FacebookSign in

Privacy Policy

Last updated: 2025-10-13

Your privacy matters to us. This policy explains what personal information we collect, how we use it, and the choices you have. This Privacy Policy works together with our Terms of Use.

1) Information We Collect

  • Account info: name, email, password hash, and optional profile details (bio, links, location, photo).
  • Community content: offers, requests, reviews, gratitude notes, messages, and any attachments you choose to share.
  • Usage data: device/browser info, IP address, pages viewed, and basic analytics events (if enabled).
  • Cookies/local storage: used for secure login sessions and basic preferences.

2) How We Use Information

  • Provide, secure, and improve the Service.
  • Create and manage your account and profile.
  • Enable community features (offers, requests, reviews, gratitude).
  • Communicate with you (e.g., confirmations, notifications, support).
  • Detect, prevent, and investigate abuse or violations of our policies.

3) Legal Bases (where applicable)

Depending on your location, we rely on consent, contract necessity (providing the Service), and legitimate interests (security, improvement) to process data.

4) Sharing & Service Providers

We use trusted providers to host and operate the Service (e.g., Supabase for auth, database, storage; Vercel for hosting). These providers process data on our behalf and follow contractual privacy and security commitments. We do not sell personal data.

5) Data Retention

We keep personal data for as long as needed to provide the Service and for legitimate business needs (e.g., security, backups), unless you request deletion or the account is closed, subject to legal obligations.

6) Security

We apply reasonable technical and organizational measures to protect data (TLS, access controls, role-based access, and audit). No method of transmission or storage is 100% secure, so we cannot guarantee absolute security.

7) Your Choices & Rights

  • Access, update, or delete your profile information.
  • Export your data on request.
  • Opt out of non-essential emails.
  • Depending on your region (e.g., GDPR/UK GDPR/CPRA), you may have additional rights: access, correction, deletion, portability, restriction, and objection. We’ll honor verified requests as required by law.

To exercise rights, contact us at privacy@harmonic.exchange.

8) International Transfers

We may process data in the country where you live and in other countries where our providers operate. We use appropriate safeguards where required.

9) Children

The Service is not directed to children under 16 (or the age of digital consent in your region). If you believe a child has provided us personal data, contact us and we will take appropriate steps.

10) Changes to This Policy

We may update this policy from time to time. If changes are material, we’ll provide reasonable notice (e.g., by email or an in-app notice).

11) Contact

Questions or requests? Email privacy@harmonic.exchange.