// PRIVACY

Privacy Policy

1. An overview of data protection

We built Huddle to be the anti-social network. That means we have zero interest in your data. We use End-to-End Encryption (E2EE) to ensure your content remains strictly yours. The following policy provides a simple overview of what happens to your personal information when you visit our website or use our app, in accordance with the General Data Protection Regulation (GDPR / DSGVO).

2. Data Controller

The data processing on this website and within the app is carried out by the website operator. The responsible party (Controller) is the same entity listed in our Impressum.

Because of the nature and size of our operation, we are not legally required to appoint a dedicated Data Protection Officer (Datenschutzbeauftragter).

3. Hosting and Content Delivery

Website Hosting: Our website is hosted by ZAP-Hosting GmbH, based in Frankfurt, Germany. When you visit our website, standard server log files are collected (e.g., IP address, browser type, time of access). These are kept for a maximum of 7 days for security and debugging purposes before being automatically deleted. The legal basis for this is Art. 6(1)(f) GDPR.

App Database: The backend infrastructure for the Huddle app is powered by Supabase, hosted on Amazon Web Services (AWS). We have concluded an appropriate Data Processing Agreement (DPA/AVV) with our providers to ensure your data is processed strictly according to European privacy standards.

External Fonts & Icons: For the visual design of our landing page, we use Google Fonts and Bootstrap Icons loaded via a Content Delivery Network (CDN). This means your browser establishes a connection to their servers, exposing your IP address. This is based on our legitimate interest in presenting a uniform and appealing website (Art. 6(1)(f) GDPR).

4. The Huddle App: Encryption & Metadata

The core philosophy of Huddle is privacy. We utilize the Signal Protocol to End-to-End Encrypt (E2EE) your messages, photos, notes, and lists. We physically cannot read your content.

Metadata: To route messages and make the app function, our server must process certain metadata in plaintext. Specifically, the server knows which User ID belongs to which Huddle (group), to deliver the encrypted blobs to the correct devices. This processing is strictly necessary for the fulfillment of our contract with you (Art. 6(1)(b) GDPR).

Analytics & Crash Reports: We do not use any telemetry, behavioral tracking, or crash reporting tools (like Firebase Crashlytics or Sentry) inside the app. Zero tracking means zero tracking.

5. Registration and Authentication

To use Huddle, you must create an account. You can do this via:

  • Email & Password: We store your email address securely to facilitate login and password recovery.
  • Apple / Google Sign-In: You can use third-party OAuth providers. If you do, we receive basic profile information (like your email address) to create your account.

The processing of this data is necessary to provide you with a user account (Art. 6(1)(b) GDPR).

6. In-App Purchases (Huddle Pro)

If you choose to upgrade to the €5/month Huddle Pro plan for more storage, the payment is processed entirely through Apple (App Store) or Google (Play Store) In-App Purchases. We do not collect, process, or store any of your financial data (like credit card numbers). We only receive a secure token confirming your subscription status so we can unlock the features. The processing of this status is necessary for the performance of a contract (Art. 6(1)(b) GDPR).

7. Your Rights (DSGVO)

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15): Request information about your stored data.
  • Right to rectification (Art. 16): Request correction of inaccurate data.
  • Right to erasure (Art. 17): Request the deletion of your data (The "No Hostage" guarantee).
  • Right to data portability (Art. 20): Receive your data in a machine-readable format.

To exercise these rights, simply contact us via the email address provided in our Impressum. You also have the right to lodge a complaint with the competent supervisory authority.