back to home

Privacy Policy

Last updated: March 7, 2026

Mikasa Labs ("we", "us", "our") operates the Candles mobile application. This Privacy Policy explains how we collect, use, and protect your information when you use our app.

Information We Collect

Account Information

When you create an account, we collect your phone number for authentication purposes only. Your phone number is cryptographically hashed using HMAC and is never stored in plaintext.

Profile Information

You may optionally provide a display name, profile photo, and birthday. This information is used to personalize your experience and is visible to your contacts within the app.

Contacts

With your permission, we access your device contacts to help you find friends on Candles. Contact phone numbers are hashed on our servers using HMAC before storage. We never store plaintext phone numbers from your contacts.

Birthday Information

You can add birthdays for your contacts. This information is used to send you reminders and facilitate birthday greetings.

Push Notification Tokens

If you enable notifications, we store your device push token to send birthday reminders and other app notifications.

How We Use Your Information

  • To provide and maintain the Candles service
  • To send birthday reminders and notifications you have opted into
  • To match you with contacts who also use Candles
  • To process gift card purchases on your behalf
  • To improve and optimize the app experience

Gift Card Processing

When you purchase a gift card through Candles, the transaction is processed by our gift card provider, Tillo. We share only the minimum information necessary to complete the transaction (gift card brand, amount, and currency). Your payment information is handled securely and is not stored on our servers.

Data Storage & Security

Your data is stored on Supabase, a secure cloud infrastructure platform. We implement industry-standard security measures including:

  • HMAC hashing for all phone numbers
  • Encrypted data transmission (TLS/SSL)
  • Row-level security policies on our database
  • Service role authentication for server operations

Data Sharing

We do not sell your personal information. We share data only with:

  • Supabase — cloud hosting and database infrastructure
  • Tillo — gift card processing (only when you make a purchase)
  • Apple Push Notification service — for delivering notifications

Your Rights

You have the right to:

  • Access your personal data through the app
  • Update or correct your profile information
  • Delete your account and all associated data at any time from the app settings
  • Opt out of push notifications through your device settings

Account Deletion

You can delete your account directly from the app's settings menu. When you delete your account, all your personal data, birthdays, and delivery history are permanently removed from our servers.

Children's Privacy

Candles is not intended for children under 13. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy in the app and updating the "Last updated" date.

Contact Us

If you have questions, contact us at support@candles.app.