Carnely app privacy policy
Last updated: 1 July 2026
What this policy covers
This policy explains how the Carnely mobile app (iOS and Android) handles your personal data. It complements the privacy policy of our website and covers only your use of the app.
Carnely is a private, ad-free place to keep what matters and share it with the people close to you. We do not sell your data, we show no advertising, and we use no recommendation algorithm.
Who is responsible for your data
ELVN, a simplified joint-stock company (SAS) with capital of €100, 60 rue François Ier, 75008 Paris, France - SIREN 979 732 906.
For any question about your data: [email protected].
Who can use Carnely
Carnely is intended for people who are adults or at least 16 years old. Below 16, signing up requires the prior consent of a holder of parental authority.
Your account and identity
- Your email address and, if you sign in with Google or Apple, the identifier and email those services share with us
- Your first name (required) and last name (optional)
- Your password, kept only in encrypted (hashed) form, never in clear text
- Your language and time zone, to show the app in your language and respect your quiet notification hours
The memories you create
Your memories are yours. A memory kept to yourself is visible only to you; a memory you confide is visible only to the people you confide it to.
- The titles, texts and dates you write
- The photos, audio recordings (your voice) and videos you add
- The place of a memory, if you choose to locate one on the map (geographic coordinates)
- How you organise your memories into chapters and albums
Your circle and the people close to you
- The email addresses of the people you invite
- The mutual links that connect you to your circle once an invitation is accepted
- The label you give to a person (for example "my mother"), visible only to you
- The groups you create to choose whom to confide a memory to - these groups stay private, and the people concerned never know they have been grouped
Reactions
Someone close to you can place a reaction on a memory you confide to them, chosen from a fixed palette. A reaction is always named ("Marie was moved by your memory"), never counted or aggregated. There is no free-text comment.
Your subscription
If you subscribe to Carnely+, the purchase is handled by Apple's App Store or by Google Play, through our provider RevenueCat. We neither receive nor store your payment card details.
We keep only the status of your subscription (plan, renewal date, auto-renewal) in order to unlock the corresponding features.
Album orders (printing)
If you order a printed album, we process your delivery address and payment through our printing and payment providers. This data is used only to produce and deliver your order.
Notifications
To send you notifications (an accepted invitation, a reaction received, a recap), we store a notification token specific to your device. You can adjust or turn off these notifications at any time, in the app or in your phone settings.
Technical and security data
- Session information (IP address, device and browser type) to keep you signed in and detect abnormal access
- Security logs, to prevent fraud and protect accounts
- Anonymised crash reports (via Sentry), to fix bugs. We use no advertising tracker.
The permissions requested on your phone
Every permission is optional and you can withdraw it at any time in your phone settings. Carnely never accesses your entire photo library or your contacts: you choose each file yourself.
- Camera and photos: only when you add an image to a memory
- Microphone: only when you record a memory with your voice
- Location: only if you choose to locate a memory on the map - never in the background
- Notifications: to let you know about events in your circle
Why we process this data (legal bases)
- Performance of our terms of use: creating your account, saving your memories, sharing them with your circle
- Legitimate interest: security, fraud prevention, bug fixing
- Consent: push notifications, access to the microphone, camera or location (permissions you grant and can withdraw)
- Legal obligation: billing and accounting requirements related to subscriptions and orders
Who we share your data with
We rely on processors that handle data on our behalf, bound by a GDPR-compliant contract. We do not sell any data.
- Neon (database) - Germany (Frankfurt)
- Cloudflare R2 (storage of your photos, audio and videos) - global network
- Resend (email delivery) - Germany
- RevenueCat, Apple and Google (subscription management) - United States, under contractual safeguards
- Stripe (payment for album orders) - United States, under contractual safeguards
- Mistral (transcription of your voice memos, at your request) - European Union; the audio is not retained by this provider
- Mapbox (map display, only if you locate a memory) - United States
- Modal (technical video conversion) - United States
- Lulu (album printing and shipping, only if you order) - United States
- Sentry (crash reports) - United States
Transfers outside the European Union
Your data is hosted in the European Union (database in Germany). Some providers are located outside the EU; in that case, transfers are governed by the European Commission's standard contractual clauses.
How long we keep your data
- As long as your account is active, your memories and account data are kept
- When you delete your account, a 30-day period lets you change your mind; after that, your memories, media and personal data are deleted
- Export files of your data are deleted 24 hours after they are prepared
- Security logs are pseudonymised when your account is deleted and kept only for as long as strictly necessary for security and our legal obligations
Your rights
- Access, rectification, erasure, portability, objection and restriction
- You can export all of your data directly from the app
- You can delete your account from the app
- To exercise these rights or for any question: [email protected]
- You may also lodge a complaint with the CNIL (cnil.fr), the French data protection authority
Deleting your account
You can delete your account at any time from the app. If you have an active subscription, please cancel it first with the App Store or Google Play, which alone can manage it.
How we protect your data
- Encrypted connections (TLS) between the app and our servers
- Database encrypted at rest at Neon (Frankfurt)
- Sign-in tokens stored securely on your device
- Passwords kept in hashed form, data access strictly limited to authorised people at ELVN
No advertising, no profiling
Carnely shows no advertising, does not track you for advertising purposes and does not resell your data. We make no automated decision producing legal effects concerning you, and we carry out no profiling.
Updates to this policy
We may update this policy. In the event of a significant change, we will inform you in the app or by email. The date of the latest update appears at the top of this page.