Privacy Policy
Hexfeld Privacy Policy
Last updated: 2026-07-03
Hexfeld is a place-based journaling and discovery app. People leave traces tied to real-world places and discover place-bound memories while using the app.
This policy is written for the Hexfeld closed beta. We do not sell personal data, do not use third-party advertising profiles, and do not run ads, in-app purchases, or subscriptions in the beta. Hexfeld is not targeted at children.
Information Hexfeld may collect
Account and profile data
We may collect account information such as your email address, user ID, login/authentication state, username, display name, profile information, and account settings or enforcement status.
Location data
Hexfeld uses device location to support place-bound posting and discovery, location freshness checks, geofencing or cell logic, abuse prevention, and anti-spoofing. Precise or approximate device coordinates may be processed transiently by the app and backend to resolve where you are allowed to post, read, or interact.
Durable or public place records may use derived H3/hex cells or other place identifiers rather than raw GPS coordinates where that matches the app implementation. A hex, place identifier, timestamp, or interaction tied to a person can still be personal location data.
App permissions
You can revoke app permissions, including location and photo/media permissions, through your device settings. Some Hexfeld features may not work without required permissions.
User content and interactions
We may collect traces/posts, titles, text, previews, reactions, saved or carried posts, follows and follow requests, blocks, reports, moderation records, and related timestamps. If you choose to upload images or other media supported by the app, we may process that media and related metadata.
Device, diagnostics, and app activity
We may collect app version, build information, device or browser metadata, crash logs, error logs, and feature interactions needed to operate, secure, moderate, debug, and improve Hexfeld.
How we use information
- Authenticate accounts and keep sessions secure.
- Enable place-bound posting, reading, discovery, and interactions.
- Apply privacy, audience, block, moderation, and place-safety rules.
- Prevent abuse, spam, harassment, and location spoofing.
- Provide support, investigate reports, and fix reliability issues.
- Improve the closed beta experience without building ad profiles.
Vendors and platform services
Hexfeld may use service providers to operate the app. These may include Supabase for authentication, database, backend functions, and storage; Mapbox for map display and location rendering; Apple and Google platform services for app distribution, operating-system services, diagnostics, and store review; and Expo/EAS for builds, app delivery tooling, and beta distribution support. Other vendors may be added only as needed for app operation, security, reliability, or support.
We use service providers only to operate, secure, deliver, moderate, debug, or improve Hexfeld. We expect service providers that process Hexfeld user data to protect it consistently with this policy and applicable law.
Security and data handling
We use reasonable technical and organizational safeguards to protect personal data, including encrypted transmission where supported, access controls, and service-provider security features. No system is perfectly secure, but we limit access to personal data to app operation, support, security, moderation, reliability, and abuse-prevention needs.
Account and data deletion
You can request deletion of your Hexfeld account in the app from Profile settings -> Account deletion. The confirmation flow requires your account email and the exact word DELETE. Deletion is scheduled with a 7-day grace window, and you can cancel during that window in the app. If you cannot access the in-app flow, contact [email protected] from the email address associated with your account.
Some limited records may be retained where necessary for legal, security, abuse-prevention, moderation, dispute, operational, or backup-retention reasons. The current flow should not be read as a promise that every app record, uploaded media file, authentication record, or active session is permanently removed immediately. See the account deletion page for request steps.
Contact
For privacy or support questions, contact: [email protected]