Privacy Policy – Heartbox
Last Updated: August 1, 2025
Quick Summary: Heartbox is a mental health support platform. We collect your account information, emotional expressions, and usage data to provide personalised emotional support. We use AI for content recommendations (optional). We don't sell or share your data for advertising purposes. You control your data and can delete it at any time.
1. Introduction
Defyd LLC ("Defyd," "Heartbox," "we," "our," or "us") operates the Heartbox platform—a social media app focused on mental health and emotional wellbeing. This Privacy Policy explains how we collect, use, share, and protect your information when you use our mobile application and related services.
Contact Information:
- Email: support@heartbox.app
- Address: STE 208 12052, 254 Chapman Road, Newark, Delaware 19702, USA
- Website: www.defyd.com
2. Information Collection Notice
🔒 IMPORTANT NOTICE FOR SENSITIVE DATA
Before using Heartbox, please understand that our app collects and processes sensitive personal information, including:
- Mental health and emotional data through your posts and expressions
- Usage patterns related to emotional support features
- Optional AI analysis of your emotional content
By continuing to use this app, you provide explicit consent for this sensitive data collection and processing as described in this policy.
3. What Information We Collect
Information You Provide
- Account Data: Name, email, phone number, login credentials
- Emotional Content: Posts, reactions, mood entries, reflections, journal entries
- Communication Data: Messages to support, feedback, and survey responses
- Settings: Language preferences, notification preferences, feature settings
Information Collected Automatically
- Usage Data: Features used, time spent, interaction patterns, session frequency
- Device Information: Device model, operating system, app version, device identifiers
- Technical Data: IP address, crash reports, error logs, performance metrics
- Location Data: Approximate location (only if you enable location services)
Information from Third Parties
- Authentication Services: If you sign in with Google/Apple, we receive basic profile information
- Analytics Providers: Aggregated usage statistics for app improvement
4. How We Use Your Information
Purpose | Data Used | Legal Basis |
Provide core app functionality | Account data, emotional content, and usage data | Contract performance |
AI-powered content recommendations | Emotional content, usage patterns | Legitimate interest (with opt-out option) |
Customer support | Account data, communication data | Legitimate interest |
App improvement and analytics | Usage data, technical data (aggregated) | Legitimate interest |
Safety and security | All data types as needed | Legitimate interest |
Legal compliance | All data types as required | Legal obligation |
5. Data Sharing and Third Parties
We share your information with:
Service Providers
- Cloud Hosting: AWS/Google Cloud (secure data storage)
- Analytics: App performance and usage analysis
- Customer Support: Help desk and communication tools
- Payment Processing: Subscription and payment handling
Legal Requirements
- Law enforcement, when legally required
- Regulatory authorities for compliance
- Court orders and legal processes
Business Transfers
- In case of merger, acquisition, or sale of assets
We DO NOT:
- Sell your personal information to third parties
- Share your data for advertising purposes
- Use your emotional content for marketing to others
6. Data Security
We implement industry-standard security measures:
- Encryption: Data encrypted in transit and at rest
- Access Controls: Role-based access with authentication
- Monitoring: Continuous security monitoring and threat detection
- Regular Audits: Security assessments and vulnerability testing
7. Your Rights and Choices
Data Access and Control
- Access: View your personal information
- Correction: Update or correct your data
- Deletion: Delete your account and data
- Portability: Export your data (feature in development)
- Opt-out: Disable AI recommendations and analytics
Communication Preferences
- Notifications: Control push notifications and emails
- Marketing: Opt out of promotional communications (where applicable)
To Exercise Your Rights
Email support@heartbox.app with your request. We'll respond within 30 days.
8. AI and Automated Processing
AI Features (Optional):
- Content recommendations based on your emotional expressions
- Mood pattern analysis for personalised insights
- Community suggestions based on interests
Your Control:
- All AI features can be disabled in Settings
- AI analysis doesn't diagnose or provide medical advice
- You can opt out without affecting core app functionality
9. Data Retention
- Active Accounts: Data retained while your account is active
- Deleted Accounts: Data deleted within 90 days of account deletion
- Legal Requirements: Some data may be retained longer for legal compliance
- Aggregated Data: Non-personal aggregated data may be retained indefinitely
10. Age Requirements and Children's Privacy
- Minimum Age: 18 years old
- Under 18: Not permitted to use the service
- COPPA Compliance: We don't knowingly collect data from children under 18
11. International Data Transfers
Your data may be processed in:
- United States (primary servers)
- India (development and support operations)
We ensure adequate protection through:
- Standard contractual clauses
- Adequacy decisions, where applicable
- Your explicit consent for transfers
12. Cookies and Tracking
Currently, we don't use cookies or third-party tracking tools in our mobile app.
Future: If implemented, we'll update this policy and seek your consent where required.
13. California Privacy Rights (CCPA/CPRA)
California residents have additional rights:
- Right to Know: Categories and specific pieces of personal information collected
- Right to Delete: Request deletion of personal information
- Right to Opt-Out: Opt out of the sale of personal information (we don't sell data)
- Right to Non-Discrimination: Equal service regardless of privacy choices
14. European Privacy Rights (GDPR)
EU residents have additional rights:
- Lawful Basis: We process data based on consent, legitimate interest, or legal obligation
- Data Protection Officer: Contact support@heartbox.app for privacy matters
- Supervisory Authority: You can file complaints with your local data protection authority
15. Policy Updates
How We Notify You:
- In-app notification for material changes
- Email notification to your registered email
- Updated "Last Updated" date at the top of this policy
Your Options:
- Review changes before they take effect
- Contact us with questions or concerns
- Delete your account if you disagree with the changes
16. Contact Us
Privacy Questions: support@heartbox.app Data Requests: Include "Privacy Request" in the subject line Response Time: We respond within 30 days
Mailing Address: Defyd LLC, STE 208 12052, 254 Chapman Road, Newark, Delaware 19702, USA
Key Changes from Previous Version:
- Added prominent sensitive data collection notice
- Enhanced third-party sharing disclosure
- Improved user rights section
- Added platform-specific compliance requirements
- Clarified AI feature controls
- Enhanced security measures description