Privacy Policy
Last updated: May 3, 2026
This Privacy Policy explains how Hoang An Nguyen ("we", "us", "our") collects, uses, and protects your personal data when you use the Huddle mobile application and related services (the "Service").
We are committed to protecting your privacy and processing your data in accordance with the General Data Protection Regulation (GDPR) and applicable German data protection law (BDSG).
1. Data Controller
The data controller responsible for your personal data is:
Hoang An Nguyen
Garnstraße 34, 14482 Potsdam
Email: a.n.develops@gmail.com
2. Information We Collect
2.1 Information You Provide
- Account data: Email address, display name, and password when you create an account
- Profile data: Profile picture (optional)
- Video content: Videos you record and upload to your Huddles
- Comments: Timestamped comments you post on other members' videos
- Group data: Huddle names and settings you create or configure
- Prompts: Weekly questions you suggest for your Huddle
2.2 Information Collected Automatically
- Device information: Device type, operating system version, app version
- Push notification tokens: Device tokens for delivering push notifications via Expo Push Service
- Usage data: App interactions, crash reports, and performance data collected through Firebase Analytics
- Authentication data: Login timestamps and authentication state managed by Firebase Authentication
2.3 Information We Do Not Collect
- We do not collect your location data
- We do not access your contacts or address book
- We do not track you across other apps or websites
3. How We Use Your Information
We use your personal data for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing the Service (account, video sharing, groups) | Performance of contract (Art. 6(1)(b)) |
| Sending push notifications (reminders, comments, reveals) | Consent (Art. 6(1)(a)) |
| Crash reporting and performance monitoring | Legitimate interest (Art. 6(1)(f)) |
| Preventing abuse and enforcing Community Guidelines | Legitimate interest (Art. 6(1)(f)) |
| Complying with legal obligations | Legal obligation (Art. 6(1)(c)) |
4. How We Share Your Information
We do not sell your personal data. We share your data only in the following circumstances:
- With your Huddle members: Your videos, comments, display name, and profile picture are visible to members of the Huddles you join
- Service providers: We use the following third-party services to operate Huddle:
- Google Firebase (Firebase Authentication, Cloud Firestore, Cloud Storage, Cloud Functions, Firebase Analytics) — Google LLC, USA
- Google Cloud Platform (Cloud Run, Cloud CDN) — for authenticated video streaming
- Expo / React Native (Expo Push Notification Service) — for delivering push notifications
- Legal requirements: We may disclose data if required by law, court order, or to protect the rights, safety, or property of our users or the public
5. International Data Transfers
Your data is processed using Google Firebase and Google Cloud Platform services, which may transfer and store data on servers located in the United States and other countries outside the European Economic Area (EEA).
These transfers are protected by:
- The EU-U.S. Data Privacy Framework, under which Google LLC is certified
- Standard Contractual Clauses (SCCs) approved by the European Commission
6. Data Retention
- Account data: Retained as long as your account is active. Deleted upon account deletion.
- Videos: Stored as long as the Huddle exists and you remain a member. You can delete individual videos. When you leave a Huddle or delete your account, your videos are removed.
- Comments: Retained as long as the associated video exists.
- Push notification tokens: Removed on logout or when the device is no longer registered.
- Analytics data: Retained according to Firebase Analytics default retention periods (up to 14 months).
We may retain certain data for longer periods where required by law or to resolve disputes.
7. Your Rights
Under the GDPR, you have the following rights:
- Access: Request a copy of the personal data we hold about you
- Rectification: Correct inaccurate or incomplete data (you can edit your display name and profile picture directly in the app)
- Erasure: Request deletion of your data (you can delete your account in the app's profile settings)
- Restriction: Request that we limit how we use your data
- Data portability: Receive your data in a structured, machine-readable format
- Objection: Object to processing based on legitimate interests
- Withdraw consent: Where processing is based on consent (e.g., push notifications), you can withdraw at any time through your device settings
To exercise any of these rights, contact us at a.n.develops@gmail.com.
You also have the right to lodge a complaint with a supervisory authority. In Germany, you can contact your state's data protection authority (Landesdatenschutzbeauftragte).
8. Children's Privacy
Huddle is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that a child under 13 has provided us with personal data, we will take steps to delete that information.
If you are between 13 and 16 years old and reside in the EU, you may need parental consent to use the Service, depending on your country's implementation of the GDPR.
9. Push Notifications
With your consent, we send push notifications to keep you informed about activity in your Huddles, such as:
- When new comments are posted on your videos
- When new members join your Huddle
- Reminders about upcoming video reveal times
- Nudges to post your weekly update
You can disable push notifications at any time through your device's notification settings. Your push notification token is removed when you log out.
10. Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encrypted data transmission (HTTPS/TLS)
- Firebase Authentication for secure login
- Firestore security rules restricting data access to authorized Huddle members
- Authenticated HLS video streaming with session-based access tokens
No method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it to a.n.develops@gmail.com.
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the app or by email. The "Last updated" date at the top of this page indicates when this policy was last revised.
12. Contact
If you have questions about this Privacy Policy or our data practices, contact us at:
Hoang An Nguyen
Garnstraße 34, 14482 Potsdam
Email: a.n.develops@gmail.com