Hushtalks

HUSHTALKS Privacy Policy

Welcome to HushTalks. We are committed to respecting your privacy and ensuring the confidentiality and security of your information. HushTalks generally does not store data that can be directly linked to individuals, such as email addresses or phone numbers. This Privacy Policy outlines our practices regarding the collection, use, and disclosure of information through our platform.
HushTalks App is subject to Swiss data protection law (Federal Act on Data Protection, FADP) and any applicable foreign data protection law, in particular that of the European Union (EU) with the General Data Protection Regulation (GDPR).
Table of Contents:
  1. Processing of personal data
  2. Definitions
  3. Registration
  4. User Profile
  5. Login
  6. Voice Messages
  7. Data Security
  8. Age Restrictions
  9. Child Sexual Abuse and Exploitation (CSAE)
  10. Rights of Data Subjects
  11. Our Contact
1. Processing of personal data
HushTalks processes personal data in accordance with Swiss Federal Act on Data Protection. Furthermore, FGP processes personal data in accordance with at least one of the following legal bases – insofar as and to the extent that the General Data Protection Regulation is applicable:

• 6 para. 1 lit. b GDPR for the necessary processing of personal data for the fulfilment of a contract with the data subject as well as for the implementation of precontractual measures.

• 6 para. 1 lit. f GDPR for the necessary processing of personal data to protect the legitimate interests of us or of third parties unless the fundamental freedoms and freedom rights and interests of the data subject prevail. Legitimate interests are, in particular, our interest in being able to provide the offer by FGP permanently, in a user-friendly, secure and reliable manner, as well as to be able to advertise for it as required, information security as well as protection against misuse and unauthorized use, the enforcement of our own legal claims and compliance with Swiss law.

• 6 para. 1 lit. c GDPR for the necessary processing of personal data to comply with a legal obligation to which FGP are subject under any applicable law of Member States in the European Economic Area (EEA).

• 6 para. 1 lit. e GDPR for the necessary processing of personal data for the performance of a task which is in the public interest. Version HT.PP.001.02 (27.01.2025)

• 6 para. 1 lit. a GDPR for the processing of personal data with the consent of the data subject.

• 6 para. 1 lit. d GDPR for the necessary processing of personal data to protect vital interests of the data subject or another natural person.

2. Definitions
Personal data is any information relating to an identified or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, acquisition, deletion, storage, modification, destruction and use of personal data.
Hashing is a technique in both cryptographic and non-cryptographic applications to protect sensitive data, ensure data integrity, and accelerate data processing. Hashed data increases security by converting sensitive temporal data such as personal data into an unreadable format, thus preventing unauthorized access or manipulation. In clear terms hashing is a technique to convert sensitive data into an unreadable format, enhancing security.
HTTPS (Hypertext Transfer Protocol Secure) is an extension of the HTTP protocol used for secure transmission of data on the internet. It ensures the protection of communications between a client (such as a web browser) and a server by providing three important security features:
  • Encryption:

Encryption prevents third parties from reading or intercepting the transmitted information.

  • Data integrity:

With HTTPS, the transmitted data cannot be altered or tampered with during the transfer. If any manipulation occurs, it is detected, and the connection is terminated.

  • Authentication:

HTTPS ensures that communication is taking place with the correct website, not an imposter. This is achieved through certificates issued by trusted certificate authorities (CAs). The browser checks these certificates to verify that the website is legitimate.

An avatar is a visual or symbolic representation of a person in the digital world.
3. Registration
  1. Data collection / Data transmission

 

To use the HushTalks app, you need to register. The following data is required for this:

  • device_id
    • A unique identifier for the user’s (email id for android and cloud id for ios)
    • Hashing: The device_id is hashed using a Web3 library before being sent to the back end.
  • language_id
    • The user’s selected primary language
  • second_language_id

 

  • The user’s selected secondary language
  • topics
    • A list of topics selected by the user to personalize content
  • push_id
    • The user’s Firebase ID, used to send push notifications

The data collected in this way is transmitted securely to the back end over HTTPS. Before transmission, the device_id is hashed using a Web3 library.

  1. Data Handling

The above data is used to generate a secure username and an avatar that is assigned to the user.

All received data (hashed device_id, language_id, second_language_id, topics, push_id) is stored in the database.

4. User Profile

The Custom Profile feature allows authenticated users to customize their profile by creating a unique username and avatar, selecting preferred topics and languages, setting a strong password, and generating recovery phrases.

  1. Data transmission

All collected and processed profile data is securely transmitted to the back end over HTTPS.

The hashed password ensures that sensitive information remains protected during transmission.

  1. Data handling

Upon receiving the profile data from the front-end, the back end performs several operations to securely store and manage the user’s profile information.

The back end stores the following user-selected and generated data in the database:

  • Username
  • Avatar
  • Topics
  • Languages
  • Password Hash
  • Recovery Phrases Hash

All data stored in the database does not allow HushTalks to identify a specific person.

5. Login

The login feature enables existing users to authenticate themselves in the application by providing a username and password.

Data Collection

The following data is collected from the user during login:

  • Username
  • Password: The password is hashed using a Web3 library before being sent to the back end
  • Push_id
6. Voice Massages
Users can record voice messages using their own voice or a voice filter. Voice messages can only be shared within the HushTalks community.

Note: If users choose not to use a voice filter, their voice will be audible to other users. This choice indicates their consent to this condition.

Users can decide how long their voice messages are stored, with several options available for the duration of storage.
Your voice messages may be suspended as part of our reporting process. Learn more about this procedure here: Process Procedure of a Report.
7. Data Security
HushTalks implements technical and organizational measures to safeguard your data. However, please note that no method of data transmission or storage is completely secure, and risks remain.
What to do in case of a suspected data breach: If you suspect that your data has been compromised, please contact us immediately at support@hushtalks.com, and we will take appropriate action.
8. Age Restrictions
HushTalks is intended solely for users who are [16/18] years of age or older. By accessing or using our services, you confirm that you meet this age requirement. We do not knowingly permit individuals under the specified age to use our services. If you are under [16/18], please refrain from using HushTalks.
9. Child Sexual Abuse and Exploitation (CSAE)

a) Introduction :  At HushTalks, we are committed to creating a safe and respectful environment for all our users. Protecting children from sexual abuse and exploitation is of paramount importance to us. This policy outlines our standards and measures to prevent, detect, and address CSAE within our platform

b) Prohibition of CSAE Any form of sexual abuse, exploitation, or inappropriate behavior towards children is strictly prohibited. This includes, but is not limited to:

• Sharing, distributing, or storing child sexual abuse material (CSAM).

• Attempting to coerce or entice children into sexual activities.

• Engaging in any communication aimed at the sexual exploitation of children.

c) Reporting Mechanisms

We encourage our users to promptly report any suspicious activities or content. Reports can be made through the following channels:

• In-App Reporting Feature: Users can report incidents directly within the app via the report button.

• Email: Reports can be sent to support@hushtalks.com

• Anonymous Reporting: For anonymous submissions, users can utilize our in-app feedback form.

All reports will be treated confidentially and reviewed promptly.

d) Actions Upon Violation

Upon confirmation of a violation of this policy, we will take the following actions:

• Immediate suspension or termination of the offending account.

• Removal of any illegal content.

• Reporting the incident to relevant law enforcement authorities following a court decision.

e) Preventive Measures

To prevent CSAE, we implement the following measures:

• Content Moderation: Utilizing automated tools and human moderators to monitor content. 

• Education: Providing resources and information to parents and children about safe online practices. https://www.technologycoalition.org/developer-good-practicescombating-online-child-sexual-exploitation-and-abuse

f) Collaboration with Authorities

We work closely with national and international law enforcement agencies and child protection organizations to effectively combat CSAE.

10. Rights of Data Subjects
Data subjects whose personal data HushTalks processes have the rights under Swiss data protection law. These include the right to information as well as the right to correction, deletion or blocking of the personal data processed.
Data subjects whose personal data HushTalks processes may – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – request confirmation free of charge as to whether HushTalks is processing their personal data and, if so, request information on the processing of their personal data, have the processing of their personal data restricted, exercise their right to data portability and have their personal data corrected, deleted (“right to be forgotten”), blocked or completed.
Data subjects whose personal data HushTalks processes may – if and insofar as the GDPR applies – revoke their consent at any time with future effect and object to the processing of their personal data at any time.
Data subjects whose personal data HushTalks processes have a right of appeal to a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
11. Contact us

If you have any questions or suggestions about this Privacy Policy, please feel free to contact us.

HushTalks

AG Gotthardstrasse

30 6300 Zug

Switzerland

Email: support@hushtalks.com