Legal

Privacy Policy

Effective Date: March 17, 2026  ·  Last updated: March 17, 2026

Contents
  1. Introduction
  2. Data Controller
  3. Data We Collect
  4. Legal Basis for Processing (GDPR)
  5. How We Use Your Data
  6. Third-Party Service Providers
  7. International Data Transfers
  8. Data Retention
  9. Children's Privacy
  10. Your Privacy Rights
  11. Data Security
  12. Cookies and Tracking Technologies
  13. Family Plan & Shared Subscriptions
  14. Changes to This Privacy Policy
  15. Contact Us

1. Introduction

LYAM ("Left You A Message") is a mobile application available on iOS and Android that enables users to send private, encrypted messages. LYAM is operated by LYAM (contact available on request) ("we," "us," or "our").

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, who we share it with, and what rights you have over your data. It applies to all users of the LYAM mobile application.

By using LYAM, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the application.

2. Data Controller

The data controller responsible for your personal data is:

LYAM

Contact for privacy-related requests: supportatlyam@gmail.com

Registered in Spain (EU) for the purposes of GDPR compliance.

As we are based in the European Union, EU data protection law (GDPR) applies to all our users worldwide, including users in the United States, the Philippines, and elsewhere.

3. Data We Collect

3.1 Account & Contact Information

  • Email address — used to deliver email notifications via our email service provider (Resend).
  • Display name or username (if provided) — to personalise your in-app experience.

3.2 Message Content

  • Messages sent through LYAM are encrypted at rest and stored on our servers in encrypted form.
  • Message content is retained until you delete your account, at which point it is permanently and automatically deleted.

3.3 Authentication Identifiers

  • A stable anonymous user ID (UUID) generated by our authentication provider (Supabase) at sign-up.
  • No password is stored. LYAM uses anonymous authentication; no government-issued ID or full legal name is required.

3.4 Technical & Performance Data

  • Device identifiers, crash logs, and app performance data — collected automatically via Firebase Crashlytics (Google).
  • This data is used exclusively for diagnosing technical issues and improving app stability. It is not used for advertising, profiling, or any commercial decision-making.

3.5 Subscription & Payment Data

  • Subscription status and purchase history — managed by RevenueCat.
  • We do not store or have access to your payment card details. Payment processing is handled entirely by Apple (App Store) or Google (Google Play).

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and United Kingdom, we process your data under the following legal bases:

  • Performance of a contract (Art. 6(1)(b) GDPR) — processing your contact information and message data to deliver the core LYAM service.
  • Legitimate interests (Art. 6(1)(f) GDPR) — processing crash and performance data to maintain app stability and security, where these interests are not overridden by your rights.
  • Consent (Art. 6(1)(a) GDPR) — where you have explicitly opted in to any optional data processing, such as receiving marketing communications (if applicable in the future).
  • Legal obligation (Art. 6(1)(c) GDPR) — where we are required to retain certain data by law.

5. How We Use Your Data

We use your data only for the following purposes:

  • To deliver and operate the LYAM messaging service.
  • To send you message notifications via email (Resend).
  • To manage your subscription through RevenueCat.
  • To monitor, diagnose, and fix crashes and technical issues (Firebase Crashlytics).
  • To comply with applicable laws and regulations.
  • To respond to your privacy requests or support enquiries.

We do not use your data for advertising, behavioural profiling, or sale to third parties.

6. Third-Party Service Providers

We share your data with the following trusted third-party processors, solely to provide the LYAM service:

Supabase, Inc. — Database & Authentication

Stores encrypted messages and manages anonymous user authentication. Data location: EU region. Privacy policy

Resend, Inc. — Email Delivery

Delivers email notifications to recipients. Data transferred: recipient email address and notification content. Privacy policy

RevenueCat, Inc. — Subscription Management

Manages in-app subscription status and purchase validation. Data transferred: anonymous user ID, subscription status. Privacy policy

Google LLC — Firebase Crashlytics

Collects crash logs and performance data to improve app stability. Data transferred: device identifiers, crash stack traces, app version. Data location: United States (covered by Standard Contractual Clauses). Privacy policy

We do not sell, rent, or trade your personal data to any third party.

7. International Data Transfers

Some of our third-party processors are based outside the European Economic Area (EEA), including in the United States. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission and adequacy decisions where applicable.

Data processed by Firebase Crashlytics (Google LLC) is transferred to the United States under Standard Contractual Clauses. Supabase data is stored in our selected EU region to minimise cross-border transfers.

8. Data Retention

  • Message content: Retained in encrypted form until you delete your account, after which it is permanently deleted.
  • Contact information (email): Retained for the duration of your account and deleted upon account deletion.
  • Anonymous user ID and subscription records: Retained for as long as required for legitimate business purposes and legal obligations, then deleted.
  • Crash and performance logs: Retained for up to 90 days by Firebase Crashlytics.

When you delete your account, all personal data associated with your account is permanently and irreversibly deleted in a cascading manner across our systems.

9. Children's Privacy

LYAM is intended for users aged 16 and older. By creating an account or using the app, you confirm that you are at least 16 years of age (or 13 in jurisdictions where that is the applicable minimum, such as the United States).

We do not knowingly collect personal data from children under 16 (or under 13 in the US). If you are a parent or guardian and believe your child has used LYAM without meeting the minimum age requirement, please contact us at supportatlyam@gmail.com.

9.1 Family Plan & Younger Users

Where a Family Plan subscriber adds younger family members, the subscribing adult takes responsibility for ensuring those users meet the minimum age requirement or have appropriate parental consent. The Family Plan does not grant LYAM access to any additional personal data about family members beyond their anonymous user ID and subscription status.

10. Your Privacy Rights

10.1 Rights Under GDPR (EEA & UK Users)

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate data.
  • Right to erasure ("right to be forgotten") — request deletion of your data.
  • Right to restriction — request that we limit how we use your data.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interests.
  • Right to withdraw consent — where processing is based on consent, you may withdraw at any time.
  • Right to lodge a complaint — you may lodge a complaint with your national supervisory authority (e.g., AEPD in Spain, ICO in the UK, CNIL in France).

10.2 Rights Under CCPA / CPRA (California Users)

  • Right to know what personal information is collected, used, shared, or sold.
  • Right to delete personal information.
  • Right to opt-out of the sale of personal information (note: we do not sell your data).
  • Right to non-discrimination for exercising your privacy rights.

10.3 How to Exercise Your Rights

To exercise any of the above rights, contact us at supportatlyam@gmail.com. We will respond to all verifiable requests within 30 days.

11. Data Security

We implement the following security measures:

  • Encryption at rest for all message content.
  • Encrypted storage of data at rest on Supabase infrastructure.
  • Anonymous authentication — no password or real identity is required.
  • Access controls and role-based permissions within our backend infrastructure.
  • Regular monitoring for security vulnerabilities.

No method of electronic transmission or storage is 100% secure. In the event of a data breach that affects your rights and freedoms, we will notify you and the relevant supervisory authority as required by law.

12. Cookies and Tracking Technologies

LYAM is a native mobile application and does not use browser cookies. We use the following similar technologies within the app:

  • Device identifiers — used by Firebase Crashlytics for crash reporting (not for advertising).
  • Subscription tokens — managed by RevenueCat to verify in-app purchases.
  • Push notification tokens — used to deliver app notifications to your device.

None of these technologies are used for cross-app tracking or advertising.

13. Family Plan & Shared Subscriptions

LYAM offers a Family Plan that operates through Apple Family Sharing (iOS). When you subscribe to a Family Plan, subscription management is handled at the platform level by Apple. LYAM does not receive personal data about other family members beyond their anonymous user IDs and subscription status. Each family member's messages and account data remain separate and private.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Effective Date" at the top of this policy and notify you via an in-app notification or, where required by law, seek your renewed consent.

15. Contact Us

Email: supportatlyam@gmail.com

App: LYAM — Left You A Message

Website: lyam.app/privacy

For users in the EEA who are not satisfied with our response, you have the right to lodge a complaint with your national data protection authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD).

© 2026 LYAM. All rights reserved.