Last Update: 9th of September, 2025
PRIVACY POLICY
This Privacy Policy describes how Harrpy ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use harrpy.com (the "Website"), the Harrpy mobile application (the "App"), and all related services (collectively, the "Service").
By accessing or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.
1. Information We Collect
We collect several types of information from and about users of our Service.
Information You Provide Directly
Account Registration Information:
Email address
One-time password (OTP) for authentication (not stored, used for verification only)
No traditional passwords are used - authentication is via email OTP or OAuth
Full name (first name)
Profile photo(s)
Bio and personal description
Creator Profile Information:
Portfolio photos and images (1-6 photos)
Job title or profession
Social media handles (Instagram, TikTok, YouTube, Twitter/X) - optional
Follower range (e.g., "10K-25K") - self-reported
Languages spoken
Collaboration preferences (paid, barter, invite, ambassador)
Content tags and categories
Pricing range preferences
Style tags
Brand Profile Information:
Business name and display name
Business types and industry categories (multi-select)
Business photos (up to 6 photos)
Budget ranges for collaborations (optional)
Platform preferences (Instagram, TikTok, YouTube, etc.)
Types of creators sought (micro-influencer, macro-influencer, etc.)
Languages preferred
Business verification documents (business license, business email - optional)
Collab Card Information:
Collaboration title and description
Collaboration type (paid, barter, invite, ambassador)
Compensation details
Number of spots available
Start and end dates
Location and venue details
Requirements and deliverables
Communication and Messages:
In-app messages between matched users
Customer support inquiries and correspondence
Feedback, reviews, and ratings
Payment Information:
In-app purchases processed through Apple App Store or Google Play Store
Transaction history for coin purchases and boosts
No direct payment information is collected by Harrpy (handled by Apple/Google)
Transaction IDs and purchase receipts
Verification Information:
Government-issued ID documents (for identity verification via Veriff)
Business registration documents (business license)
Business email verification
Instagram business account verification (optional)
Selfie photos for identity verification (processed by Veriff, not stored by Harrpy)
Information Collected Automatically
Device and Usage Information:
Device type, model, and operating system
Unique device identifiers (IDFA, Android Advertising ID)
IP address
Browser type and version
App version and build number
Pages viewed and features used
Time spent on pages and in the app
Clicks, taps, and swipe actions
Crash logs and error reports
Performance metrics and analytics data
Location Information:
Precise GPS location (latitude and longitude) when you grant location permissions
Approximate location based on IP address
Location data is used for:
Showing nearby creators and brands
Distance-based filtering and ranking
Location-specific collaboration opportunities
Venue proximity calculations
Swipe and Interaction Data:
Profiles you swipe left or right on
Profiles you view or expand
Matches you create
Messages you send and receive
Collaboration cards you interact with
Filters and preferences you apply
Search queries and browsing behavior
Cookies and Similar Technologies:
Session cookies for authentication
Preference cookies for settings
Analytics cookies for usage tracking
Advertising cookies for targeted ads (if applicable)
Information from Third Parties
Social Media Platforms:
When you connect your Instagram, TikTok, YouTube, or Twitter/X accounts, we may collect:
Profile information (username, handle, profile picture)
Follower counts (self-reported or via API if connected)
Engagement rates (if connected via business/creator accounts)
Note: Social media connections are optional and only certain account types can be connected (e.g., Instagram Business/Creator accounts)
We do not automatically access or store your posts or content without your explicit action
Identity Verification Services:
Verification status and results from Veriff or similar services
Identity verification documents and photos
Fraud detection and risk assessment data
Payment Processors:
Transaction confirmations from Apple App Store and Google Play Store
Purchase history for coin packages
No subscription data (MVP uses coin-based system, not subscriptions)
Refund and chargeback information (handled by Apple/Google)
Analytics and Service Providers:
Usage analytics from PostHog
Error tracking and performance monitoring from Sentry
Push notification delivery status from Expo
In-app analytics and event tracking
App Store Platforms:
Purchase history from Apple App Store or Google Play Store
Coin purchase status and transaction receipts
App ratings and reviews (public)
How We Use Your Information
We use the information we collect for the following purposes:
Provide and Improve the Service
Create and manage your account via email OTP authentication
Enable profile creation and customization
Facilitate discovery and matching between creators and brands
Display profiles in swipe decks based on location and preferences
Enable in-app messaging between matched users via Supabase real-time
Process coin purchases through Apple App Store and Google Play Store
Provide customer support and respond to inquiries
Send transactional emails (OTP codes, account verification)
Improve app performance, features, and user experience
Develop new features and functionality
Personalization and Recommendations
Show you relevant profiles based on your location, preferences, and behavior
Rank and prioritize profiles in your swipe deck
Suggest collaboration opportunities that match your interests
Customize your experience based on your subscription tier
Remember your settings and preferences
Safety and Security
Verify your identity and prevent fraud
Detect and prevent spam, abuse, and prohibited conduct
Enforce our Terms of Use and community guidelines
Protect against security threats and unauthorized access
Monitor for suspicious activity and fake accounts
Investigate and respond to user reports and violations
Analytics and Research
Analyze usage patterns and trends
Measure feature adoption and engagement
Conduct A/B testing and experimentation
Generate aggregated, anonymized statistics and insights
Improve our algorithms and ranking systems
Marketing and Communications
Send you promotional emails about new features, updates, and offers (with your consent)
Display in-app announcements and notifications
Conduct surveys and request feedback
Promote the Service through advertising and marketing campaigns
Legal and Compliance
Comply with legal obligations and regulatory requirements
Respond to law enforcement requests and court orders
Enforce our legal rights and defend against claims
Prevent illegal activity and protect public safety
How We Share Your Information
We do not sell your personal information to third parties. However, we may share your information in the following circumstances:
With Other Users
Publicly Visible Profile Information:
Your profile is visible to other users based on their location and filters
Creators see brand Collab Cards and business profiles
Brands see creator profiles and portfolios
After matching, both parties can see each other's full profiles and communicate via in-app chat
What Other Users Can See:
Profile photos and portfolio images
Name, bio, and job title
Location (city/region, not exact address)
Distance from them (approximate)
Languages, tags, and preferences
Social media handles (if you choose to display them)
Verification status and badges
Collaboration history (number of completed collabs)
What Other Users Cannot See:
Your exact GPS coordinates
Your email address or phone number (unless you share it in chat)
Your payment information
Your swipe history (who you swiped left or right on)
Profiles you viewed but didn't swipe on
Your private messages with other users
With Service Providers
We share information with third-party service providers who perform services on our behalf:
Infrastructure and Hosting:
Supabase (PostgreSQL database, real-time messaging, authentication, image storage)
Supabase Storage for profile photos and message images
No separate CDN or cloud storage providers
Payment Processing:
Apple App Store (for iOS in-app purchases)
Google Play Store (for Android in-app purchases)
Expo In-App Purchases SDK (for purchase handling)
Identity Verification:
Veriff for identity and business verification
Verification data processed by Veriff, results stored in Supabase
Communication Services:
Supabase Auth for email OTP delivery
Expo Push Notifications for app notifications
No SMS providers
Analytics and Monitoring:
PostHog for usage analytics and event tracking
Sentry for error tracking and crash reporting
Custom analytics service for in-app event tracking
Customer Support:
Email-based support system
In-app feedback and reporting features
These service providers are contractually obligated to protect your information and use it only for the purposes we specify.
For Legal Reasons
We may disclose your information if required by law or if we believe in good faith that such disclosure is necessary to:
Comply with legal obligations, court orders, or government requests
Enforce our Terms of Use and other agreements
Protect the rights, property, or safety of Harrpy, our users, or the public
Prevent fraud, security threats, or illegal activity
Respond to claims of rights violations or harmful content
Business Transfers
If Harrpy is involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will notify you via email or prominent notice in the app before your information is transferred and becomes subject to a different privacy policy.
With Your Consent
We may share your information with third parties when you explicitly consent to such sharing, such as:
Sharing your profile with a specific brand or creator you choose
Posting your content on our social media channels (with permission)
Featuring your collaboration story in marketing materials (with consent)
Aggregated and Anonymized Data
We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you, such as:
Platform usage statistics and trends
Market research and industry insights
Performance benchmarks and metrics
Data Retention
We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy.
Active Accounts
While your account is active, we retain your profile information, messages, matches, and activity data
You can update or delete specific information from your profile at any time
Deleted Accounts
If you delete your account, we will delete or anonymize your personal information within 30 days
Some information may be retained for legal, security, or operational reasons:
Transaction records (for tax and accounting purposes)
Abuse reports and violation records (to prevent re-registration)
Backup copies (deleted within 90 days)
Aggregated analytics data (anonymized)
Legal and Compliance
Information subject to legal holds, investigations, or litigation is retained until the matter is resolved
Financial records are retained as required by tax and accounting laws (typically 7 years)
Inactive Accounts
Accounts inactive for more than 2 years may be automatically deleted after notice
You can reactivate your account before deletion by logging in
Your Privacy Rights and Choices
Depending on your location, you may have certain rights regarding your personal information.
Access and Portability
Right to Access: You can request a copy of the personal information we hold about you
Data Portability: You can request your data in a structured, machine-readable format (e.g., JSON, CSV)
How to Request: Email contact[at]harrpy.com with "Data Access Request" in the subject line
Correction and Update
Right to Correction: You can update or correct inaccurate information in your profile settings
How to Update: Log into your account and edit your profile, or contact us for assistance
Deletion and Erasure
Right to Deletion: You can request deletion of your account and personal information
How to Delete: Go to Settings > Account > Delete Account, or email contact[at]harrpy.com
Exceptions: We may retain certain information as described in Section 4.2 (legal, security, or operational reasons)
Opt-Out and Withdraw Consent
Marketing Communications:
Unsubscribe from promotional emails by clicking the "Unsubscribe" link in any email
Disable push notifications in your device settings or app settings
Opt out of SMS messages by replying "STOP" (if applicable)
Location Tracking:
Disable location permissions in your device settings
Note: Disabling location will limit all features of the app
Object to Processing
You can object to certain uses of your information, such as marketing or profiling
Contact us at contact@harrpy.com to exercise this right
Restrict Processing
You can request that we limit how we use your information in certain circumstances
Contact us at contact@harrpy.com to request restrictions
Lodge a Complaint
If you believe we have violated your privacy rights, you can file a complaint with us at contact@harrpy.com
You also have the right to lodge a complaint with your local data protection authority
Response Time
We will respond to your requests within 30 days
If we need more time, we will notify you and explain the reason for the delay
We may request additional information to verify your identity before processing your request
Security Measures
We take the security of your information seriously and implement industry-standard measures to protect it.
Technical Safeguards
Encryption:
All data transmitted between your device and our servers is encrypted using TLS/SSL
No passwords are stored (OTP-based authentication only)
Sensitive data at rest is encrypted by Supabase using industry-standard encryption
Access Controls:
Role-based access controls (RBAC) limit employee access to personal information
Multi-factor authentication (MFA) required for administrative access
Regular access reviews and permission audits
Infrastructure Security:
Firewalls and intrusion detection systems protect our servers
Regular security patches and updates
Automated vulnerability scanning and penetration testing
DDoS protection and rate limiting
Data Isolation:
User data is logically separated in our database
Production and development environments are isolated
Regular backups with encryption
Organizational Safeguards
Employee Training:
All employees receive privacy and security training
Confidentiality agreements and data handling policies
Background checks for employees with data access
Incident Response:
Security incident response plan and procedures
Regular security audits and risk assessments
Breach notification procedures
Vendor Management:
Third-party service providers undergo security assessments
Data processing agreements (DPAs) with all vendors
Regular vendor audits and compliance reviews
Data Breach Notification
In the event of a data breach that affects your personal information:
We will notify you via email within 72 hours of discovering the breach
The notification will include:
Description of the breach and data affected
Steps we are taking to address the breach
Recommendations for protecting your information
We will notify relevant authorities as required by law
Your Responsibility
While we implement strong security measures, you also play a role in protecting your information:
Keep your email account secure (used for OTP authentication)
Do not share OTP codes with anyone
Log out of your account on shared devices
Report suspicious activity immediately
Keep your device and app updated
Enable device-level security (passcode, biometrics)
No system is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You use the Service at your own risk.
Children's Privacy
Harrpy is not intended for users under the age of 18 (or the age of majority in your jurisdiction).
We do not knowingly collect personal information from children under 18
If you are under 18, do not use the Service or provide any information to us
If we discover that we have collected information from a child under 18, we will delete it immediately
Parents or guardians who believe their child has provided information to us should contact us at contact [at] harrpy [dot] com
International Data Transfers
Harrpy serves users globally. Your information may be transferred to, stored, and processed in countries other than your own.
Data Transfer Mechanisms
When we transfer data internationally, we use appropriate safeguards such as:
Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions by relevant authorities
Binding Corporate Rules (BCRs) where applicable
Your explicit consent for specific transfers
Countries Where Data May Be Processed
Your information may be processed in:
European Union (Supabase infrastructure, PostHog analytics)
United States (service providers, app stores)
Other countries where our service providers operate
Your Rights
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland:
You have additional rights under GDPR and similar laws
We will ensure adequate protection for your data when transferred outside these regions
You can contact us for more information about data transfer safeguards
Region-Specific Privacy Rights
Depending on where you live, you may have additional privacy rights under local laws.
European Economic Area (EEA), United Kingdom, and Switzerland
If you are located in the EEA, UK, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) and similar laws:
Legal Basis for Processing:
Consent: For marketing communications, cookies, and optional features
Contract Performance: To provide the Service and fulfill our obligations
Legitimate Interests: For analytics, fraud prevention, and service improvement
Legal Obligation: To comply with laws and regulations
Additional Rights:
Right to object to processing based on legitimate interests
Right to restrict processing in certain circumstances
Right to data portability in machine-readable format
Right to withdraw consent at any time
Right to lodge a complaint with your supervisory authority
GDPR Inquiries:
For GDPR-related inquiries, contact us at contact [at] harrpy [dot] com
California Residents (CCPA/CPRA)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Categories of Personal Information Collected:
Identifiers (name, email, IP address, device ID)
Commercial information (coin purchase history, no subscriptions in MVP)
Internet activity (swipe actions, app usage, profile views)
Geolocation data (GPS coordinates for location-based matching)
Professional information (business name, industry, job title, creator categories)
Inferences (preferences, behavior patterns, match predictions)
Sources of Personal Information:
Directly from you (account registration, profile creation)
Automatically collected (device data, usage analytics)
Third parties (social media APIs, verification services, payment processors)
Purposes for Collection:
Provide and improve the Service
Personalization and recommendations
Analytics and research
Marketing and communications
Safety and security
Legal compliance
Categories of Third Parties We Share With:
Service providers (hosting, analytics, payment processing)
Social media platforms (for account linking)
Verification services (identity and business verification)
Advertising partners (if applicable)
Your California Rights:
Right to Know: Request details about the personal information we collect, use, and share
Right to Delete: Request deletion of your personal information
Right to Correct: Request correction of inaccurate information
Right to Opt-Out: Opt out of the "sale" or "sharing" of your personal information (we do not sell data)
Right to Limit Use of Sensitive Information: Limit use of sensitive personal information
Right to Non-Discrimination: We will not discriminate against you for exercising your rights
How to Exercise Your Rights:
Email: contact [at] harrpy [dot] com with "California Privacy Request" in the subject line
Phone: (if applicable)
Online Form: (if available on website)
Verification Process:
We will verify your identity by matching information you provide with information we have on file
We may request additional information to confirm your identity
Authorized agents may submit requests on your behalf with proper documentation
Do Not Sell My Personal Information:
We do not sell personal information as defined by CCPA
We do not share personal information for cross-context behavioral advertising
Other U.S. States
If you are a resident of Virginia, Colorado, Connecticut, Utah, or other states with comprehensive privacy laws, you may have similar rights:
Right to access your personal information
Right to correct inaccurate information
Right to delete your personal information
Right to opt out of targeted advertising, sale of data, or profiling
Right to appeal our decision on your privacy request
Contact us at contact [at] harrpy [dot] com to exercise these rights.
Brazil (LGPD)
If you are located in Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD):
Right to confirmation of processing
Right to access your data
Right to correction of incomplete or inaccurate data
Right to anonymization, blocking, or deletion
Right to data portability
Right to information about sharing with third parties
Right to revoke consent
Contact us at contact [at] harrpy [dot] com to exercise these rights.
Australia (Privacy Act)
If you are located in Australia, you have rights under the Privacy Act 1988:
Right to access your personal information
Right to correct inaccurate information
Right to complain to the Office of the Australian Information Commissioner (OAIC)
Contact us at contact [at] harrpy [dot] com to exercise these rights.
Other Jurisdictions
If you are located in a jurisdiction with specific privacy laws not listed above, you may have additional rights under your local laws. Contact us at contact [at] harrpy [dot] com to inquire about your rights and how to exercise them.
Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience and collect usage data.
Types of Cookies We Use
Essential Cookies:
Session management and authentication
Security and fraud prevention
Load balancing and performance optimization
These cookies are necessary for the Service to function and cannot be disabled
Analytics Cookies:
Usage tracking and feature adoption
Performance monitoring and error tracking
A/B testing and experimentation
You can opt out via your browser settings
Preference Cookies:
Language and region preferences
Display settings and customization
Filter and search preferences
You can opt out via your browser settings
Advertising Cookies (if applicable):
Targeted advertising and retargeting
Conversion tracking and attribution
You can opt out via your browser settings or ad network opt-out tools
Third-Party Cookies
We may allow third-party service providers to place cookies on your device:
PostHog (EU-hosted analytics and event tracking)
Sentry (error tracking and performance monitoring)
No advertising or conversion tracking pixels in MVP
These third parties have their own privacy policies governing their use of your information.
Mobile App Tracking
In the mobile app, we use similar technologies:
Device Identifiers: IDFA (iOS), Android Advertising ID (Android)
SDKs: Third-party software development kits for analytics, crash reporting, and advertising
Local Storage: Cached data and preferences stored on your device
Managing Cookies and Tracking
Web Browsers:
Adjust cookie settings in your browser preferences
Use browser extensions like Privacy Badger or uBlock Origin
Enable "Do Not Track" (DNT) signals (we honor DNT requests)
Mobile Devices:
iOS: Settings > Privacy > Tracking > Disable "Allow Apps to Request to Track"
Android: Settings > Google > Ads > Opt out of Ads Personalization
Limit Ad Tracking in device settings
Opt-Out Tools:
NAI Opt-Out: http://optout.networkadvertising.org/
DAA Opt-Out: http://optout.aboutads.info/
EDAA Opt-Out: http://www.youronlinechoices.eu/
Note: Disabling cookies or tracking may limit functionality and features of the Service.
Third-Party Links and Services
The Service may contain links to third-party websites, apps, or services that are not operated by us.
Third-Party Websites
We are not responsible for the privacy practices of third-party websites
We encourage you to review the privacy policies of any third-party sites you visit
Clicking on third-party links is at your own risk
Social Media Platforms
When you connect your social media accounts (Instagram, TikTok, YouTube, Twitter/X):
You are subject to the privacy policies of those platforms
We only access information you authorize us to access
You can revoke access at any time via the platform's settings
Third-Party Services
We integrate with third-party services such as:
Payment processors (Stripe, PayPal, Apple Pay, Google Pay)
Identity verification services (Veriff)
Analytics platforms (Google Analytics, Mixpanel)
Cloud infrastructure (AWS, Google Cloud, Supabase)
These services have their own privacy policies and terms of service.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
Notification of Changes
When we make changes, we will:
Update the "Last Updated" date at the top of this Privacy Policy
Notify you via email if the changes are material
Display a prominent notice in the app or on the website
Request your consent if required by law
Your Acceptance
Continued use of the Service after changes take effect constitutes your acceptance of the updated Privacy Policy
If you do not agree with the changes, you must stop using the Service and delete your account
Review Regularly
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
Email: contact [at] harrpy [dot] com
We will respond to your inquiry within 30 days. If we need more time, we will notify you and explain the reason for the delay.
Definitions
For clarity, the following terms have the meanings set forth below:
"Personal Information" or "Personal Data": Information that identifies, relates to, describes, or can be reasonably linked to you, either directly or indirectly.
"Processing": Any operation performed on personal information, including collection, use, storage, disclosure, transfer, or deletion.
"Service Providers": Third-party companies or individuals that perform services on our behalf, such as hosting, analytics, payment processing, or customer support.
"Cookies": Small text files placed on your device to store information about your preferences, session, or usage.
"Device Identifiers": Unique identifiers assigned to your device, such as IDFA (iOS) or Android Advertising ID.
"Aggregated Data": Data that has been combined and anonymized so that it cannot reasonably be used to identify you.
"Anonymized Data": Data that has been irreversibly de-identified so that it can no longer be linked to you.
Consent and Acknowledgment
By using the Service, you acknowledge that:
You have read and understood this Privacy Policy
You consent to the collection, use, and sharing of your information as described
You understand your privacy rights and how to exercise them
You agree to receive communications from us as described in this Privacy Policy
If you do not agree with this Privacy Policy, you must not use the Service.
Thank you for trusting Harrpy with your information. We are committed to protecting your privacy and providing a safe, transparent, and user-friendly experience.
Download
Harrpy
to get started.
Get iOS app
"Harrpy turns your neighborhood into the next collab hub - one swipe at a time."
HARRPY
© 2026. Harrpy. All Rights Reserved.