// Legal

Privacy Policy

This Privacy Policy explains how Virea Apps Ltd ("Virea Apps", "we", "us", or "our") collects, uses, shares, and safeguards your personal data when you use the Comeback mobile application, website, and related services (collectively, the "Service").

Effective date: 10 May 2026 Last updated: 10 May 2026 Version: 1.0

01 Who We Are

Comeback is operated by Virea Apps Ltd, a private limited company registered in England and Wales. For the purposes of the UK General Data Protection Regulation ("UK GDPR") and the EU General Data Protection Regulation ("EU GDPR"), Virea Apps Ltd is the data controller of the personal data processed through the Service.

Virea Apps Ltd 71-75 Shelton Street
Covent Garden
London WC2H 9JQ
United Kingdom
Email: support@virea-apps.com

02 At-a-Glance Summary

The short version. Comeback is an AI-powered relationship coach. To deliver useful guidance, we process the conversations and context you share with the AI. Here is the essence of how we treat that data:

  • We do not sell your personal data.
  • We do not use your private conversations to train third-party general-purpose AI models.
  • Your conversation data is encrypted in transit and at rest.
  • You can request access, deletion, or export of your data at any time.
  • You must be at least 18 years old to use Comeback.

The full policy below is the authoritative description of our practices.

03 Data We Collect

3.1 Data you provide directly

  • Account information: email address, password (stored as a salted hash), display name, and authentication identifiers if you sign in via Apple, Google, or another supported identity provider.
  • Profile and onboarding inputs: age range, relationship status, goals, and preferences you choose to share to personalise the AI.
  • Conversation content: messages, prompts, voice transcripts, and any text or context you submit to the AI coach (collectively, "Conversation Data").
  • Subscription and billing data: handled by Apple App Store, Google Play, or our payment processor. We receive transaction confirmations and entitlement status, not your full card details.
  • Support communications: messages you send to support@virea-apps.com or in-app support.

3.2 Data collected automatically

  • Device & technical data: device model, operating system, app version, language, time zone, crash logs, and diagnostic identifiers.
  • Usage data: features used, screens viewed, session duration, and interaction events used to measure performance and improve the Service.
  • Approximate location: derived from IP address (city/country level only). We do not collect precise GPS location.

3.3 Sensitive personal data

Conversation Data may, by its nature, contain information that is highly personal, including details about your relationships, emotional state, and family circumstances. We treat all Conversation Data as confidential and apply heightened safeguards, including encryption and strict internal access controls. We do not knowingly collect special category data (such as health, religion, or sexual orientation) for any purpose other than fulfilling the coaching functions you request.

04 How We Use Your Data

We process personal data to:

  • Provide, operate, and personalise the AI coaching experience;
  • Authenticate your account and prevent fraud or abuse;
  • Process subscriptions, renewals, and refunds;
  • Diagnose and fix bugs, monitor service health, and improve reliability;
  • Communicate with you about updates, security notices, and (with your consent) product news;
  • Conduct aggregated, de-identified analytics to understand product usage;
  • Comply with applicable legal, regulatory, and tax obligations;
  • Enforce our Terms of Service and protect the safety of users and third parties.

We rely on the following legal bases under Article 6 of the UK and EU GDPR:

  • Performance of a contract — to deliver the Service you have signed up for, including processing Conversation Data so the AI can respond to you.
  • Legitimate interests — to keep the Service secure, prevent abuse, fix bugs, and improve product quality, balanced against your rights and reasonable expectations.
  • Consent — for optional marketing communications and any non-essential cookies. You can withdraw consent at any time.
  • Legal obligation — where we are required to retain or disclose data to comply with applicable law.

06 AI Processing & Model Training

Comeback uses large language models and other AI systems to generate coaching responses. We want to be unambiguous about how this works:

  • Inference providers. Conversation Data may be transmitted to AI infrastructure providers (e.g. cloud-hosted model APIs) solely to generate a response to you. We contract with these providers under data processing agreements that prohibit them from using your data to train their general-purpose models.
  • No third-party training by default. We do not permit third parties to train their foundation models on your private Conversation Data.
  • Service improvement. We may use de-identified, aggregated, or sampled Conversation Data to evaluate and improve our own coaching prompts, safety systems, and quality. Where this involves anything beyond aggregate statistics, we provide an opt-out in your account settings.
  • Human review. A small number of authorised employees may review flagged conversations strictly for safety, abuse detection, or quality assurance, under confidentiality obligations.
  • AI is not a therapist. The Service is an educational and coaching tool. It is not a medical device, mental health treatment, or a substitute for professional care. See our Terms of Service for the full disclaimer.

07 Sharing & Sub-processors

We do not sell your personal data. We share personal data only with:

  • Cloud and infrastructure providers (e.g. Google Cloud Platform) for hosting, storage, and computation;
  • AI inference providers for generating coaching responses;
  • Authentication providers if you choose to sign in with Apple, Google, or another supported identity provider;
  • Payment processors and app stores (Apple, Google, Stripe) for billing and subscription management;
  • Analytics, crash reporting, and email tools to operate the Service;
  • Professional advisors (lawyers, accountants, auditors) under confidentiality obligations;
  • Authorities where required by law, to protect rights or safety, or to investigate fraud.

An up-to-date list of sub-processors is available on request via support@virea-apps.com. In the event of a corporate transaction (merger, acquisition, or asset sale), personal data may be transferred to the successor entity, subject to this Policy.

08 International Transfers

We are based in the United Kingdom, but our service providers may process data in the European Economic Area, the United States, and other jurisdictions. When personal data is transferred outside the UK or EEA, we put appropriate safeguards in place, such as:

  • Transfers to countries recognised as providing an adequate level of protection;
  • Standard Contractual Clauses approved by the European Commission, supplemented by the UK International Data Transfer Addendum where applicable;
  • Additional technical and organisational measures, including encryption.

You can request a copy of the relevant safeguards by contacting support@virea-apps.com.

09 Data Retention

We keep personal data only for as long as necessary for the purposes set out in this Policy:

Account data
For as long as your account is active.
Conversation Data
By default, retained while your account is active. You can delete individual conversations or your full history at any time from in-app settings.
Billing & tax records
Up to 7 years, as required by UK tax law.
Backups
Encrypted backups are retained for up to 30 days after deletion before being purged.
Support communications
Up to 3 years after the last interaction.

When you delete your account, we delete or anonymise your personal data within 30 days, except where we are required to retain certain records for legal, accounting, or fraud-prevention purposes.

10 Security

We take the confidentiality of your data seriously. Our safeguards include:

  • TLS encryption for data in transit and AES-256 encryption for data at rest;
  • Strict role-based access controls, multi-factor authentication, and audit logging for internal systems;
  • Network isolation, regular vulnerability scans, and a coordinated disclosure process for security researchers;
  • Vendor due diligence and data processing agreements with all sub-processors;
  • An incident response plan with notification procedures consistent with UK GDPR Article 33.

No system is perfectly secure, but we are committed to industry-standard practices and continuous improvement. To report a security issue, please email support@virea-apps.com.

11 Your Rights

If you are in the UK or the European Economic Area, you have the following rights under the UK GDPR and EU GDPR:

  • Access — request a copy of the personal data we hold about you;
  • Rectification — ask us to correct inaccurate or incomplete data;
  • Erasure — ask us to delete your data ("right to be forgotten");
  • Restriction — ask us to limit how we use your data in certain circumstances;
  • Portability — receive your data in a structured, commonly used, machine-readable format;
  • Object — object to processing based on legitimate interests, including profiling;
  • Withdraw consent — where we rely on consent, withdraw it at any time;
  • Automated decisions — we do not make legally significant decisions about you using solely automated processing.

To exercise any of these rights, contact us at support@virea-apps.com. We will respond within one month, or notify you if we need a reasonable extension. We may need to verify your identity before fulfilling certain requests.

12 Age Restrictions

Comeback is intended for adults only. You must be at least 18 years of age to create an account or use the Service. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with personal data, please contact support@virea-apps.com and we will delete it.

13 Cookies & Tracking

Our website uses a small number of cookies and similar technologies. Strictly necessary cookies are required for the site to function. Analytics and preference cookies are optional and only set with your consent via the cookie banner. Our mobile application does not use cookies, but does use a limited set of SDKs for crash reporting, analytics, and authentication, all of which are configured to minimise data collection.

14 U.S. State Privacy Rights

If you reside in California, Colorado, Connecticut, Virginia, Utah, or another U.S. state with a comprehensive privacy law, you may have additional rights including the right to know, delete, correct, and opt out of "sale" or "sharing" of personal information and targeted advertising. We do not sell personal information and do not engage in cross-context behavioural advertising. To exercise your rights, contact support@virea-apps.com.

15 Changes to this Policy

We may update this Policy from time to time. The "Last updated" date at the top reflects the most recent version. For material changes, we will notify you by email or in-app notice before the change takes effect. Continued use of the Service after the effective date constitutes acceptance of the revised Policy.

16 Contact & Complaints

For privacy questions, requests, or to exercise your rights, contact:

Virea Apps Ltd — Privacy 71-75 Shelton Street
Covent Garden
London WC2H 9JQ
United Kingdom
Email: support@virea-apps.com

If you are in the UK and you believe we have not handled your data properly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk. If you are in the EEA, you may complain to your local supervisory authority. We would, however, appreciate the chance to address your concerns first.