Privacy Policy – HelloBuddy

Introduction

HelloBuddy ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("App") available on the Google Play Store.

By using HelloBuddy, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our App.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address (required for account creation and authentication)
• Password (stored securely using industry-standard hashing - never in plain text)
• Name (required for account identification)

1.2 Profile Information (Optional)

You may choose to provide additional profile information:

• First name and last name
• Date of birth and age
• Phone number
• Gender
• Address (street, city, state, zip code, country)
• Medical information (conditions, medications, blood type) - optional
• Physical information (height, weight) - optional

Note: All profile information is optional. You can use the App with only the required account information.

1.3 Check-in Data

We collect and store:

• Daily check-in status (whether you checked in or missed your check-in)
• Check-in timestamps (when you performed each check-in)
• Check-in time window preferences (your selected daily check-in time range)
• User responses (optional feelings, mood scores, notes, and answers to questions you choose to provide)

1.4 Emergency Contact Information

If you choose to add emergency contacts, we collect:

• Contact name
• Contact email address
• Contact phone number
• Notification preferences (email/SMS)

Important: You are responsible for obtaining consent from your emergency contacts before adding their information to the App.

1.5 App Usage Data

We collect basic usage information to provide app functionality:

• Streak tracking (consecutive check-in days)
• Achievement data (unlocked achievements and statistics)
• Notification settings (your preferences for receiving notifications)
• Authentication tokens (stored locally on your device for session management)

1.6 Device Information

We automatically collect standard technical information:

• Device type and operating system version
• App version
• Network information (IP address, connection type)
• Server logs (standard HTTP request/response logs)

This information is collected automatically through standard server logging and is used for app functionality, security, and troubleshooting.

1.7 Biometric Authentication (Local Only)

If you enable biometric authentication (fingerprint/Face ID):

• Biometric data is never transmitted to our servers
• Biometric authentication is handled entirely on your device
• We only store your email address locally (in device storage) to facilitate biometric login
• Your biometric data remains on your device and is managed by your device's operating system

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Core App Functionality

• Account Management: To create and manage your account, authenticate you, and provide access to the App
• Check-in System: To track your daily check-ins, maintain your check-in history, and detect missed check-ins
• Emergency Alerts: To send notifications to your emergency contacts when you miss a check-in (only if you have configured emergency contacts)
• Notifications: To send you reminders about check-ins and important app updates
• Streak & Achievements: To track and display your check-in streaks and achievements

2.2 Communication

• Email Notifications: To send you check-in reminders, missed check-in alerts, and important account information
• SMS Notifications: To send SMS alerts to your emergency contacts (if you have enabled SMS notifications and provided contact phone numbers)

2.3 Service Improvement

• Analytics: To understand how the App is used and improve our services (non-personal, aggregated data only)
• Troubleshooting: To diagnose and fix technical issues
• Security: To detect and prevent fraud, abuse, and security threats

2.4 Legal Compliance

• To comply with applicable laws, regulations, and legal processes
• To respond to lawful requests from government authorities

3. Data Storage & Security

3.1 Data Storage

Your data is stored securely using:

• Backend Hosting: Render.com (secure cloud hosting provider)
• Database: MongoDB Atlas (encrypted, secure cloud database)
• Data Location: Data is stored in secure data centers with industry-standard security measures

3.2 Security Measures

We implement appropriate technical and organizational security measures to protect your information:

• Password Security: Passwords are hashed using bcrypt (industry-standard hashing algorithm) and are never stored in plain text
• Encryption: Data transmission is encrypted using HTTPS/TLS
• Access Controls: Access to your data is restricted to authorized personnel only
• Regular Security Updates: We regularly update our systems and dependencies to address security vulnerabilities

3.3 Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law.

4. Third-Party Services

We use the following third-party services to operate the App:

4.1 Backend Hosting (Render.com)

• Purpose: Hosting our backend API and services
• Data Shared: All data necessary for app functionality
• Privacy Policy: Render.com Privacy Policy

4.2 Database (MongoDB Atlas)

• Purpose: Storing your account and app data
• Data Shared: All data necessary for app functionality
• Privacy Policy: MongoDB Privacy Policy

4.3 Payment Processing (Google Play Billing)

• Purpose: Processing subscription payments (when subscriptions are available)
• Data Shared: Payment information is handled by Google Play; we receive transaction confirmations only
• Privacy Policy: Google Privacy Policy

4.4 Email Service (SMTP/Nodemailer)

• Purpose: Sending email notifications and alerts
• Data Shared: Email addresses and message content
• Provider: Your configured SMTP service (e.g., Gmail, SendGrid)

4.5 SMS Service (Twilio - Optional)

• Purpose: Sending SMS notifications to emergency contacts (if enabled)
• Data Shared: Phone numbers and message content
• Privacy Policy: Twilio Privacy Policy

Important: We do not sell, rent, or share your personal information with third parties for their marketing purposes. Third-party services are used solely to provide App functionality.

5. Data Retention

5.1 Active Accounts

We retain your data for as long as your account is active and for a reasonable period thereafter to comply with legal obligations.

5.2 Deleted Accounts

If you delete your account:

• Your account information and personal data will be deleted within 30 days
• Some data may be retained for longer periods if required by law or for legitimate business purposes (e.g., fraud prevention)
• Emergency contact information will be deleted when you delete your account

5.3 Check-in History

Your check-in history is retained as long as your account is active. You can request deletion of specific check-in records at any time.

6. Your Rights & Choices

You have the following rights regarding your personal information:

6.1 Access

You can access your personal information through the App's profile and settings sections.

6.2 Correction

You can update or correct your information at any time through the App's settings.

6.3 Deletion

You can request deletion of your account and all associated data by:

• Using the account deletion feature in the App (if available), or
• Contacting us at the email address provided in Section 11

6.4 Data Portability

You can request a copy of your data in a machine-readable format by contacting us.

6.5 Opt-Out

• Notifications: You can disable push notifications and email notifications in the App settings
• Emergency Contacts: You can remove emergency contacts at any time
• Profile Information: You can delete optional profile information at any time

6.6 Biometric Authentication

You can enable or disable biometric authentication at any time in the App settings. Disabling biometric authentication will remove locally stored email information.

7. Children's Privacy

HelloBuddy is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

Age Requirement: You must be at least 13 years old to use HelloBuddy. If you are between 13 and 18, you must have your parent's or guardian's permission to use the App.

8. Subscription & Payments

8.1 Payment Processing

When you purchase a subscription (when available):

• Payments are processed through Google Play Billing
• We do not store your payment card information
• Payment information is handled by Google in accordance with their privacy policy

8.2 Subscription Data

We collect and store:

• Subscription status (active, expired, cancelled)
• Transaction confirmations from Google Play
• Subscription start and end dates

This information is used solely to manage your subscription and provide access to premium features.

9. International Data Transfers

Your information may be transferred to and stored in data centers located outside your country of residence. By using the App, you consent to the transfer of your information to these locations.

We ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy, regardless of where it is stored.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy in the App
• Updating the "Last Updated" date at the top of this policy
• Sending you an email notification (if you have provided an email address)

Your continued use of the App after any changes constitutes acceptance of the updated Privacy Policy.

We encourage you to review this Privacy Policy periodically.

11. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [Your Contact Email]
App Name: HelloBuddy
Package Name: com.hellobuddy.app

Response Time: We aim to respond to all inquiries within 30 days.

12. Additional Information

12.1 Data Controller

HelloBuddy is the data controller for your personal information collected through the App.

12.2 California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA). Please contact us using the information in Section 11 to exercise these rights.

12.3 European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including:

• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to object to processing
• Right to data portability

Please contact us using the information in Section 11 to exercise these rights.