Privacy Policy

Your privacy is fundamental to our mission. Learn how we protect your anonymity while creating meaningful connections.

Last updated: December 2024

Introduction

At Honestly, we believe privacy is a fundamental right. This Privacy Policy explains how we collect, use, protect, and share information when you use our anonymous letter-sharing service.

Our core principle is privacy by design - we built Honestly from the ground up to protect your anonymity while enabling meaningful emotional connections.

πŸ”’ Our Commitment: We collect the minimum data necessary to provide our service and never sell your personal information to third parties.

1. Information We Collect

Information You Provide

  • Account Information: Username, email address (optional), birth date (for age verification), and password
  • Letter Content: The anonymous letters you write and send through our platform
  • Emoji Reactions: Your reactions to letters you receive
  • Friend Connections: Friend requests and accepted connections
  • Support Communications: Messages you send to our support team

Information Automatically Collected

  • Device Information: Device type, operating system, app version
  • Usage Data: Features used, time spent in app, letter delivery statistics
  • Technical Data: IP address (hashed for privacy), crash logs, performance metrics
  • Authentication Data: For Apple Sign In and Google OAuth integrations

Information We Don't Collect

  • Real names or personal identities
  • Location data or GPS coordinates
  • Phone numbers or contact lists
  • Photos or videos
  • Financial information (handled by secure payment processors)

2. How We Use Your Information

Service Delivery

  • Distribute letters anonymously through our matching algorithm
  • Deliver daily letters at 8:00 PM
  • Enable emoji reactions and friend connections
  • Provide premium features for subscribers

Safety & Moderation

  • Review content for compliance with community guidelines
  • Prevent spam, harassment, and inappropriate content
  • Investigate reports of violations
  • Enforce age verification (18+)

Improvement & Analytics

  • Analyze usage patterns to improve features
  • Fix bugs and enhance performance
  • Understand which topics resonate with users
  • Develop new features based on user needs

3. Anonymity Protection

Protecting your anonymity is central to our mission. Here's how we do it:

Technical Safeguards

  • Anonymous Matching: Our algorithm distributes letters without revealing sender identity
  • Data Separation: User identity and letter content are stored separately
  • IP Hashing: IP addresses are immediately hashed and cannot be traced back
  • No Metadata Tracking: We don't store timing patterns that could identify users

Policy Protections

  • Staff cannot access letter content except during reported violations
  • No real names required anywhere in the service
  • Limited data retention periods
  • Regular security audits and privacy assessments

⚠️ Important: While we implement strong technical protections, complete anonymity cannot be guaranteed in all circumstances. Please don't share personally identifiable information in your letters.

4. Information Sharing

We never sell your personal information. We may share limited information in these specific circumstances:

Service Providers

  • Cloud Infrastructure: Secure hosting and database services
  • Payment Processing: Stripe and Apple/Google for subscription billing
  • Analytics: Anonymized usage data for service improvement
  • Customer Support: Help desk and ticketing systems

Legal Requirements

  • When required by law or legal process
  • To prevent imminent harm to users or others
  • To investigate potential violations of our Terms
  • To protect our rights and safety

Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred. We'll notify users and ensure the same privacy protections apply.

5. Data Security

We implement industry-standard security measures to protect your information:

Technical Security

  • Encryption: All data encrypted in transit and at rest
  • Secure Authentication: Strong password requirements and optional 2FA
  • Regular Security Audits: Third-party security assessments
  • Access Controls: Limited employee access on need-to-know basis

Operational Security

  • Regular software updates and security patches
  • Incident response procedures
  • Employee security training
  • Backup and disaster recovery systems

6. Your Rights

You have several rights regarding your personal information:

Universal Rights

  • Access: Request information about data we have about you
  • Correction: Update or correct your account information
  • Deletion: Delete your account and associated data
  • Portability: Export your letter history (where technically feasible)

GDPR Rights (EU Users)

  • Right to object to data processing
  • Right to restrict processing
  • Right to lodge complaints with supervisory authorities
  • Enhanced consent and withdrawal rights

CCPA Rights (California Users)

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale (we don't sell data)
  • Right to non-discrimination for exercising rights

7. Cookies and Tracking

We use minimal tracking technologies to provide our service:

Essential Cookies

  • Authentication and session management
  • Security and fraud prevention
  • Basic app functionality

Analytics

  • Anonymized usage statistics
  • Performance monitoring
  • Feature usage analysis

We don't use advertising cookies or cross-site tracking. You can manage cookie preferences through your device settings.

8. Data Retention

We retain information only as long as necessary for legitimate purposes:

  • Account Data: Until account deletion or 3 years of inactivity
  • Letter Content: Available in your history until account deletion
  • Usage Data: Anonymized after 12 months
  • Support Records: 3 years for service improvement
  • Legal Hold: Extended retention if required by law

When you delete your account, we remove your personal information within 30 days, except where retention is required by law.

9. International Transfers

Honestly operates globally, and your information may be transferred to and processed in countries other than your own:

  • We use secure cloud infrastructure with global data centers
  • All transfers comply with applicable privacy laws
  • We implement appropriate safeguards for international transfers
  • EU data is processed with adequate protection mechanisms

10. Children's Privacy

Honestly is not intended for users under 18 years of age:

  • We require age verification during account creation
  • We don't knowingly collect information from minors
  • If we discover a minor's account, we'll delete it immediately
  • Parents can contact us if they believe their child has created an account

πŸ“ž Report Underage Users: If you believe someone under 18 is using Honestly, please contact us immediately at safety@honestly.app.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes:

  • We'll update the "Last Updated" date at the top
  • Material changes will be announced through in-app notifications
  • We may send email notifications for significant changes
  • Continued use constitutes acceptance of the updated policy

We encourage you to review this policy periodically to stay informed about how we protect your privacy.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your information, please contact us:

Privacy Officer: privacy@honestly.app
Data Protection: dpo@honestly.app
General Support: support@honestly.app
Mailing Address:
Honestly Privacy Team
123 Connection Street
San Francisco, CA 94102
United States

Response Time: We aim to respond to privacy inquiries within 30 days. For urgent safety concerns, contact us immediately.