Privacy Policy

1. Who We Are (Data Controller)

DeepHush ("we", "us", "our") operates the DeepHush application ("Service") available via web and mobile apps.

Contact: privacy@deephush.app

2. Scope

This Privacy Policy applies to all users worldwide. Where required by law, additional regional rights are described below.

3. Data We Collect

4. Legal Basis (GDPR – Art. 6)

We process data based on:

• Contract performance (Art. 6(1)(b))
• Consent (Art. 6(1)(a))
• Legitimate interests (Art. 6(1)(f))
• Legal obligations (Art. 6(1)(c))

5. How We Use Your Data

• Provide and operate the Service
• Authenticate and manage accounts
• Store and retrieve user content
• Improve reliability and security
• Prevent abuse and fraud
• Comply with legal obligations

6. Data Storage & Processors

We use the following processors:

DeepHush uses Supabase as a data processor for authentication and data storage. Supabase processes data strictly under our instructions and complies with GDPR requirements.

All processors are GDPR-compliant or provide Standard Contractual Clauses (SCCs).

7. International Transfers

Where data is transferred outside the EU, we rely on:

• SCCs
• Adequacy decisions
• Equivalent safeguards

8. Retention

• Account data: retained while account is active
• Deleted accounts: data removed unless legally required
• Logs: short-term retention only

9. Your GDPR Rights

You have the right to:

• Access
• Rectification
• Erasure
• Restriction
• Objection
• Data portability
• Withdraw consent

Contact: privacy@deephush.app

10. Cookies & Local Storage

We use:

• Essential cookies / local storage
• Authentication tokens
• No advertising or tracking cookies unless explicitly stated.

11. Children

DeepHush is not intended for users under 16 years.

12. Updates

We may update this policy. Significant changes will be communicated in-app.