Privacy Policy

1. Introduction

Harpenin ("we," "us," "our," or "Company") is committed to protecting your privacy and ensuring you have a positive experience on our mobile application ("App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

Please read this Privacy Policy carefully. If you do not agree with our practices, please do not use the App. Your use of the App signifies your acceptance of this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

Account Registration Information:

• Email address
• First and last name
• Username (unique identifier)
• Password or authentication credentials
• Profile picture/cover image
• Phone number (optional)
• Bio and description

Profile and Contact Information:

• Website or personal blog URL
• Social media handles (LinkedIn, Twitter, Instagram, Facebook)
• Professional information (company, job title, industry)
• Contact preferences and communication methods
• Location information

Event Information:

• Events you RSVP to or attend
• Interests and preferences
• Activities you participate in
• Events you create or organize (if applicable)

Communication Data:

• Direct messages and chat conversations
• Comments and posts
• Feedback and support inquiries
• Preferences for notifications and communications

Content You Create:

• Posts, photos, and videos
• Poll responses and ratings
• Comments and reactions
• Event reviews and recommendations

2.2 Automatically Collected Information

Device Information:

• Device type, model, and operating system
• Device identifiers (IDFA, AAID, device ID)
• Operating system version
• Mobile network information
• Device performance metrics

App Usage Information:

• Features accessed and usage patterns
• Time spent in the App
• Clicks, interactions, and navigation paths
• Search queries and filters applied
• Events viewed and engagement data
• Connection requests and social interactions

Location Information:

• Precise GPS coordinates (with your permission)
• City, state, and country location data
• Location history for event discovery
• Nearby events based on location

2.3 Information from Third Parties

• Profile data from social media accounts (if you link them)
• Authentication information from Google or Apple Sign-In
• Profile picture and name from third-party providers
• Attendee information when registering for events through partner organizers
• Information from payment processors for transactions

3. How We Use Your Information

3.1 Core Service Delivery

• Create and manage your account
• Deliver App features and functionality
• Process event registrations and RSVPs
• Facilitate event attendance and participation
• Provide customer support and technical assistance
• Send transactional emails and notifications

3.2 Personalization and Recommendations

• Generate personalized event recommendations
• Customize the event discovery experience
• Suggest connections and networking opportunities
• Tailor content and recommendations to your interests
• Improve search and filtering algorithms
• Provide location-based event discovery

3.3 Communication

• Send service updates and announcements
• Notify you of RSVP confirmations and event changes
• Send reminders for upcoming events
• Respond to your inquiries and support requests
• Send newsletters and promotional content (with consent)
• Communicate changes to Terms and Privacy Policy

3.4 Safety and Security

• Prevent fraud and unauthorized access
• Detect and prevent abuse or policy violations
• Enforce Terms and Conditions
• Protect the rights, property, and safety of users
• Comply with legal obligations
• Investigate and address security incidents

3.5 Analytics and Improvement

• Analyze App usage patterns and user behavior
• Track feature adoption and effectiveness
• Identify technical issues and performance problems
• Conduct user research and surveys
• A/B testing for feature improvements
• Generate anonymous aggregated statistics

4. Legal Basis for Processing (GDPR & Similar Laws)

Under applicable data protection laws, we process your information based on:

4.1 Lawful Bases

• Consent: For marketing communications and optional features
• Contract Performance: To deliver App services and fulfill your requests
• Legal Obligation: To comply with laws and regulations
• Legitimate Interests: To improve services, prevent fraud, and security
• Vital Interests: To protect safety and prevent harm
• Public Task: For activities serving public interest

5. Information Sharing and Disclosure

5.1 Public Information

The following information may be visible to other users:

• Username and profile name
• Profile picture
• Bio and description
• Event attendance and RSVP status
• Posts and comments
• Public profile information
• Social media handles
• Event reviews and ratings

5.2 Service Providers

We share information with third-party service providers who assist us:

• Cloud Infrastructure: Supabase for data storage and authentication
• Analytics: Firebase and other analytics providers
• Payment Processing: Payment processors for transactions
• Email Services: Email providers for communications
• Location Services: Google Maps for location-based features
• Authentication: Google and Apple for third-party authentication

5.3 Legal Requirements

We may disclose your information when required by subpoenas, court orders, government requests, or legal obligations.

5.4 Aggregated and De-Identified Data

We may share anonymized, aggregated data that cannot identify you for statistical analysis and research purposes.

6. Data Retention

6.1 Retention Periods

We retain your information for as long as necessary to:

Account Data:

• Retain indefinitely while account is active
• Delete within 90 days of account termination
• Comply with legal retention requirements (up to 7 years)

Communications:

• Retain for 3 years or as required by law
• Delete upon request unless legally required

Location Data:

• Retain for 90 days for event discovery
• Automatically delete after 90 days

Analytics Data:

• Retain for 12 months for analysis
• Aggregate into summary reports after 12 months

Payment Information:

• Retain for 7 years for tax/financial compliance
• Delete payment card information after transaction

7. Your Privacy Rights

7.1 General Rights

You have the right to:

• Know what personal information we collect and how it's used
• Access your personal information
• Correct inaccurate information
• Delete your information (with exceptions)
• Restrict how we process your information
• Data portability (receive information in portable format)
• Object to specific processing activities
• Withdraw consent at any time
• Lodge complaints with regulatory authorities

7.2 GDPR Rights (EU/UK Users)

EU and UK residents have enhanced rights including:

• Right of Access (Article 15): Receive a copy of your personal information
• Right to Rectification (Article 16): Correct inaccurate information
• Right to Erasure (Article 17): Request deletion of personal information
• Right to Restrict Processing (Article 18): Limit how we process your information
• Right to Data Portability (Article 20): Receive information in machine-readable format
• Right to Object (Article 21): Object to processing based on legitimate interests

Contact DPO: dpo@harpenin.com

7.3 CCPA Rights (California Users)

California residents have additional rights:

• Right to Know: What personal information is collected and how it's used
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of personal information "sales"
• Right to Non-Discrimination: Equal service regardless of privacy choices

Contact: privacy@harpenin.com

7.4 Exercising Your Rights

To exercise your privacy rights:

1. Email: Contact privacy@harpenin.com with verification documents
2. In-App: Use our privacy settings and request tools
3. Mail: Send requests to our mailing address

We will verify your identity before processing requests and respond within statutory timeframes (30-45 days typically).

8. Data Security

8.1 Security Measures

We implement comprehensive security measures:

Data Encryption:

• TLS 1.3 encryption for data in transit
• AES encryption for sensitive data at rest
• End-to-end encryption for private messages
• Secure key management and rotation

Access Controls:

• Role-based access control (RBAC)
• Authentication and authorization mechanisms
• Multi-factor authentication for sensitive operations
• Regular access audits

Infrastructure Security:

• Secure cloud infrastructure (Supabase)
• Firewalls and intrusion detection
• DDoS protection
• Regular security patches and updates
• Vulnerability scanning and penetration testing

8.2 Limitations

While we implement strong security measures, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your information.

8.3 Breach Notification

In case of a data breach affecting your information, we will investigate, assess the impact, and notify affected users and authorities as required by law.

9. Contact Information

9.1 Privacy Inquiries

For privacy questions, concerns, or requests:

9.2 California Notice (CCPA/CPRA)

California residents have the right to opt-out of the sale of personal information and automated decision-making. Contact privacy@harpenin.com to exercise these rights.

9.3 GDPR Notice (EU/UK Users)

EU and UK residents can exercise their data protection rights by contacting our Data Protection Officer at dpo@harpenin.com.

10. Acknowledgment

By using the Harpenin App, you acknowledge that you have read and understood this Privacy Policy and consent to our collection, use, and sharing of information as described herein.