Privacy Policy

Last Updated: December 24, 2025 (v1.0.1)

1. Introduction

HASHTAG IN TIME ("we," "our," or "us") respects your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application and website (hashtagintime.com).

By using the Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1. Account Information (Required)

To use the Service, you must sign in via Google or Apple. We collect:

  • Auth Tokens: To verify your identity.
  • Email Address: For account recovery and critical security notifications.
  • at_id (User ID): Your unique handle within the app.

2.2. User-Generated Content (UGC)

  • Signals (Posts) & Comments: Content you create, including text, hashtags, and images.
  • Interactions: "Resonate" actions (time donations), reports, and follows.
  • Block List: We store your list of blocked users (user_blocks) to hide their content from your feed.

2.3. Usage & Device Data

  • Device Info: Locale (for language settings), Timezone (for daily resets), and device model.
  • Transaction Data: We track your "Time" balance and purchase history via RevenueCat. We do not store credit card information; payments are processed by Apple (App Store) or Google (Play Store).

3. How We Use Your Information

We use your data to:

  • Operate the Time Economy: Manage your Free/Paid balances and enforce the 2400-hour limit.
  • Provide Core Features: Display the feed, execute the "Global Timer," and calculate hashtag rankings.
  • Safety & Moderation: Enforce our Zero Tolerance Policy against objectionable content using reporting and blocking systems.

4. Data Retention and Deletion (Crucial)

We have strict policies to minimize data storage:

4.1. Account Deletion

If you request account deletion in App Settings:

  • Soft Delete (Immediate): Your profile is anonymized ("Lost Survivor") and hidden from the public.
  • Hard Delete (Permanent): After a 30-day safety retention period, your personal data is permanently removed from our database (auth.users).

4.2. Content Expiration

  • Expired Signals: Signals that run out of "Time" disappear from the public feed.
  • Permanent Erasure: Expired data is permanently deleted from our servers approximately 24 days after expiration via automated jobs.

4.3. 5-Minute Deletion Rule

You acknowledge that you can manually delete your Signals only within 5 minutes of posting. After this window, the content persists until its "Time" expires or your account is deleted.

5. Sharing Your Information

We do not sell your data. We share it only with trusted service providers to operate the App:

  • Supabase: Backend database, authentication, and image storage.
  • RevenueCat: In-app purchase validation.
  • Upstash (Redis): Data caching for performance.
  • Google / Apple: OAuth login providers.

6. Your Rights

Depending on your location (e.g., GDPR, CCPA, Korea), you may have the right to:

  • Access: Request a copy of your data.
  • Rectify: Update your profile information.
  • Delete: Request account deletion (available in-app).
  • Block: Prevent specific users from interacting with you.

7. Children's Privacy

Our Service is not intended for children under 13. We do not knowingly collect data from children. If we discover such data, we will delete it immediately.

8. International Data Transfers

Your information may be transferred to and processed in countries where our servers (Supabase/AWS) are located. By using the Service, you consent to this transfer.

9. Contact Us

If you have questions about this Privacy Policy, please contact: