Privacy Policy
In plain language
haelp is a small lab built by a human, for humans. We collect only what we need to make the app work. We don't track you, we don't sell your data, and we don't use advertising. If you want your data deleted, just ask.
Who we are
haelp is operated by Kevin Blumenstock ("we", "us", "our"). Contact: hello@haelp.org
What data we collect
| Data | Purpose | Stored where |
|---|---|---|
| Email address | Account creation and login | Supabase (EU — Frankfurt) |
| Display name (optional) | Personalization in the app | Supabase (EU — Frankfurt) |
| Password | Authentication (hashed, never stored in plaintext) | Supabase Auth (EU — Frankfurt) |
| Push notification token | Delivering daily reminders | Supabase (EU — Frankfurt) |
| Account status | App functionality | Supabase (EU — Frankfurt) |
| Experiment participation | Delivering experiment features | Supabase (EU — Frankfurt) |
| Newsletter email address | Sending updates from the lab (double opt-in) | Supabase (EU — Frankfurt) |
| Newsletter topic preferences | Sending only the updates you signed up for | Supabase (EU — Frankfurt) |
| IP address (newsletter signup) | Consent documentation (GDPR Art. 7) | Supabase (EU — Frankfurt) |
| Stripe customer ID | Linking payment to account | Supabase (EU — Frankfurt) |
| Payment information | Subscription processing | Stripe (not on haelp systems) |
What we do NOT collect
We do not collect: location data, contacts, photos, browsing history, device identifiers, advertising data, or analytics. We do not use cookies for tracking. We do not use any third-party analytics or advertising services.
How we use your data
- To provide and maintain the haelp app
- To send daily push notifications (if you opt in to experiments)
- To personalize your experience (display name, experiment participation)
- To process payments (via Stripe)
- To send newsletter emails you subscribed to (via Resend, double opt-in only)
We do not use your data for advertising, profiling, or automated decision-making.
Data processors
- Supabase (database, authentication, storage) — EU region (Frankfurt). Supabase Privacy Policy
- Stripe (payment processing) — PCI DSS compliant. Stripe Privacy Policy
- Expo / EAS (push notification delivery) — Expo Privacy Policy
- Resend (transactional and newsletter emails) — EU region (Ireland). Resend Privacy Policy
- Cloudflare (website hosting) — Cloudflare Privacy Policy
Your rights (GDPR)
As an EU resident, you have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion of your account and data
- Portability — receive your data in a portable format
- Object — object to processing of your data
- Withdraw consent — withdraw consent at any time (e.g., push notifications, newsletter)
To exercise any of these rights, email hello@haelp.org. We will respond within 30 days.
Data retention
We retain your data for as long as your account exists. When you request account deletion, we delete all personal data within 30 days. Payment records may be retained by Stripe as required by law.
Data security
All data in transit is encrypted via TLS (HTTPS). Data at rest is encrypted by Supabase. Passwords are hashed and never stored in plaintext. Payment data is handled exclusively by Stripe and never touches haelp systems.
Children
haelp is not intended for children under 16. We do not knowingly collect data from children.
Changes to this policy
We may update this policy from time to time. Significant changes will be communicated via email or in-app notification. The "last updated" date at the top reflects the most recent version.
Contact
Kevin Blumenstock
hello@haelp.org
haelp — a living lab for humanity