Privacy
Policy.

Through this Privacy Policy, Hush informs Users on how their Personal Data is processed on the Application as well as on the Specific Rights that may be exercised.

The present Privacy Policy is an integral part of the General Services Conditions (G.S.C.), so that the definitions used in the latter are reused in the present Privacy Policy.

The following terms, whether used in the singular or plural, shall have the definition given in the G.S.C. or the following definition:

Intermediate Archiving

Movement of Personal Data still of administrative interest to Hush (e.g. in the event of litigation or a legal obligation) into a separate, restricted-access database — an intermediate step before deletion or anonymisation.

Recipients

All subcontractors, joint managers and recipients of Personal Data processed by Hush.

Safe Lock

A feature of the Application, activated at the User's discretion, allowing automatic blocking of Content including unwanted photographs of male genitalia.

Personal Data Regulations

Law n°78-17 of January 6, 1978 relating to data processing, files and freedoms, in application of EU Regulation 2016/679 (GDPR).

Account & Profile Creation

First name — Each user may keep their first name or choose a new one. Gender identity — Used for the use of the Hush application and services. Purposes: managing the commercial relationship and executing the contract. User consent is required for certain specific practices.

Profile Preferences

Profile preferences, spoken languages, Safe Lock activation, likes given to other users, and affinities. Used for managing reports, developing business statistics, analyses, and marketing tools. Legal basis: contract execution, legitimate interest, and user consent.

Contact Data

Phone numbers and email addresses. Used for managing specific rights exercises, outstanding payments, litigation, and fraud prevention. Legal basis: contract execution and compliance with legal obligations.

Logs & Connection Data

IP address, device, time, connection location, and login email. Used for managing registration, onboarding, and paid services. Legal basis: contract execution.

Contents & Moderation

Exchanged contents are stored by Hush, with restricted technical access except in cases of moderation. Moderation data includes automatic detection of extremist content, visuals with children, visuals with added text, and unwanted erotic photos. Legal basis: contract execution.

Support & Transactions

After-sales service support and transactional references communicated by Google or Apple. Transaction amounts and invoices used for contract execution and compliance with legal obligations.

Age & Identity Verification (Yoti)

To maintain a safe environment, Hush uses Yoti (Yoti Limited or Yoti USA Inc, depending on your region) to verify users' age and identity. Users may be asked to submit a selfie or identity document — transmitted solely to Yoti, acting as our data processor. Yoti performs biometric checks on secure UK servers and returns only the estimated age or identity check result. Once verification is complete, Yoti immediately deletes the selfie or ID document.

To learn more, see Yoti's privacy policy.

• Content — Retained for 24 hours unless moderated or extended by mutual consent.
• Identity verification — Identity documents retained for 7 days; verification results kept until account deletion.
• Account & Profile data — 6 months active storage after end of contractual relationship, then 4 years and 6 months in Intermediate Archiving.
• Financial data — 6 months active storage, then 9 years and 6 months in Intermediate Archiving.
• Connection logs — 1 year in active storage from the date of generation, pursuant to Article 6 of the Digital Economy Trust Law.

The Application is hosted by Google Cloud France SARL, 8 rue de Londres, 75009 Paris, France. VAT: FR78881721583. All precautions have been taken to store Users' personal data securely and prevent unauthorised access. Information will never be transmitted to third parties for commercial purposes, nor sold or exchanged.

Personal Data is accessible to authorised Hush employees and the following external Recipients:

All transfers are covered by adequacy decisions or standard contractual clauses. Hush may also share data with competent authorities, insurers, banking institutions, and professional advisors where required by law.

In accordance with the Data Protection Regulation, you may exercise the following rights at any time:

Right of Access (7.2)

You may obtain confirmation of whether your Personal Data is being processed and access that data, along with information on: purposes, categories of data, recipients, retention periods, your rights, complaint procedures, data origin, and automated decision-making.

Right of Rectification (7.3)

You may obtain correction of inaccurate or incomplete Personal Data without undue delay.

Right to Erasure (7.4)

You may request erasure when: the data is no longer necessary; you withdraw consent; you exercise your right to object; the data was unlawfully processed; erasure is required by law; or the data was collected from a child.

Right to Restriction (7.5)

You may request restriction of processing during accuracy verification, when processing is unlawful, when data is needed for legal claims, or when an objection is pending.

Right to Data Portability (7.6)

Where processing is based on consent or contract and carried out by automated means, you may receive your data in a structured, machine-readable format and have it transmitted directly to another controller where technically feasible.

Right to Object (7.7)

You may object at any time to processing based on Hush's legitimate interests, citing reasons related to your particular situation.

Post-Mortem Instructions (7.8)

You may provide instructions regarding the storage, erasure, and disclosure of your Personal Data after death, including designating a person responsible for execution. Your heirs may also contact Hush to access data necessary for estate settlement, close your account, or object to continued processing.

These rights may be exercised at any time by contacting Hush's Data Protection Officer:

Hush may request proof of identity. Responses are sent within 1 month of receipt, extendable by 2 months for complex requests.

You may also lodge a complaint with the CNIL (French Data Protection Authority).