Privacy Policy

Introduction

TrueHaven ("we," "us," "our," or the "Company") operates the TrueHaven mobile application and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and ensuring transparency about our data practices. Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

1. Information We Collect

We collect information in several ways when you use our Service:

1.1 Information You Provide Directly

Account Information

• Apple ID identifier (when you sign in with Apple)
• Email address (if provided through Apple Sign In)
• Username (chosen by you, 3-15 characters)
• Display name
• Profile biography (up to 160 characters)
• Profile image
• Website link
• Location (if you choose to add it)

Content You Create

• Posts and text content (up to 500 characters per post)
• Images and videos you upload (up to 10 per post)
• Audio recordings (up to 3 minutes per attachment)
• Poll questions and options
• Comments and replies
• Direct messages
• Community messages
• Reactions (likes, reposts, quotes)

Communications

• Messages you send to other users
• Community chat messages
• Reports you submit about content or users
• Appeals you submit regarding moderation actions
• Support requests and correspondence with us
• Feedback and suggestions you provide

Settings and Preferences

• Theme preferences (light, dark, system)
• Language preferences
• Privacy settings (who can tag, mention, or message you)
• Notification preferences
• Calm Mode settings (metric visibility, notification batching)
• Feed preferences (content types, algorithm adjustments)
• Media settings (autoplay, quality, data saver)
• Quiet hours configuration
• Blocked and muted users
• Muted words and phrases

1.2 Information Collected Automatically

Device Information

• Device type and model
• Operating system and version
• Unique device identifiers
• Mobile network information
• App version
• Device name (for session management)

Usage Information

• Posts you view and interact with
• Features you use and frequency of use
• Time spent on the Service
• Navigation patterns within the app
• Search queries
• Content you engage with (likes, comments, shares)
• Communities you join and participate in
• Users you follow and interact with

Log Data

• IP address
• Access times and dates
• App crashes and error reports
• Pages and features accessed
• Actions taken within the Service
• Referring URLs and exit pages

Location Information

• General location based on IP address
• Precise location only if you explicitly grant permission and add location to your profile

1.3 Information from Third Parties

Apple Sign In

• We receive your Apple ID identifier
• Email address (if you choose to share it; may be a private relay address)
• Name (if you choose to share it on first sign-in)

Other Users

• When other users mention you in posts using @username
• When other users tag you in content
• When other users report your content or account
• When other users send you messages or follow requests

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Providing and Improving the Service

• Creating and managing your account
• Authenticating your identity and maintaining security
• Displaying your profile and content to other users
• Enabling you to create, share, and interact with content
• Facilitating direct messaging and community conversations
• Delivering notifications about activity relevant to you
• Processing your settings and preferences
• Personalizing your feed and content recommendations
• Enabling search functionality
• Providing customer support
• Analyzing usage patterns to improve features
• Developing new features and services
• Fixing bugs and resolving technical issues

2.2 Safety and Security

• Detecting and preventing fraud, abuse, and security threats
• Enforcing our Terms of Service and Community Guidelines
• Moderating content using automated and manual review
• Investigating reports of violations
• Protecting users from harassment, hate speech, and harmful content
• Implementing our strike system and enforcement actions
• Maintaining audit logs of moderation actions
• Verifying account authenticity
• Preventing spam and fake accounts

2.3 Personalization

• Customizing your feed based on your interests and interactions
• Providing algorithm transparency ("Why am I seeing this?")
• Recommending users to follow
• Suggesting communities to join
• Displaying trending content relevant to your interests
• Respecting your Calm Mode and feed preferences

2.4 Communications

• Sending push notifications about activity (likes, comments, follows, messages)
• Notifying you of important account or security updates
• Informing you of changes to our policies
• Responding to your support requests
• Sending service-related announcements

2.5 Legal and Compliance

• Complying with applicable laws and regulations
• Responding to legal requests and court orders
• Protecting our legal rights and interests
• Enforcing our agreements
• Cooperating with law enforcement when legally required

2.6 Research and Analytics

• Understanding how users interact with our Service
• Measuring the effectiveness of features
• Conducting aggregated, anonymized research
• Improving content moderation systems
• Analyzing trends and user behavior patterns

3. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

3.1 With Other Users

Based on your privacy settings, other users may see:

• Your public profile (username, display name, bio, profile image, link, location)
• Your posts, comments, and other public content
• Your follower and following counts (unless hidden via Calm Mode)
• Your engagement metrics (unless hidden via Calm Mode)
• Your online status (if enabled)
• Your community memberships and activity

For private accounts:

• Only approved followers can see your posts
• Follow requests require your approval
• Your content is not visible to non-followers

3.2 With Service Providers

We share information with third-party service providers who perform services on our behalf:

Amazon Web Services (AWS)

• Cloud infrastructure and hosting
• Media file storage (S3)
• Content delivery (CloudFront)
• Image and video moderation (Rekognition)

Firebase (Google)

• Push notification delivery (Firebase Cloud Messaging)
• Analytics and crash reporting

Apple

• Authentication services (Sign in with Apple)

These providers are contractually obligated to protect your information and may only use it to provide services to us.

3.3 For Legal Reasons

We may disclose your information if required by law or if we believe in good faith that such action is necessary to:

• Comply with legal obligations, court orders, or legal processes
• Protect and defend our rights or property
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of users or the public
• Protect against legal liability

3.4 Business Transfers

If we are involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

3.5 With Your Consent

We may share your information with third parties when you give us explicit consent to do so.

3.6 Aggregated or De-identified Information

We may share aggregated or de-identified information that cannot reasonably be used to identify you for research, analytics, or other purposes.

4. Data Retention

4.1 Active Accounts

We retain your information for as long as your account is active and as needed to provide you with the Service. This includes:

• Account information: Retained while your account exists
• Content you create: Retained until you delete it or your account
• Messages: Retained until deleted by participants or account deletion
• Usage data: Retained for analytics purposes (typically 2 years)
• Log data: Retained for security and debugging (typically 90 days)

4.2 Deleted Content

When you delete content:

• Posts, comments, and media are removed from public view immediately
• Data may persist in our backups for up to 30 days
• Some information may be retained if required for legal compliance or safety

4.3 Account Deletion

When you delete your account:

• Your profile becomes inaccessible immediately
• Your content is removed from public view
• We delete your personal data within 30 days
• Some information may be retained for legal compliance, fraud prevention, or safety (such as records of violations)
• Anonymized or aggregated data may be retained indefinitely

4.4 Deactivated Accounts

If you deactivate your account:

• Your profile and content become hidden
• Your data is retained to allow reactivation
• After 1 year of inactivity, we may treat it as a deletion request

4.5 Legal Holds

We may retain information longer if required for:

• Ongoing legal proceedings
• Regulatory investigations
• Compliance with legal obligations
• Enforcement of our policies

5. Data Security

We implement comprehensive security measures to protect your information:

5.1 Technical Safeguards

• Encryption of data in transit using TLS/SSL
• Encryption of sensitive data at rest
• Secure password hashing using bcrypt
• JWT-based authentication with token expiration
• Regular security audits and penetration testing
• Automated vulnerability scanning
• DDoS protection
• Rate limiting to prevent abuse

5.2 Access Controls

• Role-based access control for employees
• Multi-factor authentication for administrative access
• Audit logging of all administrative actions
• Principle of least privilege for data access
• Regular access reviews and revocation

5.3 Infrastructure Security

• Hosting on secure, certified cloud infrastructure (AWS)
• Network segmentation and firewalls
• Regular security patches and updates
• Backup and disaster recovery procedures
• Incident response procedures

5.4 Organizational Measures

• Employee security training
• Confidentiality agreements
• Background checks for employees with data access
• Security policies and procedures
• Regular policy reviews and updates

5.5 Your Responsibilities

You are responsible for:

• Keeping your device secure
• Not sharing your account credentials
• Logging out of shared devices
• Reporting suspicious activity
• Using strong, unique passwords (for admin accounts)

Despite our efforts, no security measure is perfect. We cannot guarantee absolute security of your information.

6. Your Privacy Rights

6.1 Access Your Data

You have the right to access the personal information we hold about you. You can:

• View your profile and settings within the app
• Request a copy of your data through Settings > Data Export
• Contact us for additional information

6.2 Correct Your Data

You can update or correct your information at any time by:

• Editing your profile in the app
• Updating your settings and preferences
• Contacting us for assistance

6.3 Delete Your Data

You have the right to delete your data:

• Delete individual posts, comments, or messages within the app
• Delete your entire account through Settings > Account > Delete Account
• Contact us for assistance with deletion requests

6.4 Data Portability

You can request a portable copy of your data:

• Use the Data Export feature in Settings
• Receive your data in a machine-readable format
• Export includes your profile, posts, media, and settings

6.5 Object to Processing

You may object to certain processing of your data:

• Opt out of personalized recommendations by adjusting algorithm settings
• Disable location tracking
• Adjust notification preferences
• Enable Calm Mode to hide engagement metrics

6.6 Restrict Processing

You may request that we restrict processing of your data in certain circumstances while we verify your request or address your concerns.

6.7 Withdraw Consent

Where we rely on consent, you may withdraw it at any time by:

• Adjusting your privacy settings
• Revoking permissions in your device settings
• Contacting us directly

6.8 Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe we have violated your privacy rights.

6.9 Exercising Your Rights

To exercise these rights, contact us at privacy@truehaven.app. We will respond within 30 days (or as required by applicable law).

7. Children's Privacy

7.1 Age Requirements

The Service is not intended for children under 13 years of age (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under 13.

7.2 Parental Rights

If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately at privacy@truehaven.app. We will take steps to delete such information.

7.3 Discovery of Child Users

If we discover that we have collected personal information from a child under 13, we will:

• Delete the account and associated data promptly
• Take reasonable steps to prevent future collection
• Notify the parent or guardian if possible

7.4 Teen Users (13-17)

For users between 13 and 17:

• We encourage parental involvement in online activities
• Additional privacy protections may apply
• Certain features may be restricted based on age
• Parents may contact us with concerns about their teen's account

8. International Data Transfers

8.1 Data Location

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our servers and service providers are located.

8.2 Transfer Safeguards

When we transfer data internationally, we implement appropriate safeguards:

• Standard Contractual Clauses approved by relevant authorities
• Adequacy decisions where applicable
• Binding Corporate Rules where appropriate
• Your consent where required

8.3 Privacy Shield

While the EU-US Privacy Shield framework is no longer valid for transfers from the EU, we continue to apply its principles where applicable.

9. Third-Party Services

9.1 Third-Party Links

The Service may contain links to third-party websites, services, or content. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

9.2 Third-Party Authentication

When you use Apple Sign In:

• Apple's privacy policy applies to their services
• We receive limited information as described in Section 1.3
• You can manage your Apple ID settings through Apple

9.3 Third-Party Integrations

We may offer integrations with third-party services. Your use of such integrations is subject to the third party's terms and privacy policy.

10. Cookies and Tracking Technologies

10.1 Mobile App

Our mobile application may use:

• Local storage for settings and preferences
• Device identifiers for authentication and security
• Analytics SDKs for usage tracking (with your consent where required)

10.2 Web Services

If we offer web-based services, we may use:

• Essential cookies for authentication and security
• Preference cookies to remember your settings
• Analytics cookies to understand usage (with consent)

10.3 Managing Cookies

You can manage cookies through:

• Your browser settings
• Device settings for mobile identifiers
• In-app privacy settings

11. Do Not Track Signals

Some browsers send "Do Not Track" (DNT) signals. Due to the lack of a common standard for interpreting DNT signals, we do not currently respond to them. However, you can use the privacy controls in our app to manage tracking preferences.

12. California Privacy Rights

12.1 CCPA Rights

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know

• Categories of personal information collected
• Sources of personal information
• Business purposes for collection
• Categories of third parties with whom we share
• Specific pieces of personal information collected

Right to Delete

• Request deletion of your personal information
• Subject to certain exceptions (legal obligations, security, etc.)

Right to Correct

• Request correction of inaccurate personal information

Right to Opt-Out of Sale/Sharing

• We do not sell personal information
• We do not share personal information for cross-context behavioral advertising

Right to Limit Use of Sensitive Information

• We only use sensitive information for purposes permitted by law

Right to Non-Discrimination

• We will not discriminate against you for exercising your rights

12.2 Exercising CCPA Rights

To exercise your rights:

• Use in-app settings for access, correction, and deletion
• Contact us at privacy@truehaven.app
• Call us at [phone number]

We will verify your identity before processing your request.

12.3 Authorized Agents

You may designate an authorized agent to make requests on your behalf. We may require written authorization and verification of your identity.

12.4 Shine the Light

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information for direct marketing purposes.

12.5 California Minors

California residents under 18 may request removal of publicly posted content. Contact us at privacy@truehaven.app to make such a request.

13. European Privacy Rights

13.1 GDPR Rights

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of Access - Obtain confirmation of processing and access to your data
• Right to Rectification - Correct inaccurate or incomplete data
• Right to Erasure - Request deletion ("right to be forgotten")
• Right to Restrict Processing - Limit how we use your data
• Right to Data Portability - Receive your data in a structured, machine-readable format
• Right to Object - Object to processing based on legitimate interests or for direct marketing
• Rights Related to Automated Decision-Making - Not be subject to decisions based solely on automated processing that significantly affect you

13.2 Legal Bases for Processing

We process your data based on:

• Contract - To provide the Service and fulfill our agreement with you
• Legitimate Interests - For security, fraud prevention, service improvement, and analytics (where not overridden by your rights)
• Consent - Where you have given explicit consent (e.g., marketing communications)
• Legal Obligation - To comply with applicable laws

13.3 Data Controller

TrueHaven is the data controller for your personal information.

13.4 Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer at dpo@truehaven.app.

13.5 Supervisory Authority

You have the right to lodge a complaint with your local supervisory authority.

14. Changes to This Privacy Policy

14.1 Updates

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting the updated policy in the app
• Sending a push notification
• Emailing you (if you have provided an email address)
• Displaying a prominent notice in the app

14.2 Effective Date

Changes will be effective when posted unless we specify otherwise. Your continued use of the Service after changes indicates your acceptance.

14.3 Review

We encourage you to review this Privacy Policy periodically to stay informed about our practices.

14.4 Prior Versions

Prior versions of this Privacy Policy are available upon request.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us:

Email: privacy@truehaven.app
Data Protection Officer: dpo@truehaven.app

Mailing Address:
TrueHaven, Inc.
[Address]
[City, State, ZIP]
[Country]

Response Time: We aim to respond to all inquiries within 30 days.

Appendix: Categories of Personal Information

For transparency, here is a summary of the categories of personal information we collect: