Privacy Policy
Effective Date: March 1, 2026
Version: 1.0
HUM ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and share information when you use our mobile application.
1. Information We Collect
Account Information (Persistent)
- Email address (for authentication and account recovery)
- Phone number (optional, for authentication)
- Display name and handle (public profile)
- Bio (optional, public profile)
- Profile photo (optional, stored securely)
User-Generated Content
Ephemeral content (auto-deleted):
- Echoes: text, images, doodles (24-hour maximum lifetime)
- Signal state (24-hour auto-expiry)
- Status (configurable duration: 1h, 2h, 4h, 8h, or 24h)
- Notes to connections (up to 24-hour lifetime)
Persistent content:
- Canvas shared with connections (persists until manually cleared or account deletion)
Connection Data (Persistent)
- Mutual connections (relationships with other users)
- Block and mute lists
Device Information
- Push notification tokens for delivering notifications
- Device identifiers for security verification
Contact Information for Friend Discovery
- Phone numbers from your contacts are sent to our servers for matching
- Numbers are hashed server-side using HMAC-SHA256 for comparison
- Raw phone numbers are processed transiently and not persisted
- Only hashed values are used for matching; no contact list is stored
Diagnostic Data
- Crash reports (does not include personal content)
2. How We Use Information
- Provide the HUM service and features
- Authenticate your identity and secure your account
- Deliver push notifications (privacy-preserving: sender identity not revealed)
- Enable friend discovery through contact matching
- Diagnose crashes and improve app stability
3. Information Sharing
We do not sell your data.
We share information with the following third-party service providers (data processors):
- Firebase/Google Cloud (hosting, authentication, database, storage, crash reporting)
- Twilio (phone number verification)
- SendGrid (transactional email)
We may disclose information to law enforcement only with valid legal process (subpoena, court order, or warrant).
4. Data Retention
| Data Type | Retention |
|---|
| Echoes, Signal, Status | Auto-deleted per configured duration (max 24h) |
| Notes | Auto-deleted after delivery or 24h, whichever is first |
| Profile, connections, settings | Retained until account deletion |
| Account deletion (standard) | 30-day grace period, then permanently deleted |
| Account deletion (immediate) | Data deleted within 24 hours of confirmation |
| Crash reports | 90 days |
5. Your Rights
- Access: Contact chris.app.dev.contact@gmail.com to request a copy of your data
- Deletion: Delete your account in Settings > Account > Delete Account
- Standard deletion: 30-day grace period (can cancel during this time)
- All user data permanently removed after grace period
- Public instructions: getHum Account Deletion
- Correction: Update your profile information anytime in the app
6. Children's Privacy
- HUM is not intended for users under 13 years of age
- Age confirmation (13+) is required during account creation
- We do not knowingly collect data from children under 13
- If we discover underage usage, the account will be terminated
7. Updates to This Policy
- Effective date and version number are displayed at the top of this document
- Material changes will be communicated via in-app notification
- Continued use after notification constitutes acceptance
8. Contact Us
Email: chris.app.dev.contact@gmail.com