Hamsa
Privacy Policy
Last updated: April 8, 2026
Hamsa ("we", "us", or "our") operates the Hamsa mobile application and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. By using the Service, you consent to the practices described herein.
1. Information We Collect
1.1 Information You Provide Directly
- Account information — phone number (required for registration), name, email address, date of birth, and gender.
- Social login data — if you sign in with Google or Facebook, we receive your name, email address, and profile picture from those services. We do not receive or store your Google or Facebook password.
- Personal profile data (Digital Twin) — health information, biometric data, beauty and skincare preferences, fitness data, nutrition and dietary information, sleep patterns, menstrual cycle data, pregnancy-related data, mood and mental wellness logs, lifestyle preferences, financial goals, career information, relationship context, and personal goals you share with the AI assistant.
- AI conversations — messages you send to and receive from the Hamsa AI assistant, used to provide personalized responses and build your Digital Twin profile.
- Reminders and activities — reminders, routines, daily activity logs, and scheduled events you create within the Service.
- Payment information — if you make in-app purchases or subscribe to premium features, payment processing is handled entirely by the Apple App Store or Google Play Store. We do not collect, process, or store your credit card number, bank account details, or other financial payment instruments.
1.2 Information Collected Automatically
- Device information — device model, operating system version, platform (iOS/Android), unique device identifier, and app version.
- Push notification token — used to deliver reminders and notifications you have enabled.
- Usage data — app interaction patterns, feature usage, session duration, and crash reports.
- Approximate location (country/region) — inferred from your IP address for localization and language detection. We do not collect precise GPS location data.
- Log data — IP address, browser type (for web access), access times, and referring URLs.
1.3 Information from Third-Party Services
When you choose to sign in using a third-party service, we receive limited information as described below:
| Service | Data Received | Purpose |
|---|---|---|
| Google Sign-In | Name, email, profile photo, Google user ID | Account creation and authentication |
| Facebook Login | Name, email, profile photo, Facebook user ID | Account creation and authentication |
| Firebase Phone Auth | Phone number, verification status | Phone number verification |
2. How We Use Your Information
- To provide and personalize the Service — authenticate your identity, build your Digital Twin profile, deliver AI-powered personalized guidance across health, beauty, fitness, nutrition, and lifestyle.
- To send notifications — deliver reminders, activity alerts, and other notifications you have configured.
- To display your data — show your health history, activity tracking, mood logs, skincare routines, and progress within the Service.
- To process transactions — manage subscriptions, in-app purchases, and provide purchase history (payment processing is handled by app store platforms).
- To improve the Service — analyze usage patterns, diagnose technical issues, and develop new features.
- To communicate with you — send service-related announcements, updates, and respond to support requests.
- To ensure safety and security — detect fraud, abuse, and security incidents; enforce our Terms of Service.
- To comply with legal obligations — respond to lawful requests from public authorities.
3. How We Share Your Information
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
We may share your information in the following limited circumstances:
3.1 Third-Party Service Providers
We use trusted third-party services to operate the Service. Each provider only receives the minimum data necessary for their function:
| Provider | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Google Cloud Platform | Cloud infrastructure, data storage, AI processing | All Service data (encrypted) | Google Cloud Privacy |
| Firebase (Google) | Phone authentication, analytics | Phone number, device info | Firebase Privacy |
| OneSignal | Push notifications | Device token, user ID | OneSignal Privacy |
| Facebook (Meta) | Social authentication | Authentication tokens only | Meta Privacy |
| Google Sign-In | Social authentication | Authentication tokens only | Google Privacy |
| Apple App Store | App distribution, payments | Purchase data | Apple Privacy |
| Google Play Store | App distribution, payments | Purchase data | Google Privacy |
3.2 Legal Requirements
We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Hamsa, our users, or others.
3.3 Business Transfers
If Hamsa is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
4. Google API Services User Data Policy
Hamsa's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We only use Google user data for the purposes described in this Privacy Policy (authentication and account creation).
- We do not use Google user data for serving advertisements.
- We do not allow humans to read Google user data unless we have your affirmative consent, it is necessary for security purposes, or it is required by law.
- We do not transfer Google user data to third parties except as necessary to provide the Service, comply with applicable law, or as part of a merger/acquisition with adequate data protection.
5. Facebook Platform Data Policy
When you use Facebook Login, we comply with the Meta Platform Terms. We only access the data you explicitly authorize during the login flow. We do not post to your Facebook profile, access your friend list, or use your Facebook data for any purpose other than authentication.
6. Data Storage and Security
- Your data is stored on secure servers with industry-standard encryption in transit (TLS/HTTPS) and at rest (AES-256).
- We implement access controls, regular security audits, and monitoring to protect against unauthorized access.
- Despite our efforts, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.
- In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law, within 72 hours of becoming aware of the breach.
7. Data Retention
- Active accounts — we retain your data for as long as your account is active and as needed to provide the Service.
- Deleted accounts — when you delete your account, all personal data is permanently removed from our systems within 30 days. Anonymized, aggregated data may be retained for analytical purposes.
- Backup copies — encrypted backups may persist for up to 90 days after account deletion before being permanently purged.
- Legal obligations — we may retain certain information as required by law (e.g., transaction records, dispute resolution).
8. Your Rights and Choices
Depending on your jurisdiction, you may have the following rights:
- Access — request a copy of the personal data we hold about you.
- Correction — request correction of inaccurate or incomplete data.
- Deletion — request deletion of your account and all associated data from within the App settings, or by contacting us.
- Data portability — request your data in a structured, commonly used format.
- Withdraw consent — withdraw consent for optional data processing at any time (e.g., notifications, social login).
- Opt-out of notifications — disable push notifications at any time via your device settings or within the App.
- Restrict processing — request that we limit the processing of your data under certain circumstances.
- Object to processing — object to processing based on legitimate interests.
To exercise any of these rights, contact us at privacy@hamsa.live. We will respond within 30 days.
9. International Users
9.1 European Economic Area (EEA) and UK Users
If you are in the EEA or UK, our legal bases for processing your data under the General Data Protection Regulation (GDPR) are:
- Consent — for optional features like social login, push notifications, and health data processing.
- Contract performance — to provide the Service you have requested.
- Legitimate interests — to improve the Service, ensure security, and prevent fraud.
- Legal obligation — to comply with applicable laws.
Your data may be transferred to servers outside the EEA. We ensure appropriate safeguards are in place for such transfers.
9.2 California Users (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
- The right to know what personal information is collected and how it is used.
- The right to delete your personal information.
- The right to opt-out of the sale of personal information — we do not sell your personal information.
- The right to non-discrimination for exercising your rights.
10. Children's Privacy
The Service is not intended for children under 13 years of age (or under 16 in the EEA). We do not knowingly collect personal information from children under these ages. If we learn that we have collected data from a child under the applicable age, we will promptly delete that information. If you believe a child has provided us with personal data, please contact us immediately.
11. Health and Sensitive Data
Hamsa collects and processes health-related and other sensitive personal data (including biometric information, menstrual cycle data, pregnancy status, mood and mental health data, and dietary information) solely to provide personalized AI guidance. This data is:
- Collected only with your explicit consent.
- Processed on our secure servers and not shared with third parties for their own use.
- Used exclusively to improve the quality and personalization of the Service.
- Deletable at any time by deleting your account.
12. Cookies and Tracking Technologies
The Hamsa mobile app does not use cookies. Our website (hamsa.live) may use essential cookies for session management and analytics. We do not use advertising cookies or cross-site tracking technologies.
13. Third-Party Links
The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies before providing them with any personal information.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes through the App or via email. The "Last updated" date at the top reflects the most recent revision. Continued use of the Service after changes constitutes acceptance of the updated policy.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: privacy@hamsa.live