Hilads ("we", "our", or "us") operates the Hilads mobile and web application, a real-time city social platform that helps people discover what's happening around them, connect with locals and travellers, and join live events.
This Privacy Policy explains what data we collect, how we use it, and the rights you have over your information. By using Hilads, you agree to the practices described here.
01Data We Collect
We collect the following categories of data depending on how you use the app:
Guest mode: You can use Hilads without creating an account. In guest mode, only a randomly generated device identifier, your chosen nickname, and your location are processed.
02How We Use Your Data
We use the data we collect solely to provide and improve the Hilads experience:
- Location to resolve your city, show relevant events and channels, and enable presence features.
- Messages and photos to deliver real-time communication between users in public and private contexts.
- Account data to personalise your profile, enable friend connections, and display badges.
- Usage data to monitor app stability, diagnose errors, and improve features.
- Notifications to alert you to activity relevant to you (new messages, events, replies).
We do not use your data for targeted advertising, sell your data to third parties, or use it for profiling unrelated to the app's core purpose.
03Data Sharing
We do not sell your personal data. We share data only in the following limited circumstances:
- Other users - your display name, avatar, vibe, mode, and public messages are visible to other users in the same city channel or event. Direct messages are visible only to the conversation participants.
- Service providers - we use trusted infrastructure providers (cloud hosting, storage, push notifications) who process data only on our behalf under strict confidentiality agreements.
- Legal obligations - we may disclose data if required by law, court order, or to protect the safety of users or the public.
- Business transfers - in the event of a merger or acquisition, user data may be transferred to the successor entity under equivalent privacy protections.
04User-Generated Content
Hilads is a social platform. Messages, photos, events, and other content you post in public channels are visible to other users of that channel. Please don't share sensitive personal information (ID numbers, financial data, passwords) in public chats.
Content posted in public city channels or event chats may be seen by any user present in that channel. Direct messages are private and visible only to participants of that conversation.
We reserve the right to remove content that violates our Terms of Service, including spam, abusive content, or illegal material. You retain ownership of content you create; by posting it you grant Hilads a limited licence to store and display it within the platform.
05Security
We take reasonable technical and organisational measures to protect your data against unauthorised access, loss, or misuse. These include:
- HTTPS encryption for all data in transit.
- Secure cloud storage with access controls for uploaded media.
- Hashed passwords - we never store passwords in plain text.
- Server-side session validation for all authenticated requests.
No method of transmission over the internet is 100% secure. While we do our best to protect your data, we can't guarantee absolute security.
06Data Retention
We retain data for the following periods:
- Public chat messages - retained for up to 90 days, after which older messages may be automatically purged.
- Direct messages - retained while your account is active and deleted when you delete your account.
- Events - retained for up to 30 days after the event expires.
- Account data - retained until you delete your account.
- Guest session data - retained for up to 30 days of inactivity, then automatically removed.
- Photos - retained until the associated message or account is deleted.
Anonymised, aggregated analytics data (e.g. total messages sent per city) may be retained indefinitely as it contains no personally identifiable information.
07Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access - request a copy of the data we hold about you.
- Correction - update inaccurate or incomplete data via your profile settings.
- Deletion - request deletion of your account and associated personal data.
- Portability - request an export of your data in a machine-readable format.
- Objection - object to certain processing activities.
- Withdraw consent - revoke permissions (e.g. location access) at any time via your device settings.
Account deletion
You can delete your account at any time from Profile › Settings › Delete Account within the app. Once deleted, your personal data (name, email, DM history, profile photo) will be permanently removed within 30 days. Public messages you sent in city channels may be anonymised rather than deleted to preserve conversation continuity.
You can also request deletion by emailing contact@hilads.live.
08Children's Privacy
Hilads is not directed at children under the age of 13. We do not knowingly collect personal data from anyone under 13.
If you're a parent or guardian and believe your child has provided us with personal information, please contact us at contact@hilads.live and we'll promptly delete the relevant data.
09Third-Party Services
Hilads integrates with the following third-party services, each with their own privacy policy:
- Cloudflare R2 - secure cloud storage for uploaded photos.
- Firebase Cloud Messaging (FCM) / APNs - push notification delivery.
- Expo - mobile app runtime and over-the-air updates.
We do not integrate with advertising networks or social media tracking SDKs.
10Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we'll revise the "Last updated" date at the top of this page. For significant changes, we'll notify registered users via email or an in-app notice.
Continued use of Hilads after changes are posted means you accept the revised policy.
11Contact Us
If you have questions, concerns, or requests about your privacy, feel free to reach out:
We aim to respond to all privacy-related requests within 30 days.