

• Firebase (Google) — for authentication, database storage, and cloud functions. Firebase processes data in accordance with Google's privacy policy.
• Apple HealthKit — for reading heart rate data from your device. Heart rate data is read locally and transmitted to our servers only with your explicit permission. We do not send health data to Apple.
• Sign in with Apple — for account authentication. Apple provides us with a unique identifier and, optionally, your email address (which may be a relay address).
• Vercel — for hosting the twoheartsapp.com website.

We do not share your personal data with any other third parties. We do not sell your data. We do not use advertising networks or tracking services within the app.

7. Data We Do NOT Collect

For clarity, Two Hearts does not collect or store:

• Location data or GPS coordinates
• Device identifiers for advertising (IDFA)
• Browsing history or app usage analytics within the app
• Contacts from your address book
• Financial or payment information
• Any health data beyond heart rate

8. Website Analytics

The Two Hearts website (twoheartsapp.com) may use Vercel Web Analytics to measure aggregate page views and visitor counts. This analytics service does not use cookies and does not collect personal data. No analytics or tracking is performed within the Two Hearts app itself.

9. Cookies

The Two Hearts website does not use cookies for functionality. If website analytics are enabled, they operate without cookies. The Two Hearts app does not use cookies.

10. Your Rights

You have the following rights regarding your data:

• Access — You can view all your stored data within the app (profile information and current heart rate data).
• Deletion — You can delete your entire account at any time from within the app. Upon deletion, all your data is permanently removed from our servers, including your username, display name, profile picture, heart rate data, and all friend connections.
• Portability — You can request a copy of your stored data by contacting us.
• Rectification — You can update your username, display name, and profile picture at any time within the app.

If you are a resident of the European Union, you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with a supervisory authority.

11. Children's Privacy

Two Hearts is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have collected data from a child under 13, please contact us and we will promptly delete it.

12. International Data Transfers

Your data is stored on servers in the United States. If you are located outside the United States, please be aware that your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically. Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or your data, please contact us at:

VoiceBeam GmbH
Email: hello@twoheartsapp.com