Last updated: May 24, 2026
This Privacy Policy explains how QuietCode LTD handles information in Warmth, the Warmth website, and Warmth-related services.
QuietCode LTD provides Warmth from London, United Kingdom. For privacy questions or requests, email [email protected].
Short Version
Warmth is designed as a local-first private gratitude journal. Most journal data stays on your device unless you choose a feature that sends it elsewhere.
Warmth does not sell your personal information. Warmth does not use advertising SDKs, ad tracking, data brokers, or cross-app tracking.
The main optional features that can send data off your device are iCloud sync, Warmth account and partner sharing, Warmth AI, support email, and this website's basic analytics.
Information Stored On Your Device
Warmth can store journal entries, dates, photos you add, letters, relationship profile details, writing settings, reminder settings, AI preferences, and local caches on your device.
Photos are selected through Apple's photo picker or sharing system. Warmth processes the photos you choose so it can save display-sized copies and thumbnails. Warmth does not request your full photo library for ordinary photo selection.
Reminders and widgets use Apple system features and local app data. Reminder text and schedules are handled on your device unless you also enable another feature described below.
iCloud Sync
If you enable iCloud sync, Warmth uses Apple's CloudKit and your private iCloud account to sync Warmth data across your own devices. This can include journal entries, dates, photos saved in entries, letters, and related app records.
QuietCode does not receive your iCloud account password and cannot browse your personal iCloud account. Apple's handling of iCloud data is governed by Apple's own terms and privacy policy.
You can turn iCloud sync off in Warmth settings. Turning sync off stops this device from using CloudKit for Warmth, but it does not automatically delete data already stored in your iCloud account or on your other devices.
Warmth Account And Partner Sharing
Warmth can be used without creating a Warmth account. An account is needed only for account-based sharing features, such as connecting with a partner, sharing selected moments, sending direct Warmth letters, and showing a profile name or avatar to the person you are connected with.
If you create or sign in to a Warmth account, we process account information such as your email address, authentication identifiers, session tokens, and optional display name. Session tokens are stored in the device Keychain where possible.
If you connect with a partner, Warmth stores relationship membership records, invite status, profile details you provide, and the partner connection needed to show shared content. Invite codes are short-lived and stored server-side as hashes.
If you choose to share a journal moment with your partner, Warmth stores the shared entry text, date, client timestamps, limited photo metadata, and any uploaded shared photo in Warmth's backend. Shared entries and shared photos are visible to you and the partner in that active relationship. Shared entries are protected by access controls, but they are not end-to-end encrypted.
If you send a direct Warmth letter to your partner, Warmth stores the letter title, body, style information, sender, recipient, timestamps, and deletion/read state needed to deliver and show the letter. Direct Warmth letters are protected by access controls, but they are not end-to-end encrypted.
Warmth may also support temporary encrypted letter links. For those links, the backend stores an encrypted payload, nonce, token, schema version, and expiry time. QuietCode does not store the decryption key for these temporary encrypted letter links.
Warmth AI
Warmth AI is optional. You can turn AI features off in Settings, and Warmth asks for consent before sending selected diary or memory text to third-party AI processing.
When you ask Warmth AI to generate a monthly insight, letter ideas, or a letter draft, Warmth may send the information needed for that request to QuietCode's backend. This may include selected diary or memory text for the relevant month, dates attached to those text snippets, language settings, tone settings, enabled AI topic settings, subscription tier, a random anonymous installation ID, and request metadata needed to enforce usage limits and protect the service.
Warmth AI does not send your photos for AI generation in the current app flow. Warmth AI request logs are designed to avoid storing diary text in operational logs.
QuietCode's backend sends AI requests to OpenRouter, which routes requests to AI model providers. The selected text, prompts, settings, and generated output may be processed by QuietCode's backend, OpenRouter, and the selected model provider to produce the AI response. Do not use Warmth AI with information you do not want processed by those services.
Warmth stores monthly AI usage counters to enforce free and paid usage limits. For signed-in users, these counters may be associated with the Warmth account. For users who are not signed in, counters may be associated with the anonymous installation ID.
Purchases
Warmth may offer subscriptions or in-app purchases through the App Store. Apple processes App Store purchases, refunds, payment details, tax handling, and subscription management.
Warmth uses StoreKit to check product availability and subscription entitlement status. QuietCode receives only the information needed inside the app to determine whether Warmth AI subscription features are active, such as product identifiers and subscription period dates made available by StoreKit. QuietCode does not receive your full payment card details.
Support Email
If you email QuietCode for support, we receive the email address you use and whatever information you include in your message. We use that information to respond, troubleshoot, keep support records, and protect the service.
Please do not send journal text, photos, or other sensitive information in support email unless it is necessary for the support request.
Warmth Website
The Warmth website may process normal web request information, such as pages requested, browser or device information, referrer, approximate location derived from network information, IP address, and timestamps. Hosting and security providers may process this information to deliver the site, prevent abuse, and keep the service reliable.
The website may use privacy-focused analytics to understand aggregate site usage. Website analytics are not used to track you across apps or websites for advertising.
How We Use Information
We use information to provide and maintain Warmth, save and sync your data when you ask us to, authenticate accounts, connect partners, deliver shared entries and direct letters, generate requested AI content, apply usage limits, process subscriptions, respond to support, troubleshoot bugs, prevent abuse, secure services, comply with legal obligations, and improve the product.
We do not use journal entries, photos, letters, AI prompts, AI outputs, or partner sharing content for targeted advertising.
Third-Party Services
Warmth may rely on these third-party services:
- Apple services, including iOS, iCloud, CloudKit, StoreKit, Photos, widgets, notifications, and the App Store.
- Supabase, used for Warmth account, authentication, database, storage, and backend functions for sharing and AI usage limits.
- OpenRouter and the AI model providers selected through OpenRouter routing, used only when you request Warmth AI features.
- Cloudflare or similar hosting, security, and deployment services for Warmth websites and backend delivery.
- Email providers used to receive and respond to support messages.
These providers process information according to their own terms and privacy policies. QuietCode chooses service providers for app functionality, hosting, security, support, and AI generation, not for advertising or data broker purposes.
Retention And Deletion
Local Warmth data stays on your device until you delete it, delete the app, or the operating system removes it. Deleting the app can remove local data from that device, depending on iOS and backup behavior.
iCloud data is controlled through your Apple account, device settings, iCloud settings, and Apple account tools.
Warmth account, profile, relationship, shared entry, shared photo, direct letter, and AI usage records are retained as long as needed to provide the related feature, maintain security, prevent abuse, troubleshoot issues, comply with legal obligations, resolve disputes, and operate the service.
Temporary encrypted letter links expire and may be deleted automatically after expiry or when successfully retrieved, depending on the link type.
You can delete local entries and letters in the app. You can stop future AI processing by turning AI off or not using AI features. You can stop future partner sharing by not sharing new entries, unsharing entries where the app provides that option, disconnecting from partner sharing where available, or contacting support.
To request deletion or export of Warmth account or server-side data controlled by QuietCode, email [email protected]. We may need information to verify the request. We will delete or anonymize data we control unless retention is required for security, fraud prevention, legal compliance, dispute resolution, or service operations.
Consent And Choices
You choose whether to use optional features such as iCloud sync, Warmth account sign-in, partner sharing, profile avatar upload, Warmth AI, notifications, and App Store purchases.
You can withdraw consent for future optional processing by turning off the related feature, signing out, deleting shared content where available, disabling AI, changing iCloud settings, revoking system permissions, or contacting support. Withdrawal does not undo processing that already occurred, including processing by third-party services.
Children
Warmth is not directed to children. If you believe a child has provided personal information to Warmth without appropriate consent, contact [email protected].
Security
Warmth uses platform security features such as the iOS app sandbox, Keychain storage for authentication sessions where possible, Apple's system permission controls, HTTPS, server-side access controls, signed upload and download URLs, and provider access controls.
No method of storage or transmission is perfectly secure. You are responsible for protecting your device, Apple ID, Warmth account credentials, and email account.
International Processing
QuietCode LTD is based in the United Kingdom, and service providers may process information in the United Kingdom, United States, European Economic Area, South Korea, and other locations where they operate.
Changes
QuietCode may update this Privacy Policy as Warmth changes. The updated version will be posted on this page with a new last updated date.