Privacy Policy

Draft for App Store submission. Review with counsel before launch.

Who we are

huk is a location-based social app for LGBTQIA+ adults, operated by the publishers of huk (the “Service”, “we”, “us”). For all privacy matters you can reach us at support@hukapp.io. For the purposes of EU data protection law, we are the data controller for the personal data described below.

What we collect

We only collect what we need to run the app. Specifically, we may process the following categories of personal data:

• Account data — email address (used as your sign-in) and a verification code sent during sign-in.
• Profile data— display name, age (must be 18+), bio, body type, height, weight, position, tribes, what you’re looking for, and any photos you choose to upload.
• Approximate location — taken only while the app is open and only with your permission. Used to show you who is nearby and to compute distance. Other users never see your precise location; they see a distance only.
• Content you create — Now statuses, messages you send, group memberships, photos in albums, reports you file.
• Device + technical data — push notification token, device model and OS version, IP address, app version, basic diagnostic logs.
• Privacy preferences — incognito mode, hide-distance, hide-online flags, blocks, and your PIN-Lock toggle (the PIN itself is stored only on your device).

We do not collect special-category data (race, religion, health, political opinions). We do not buy data about you from data brokers.

Why we process it (lawful basis)

Under EU GDPR Article 6, we rely on the following legal bases:

• Performance of a contract — to operate your account, deliver messages, run the grid, the map, groups, and albums. Without this, we cannot provide the Service.
• Consent — for optional features such as approximate location, push notifications, and uploading photos. You can withdraw consent at any time in your device settings.
• Legitimate interests — for security, abuse prevention, in-app reporting, fraud detection, and limited diagnostics. We balance this against your rights and only use the minimum data needed.
• Legal obligation — to respond to lawful requests from authorities and to comply with App Store, anti-abuse, and tax requirements where they apply.

Who we share it with

We use a small number of vetted processors to run the Service. They process data on our behalf under written agreements. Links go to each provider’s privacy policy.

• Apple Inc. — App Store distribution, in-app purchase processing, and Apple Push Notification service (APNs). Apple processes payment cards on its own terms; we never see your card details. Apple also receives a per-device push token and the notification payload when we send you a push. apple.com/legal/privacy.
• Supabase Inc. — database, file storage, and authentication infrastructure. Stores account, profile, message, and album data. supabase.com/privacy.
• RevenueCat, Inc.— subscription state management across devices. We share a pseudonymous user ID (your huk account UUID, never your email or name), the product purchased, purchase timestamp, and subscription status. RevenueCat’s SDK additionally collects device-level metadata (iOS version, country code) on its own. revenuecat.com/privacy.
• Resend — transactional email delivery (sign-in codes, support replies). Receives your email address and message content needed to deliver the email. resend.com/legal/privacy-policy.

We do not share personal data with advertisers, ad networks, data brokers, analytics companies, or social-media tracking pixels. We never sell or rent personal data.

We may disclose data if required by law, to comply with a valid legal process, or to protect the safety of our users (for example, in response to a credible threat of harm).

International transfers

Our processors may store or process data outside the European Economic Area, including in the United States. Where this happens, we rely on Standard Contractual Clauses (SCCs) and supplementary measures described in those processors’ sub-processor lists to keep your data protected to the standard required by EU law.

Subscription and billing data

When you start a HUK Premium subscription or free trial, payment is handled entirely by Apple under your Apple ID. We never see or store your card number, billing address, or any other payment instrument information.

To manage entitlements across your devices, we use RevenueCat, Inc. as a sub-processor. The data shared with RevenueCat is limited to:

• Pseudonymous user ID — your huk account UUID. Not your email, name, or any other directly identifying field.
• Product purchased — weekly, monthly, or yearly HUK Premium.
• Purchase timestamp.
• Subscription status — active, trial, cancelled, or expired.
• Device-level metadata — iOS version and country code, collected automatically by the RevenueCat SDK.

On our own servers we store a flag indicating whether your account is an active HUK Premium subscriber, and the timestamp of the most recent purchase, used solely for entitlement gating in the app.

Subscription and transaction records are retained for 7 yearsafter the most recent purchase, as required by Dutch tax law (the Belastingdienst’s 7-year recordkeeping rule under the Algemene Wet inzake Rijksbelastingen). After that period these records are deleted or anonymised.

DAC7 tax reporting

Under the EU Directive on Administrative Cooperation (DAC7), marketplace operators like Apple report seller information to EU tax authorities. Apple reports our business contact and revenue details to the Dutch tax authority (Belastingdienst) on our behalf. Your personal data is not included in DAC7 reporting — only ours, as the seller of the app.

How long we keep it

• Active accounts — for as long as your account is open.
• Deleted accounts — we hard-delete your profile, photos, messages, albums, and group memberships within 30 days of deletion. After that, only minimal records required for legal, anti-abuse, or audit purposes are kept.
• Subscription and billing records — retained for 7 yearsafter your last purchase under Dutch tax law, then deleted or anonymised. See “Subscription and billing data” above.
• Diagnostic logs — rotated within 30 days unless flagged for an active abuse investigation.
• Backups — encrypted backups expire on a 30-day rolling window; deleted records age out of backups within that window.

Deleting your account

You can delete your account directly from the iOS app at any time:

1. Open huk on your iPhone.
2. Go to Settings → Delete account.
3. Confirm. Your profile, photos, messages, and albums are queued for deletion.

Prefer email? Send a deletion request from the email address on file to support@hukapp.io. We will confirm and complete the deletion within 30 days.

Your rights

Under EU GDPR, UK GDPR, and similar laws, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure— ask us to delete your data (see “Deleting your account”).
• Restriction — ask us to pause processing while a dispute is resolved.
• Portability — receive your data in a structured, machine-readable format and have it transmitted to another controller.
• Objection — object to processing based on our legitimate interests.
• Withdraw consent — at any time, with no effect on processing carried out before the withdrawal.
• Complain— to your local supervisory authority. If you don’t know which one, the European Data Protection Board maintains a list at edpb.europa.eu.

To exercise any of these rights, email support@hukapp.io from the address on file. We will respond within 30 days.

California (CCPA / CPRA)

If you are a California resident, you have the right to know what personal information we collect, request deletion, correct inaccurate information, and opt out of any sale or sharing of personal data. We do not sell or share personal information for cross-context behavioural advertising. Send California requests to support@hukapp.io.

Children’s data

huk is for adults only. Use of the Service requires you to be at least 18 years old. We do not knowingly collect personal data from anyone under 18. If you believe a minor has created an account, email support@hukapp.io and we will remove it promptly.

Security

We use TLS in transit, encrypted-at-rest storage with our processors, scoped access controls, and PIN-Lock with biometric unlock on-device as an additional layer for the app itself. No system is perfect; if you spot a security issue, please report it to support@hukapp.io.

Changes to this policy

If we make material changes to this policy we will notify you in the app and update the “Last updated” date at the top of this page. Continued use after the change means you accept the updated policy.

Contact

Privacy questions, rights requests, complaints: support@hukapp.io.