Privacy Policy

Last updated: May 18, 2026 Effective: May 18, 2026

This Privacy Policy describes how HuffTech LLC ("HuffTech," "we," "us," or "our") collects, uses, shares, and protects information when you use the UnSocial mobile application and related services (the "Service").

By creating an account or using the Service, you agree to this Privacy Policy. If you do not agree, do not use the Service.

At a glance

1. Who we are

The Service is provided by HuffTech LLC, a North Carolina limited liability company.

Contact: charlie@hufftek.com

Mailing address:

HuffTech LLC

PO Box 15599

Wilmington, NC 28408

USA

Website: https://hufftek.com

2. Information we collect

We collect three categories of information: information you give us, information we collect automatically when you use the Service, and information we receive from third parties.

2.1 Information you give us

Account information. When you create an account, we collect:

• Email address
• Password (handled and stored by Firebase Authentication; we never see or store your password directly)
• Username
• For Sign in with Apple users: the Apple-issued private relay email or your real email if you choose to share it, plus your name as you provide it to Apple

Profile information. When you complete your profile or edit it later, you may provide:

• First and last name
• Profile photo (taken with the front camera or selected from your photo library)
• Selfie verification photo (front-camera selfie used to mark your account as "selfie verified")
• Bio
• Date of birth (used at signup to verify you are 18+; we store only your age as an integer, not the date of birth itself, in our database)
• Gender
• Interests
• School affiliation, school email, and school verification status (optional; for joining school communities and .edu domain matching)
• Privacy preferences (private profile, hide activities and trips, blocked users)

Phone number (optional). If you choose to enable contact discovery, you may verify a phone number via SMS using Firebase Phone Authentication. We store:

• Your phone number in E.164 format
• A SHA-256 hash of your normalized phone number, used to match you with friends who already have you in their contacts

You can decline this and continue using the Service without it.

Content you create. When you use the Service, we collect and store the content you generate, including:

• Activities, trips, events, and groups you create or host (titles, descriptions, locations, coordinates, dates, prices, capacity, age and gender restrictions, host-confirmed attendees)
• Posts and stories (photos, videos, captions; stories expire automatically after a period set in the app)
• Comments, likes, host ratings, and compliments you submit
• Direct messages and group chat messages (in 1:1 chats, group chats, activity chats, and trip chats)
• Reports you submit about other users, activities, trips, posts, or comments

Communications with us. When you contact us by email or otherwise, we keep a record of the conversation.

2.2 Information collected automatically

Device and app data. We automatically collect:

• Device type, model, operating system version, language, time zone
• App version, build number, and bundle identifier
• Crash and diagnostic information generated by iOS
• Approximate identifiers needed to operate Firebase services (installation IDs, project tokens)

Location data. UnSocial uses Apple Core Location with "While Using the App" permission only. We do not request "Always" or background location.

• We use your device's current location while the app is in the foreground to: sort activities, trips, and events by distance, center maps near you, and filter content by proximity.
• We do not continuously track your location, share it with other users in real time, or store a location history of your device on our servers.
• The coordinates of an activity, trip, event, or group venue that you create or join are stored on our servers as part of that listing's record. Anyone who can view the listing can see those coordinates.

Push notification token. When you enable notifications, Apple Push Notification Service issues a token that we store via Firebase Cloud Messaging. We use it to deliver notifications about chats, RSVPs, friend requests, attendance confirmations, and activity reminders. Tokens are stored at users/{your_user_id}/fcmTokens/... in our database.

In-app purchase state. If you subscribe to a paid tier or purchase boosts, we store your subscription tier and remaining boost balance. Apple processes the actual payment — we do not see or store your payment card, Apple ID password, or full transaction details. We rely on StoreKit transaction receipts.

Server-side analytics. We use Firebase server logs and Firestore audit data to operate the Service, detect abuse, and debug issues. UnSocial does not currently link the Firebase Analytics SDK or Crashlytics in the iOS app, and we do not embed any third-party advertising or tracking SDKs.

2.3 Information from third parties

Sign in with Apple. If you sign in with Apple, Apple shares with us a stable user identifier and (at your choice) your name and email or a private relay email.

Contacts (optional). If you grant Contacts access, the app reads your device contacts on your device only to find people you know who are already on UnSocial. We do not upload your full contact book to our servers. We may compute SHA-256 hashes of phone numbers locally and query our database for matches against the hashed phone numbers of users who have opted into contact discovery.

Other users. Other users may name, mention, message, invite, rate, compliment, or report you. That content becomes part of our records.

3. Information we do not collect

For clarity, UnSocial does not collect or process:

• Background location (while the app is closed)
• Real-time live location sharing between users
• Microphone/audio recordings (we do not request microphone permission; videos in stories may contain audio that you originally recorded outside our app)
• Calendar data
• HealthKit, contacts birthdays, financial accounts, or biometric data
• Your full date of birth (we discard the date and store only the verified age)
• Advertising identifiers for third-party ad networks
• Government IDs or third-party identity verification data (selfie verification is a self-uploaded photo, not third-party identity verification)

4. How we use information

We use information to:

• Create and operate your account, including age verification at signup
• Provide core features (activities, trips, events, groups, posts, stories, chat, friends, follows, search, maps, ratings)
• Match you with users you know via hashed phone-number matching, when you opt in
• Verify school affiliation when you choose to link a school email
• Operate selfie verification and gate features that require it (joining certain activities, trips, or events)
• Process subscription tiers and boost purchases via Apple StoreKit
• Send transactional and safety-critical notifications (chat messages, RSVPs, attendance confirmations, reminders, security alerts)
• Send service updates, important policy changes, and infrequent product updates by email or push
• Detect, investigate, and prevent abuse, harassment, fraud, spam, scams, and violations of our Terms of Use, including by reviewing reports submitted by users
• Enforce our Terms of Use and ban users who violate them
• Comply with applicable law and respond to valid legal process
• Protect the rights, safety, and property of HuffTech LLC, our users, and the public

We do not use your information for cross-site behavioral advertising. We do not allow third-party advertising on the Service.

5. How information is shared

5.1 With other users

UnSocial is a social product, so much of what you create is visible to others by design:

• Profiles (default — public). If you do not turn on Private Profile in Settings, other signed-in users can view your profile information in the app, including your username, name, profile photo, bio, and interests.
• Private Profile. If you enable Private Profile (Friends Only), other signed-in users can still find you in search and see your name and profile photo so they can send a follow request. Your posts, activities, trips, and other detailed profile content are only shown in the app to users who follow you (and to you on your own account), subject to your Hide Activities & Trips setting.
• Sensitive account fields. Your phone number and school email address are used only for account features you opt into (verification, school communities, contact discovery). We do not display your full phone number on your public profile.
• Activities, trips, events, posts, stories, comments, ratings, and compliments you create are visible according to the audience you choose (e.g., public, group-only, friends-only, or invite-only). Once another user has seen, reposted, screenshotted, or interacted with your content, we cannot recall it from them.
• Hosts can see who has joined or RSVP'd to their activity, trip, or event, including your username, profile photo, and (if you enabled it) your selfie-verification status.
• Chat messages are visible to the other party or members of the chat. Group, activity, and trip chats are visible to everyone in that chat.
• Friends and followers. Mutual friends and your follower/following lists are visible according to your privacy settings.
• Hashed phone matching allows users who already have your phone number in their contacts to find your account by username if you have opted into contact discovery.

5.2 With service providers

We share information with the vendors that help us run the Service. The main ones are:

• Google LLC (Firebase) — Authentication, Cloud Firestore (database), Cloud Storage (photos and videos), Cloud Messaging (push), and Cloud Functions (server-side logic). Privacy: https://firebase.google.com/support/privacy and https://policies.google.com/privacy
• Apple Inc. — Sign in with Apple, Apple Push Notification Service, MapKit, and StoreKit (subscriptions and in-app purchases). Privacy: https://www.apple.com/legal/privacy/

These vendors process information under their own privacy commitments and only as needed to provide their services to us.

5.3 For safety, legal, and compliance

We may disclose information to:

• Comply with applicable law, regulation, legal process, or governmental request (including subpoenas, court orders, search warrants, and law-enforcement requests)
• Enforce our Terms of Use, including investigating violations and banning users
• Detect, prevent, or address fraud, security, or technical issues
• Protect the rights, property, or safety of HuffTech LLC, our users, or the public, including in connection with reports of harm, harassment, or unsafe in-person conduct in connection with a meetup organized through the Service

5.4 Business transfers

If HuffTech LLC is involved in a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar transaction, your information may be transferred as part of that transaction. We will notify you of any such transfer and any choices you have.

5.5 Aggregated and de-identified information

We may share aggregated or de-identified information that cannot reasonably be used to identify you (for example, total user counts, aggregate engagement metrics) with anyone, for any purpose, without restriction.

5.6 We do not sell your personal information

We do not sell personal information for money or other valuable consideration. We do not "share" personal information for cross-context behavioral advertising. We do not display advertising in the app.

6. Public visibility — important

Because UnSocial is a social meetup product, information you post can be seen, copied, screenshotted, redistributed, or shared by other users beyond our control. Anything you post — including photos, videos, comments, profile details, hosted activity locations, and chat messages — should be considered information that may become public. Please use good judgment about what you share.

7. In-person meetups

UnSocial helps users coordinate in-person meetings. We are a technology platform, not a chaperone. We do not conduct background checks, identity verification beyond user-uploaded selfie photos, or supervision of meetups. The locations and details of activities, trips, and events are visible to other users who can view that listing. If you choose to attend a meetup, you do so at your own risk — please read our Terms of Use for the full risk disclosure.

If you submit a report about another user, activity, trip, post, or comment, we may use the report (including its contents and metadata) to investigate, take enforcement action, comply with law, and improve safety.

8. Your choices and rights

8.1 Permissions

You can change permissions any time in iOS Settings → UnSocial:

• Location (turn off proximity features)
• Camera (turn off profile photos and selfie verification)
• Photo Library (turn off uploading photos and videos for posts and stories)
• Contacts (turn off contact discovery)
• Notifications (turn off push notifications)

Disabling these will prevent the related features from working.

8.2 Edit or hide information

You can update profile details, change your username, change your privacy settings, manage blocked users, and toggle "private profile" or "hide activities and trips" inside the app under Settings → Edit Profile.

You can hide a chat from your inbox via Hide Chat (this hides the chat for you only; the other party still sees it).

8.3 Marketing communications

We send infrequent service emails. You can unsubscribe from non-essential email at any time using the unsubscribe link or by emailing charlie@hufftek.com. Transactional and safety messages (security alerts, policy changes, in-app activity notifications) are part of the Service and cannot be opted out of without deleting your account.

8.4 Account deletion

You may delete your account inside the app at Settings → Delete Profile. When you confirm deletion, we run a server-side process that permanently removes, among other things:

• Your Firebase Authentication account
• Your user profile and subcollections (notifications, device tokens, friends, following, and similar data)
• Your reserved username
• Activities, trips, and events you created (including related chats and media)
• Posts, stories, comments, and messages you authored
• Groups you created
• Your profile, selfie, and story files in cloud storage
• Friend requests, follow requests, ratings, and compliments tied to your account

We also remove you from participant lists on activities, trips, events, and groups you joined but did not create. Direct message conversations you participated in are deleted.

Deletion may take up to a few minutes for accounts with large amounts of content. If deletion fails, you will see an error in the app — try again on a stable connection or contact charlie@hufftek.com.

Subscriptions are not cancelled by deleting your account. You must cancel an active subscription separately in iOS Settings → [your name] → Subscriptions, or it will continue to renew.

We may retain limited records where required by law, for fraud prevention, or to resolve disputes (for example, pending abuse reports we are legally obligated to keep).

8.5 California, Colorado, Connecticut, Virginia, Utah, and other state privacy rights

Depending on where you live, you may have rights to:

• Know / access the categories and specific pieces of personal information we have about you
• Correct inaccurate personal information
• Delete personal information (subject to the limits described in Section 8.4)
• Opt out of "sale" or "sharing" of personal information (we do not engage in either)
• Limit use of sensitive personal information
• Non-discrimination for exercising any of these rights
• Appeal a denial of your rights request

To exercise any of these rights, email charlie@hufftek.com. We will verify your request using your account credentials and respond within the timeframe required by your state's law (typically 45 days, extendable once).

You may also designate an authorized agent. We will require written proof of authorization.

8.6 Other jurisdictions

If you are in the European Union, United Kingdom, or another jurisdiction that grants additional rights (such as GDPR rights to data portability, restriction of processing, withdrawal of consent, and lodging a complaint with a supervisory authority), you may exercise those rights by emailing charlie@hufftek.com. The lawful bases on which we process personal data include performance of a contract (operating your account), consent (where you have given it), legitimate interest (improving and securing the Service), and legal obligation (responding to lawful requests).

9. Security

We use commercially reasonable administrative, technical, and physical safeguards to protect personal information, including:

• Encryption in transit (HTTPS/TLS)
• Encryption at rest for data stored in Firebase
• Authentication and access controls on our backend
• Firestore security rules that restrict reads and writes
• Selfie verification to mitigate impersonation
• Reporting, blocking, banning, and admin moderation tools

No security measure is 100% effective. You are responsible for keeping your account credentials secure and for the security of any device you use to access the Service. If you suspect unauthorized access, contact us immediately.

10. Data retention

We keep personal information as long as your account is active and as needed to provide the Service. After account deletion, residual content (Section 8.4) may persist in our systems indefinitely unless we receive a deletion request. We may retain backups, transaction logs, fraud-prevention records, moderation records of users we have banned, and information required to comply with law for as long as needed for those purposes.

11. International data transfers

We are based in the United States. Information we collect is processed in the United States and in any other country where our service providers (such as Google and Apple) operate. By using the Service, you consent to the transfer of your information to the United States and these other countries, which may have different data-protection laws than your home country.

12. Children

UnSocial is for users 18 and older. We require an age check at signup and reject account creation by anyone under 18. We do not knowingly collect personal information from anyone under 18, and we are not directed to children under 13 (COPPA). If you are a parent or guardian and believe your child has created an account, please contact us at charlie@hufftek.com and we will delete the account and any associated data.

13. Third-party services and links

The Service may contain links to third-party websites and services (for example, ticket URLs entered by event hosts, or Apple's subscription management page). We are not responsible for the privacy practices of those services. Review their policies before providing them information.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by:

• Updating the "Last updated" date at the top of this page
• Posting a prominent notice in the app or on our website
• Where required by law, sending you an email or push notification

Your continued use of the Service after a change becomes effective constitutes acceptance of the updated Privacy Policy.

15. Contact us

Questions, requests, or complaints about this Privacy Policy:

HuffTech LLC

charlie@hufftek.com

PO Box 15599

Wilmington, NC 28408

USA

https://hufftek.com