Privacy Policy

Last updated: 26 February 2025

1. Introduction

Welcome to HeyU. We ("Shadow Particle AB", "we", "us", or "our") are committed to protecting your privacy and ensuring you have a positive experience using our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("App").

This Privacy Policy should be read in conjunction with our Terms of Service. By using the App, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

Basic Profile Information: Name, age, gender, location
Profile Content: Photos, interests tags, search tags, and preferences
Profile interactions: Collection of profiles you browse through our search function.
Communication: Messages exchanged with other users
Payment Information: When you make purchases, payment information is processed by Apple's App Store, not directly by us

2.2 Automatically Collected Information

Device Information: Device type, operating system, unique device identifiers
Usage Data: App features used, interaction patterns, time spent
Location Data: GPS location (with your permission)
Cookies and Similar Technologies: Data about how you use our service

3. How We Use Your Information

We use your information for the following specific purposes:

3.1 Account Creation and Management

We process your personal information to:

Create and maintain your user account
Authenticate your identity when you sign in
Update your profile information when requested
Manage your account settings and preferences

3.2 Profile Display and Search Functionality

We use your information to:

Display your profile to other users based on their search criteria
Enable other users to find your profile through search features
Show relevant profile information you've chosen to share
Implement your privacy and visibility preferences

3.3 Platform Safety and Security

We process data to:

Detect and prevent fraudulent activities
Identify and address potential security breaches
Monitor for suspicious behavior or violations of our terms
Protect our users from harassment and abuse
Maintain the overall integrity of our platform

3.4 Legal Compliance and Rights Protection

We use information as required to:

Comply with applicable laws and regulations
Respond to legal requests from authorized authorities
Protect our legal rights and interests
Enforce our terms of service
Address disputes and legal claims
Maintain required records for legal compliance

3.5 Service Improvement and Analytics

We use data to:

Analyze how users interact with our App
Improve existing features and develop new ones
Troubleshoot technical issues
Generate aggregated statistics and insights
Optimize user experience and interface

3.6 Communication with Users

We use your information to:

Send important service updates and notifications
Communicate about account status and features
Respond to your inquiries and support requests
Send information you have explicitly requested

4. Legal Basis for Processing (for EEA Users)

If you are in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

Performance of Contract: Processing necessary to provide the services you've requested under our Terms of Service
Legitimate Interests: Processing that serves our legitimate business interests or those of third parties while not overriding your rights and freedoms
Consent: Processing based on your specific consent, which you can withdraw at any time
Legal Obligation: Processing necessary to comply with our legal obligations
Vital Interests: Processing necessary to protect someone's vital interests

5. Information Sharing and Disclosure

5.1 Information Visible to Other Users

Profile name and photos
Age and location (approximate)
Interests and search tags
Other information you choose to make public

5.2 Information We Share with Third Parties

Service providers who assist in platform operation
Analytics partners (in anonymized form)
Law enforcement when required by law
New owners of HeyU in case of a business transfer

5.3 Service Providers

We may engage third-party companies and individuals to facilitate our App, provide the service on our behalf, perform service-related services, or assist us in analyzing how our App is used. These third parties have access to your personal information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

5.4 Business Transfers

If Shadow Particle AB or its assets are acquired by another company, or in the unlikely event that we go out of business or enter bankruptcy, user information would be one of the assets transferred to or acquired by the third party. You acknowledge that such transfers may occur, and that any acquirer of Shadow Particle AB may continue to use your personal information as set forth in this policy.

6. Your Privacy Rights and Choices

6.1 Rights for All Users

You have the right to:

Access your personal information
Update or correct your data
Delete your account and associated data
Control location sharing settings
Control visibility settings
Opt out of non-essential communications

6.2 European Economic Area (EEA) Specific Rights

If you are located in the EEA, you have these additional rights:

Right to be informed about our data processing
Right to restrict processing of your data
Right to object to processing of your data
Right to data portability
Right to withdraw consent
Right to lodge a complaint with a supervisory authority

6.3 California Specific Rights

California residents have the right to:

Know what personal information is collected
Know if personal information is sold or disclosed and to whom
Say no to the sale of personal information
Access your personal information
Request deletion of personal information
Not be discriminated against for exercising privacy rights

6.4 How to Exercise Your Rights

You can exercise your rights by:

Using the in-app features for account settings and preferences
Using the "Export My Data" feature in the App settings
Contacting us at support@shadowparticle.com for assistance
Following the instructions provided in our communications

7. Data Security

7.1 Our Security Measures

We implement appropriate technical and organizational measures to protect your personal information, including:

Secure authentication methods and session management
Role-based access control for user data
Data validation and sanitization
Regular security assessments of our application
Monitoring and logging of security events

7.2 Firebase Infrastructure

Our application is built on Firebase, a Google Cloud platform service. While Firebase provides infrastructure-level security:

We are responsible for properly implementing Firebase's security features
We configure Firebase Security Rules to control data access
We manage user authentication and authorization
We handle secure data structure and organization

7.3 Security Practices

To maintain the security of your data, we:

Test our security configurations
Monitor for unauthorized access attempts
Implement secure coding practices

7.4 Breach Notification

In the event of a data breach that affects your personal information, we will:

Notify you as required by applicable laws
Provide information about the breach and our response
Take measures to mitigate potential harm

8. Data Retention

8.1 Active Accounts

We retain your information for as long as:

Your account is active
Needed to provide our services
Required by law
Necessary to resolve disputes

8.2 Deleted Accounts

When you delete your account:

We will delete your personal data upon deletion
Some information may be retained in anonymized form for analytics

8.3 Exceptions to Data Deletion

We may retain certain information even after account deletion for:

Legal compliance and reporting obligations
Dispute resolution and enforcement of our terms
Prevention of fraud and abuse
Analytical purposes (in anonymized form)

9. Data Storage and International Transfers

9.1 Data Storage Location

We use Firebase's multi-region deployment in the United States, which means your data is stored and processed across multiple secure locations:

Primary data processing occurs in Iowa and Oklahoma
Additional infrastructure support in South Carolina
This multi-region approach ensures high availability and redundancy of your data

This means that regardless of where you access our service from, your information will be transferred to and processed within these United States locations.

9.2 International Transfer Safeguards

When your data is transferred from other countries to our storage location in the United States, we ensure appropriate safeguards are in place:

For European Users: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for data transfers to the United States. These are implemented through our service provider, Google.
For Users in Other Regions: We maintain appropriate data transfer mechanisms as required by your local laws, implemented through our data processing agreement with Google.

9.3 Firebase as Our Data Processor

We use Firebase, a Google Cloud platform service, to process and store user data. This means:

Data is stored across multiple secure Google data centers in the United States (multi-region configuration):

Primary processing in Iowa and Oklahoma data centers
Additional infrastructure support in South Carolina

Firebase provides enterprise-grade infrastructure security and redundancy
We maintain responsibility for proper implementation of Firebase services
We configure and manage Firebase security rules and features
We ensure appropriate access controls within our Firebase implementation

9.4 Your Rights

You have the right to:

Request information about how your data is handled and stored
Obtain information about the safeguards we use for international transfers
Object to international transfers where permitted by law

For questions about our data storage practices or international transfers, please contact our privacy team (see Section 11).

10. Children's Privacy

10.1 Age Restrictions

Our service is not intended for users under the age of 16. This minimum age requirement applies globally across all jurisdictions where our service is available. We do not knowingly collect or solicit personal information from anyone under 16 years of age.

10.2 Protection Measures

To protect children's privacy, we:

Require date of birth during registration
Promptly delete any data we discover was collected from users under 16

10.3 Discovery of Underage Users

If we discover that we have collected personal information from someone under 16, we will:

Immediately suspend the account
Delete all personal information associated with the account
Take reasonable measures to ensure the information is removed from our systems
Notify relevant parties (parents/guardians, authorities) if required by law

10.4 Reporting Underage Users

If you believe a user is under 16, you can report this through:

The in-app reporting feature
Contacting our support team

10.5 Parental Rights

Parents or legal guardians who believe we might have collected information from their child under 16 can:

Request information about any data we may have collected
Request immediate deletion of any such data
Contact us using the information provided in Section 11

10.6 Compliance with Privacy Laws

We comply with all applicable privacy protection laws, including:

General Data Protection Regulation (GDPR) requirements for protecting minors' data
Regional requirements for protecting minors' data
Additional age-specific privacy protections as required by local laws

11. Changes to This Policy

11.1 Policy Updates

We may update this privacy policy periodically to reflect changes in our practices or legal requirements. The most current version will always be available within the App and on our website.

11.2 Notification of Changes

We will notify you of any material changes through:

In-app notifications
Website announcements

11.3 Effective Date

Changes will become effective 30 days after they are posted, unless otherwise stated. Your continued use of the App after the effective date constitutes acceptance of the revised policy.

11.4 Previous Versions

Previous versions of this policy will be archived and made available upon request.

12. Compliance with Privacy Laws

12.1 General Data Protection Regulation (GDPR)

For users in the European Economic Area (EEA), we comply with GDPR requirements by:

Providing a legal basis for processing personal data
Implementing data protection by design and default
Ensuring secure international data transfers through appropriate safeguards
Enabling data subject rights (access, rectification, erasure, etc.)
Maintaining records of processing activities
Conducting data protection impact assessments when necessary

12.2 California Consumer Privacy Act (CCPA)

For California residents, we comply with CCPA requirements by:

Providing notice of personal information collection and use
Responding to requests to access or delete personal information
Allowing opt-out of personal information sales (note: we do not sell personal information)
Maintaining records of CCPA requests and responses

We monitor and comply with other applicable privacy laws and regulations in regions where our users are located.

12.3 Other Regional Privacy Laws

We monitor and comply with other applicable privacy laws and regulations in regions where our users are located, including but not limited to:

UK Data Protection Act
Brazil's General Data Protection Law (LGPD)
Australia's Privacy Act
Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)

13. Technology Usage and Tracking

13.1 Firebase Analytics and Services

We use Firebase, a Google Cloud platform service, which employs various technologies to provide our service:

Firebase Authentication for secure user login
Firebase Analytics for app performance and usage analysis
Firebase Cloud Messaging for notifications
Firebase Storage/Firestore for data storage
Firebase Crashlytics for app stability monitoring

13.2 Cookies and Similar Technologies

We and our service providers (including Firebase) use various tracking technologies:

Essential Technologies:

Authentication tokens for maintaining secure sessions
Security identifiers for protecting your account
Technical cookies necessary for app functionality

Analytics and Performance:

Firebase Analytics identifiers
App performance metrics
Crash reporting data
Usage pattern tracking

13.3 Your Control Over Tracking

You can control tracking through:

App settings for analytics and crash reporting
Device settings for notifications and location services
Operating system privacy controls
Mobile device advertising ID reset options

Note: Disabling essential technical features may impact app functionality.

14. Third-Party Services

14.1 Firebase Services

Our primary third-party service provider is Firebase, which provides:

Infrastructure and hosting
Authentication services
Analytics and performance monitoring
Data storage and processing
Push notification services

Firebase's privacy practices are governed by:

Google's Privacy Policy
Firebase-specific terms of service
Our data processing agreement with Google

14.2 Apple App Store

We use Apple's App Store for app distribution and payment processing:

Payments are processed entirely through Apple
We do not directly receive or store your payment information
Apple's privacy practices for payment processing are governed by Apple's Privacy Policy

14.3 Third-Party Data Processing

When third parties process user data on our behalf:

We establish data processing agreements
We require appropriate security measures
We limit data access and usage
We regularly review compliance
We ensure they meet our privacy standards

15. Account Deletion

15.1 In-App Deletion Process

To delete your account within the App:

Go to Settings
Select Account
Choose Delete Account
Confirm deletion

Please note that any active subscriptions need to be canceled before your account can be deleted.

15.2 Alternative Deletion Methods

TIf you cannot access the App, you can request account deletion by:

Emailing us at support@shadowparticle.com
Providing sufficient information to identify your account

15.3 Effect of Account Deletion