1. Overview
Hello Technologies Ltd. ("Hello", "we", "our", or "us") operates the Hello mobile application and website (collectively, the "Service"). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our Service.
By creating an account or using Hello, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our Service.
Plain language summary: Hello is a social platform. To make it work, we need some of your information. We don't sell your data. We give you real controls over your privacy. We're transparent about everything on this page.
2. Information We Collect
AAccount Information
When you create an account, we collect:
- •Full name and username (publicly visible)
- •Email address (private, used for authentication and communications)
- •Password (stored as a one-way bcrypt hash — we cannot read it)
- •Phone number (optional)
BProfile Information
You may optionally provide:
- •Profile photo and cover photo
- •Bio (short personal description)
- •Date of birth
- •Country and city of origin and current residence
- •Occupation
- •Personal interests
Location information is self-reported — we do not collect your real-time GPS location.
CContent You Create
- •Posts (text and images)
- •Stories (images and videos, auto-expire after 24 hours)
- •Clips (short-form videos, up to 60 seconds)
- •Direct messages (text and voice notes)
- •Comments and replies (text and voice notes)
- •Anonymous Friday posts and comments
- •Whisper posts and whisper messages
- •Music attachments (song title, artist, and preview URL via iTunes)
DUsage & Interaction Data
- •Waves (follows) given and received
- •Post and clip likes, echoes (reposts), and bookmarks
- •Story and whisper post view records
- •Message read receipts
- •Search queries
- •Block and mute relationships
EDevice & Technical Information
- •Push notification token (to deliver notifications to your device)
- •IP address and general network information
- •Account creation and last-updated timestamps
3. How We Use Your Information
We use the information we collect to:
Provide the Service
Create and manage your account, display your profile and content, and enable all app features.
Enable Social Features
Show your posts to your wavers, deliver messages in real time, track waves and interactions.
Send Notifications
Alert you to new waves, likes, comments, echoes, mentions, and whisper messages via push notifications.
Safety & Security
Detect abuse, enforce our Terms, investigate reports, and protect users from harmful content.
Improve Hello
Understand how features are used to fix bugs, improve performance, and build new features.
Legal Compliance
Meet our obligations under applicable law and respond to lawful requests from authorities.
We do not use your personal data for advertising profiling, sell your data to third parties, or use your private messages for any purpose other than delivery.
5. Special Features & Privacy
Whisper Mode
Whisper is our ephemeral content feature. Here is exactly how it works:
- •Whisper Posts (single-view): Deleted permanently from our servers immediately after the first user other than you views them. We store a view record to prevent re-access.
- •Whisper Posts (24-hour): Automatically and permanently deleted after 24 hours regardless of view count.
- •Whisper Messages: Permanently deleted from our servers 5 seconds after being marked as read by the recipient.
Important: Although whisper content is designed to auto-delete, we cannot control screenshots or external recordings made by recipients. Do not send whisper content you would not want preserved.
Anonymous Friday
Anonymous Friday allows you to post in specific categories (Confessions, Truth or Dare, Freaky Friday, Questions) with your identity hidden from other users in the app interface.
- •Your post appears as anonymous to other users — your name and avatar are not displayed.
- •Your user ID is linked to your anonymous posts in our database for safety, moderation, and legal compliance purposes.
- •Hello staff with database access can identify the author of any anonymous post if required by law or our Trust & Safety investigation.
- •Comments on anonymous posts also appear anonymous in the UI, but commenter identity is similarly stored internally.
Note: Anonymity is an interface feature, not a guarantee of complete anonymity. Misuse of anonymous features may result in account action in accordance with our Terms.
Voice Messages & Comments
When you record voice messages or voice comments, audio files are uploaded to Cloudinary (our media provider) and linked to your account. Voice content is stored until you or the recipient deletes it, subject to the same retention rules as text messages. Whisper voice messages are subject to the same auto-deletion rules above.
Story Views
When you view someone's story, your user ID and view timestamp are recorded and visible to the story author. This lets creators see who viewed their content. Story view records are deleted when the story expires or is deleted.
Music Attachments
When you attach a song to a post, story, or clip, we store the song title, artist name, and a 30-second preview URL sourced from the iTunes Search API. We do not store full audio tracks.
6. Third-Party Services
Hello uses the following third-party services. Each has its own Privacy Policy governing how they handle your data:
Stores all uploaded images, videos, and audio files (posts, stories, clips, avatars, voice notes). Files are stored in organized folders on Cloudinary's cloud infrastructure.
We share your device's push notification token with Expo's servers to deliver real-time notifications. Expo does not receive your personal account information.
Used to search and attach songs to posts. Song previews are sourced from Apple's servers. We share your search query with Apple when you search for music.
Powers real-time message delivery and notifications. Your messages are transmitted through WebSocket connections. No message content is stored by the Socket.io library itself.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Account & profile data | Until you delete your account |
| Posts, clips, and comments | Until you delete them or your account is deleted |
| Stories | Auto-deleted 24 hours after creation |
| Whisper posts (single-view) | Deleted immediately after first view |
| Whisper posts (24-hour) | Deleted 24 hours after creation |
| Whisper messages | Deleted 5 seconds after being marked as read |
| Direct messages | Until deleted by either party or account deletion |
| Story view records | Deleted when the associated story expires |
| Push notification tokens | Until you uninstall the app or revoke permission |
| Backup / audit logs | Up to 90 days for security and compliance purposes |
When you delete your account, we initiate permanent deletion of your personal data within 30 days, except where retention is required by law or for legitimate safety purposes.
8. Your Rights & Choices
Request a copy of the personal data we hold about you.
Update or correct inaccurate information in your profile at any time.
Request deletion of your account and personal data. You can also delete individual posts, messages, and stories directly in the app.
Request your data in a structured, machine-readable format.
Ask us to restrict processing of your data in certain circumstances.
Object to our processing of your data where we rely on legitimate interests.
Where we rely on your consent, you may withdraw it at any time without affecting lawfulness of prior processing.
California Residents (CCPA)
California residents have the right to know what personal information we collect, disclose, or sell (we do not sell personal information); the right to request deletion; and the right to non-discrimination for exercising your rights. To submit a request, contact us at sayhelloapp26@gmail.com.
EEA / UK Residents (GDPR)
If you are in the European Economic Area or United Kingdom, you have the rights listed above under the GDPR or UK GDPR. You also have the right to lodge a complaint with your local supervisory authority. Our legal bases for processing are: contract performance (to provide the Service), legitimate interests (safety and improvement), and consent (where explicitly sought).
To exercise any of these rights, email us at sayhelloapp26@gmail.com. We will respond within 30 days.
9. Children's Privacy
Hello is not directed to children under the age of 13 (or 16 in the European Economic Area and UK). We do not knowingly collect personal information from children under these ages without verifiable parental consent.
If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at sayhelloapp26@gmail.com. We will promptly delete such information from our systems.
Users between 13 and 17 may use Hello only with verifiable parental or guardian consent. By registering, users aged 13–17 confirm that their parent or guardian has consented to their use of the Service.
10. Security
We implement appropriate technical and organisational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- •Passwords hashed using bcrypt with 12 salt rounds (one-way; we cannot recover your password)
- •All data transmitted over encrypted HTTPS/TLS connections
- •JWT-based authentication with token expiry
- •Access to production databases restricted to authorised personnel
- •Automated deletion of ephemeral content (whisper posts and messages)
However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security. If you believe your account has been compromised, contact us immediately at sayhelloapp26@gmail.com.
11. International Data Transfers
Hello operates globally. Your information may be transferred to and processed in countries other than your country of residence, including countries that may have different data protection laws.
Specifically, media files are stored on Cloudinary's infrastructure (with data centres in the US and EU), and push notifications are delivered via Expo's servers (US-based). Where transfers of EEA/UK personal data occur, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
By using Hello, you consent to the transfer of your information to countries outside your jurisdiction.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page and, where required by law or where changes are material, notify you via in-app notification or email at least 30 days before the changes take effect.
Your continued use of Hello after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact our Privacy team:
Company: Hello Technologies Ltd.
Privacy Email: sayhelloapp26@gmail.com
Subject line: Privacy Request – [Your Name]
We aim to respond to all privacy-related requests within 30 days. For EEA/UK GDPR requests, we will respond within 1 month as required by law.