Privacy Policy

Last Updated: January 08, 2026

GossHive ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and our public website.

This policy is designed to comply with the EU General Data Protection Regulation (GDPR) and other applicable privacy laws.

1. Information We Collect

1.1 Information You Provide

Account Information:

Email address (for authentication and account recovery)
Username (unique handle)
Password (hashed, never stored in plain text)

Profile Information (optional unless noted):

Display name (optional)
Bio
Profile photo
Location (optional)

Social Sign-In (if you use Apple or Google):

Name and email from your provider
Provider user identifier (e.g., Apple user identifier)
Profile photo (Google only, if available)

Content You Post:

Images you upload
Descriptions and comments
Votes on posts
Direct messages (encrypted at rest)

Support Requests:

Information you share when contacting support

1.2 Automatically Collected Information

Usage Data (with your consent):

App features you use
Posts you interact with
Time spent in the app
Screen views and in-app events

Diagnostics (with your consent, GDPR-compliant):

App crash logs (Firebase Crashlytics) - anonymized, no personal data
Performance metrics and error reports - aggregated statistics only
Note: All diagnostic data is anonymized and contains no personally identifiable information

Device and Technical Data:

IP address and network information (for security and fraud prevention)
Device model, OS version, language, and app version
Device timezone (to personalize timestamps)
App instance identifiers and notification tokens (for push notifications)

1.3 Information from Third Parties

Google Cloud Vision API:

We send your uploaded images to Google Cloud Vision for content moderation
Google processes images to detect inappropriate content
Images are not stored by Google

Apple and Google Sign-In:

We receive your name and email if you choose those sign-in methods

Firebase Services (Google):

Firebase Analytics (if you consent)
Firebase Crashlytics (if you consent)
Firebase Cloud Messaging (push notifications)
Firebase Authentication (account management)

2. How We Use Your Information

2.1 Service Delivery

Create and manage your account
Display your posts to other users
Enable voting and commenting
Facilitate direct messaging
Send push notifications (if enabled)
Provide customer support

2.2 Content Moderation

Automatically scan images for inappropriate content
Review flagged content manually
Enforce Community Guidelines
Prevent abuse and spam

2.3 Analytics and Improvement (with your consent)

Understand how users engage with the app
Identify popular features
Fix bugs and crashes
Improve app performance

2.4 Legal Compliance

Comply with legal obligations
Respond to law enforcement requests
Protect our rights and property
Prevent illegal activity

3. Legal Basis for Processing (GDPR)

We process your data based on:

3.1 Consent

Analytics: We only collect usage analytics if you explicitly consent
Crash Reporting: We only collect crash diagnostics if you explicitly consent
Push Notifications: Sent only if you enable them
Withdrawal: You can withdraw consent anytime in Settings > Privacy

3.2 Contract Performance

Account Management: Necessary to provide the service
Content Delivery: Required to show posts to other users
Moderation: Ensures a safe community environment

3.3 Legitimate Interest

Security: Prevent fraud and abuse
Service Improvement: Fix bugs and crashes
Legal Defense: Protect against legal claims

4. Data Sharing and Disclosure

4.1 We Share Data With:

Google Cloud Platform:

Google Cloud Vision: Image content moderation
Google Cloud Storage: Image hosting (via Supabase)
Purpose: Content safety and storage
Privacy Policy: https://policies.google.com/privacy

Firebase (Google):

Firebase Analytics: Anonymized usage statistics (opt-in, GDPR-compliant, no PII)
Firebase Crashlytics: Anonymized crash reports (opt-in, GDPR-compliant, no PII)
Firebase Cloud Messaging: Push notifications
Firebase Authentication: Account management
Note: Analytics and Crashlytics data is automatically anonymized and contains no personally identifiable information
Privacy Policy: https://firebase.google.com/support/privacy

Apple:

Sign in with Apple: Authentication
Privacy Policy: https://www.apple.com/legal/privacy/

Google Sign-In:

Google Sign-In: Authentication
Privacy Policy: https://policies.google.com/privacy

Supabase:

Database: Store posts, votes, messages
Storage: Host uploaded images
Authentication: Manage user accounts
Data Location: EU region (GDPR-compliant)
Privacy Policy: https://supabase.com/privacy

4.2 We Do NOT:

Sell your data to third parties
Share your data for advertising
Track you across other apps or websites
Use your data for AI training without consent

4.3 Legal Disclosure

We may disclose your information if required by:

Court order or subpoena
Law enforcement request
Legal obligation
Protection of rights and safety

5. Data Retention

5.1 Active Accounts

Posts, comments, and profile data: Retained while your account is active or until you delete them
Votes: Retained while your account is active to prevent abuse and maintain integrity
Messages: Retained while your account is active or until you delete them
Notification tokens: Retained while notifications are enabled
Analytics and crash reports: Automatically anonymized and retained by Firebase (typically 60 days for raw data, longer for aggregated statistics). No personal data is retained.

5.2 Deleted Accounts

Account Data: Deleted immediately after your confirmed deletion request
Posts: Deleted or anonymized immediately after your confirmed request
Votes: Deleted or anonymized where feasible to preserve community integrity
Messages: Permanently deleted

5.3 Backups

Deleted data may persist in backups for up to 90 days
Backups are encrypted and access-controlled

6. Your Rights (GDPR)

6.1 Right to Access

You can request a copy of your data by emailing [email protected].

6.2 Right to Rectification

You can update your profile information in-app or contact us to correct inaccuracies.

6.3 Right to Erasure ("Right to be Forgotten")

You can delete your account in-app via Settings > Privacy & Data > Delete Account. We delete your data immediately after you confirm the request. You can also visit https://gosshive.app/delete-account for instructions. If you cannot access the app, email [email protected].

6.4 Right to Restrict Processing

Disable analytics in Settings > Privacy
Disable push notifications in your device settings
Contact us to restrict processing in specific cases

6.5 Right to Data Portability

Request your data in a portable format by emailing [email protected].

6.6 Right to Object

Opt out of analytics
Contact us at [email protected]

6.7 Right to Lodge a Complaint

If you are in the EU, you can file a complaint with your local Data Protection Authority:

https://edpb.europa.eu/about-edpb/about-edpb/members_en

7. Data Security

7.1 Security Measures

Encryption: All data encrypted in transit (TLS) and at rest (AES-256)
Authentication: Secure password hashing (bcrypt)
Access Control: Role-based access to databases
Monitoring: Automated security alerts
Audits: Regular security reviews

7.2 Message Encryption

Direct Messages: Encrypted at rest using conversation-specific keys
This is not end-to-end encryption
We may access message content to provide the service or comply with legal obligations

7.3 Content Moderation

Images are scanned by automated systems for safety
Metadata stored: Post ID, timestamps, vote counts
Content deleted: Removed immediately after confirmed deletion

8. Children's Privacy

GossHive is not intended for users under 16 years old.

We do not knowingly collect data from children
If we discover a user is under 16, we will delete their account
Parents can report underage users to: [email protected]

9. International Data Transfers

9.1 EU Users

Primary Storage: EU region (via Supabase EU)
Google Services: May process data in the US (GDPR-compliant)
Safeguards: Our providers use SCCs or similar mechanisms where required

9.2 Non-EU Users

Data may be stored and processed in:

European Union (primary)
United States (Firebase services)
Other regions as needed for service delivery

10. Cookies and Tracking

10.1 Cookies

We do not use cookies for advertising or cross-site tracking. Our public website may use essential cookies or local storage for basic functionality.

10.2 Tracking

We do not track you across other apps or websites.

Analytics are limited to:

In-app behavior (if you consent)
No cross-app tracking
No advertising profiles

11. Analytics and Advertising

11.1 Analytics and Crash Reporting (Opt-In, GDPR-Compliant)

If you consent, we collect anonymized, aggregated statistics only:

Which features you use (no user identification)
How long you spend in the app (anonymized)
App crashes and errors (stack traces without personal data)
Device type and OS version (aggregated)

Important: Analytics and Crashlytics are GDPR-compliant:

No personally identifiable information is collected or stored
Data is automatically anonymized before processing
Used solely for improving app stability and user experience
Automatically deleted according to Firebase retention policies (typically 60 days for raw data)

You can opt out anytime in Settings > Privacy > Analytics.

11.2 Advertising

GossHive currently has NO advertising.

If we add ads in the future:

We will update this policy
We will ask for your consent
You can opt out of personalized ads

12. Third-Party Links

GossHive may contain links to external websites (e.g., in user posts).

We are not responsible for third-party privacy practices
Review their privacy policies before clicking
We do not track links you click

13. Changes to This Policy

We may update this Privacy Policy to reflect:

New features
Legal changes
Security improvements

Notification

We will notify you of significant changes via:

In-app banner
Email (if provided)
App update notes

Acceptance

Continued use after changes means you accept the updated policy.

14. Contact Us

Data Controller

GossHive
Ungureanu Cosmin-Constantin
42 Rue du Bastion Saint-Andre
Lille, 59800
France

Privacy Questions

Email: [email protected]
Support: [email protected]
In-app: Settings > Help > Contact Support

Data Protection Officer

For GDPR inquiries, contact: [email protected]

15. Specific Notices by Region

15.1 European Union (GDPR)

Data Controller: GossHive
Legal Basis: Consent, Contract, Legitimate Interest
Data Transfers: Standard Contractual Clauses
Supervisory Authority: Your local DPA

15.2 California (CCPA)

We do not sell or share personal information
You can request access or deletion via [email protected]
You can opt out of analytics in-app

15.3 United Kingdom (UK GDPR)

Data Controller: GossHive
Same rights as EU users
Supervisory Authority: https://ico.org.uk/make-a-complaint/

16. Data Processing Details

16.1 Categories of Personal Data

Identity data (username, email)
Profile data (display name, bio, profile photo, location)
Content data (posts, comments, votes, messages)
Technical data (IP address, device info, app identifiers, notification tokens)
Usage data (analytics and diagnostics, if consented)

16.2 Recipients of Data

Supabase (database hosting)
Google Cloud (content moderation)
Firebase (anonymized analytics, anonymized crash reporting, push notifications)
Apple (Sign in with Apple)
Google (Sign-In)
Law enforcement (if legally required)

Note: Analytics and crash data shared with Firebase contains no personally identifiable information

16.3 Retention Periods

Active account data: Until deletion
Deleted account data: Immediately after confirmed request
Analytics and crash reports: Automatically anonymized by Firebase (60 days for raw data, no personal data retained)
Backups: Up to 90 days

By using GossHive, you acknowledge that you have read and understood this Privacy Policy.

If you do not agree, please do not use GossHive.

Last Updated: January 08, 2026 | Version: 1.2