Subtext Privacy Policy

Effective date: 2026-05-11

Last updated: 2026-05-11

This is the privacy policy for Subtext, a relationship-wellness mobile app published by Keller Tech LLC (doing business as Banked Embers). Subtext reads message threads from your device and uses an AI model to give you a brief read on the communication patterns in those threads. This policy describes what data the app touches, where it goes, and what we never do with it.

If you only read one section, read How your messages are handled.

Who we are

Developer: Keller Tech LLC (Banked Embers)
App package: com.bankedembers.subtext
Contact: help@bankedembers.com

Data the app accesses on your device

Subtext requests the following sensitive permissions and reads the corresponding data:

SMS messages (READ_SMS, RECEIVE_SMS): The app reads SMS messages from your device's SMS database so you can ask Subtext to analyze a conversation. SMS data is read only when you actively select a thread to analyze. The app does not silently scrape SMS in the background.
Contacts (READ_CONTACTS): The app reads contact names so the analyzed thread can show "Sarah" instead of a phone number. Contact data is used only to look up the display name of the thread you chose to analyze.
Notification access (BIND_NOTIFICATION_LISTENER_SERVICE): Used only to surface Subtext's analysis overlay above the messaging app when you ask for it. The app does not read or transmit notification content from other apps.

The app does not access your location, camera, microphone, photos, calendar, call log, or any sensor data.

How your messages are handled

When you ask Subtext to analyze a thread, the following happens:

The messages from that thread (sender + body + timestamp, up to 250 most recent messages) and the contact's display name are sent over TLS-encrypted HTTPS to our analysis endpoint hosted on Google Cloud Functions.
The endpoint forwards that content to Anthropic's Claude API for analysis. Anthropic processes the content per its own privacy and data-use terms (anthropic.com/legal/privacy). We do not opt into Anthropic's model-training programs for this traffic.
The analysis result (a score, a few short pattern flags, a one-paragraph summary) is returned to your device.
Nothing about the conversation is stored on our servers. No message bodies, no contact names, no thread excerpts. The request is processed and discarded.
Our server-side logs record only anonymous metadata: an opaque per-install identifier, a timestamp, and request latency. We never log message content, contact names, or any conversation excerpts.

This is a hard architectural constraint. The backend has no code path that writes message content to durable storage, so the data cannot be retained even if we wanted to.

Data that stays on your device

To avoid re-analyzing the same thread every time you open the app, the most recent analysis result for each contact may be cached locally on your device only. This cache:

Contains the analysis result (score, flags, summary), not the underlying messages.
Never leaves your device.
Is cleared if you reinstall the app or clear the app's storage.
Can be turned off in Settings, which also immediately deletes any stored readings.

Anonymous identifier

The app generates a random per-install identifier (userId) the first time you launch it. This identifier is sent with analyze requests so we can rate-limit abuse and debug aggregate latency. It is not linked to your name, phone number, email, advertising ID, or any other identifier. Reinstalling the app generates a new identifier.

Third parties

Google Cloud Platform (Firebase Cloud Functions): Hosts the analyze endpoint. Traffic passes through Google Cloud infrastructure in transit.
Anthropic, PBC: Performs the AI analysis. We send the thread content to Anthropic over TLS for the duration of the request only.

No advertising networks, analytics SDKs, crash-reporting services, or other third-party data collectors are integrated into Subtext.

What we do not do

We do not sell personal data.
We do not share personal data with advertisers or data brokers.
We do not use your message content to train AI models.
We do not store message content, media, or contact names on our servers.
We do not log message bodies or conversation excerpts.
We do not track you across other apps or websites.

Security

All traffic between the app and our servers uses TLS 1.2 or higher. Plain-text transmission of user data is not permitted by the app.

Children

Subtext is not directed at children under 13 and we do not knowingly collect personal information from children under 13. If you believe a child has used the app, contact us at the address above and we will respond promptly.

Your choices

Stop sharing data with Subtext: Uninstall the app, or revoke the SMS / Contacts / Notification permissions in your device's system settings. The app will stop accessing that data immediately.
Delete on-device data: Turn off the analysis cache in Settings (clears stored readings immediately), or use your device's "Clear app storage" function to remove all local data.
Server-side data: Because we do not store message content or contact data on our servers, there is no server-side record to delete. The anonymous userId can be reset by reinstalling the app.

Changes to this policy

If we materially change how Subtext handles your data, we will update this policy and update the "Last updated" date at the top. For changes that affect what data we collect or share, we will give in-app notice the next time you open the app.

Contact

Questions about this policy or about Subtext's data handling:

Email: help@bankedembers.com