Privacy Policy

1. Introduction

Welcome to Huddl ("we," "our," or "us"). We operate the Huddl platform at https://huddl.world and through our mobile applications (collectively, the "Platform"). We are committed to protecting your privacy and handling your personal information with care and respect.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Platform, including our iOS and Android mobile applications. By using Huddl, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

We collect information that you directly provide to us:

• Account Information: Phone number (required for authentication via one-time password), username, first name, last name, preferred name, date of birth, gender, and account state information
• Profile Information: Profile photos, cover photos, bio, interests, profile attributes, huddl type preferences, ideal group size preferences, motivations for using the platform, hosting interest level, contact email, and marketing preferences
• Voice Recordings: Audio recordings you create for voice prompts on your profile, including duration, waveform data, and any transcription text you submit or save with the recording
• Written Prompts: Text responses to profile questions and prompt templates you answer
• Identity Verification: Government-issued ID documents and selfie photos are processed through Stripe Identity. We may store verification status, verification session identifiers, verified timestamps, mismatch or failure reasons, and verified profile outputs such as verified first name, last name, and date of birth when returned by Stripe.
• Event Information: Huddl names, descriptions, attendee notes, precise event locations, blurred or privacy-protected discovery coordinates, privacy designation as "home" or "public," dates, times, cover photos, group size, cost settings, co-host information, and related event details you create
• Payment Information: Tokenized payment method details and display fields such as card brand, last 4 digits, and expiration; payout method details and banking information processed by Stripe; and transaction records including payment, refund, payout, reversal, dispute, and ledger data
• Communications: Messages to other users, chat membership data, feedback submissions, support requests, safety reports, and related metadata
• User Content: Photos, videos, audio, and other media you upload to your profile or Huddls, together with metadata reasonably necessary to store, display, and order that content
• Social Connections: Buddy requests, buddy relationships, and blocking preferences
• Check-in Data: Check-in codes, QR code scans, check-in timestamps, and attendance records

2.2 Information Collected Automatically

When you use our Platform, we automatically collect:

• Location Information: Precise geolocation data (latitude and longitude, with your permission) to show nearby events, enable event discovery, and set or sync your location in the app
• Device Information: Device model, operating system version (iOS/Android), app version, build number, and unique device identifiers
• Usage Data: Screens visited, features used, events attended or hosted, onboarding progress, step completion rates, and interaction patterns with other users
• Push Notification Tokens: Expo push tokens for delivering push notifications (with your permission), registered per device
• Referral Codes: A unique referral code assigned to your account for tracking referrals
• Session Data: Authentication tokens and session information stored securely using encrypted device storage
• Draft Data: Unsaved huddl creation drafts stored locally on your device

2.3 Information from Third Parties

• Stripe: Payment processing data, card validation results, identity verification results, payout account status, and transfer information
• Supabase Auth and SMS Providers: Phone number verification and one-time password delivery through our authentication stack and its configured messaging providers
• Google Places: Location autocomplete suggestions, place details, and geocoding data
• Mapbox: Map rendering and location display services

2.4 Analytics, Error Tracking, and Advertising Measurement

We use analytics, error tracking, and advertising measurement services to improve our Platform and understand campaign performance:

• PostHog Analytics and Session Replay: When enabled, we collect usage analytics including screen views, feature usage, onboarding funnel progression, taps, scrolls, navigation events, and related user behavior patterns. We may also capture in-app session replay data and related diagnostics, such as masked screen activity, device and app metadata, network telemetry, and console telemetry, to understand product issues and improve the Platform. Sensitive text inputs, images, and certain sandboxed system views are masked by default in supported replay sessions. You may be identified by your user ID or other app identifiers for analytics, troubleshooting, or personalization purposes.
• Sentry Error Tracking: When enabled, we collect crash reports, error messages, stack traces, and diagnostic information to identify and fix bugs. This may include your user ID for debugging purposes.
• Meta and TikTok Advertising Measurement: When enabled, we may collect app event data, device and app metadata, advertising identifiers, and campaign attribution signals to measure ad performance, suppress existing users from acquisition campaigns, build advertising audiences, retarget users, and optimize campaigns where permitted by platform rules and your device settings.

These services are configurable and may depend on app settings, platform permissions, and applicable law. We do not sell this data to third parties.

3. Device Permissions (Mobile App)

Our mobile app may request the following device permissions:

• Camera: To take profile photos, cover photos, event photos, and scan QR codes for event check-ins. We only access your camera when you actively use these features.
• Photo Library: To select existing photos and videos from your device for your profile, events, or media gallery. We only access photos you explicitly select.
• Microphone: To record voice prompts for your profile. Recordings are only made when you actively initiate recording. Audio is uploaded to our servers for playback by other users.
• Location (When In Use): To show nearby events, enable event discovery, set your home location, and provide location-based features. We collect precise location only when the app is in active use and you have granted permission.
• Push Notifications: To send you updates about events, requests, payments, messages, and reminders. You can customize notification preferences or disable them entirely in your device settings.
• Tracking (iOS): On supported Apple devices, we may request permission to track activity across apps and websites owned by other companies for advertising measurement, attribution, retargeting, and campaign optimization. You can decline this request or change your choice later in Settings.

You can revoke any of these permissions at any time through your device settings. Revoking permissions may limit certain features of the app.

4. How We Use Your Information

We use your information for the following purposes:

• Provide Services: Create and manage your account, facilitate Huddl creation and attendance, process payments and payouts, enable check-ins, and enable communication between users
• Authentication: Verify your phone number via SMS one-time passwords to secure your account
• Safety and Security: Verify user identities through Stripe Identity, prevent fraud, enforce our Terms of Service, process safety reports, review disputes, and maintain platform safety
• Personalization: Show relevant events based on your location, interests, and preferences; customize your experience; generate default avatars where needed; and match you with relevant events and users
• Communications: Send push notifications and in-app notifications about event reminders, payment confirmations, request approvals or declines, identity verification status, payout actions, buddy activity, chat activity, and important platform updates. We also use SMS for phone authentication and may use opted-in contact channels where permitted.
• Social Features: Enable buddy connections, chat features, co-host coordination, blocking relationships, and mutual connection displays
• Analytics: Understand how users interact with our Platform, track onboarding completion, measure feature usage, improve the user experience, and develop new services
• Error Resolution: Identify and fix bugs, crashes, and technical issues through error tracking
• Advertising Measurement and Optimization: Measure which ads drive installs and in-app activity, suppress existing users from acquisition campaigns, build custom audiences, retarget interested users, and optimize advertising spend where permitted by your device settings and applicable law
• Payment Processing: Process event fees, issue refunds, manage payouts to hosts, handle payment disputes, and maintain transaction records for tax purposes
• Legal Compliance: Comply with legal obligations, respond to legal requests, and protect our rights
• Marketing: Send promotional communications (with your consent where required)

5. How We Share Your Information

5.1 With Other Users

• Your public profile information, including supported profile media, prompts, photos, verification badge state, and selected attributes, may be visible to other users subject to product privacy controls
• Event hosts and approved co-hosts can see attendee information relevant to managing their Huddls
• Event locations marked as "public" may be visible more broadly in the product; locations marked as "home" are privacy-protected and only shared with approved attendees after approval
• You control visibility of certain profile attributes (date of birth, gender, location) through privacy settings
• Buddy connections show mutual relationships to connected users
• Your verification badge status is visible to other users

5.2 With Service Providers

We share information with trusted third-party service providers who process data on our behalf:

5.3 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

5.4 For Legal Reasons

We may disclose your information if required by law, court order, or government request, or to protect the rights, property, or safety of Huddl, our users, or others. This includes responding to safety reports and investigations.

5.5 Business Transfers

In connection with any merger, sale of company assets, financing, or acquisition, your information may be transferred to the acquiring entity. We will notify you of any such change.

6. Your Privacy Rights and Choices

6.1 Access and Update

You can access and update your profile information at any time through your account settings in the app.

6.2 Privacy Controls

Control the visibility of certain profile attributes (date of birth, gender, location) through privacy settings. You can choose to make these public or keep them private.

6.3 Location Services

You can disable location services through your device settings. This will prevent you from seeing nearby events or setting your home location, but you can still use the app with manually entered locations.

6.4 Push Notifications

You can customize notification preferences within the app for messages, huddl updates, and reminders. You can also disable push notifications entirely through your device settings.

6.5 SMS Communications

We use SMS for authentication and account access. If we offer optional SMS communications, they will depend on your opt-in status and applicable law.

6.6 Data Portability

You can request a copy of your data in a portable format by contacting us at huddlevent@gmail.com.

6.7 Account Deactivation and Deletion

You have the following options for your account:

• Deactivation: Temporarily hide your profile and events. You can reactivate at any time by signing back in.
• Deletion: Permanently delete your account. This action is irreversible. When you request deletion, we begin scrubbing or anonymizing profile data, media, prompts, notification preferences, stored push tokens, and related personal data, while retaining limited records where needed for payments, safety, fraud prevention, disputes, or legal compliance.

Both options are available in the app under Settings > Account.

7. Data Security

We implement appropriate technical and organizational measures to protect your information:

• Encryption in Transit: All data transmitted between your device and our servers uses HTTPS/TLS encryption
• Encryption at Rest: Sensitive data stored on supported client devices, including authentication tokens, uses encrypted device storage where available
• Secure Authentication: We use phone-based OTP authentication, eliminating password vulnerabilities
• Payment Security: All payment data is processed through PCI-DSS compliant Stripe - we never store your full card details
• Location Privacy: Privacy-protected event locations are shared only with approved attendees, and discovery views may use blurred coordinates instead of the exact location
• Row-Level Security: Database access controls ensure users can only access their own data
• Check-in Code Security: Check-in codes are time-limited and QR codes include timestamps to prevent screenshot reuse
• Regular Security Updates: We regularly update our systems and dependencies to address security vulnerabilities

However, no security system is impenetrable. We cannot guarantee the absolute security of your information. Please protect your device and report any suspicious activity immediately.

8. Data Retention

We retain your information for as long as necessary to provide our services, operate the Platform, and comply with legal obligations:

• Active Account: All data is retained while your account is active
• Payment Records: Transaction history is retained for 7 years for tax and legal compliance
• Notification and Delivery Logs: Push tokens, push delivery logs, notification records, and related operational logs may be retained as long as needed for product operation, troubleshooting, and safety
• Check-in and Attendance Logs: Event attendance and check-in records may be retained for event operations, disputes, and host recordkeeping
• Safety Reports: Reports, blocks, and related investigations may be retained as long as needed for safety, fraud prevention, and legal reasons
• Verification Data: Verification status and related outcome data may be retained while your account is active and afterward where needed for compliance, fraud prevention, or dispute handling

When you delete your account, we begin deleting or anonymizing personal information associated with your account, except where we need to retain it for:

• Legal compliance (tax records, transaction history)
• Dispute resolution and chargeback handling
• Fraud prevention and security investigations
• Enforcing our Terms of Service

9. Children's Privacy

Huddl is intended for users aged 18 and older. We do not knowingly collect information from children under 18. If we become aware that we have collected information from a child under 18, we will take steps to delete it promptly. If you believe a child under 18 has provided us with personal information, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. We ensure appropriate safeguards are in place to protect your information, including standard contractual clauses where required.

11. Third-Party Links and Services

Our Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies. This includes links to Stripe for payment management and identity verification.

12. App Store Privacy Details

The following information is provided in accordance with Apple App Store requirements:

12.1 Data Linked to Your Identity

The following data may be collected and linked to your identity:

• Contact Info: Phone number
• Identifiers: User ID
• User Content: Photos, videos, audio recordings
• Location: Precise location (when you grant permission)
• Financial Info: Payment information (processed by Stripe)
• Sensitive Info: Government ID (for identity verification via Stripe)
• Other Data: Push notification tokens (Expo), referral codes

12.2 Data Used for Tracking

When enabled, we may use data from our app together with advertising partners such as Meta and TikTok to measure campaign effectiveness, attribute installs or in-app activity, build advertising audiences, suppress existing users from acquisition campaigns, and retarget users across apps or websites owned by other companies. On iOS, this activity depends on your App Tracking Transparency choice.

12.3 Data Used for Analytics

• Usage Data: Product interaction, app launches, taps, scrolls, navigation events, and screen views
• Diagnostics: Crash data, performance data, network telemetry, console telemetry, and session replay diagnostics where enabled

12.4 Data Used for App Functionality

• Location: To show nearby events and enable check-ins
• Contact Info: For account authentication and notifications
• User Content: To display your profile and event content to other users
• Identifiers: To maintain your session and link your data

13. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request information about data we collect, use, and share
• Right to Delete: Request deletion of your personal information
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt out of the sale or sharing of your personal information (we do not sell your data)
• Right to Limit: Limit the use of sensitive personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at huddlevent@gmail.com or use the account deletion feature in the app.

14. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA) or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR):

• Right of Access: Access your personal data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Restrict processing of your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to certain processing activities
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Lodge a Complaint: File a complaint with your local supervisory authority

Legal Basis for Processing: We process your data based on: (a) your consent, (b) performance of our contract with you, (c) our legitimate interests in operating and improving the Platform, and (d) compliance with legal obligations.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page, updating the "Last Updated" date, and sending you a notification through the app. Your continued use of the Platform after changes constitutes acceptance of the updated policy.

16. Contact Us

If you have questions about this Privacy Policy, our privacy practices, or wish to exercise your privacy rights, please contact us: