Skip to main content

Privacy Policy

Last Updated: 11/20/2025

1. Introduction

@Heartbeat ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

This policy complies with data protection laws in all regions we operate:

  • European Union: General Data Protection Regulation (GDPR)
  • United Kingdom: UK GDPR
  • United States: Children's Online Privacy Protection Act (COPPA), California Consumer Privacy Act (CCPA)
  • India: Digital Personal Data Protection Act (DPDPA) 2023
  • Middle East: UAE Federal Law No. 45/2021, Saudi Arabia PDPL, Qatar Law No. 13/2016, Bahrain PDP Law, Kuwait Data Protection Law
  • Brazil: Lei Geral de Proteção de Dados (LGPD)
  • Canada: Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Australia: Privacy Act 1988
  • Japan: Act on the Protection of Personal Information (APPI)
  • South Korea: Personal Information Protection Act (PIPA)
  • Singapore: Personal Data Protection Act (PDPA)

2. Information We Collect

2.1 Personal Information

  • Username, email address, display name
  • Profile information (bio, avatar, cover image)
  • Date of birth (for age verification)
  • Language preferences

2.2 Content You Create

  • Posts, comments, and media you upload
  • Hashtags and mentions
  • Interactions (likes, bookmarks, follows)

2.3 Technical Information

  • IP address, device information, browser type
  • Usage analytics (anonymized)
  • Cookies and similar tracking technologies

3. How We Use Your Information

  • Provide and maintain our service
  • Process your registration and manage your account
  • Send you service-related communications
  • Improve our service and develop new features
  • Ensure security and prevent fraud
  • Comply with legal obligations

4. Legal Basis for Processing (GDPR)

  • Consent: When you provide explicit consent
  • Contract: To fulfill our service agreement
  • Legal Obligation: To comply with applicable laws
  • Legitimate Interest: For security and service improvement

5. Your Rights (GDPR)

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a structured format
  • Objection: Object to certain types of processing
  • Withdraw Consent: Withdraw consent at any time

To exercise these rights, visit Settings or contact us at [email protected]

6. Data Sharing and Disclosure

We do not sell your personal data. We may share data with:

  • Service providers (hosting, email, analytics)
  • Legal authorities when required by law
  • Business transfers (mergers, acquisitions)

7. Data Security

We implement industry-standard security measures including:

  • Encryption in transit (HTTPS/TLS)
  • Secure password hashing (PBKDF2)
  • Regular security audits
  • Access controls and authentication

8. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Deleted accounts are permanently removed within 30 days, except where legal retention is required.

9. Children's Privacy

Our service is not intended for children under the minimum age required in your jurisdiction:

  • Most regions (EU, UK, US, Middle East, etc.): Minimum age 13
  • India (DPDPA): Minimum age 18 (or with explicit parental consent for 13-17)

We do not knowingly collect personal information from children below the minimum age. If you are a parent and believe your child has provided us with personal information, please contact us immediately.

10. International Data Transfers and Localization

Your data may be transferred to and processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place:

  • EU/UK: Standard Contractual Clauses (SCCs) for data transfers
  • India: Compliance with DPDPA data localization requirements where applicable
  • Middle East: Compliance with regional data localization requirements (UAE, Saudi Arabia, etc.)
  • Other regions: Appropriate safeguards per local regulations

We use Cloudflare's global infrastructure which may process data in various regions. All data is encrypted in transit and at rest, regardless of location.

11. Cookies and Tracking

We use cookies and similar technologies for authentication, preferences, and analytics. You can manage cookie preferences in your browser settings.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date.

13. Contact Us

For privacy-related inquiries, please contact: