Trust
Security
Your relationship is private. Here's how we keep it that way.
Encrypted in Transit
All data between the app and our servers is encrypted via TLS 1.3.
Private by Design
Your data is only accessible to you and your linked partner. No one else.
No Ads. No Tracking.
We don't sell your data. We don't run ads. We don't have third-party analytics.
Authentication & Passwords
Account passwords are never stored in plain text. We use Firebase Authentication, which handles password hashing using industry-standard algorithms. We enforce minimum password strength requirements and rate-limit login attempts to prevent brute-force attacks.
Password-Locked Messages
When you send a password-locked message, the message body is encrypted and the password is stored as a bcrypt hash server-side. Critically, the password hash is never sent to the client — not even to your own device. Unlock attempts are verified exclusively through a Firebase Cloud Function, which means the message content cannot be extracted by inspecting network traffic or local device storage.
Data Storage & Infrastructure
Still Us is built on Google Firebase, which provides a SOC 2 Type II compliant infrastructure hosted on Google Cloud. Your data is stored in Firestore with strict security rules that ensure each user can only access their own data and the data shared with their linked partner.
Firestore security rules are audited regularly to prevent unauthorised data access. No user can read or write another couple's data — this is enforced at the database rule level, not just at the app level.
Partner Pairing
Linking with a partner requires a 6-character invite code. This operation is performed as an atomic Firestore transaction, preventing race conditions or partial state. Once a partner link is established, the invite code is marked as used and cannot be reused.
Only the person with your invite code can link with you — we recommend sharing it verbally or via a private channel rather than posting it publicly.
Push Notifications
Push notification tokens (FCM tokens) are stored on your user record and refreshed on every app launch. Notifications are sent only to the specific devices registered to you and your partner. Notification payloads contain minimal data — the full message content is fetched from the database after the notification is opened, with full authentication.
Offline & Local Data
The app uses Firestore's built-in offline persistence, which caches data locally on your device. This local cache is protected by your device's operating system sandboxing and is cleared when you log out or uninstall the app. We recommend enabling device-level encryption (available on all modern iOS and Android devices) for an additional layer of protection.
Responsible Disclosure
We take security reports seriously. If you discover a vulnerability in Still Us, please disclose it responsibly by contacting us at:
Please include a description of the issue, steps to reproduce it, and its potential impact. We will respond within 72 hours and work with you to resolve the issue promptly.