Privacy Policy
Version 2.0 · Last updated: May 2026
1. Who We Are
Hannect (“Hannect”, “we”, “us”, “our”, or the “Platform”) provides a marketplace connecting users with independent experts for prepaid audio and video calls. We are the data controller for the personal data described in this Policy.
Privacy contact: privacy@hannect.com. EU representative (GDPR Art. 27): [to be appointed]. UK representative (UK GDPR Art. 27): [to be appointed].
2. Scope & Applicable Laws
This Policy reflects our obligations under:
- EU/EEA GDPR (Reg. (EU) 2016/679) and the UK GDPR / Data Protection Act 2018
- California CCPA/CPRA (Cal. Civ. Code §1798.100 et seq.) and other US state privacy laws (VCDPA, CPA, CTDPA, UCPA, TDPSA)
- Ethiopia's Personal Data Protection Proclamation No. 1321/2024
3. Personal Data We Collect
A. Information You Provide
- Registration: first name, last name, email, phone number (E.164), password
- Profile data: bio, expertise, availability, rates, social links
- Identity-verification documents (experts): national ID, passport, driver's license, or professional certificates
- Payout / financial-account data (experts): bank/routing, card last-4, or wallet handle (encrypted at rest)
- Communications: messages to experts, support inquiries, feedback
B. Collected Automatically
- IP address, device identifiers, browser/OS, push-notification tokens
- Usage data (pages visited, booking history)
- Authentication/session cookies, locale & theme preferences
- Call metadata: duration, participants, timestamps. We do not record call audio or video.
C. From Third Parties
- Stripe / Chapa (payment + fraud signals), Daily.co (call metadata), Supabase (auth), and Google/Apple (OAuth profile basics if you use social sign-in)
4. Sensitive Data
Identity documents and financial-account details are sensitive / special-category data (GDPR Art. 9; CPRA “sensitive personal information”; Proclamation No. 1321/2024). We process them only with your explicit consent and solely to verify experts and process payouts, and we delete them per Section 7.
5. Why We Process It & Our Legal Basis
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Create/operate your account; book and host calls; process payments and escrow | 6(1)(b) performance of contract |
| Verify expert identity/credentials; process payouts | 6(1)(b)/(c) + Art. 9(2)(a) explicit consent for ID docs |
| Fraud prevention, security, enforcing the Terms | 6(1)(f) legitimate interests |
| Legal, tax, and accounting compliance | 6(1)(c) legal obligation |
| Transactional emails and notifications | 6(1)(b) performance of contract |
| Marketing email / SMS / push | 6(1)(a) consent (opt-in) |
6. How We Share It
A. Expert ↔ Guest
When you book a call, the expert receives your name, profile picture, the call date/time/duration, the call type, and any message or social link you include.
B. Sub-processors
Each is bound by GDPR Art. 28 processor terms / CCPA service-provider terms:
| Sub-processor | Purpose | Location | Transfer basis |
|---|---|---|---|
| Supabase | Auth, database, file storage | US | SCCs / UK IDTA |
| Stripe | Card / diaspora (USD) payments, fraud | US/EU | SCCs |
| Chapa | Ethiopia payments (Telebirr/CBE/card) | Ethiopia | Proc. 1321/2024 |
| Daily.co | Video/audio call infrastructure | US | SCCs |
| Sentry | Error / performance monitoring | US | SCCs |
| Resend | Transactional / marketing email | US | SCCs |
| Expo | Mobile push delivery | US | SCCs |
C. Legal
We disclose information when required by law, court order, or lawful government request.
D. No Sale or Sharing
We do not“sell” or “share” personal information as defined by the CCPA/CPRA (Cal. Civ. Code §1798.140(ad),(ah)), and we do not use or disclose sensitive personal information beyond the purposes in Section 5.
7. Retention
| Data | Retention |
|---|---|
| Account data | While active; permanently deleted within 14 days of a deletion request unless legally required |
| Identity-verification documents | Until the verification decision, then deleted; or on account deletion |
| Booking & payment records | 7 years (tax / accounting compliance) |
| Payout / financial-account data | Until removed by you or account deletion; encrypted at rest |
| Usage / security logs | 90 days |
8. International Transfers
Your data may be processed in the US, Ethiopia, and the EU. For transfers out of the EEA/UK we rely on the European Commission Standard Contractual Clauses and the UK International Data Transfer Addendum(GDPR Art. 46). For transfers of Ethiopian residents' data we comply with Proclamation No. 1321/2024's cross-border transfer requirements. Copies are available on request.
9. Your Rights
- EU/UK (GDPR Art. 15–22): access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and the right to complain to your supervisory authority.
- California (CCPA/CPRA): know/access, delete, correct, opt out of sale/sharing (we do not sell/share), limit use of sensitive PI, and non-discrimination.
- Other US states & Ethiopia (Proc. 1321/2024): equivalent access, correction, and deletion rights.
Exercise your rights via privacy@hannect.com or your in-app settings. We respond within statutory timelines (GDPR: 1 month; CCPA: 45 days).
10. Cookies & Similar Technologies
We use strictly-necessary cookies (authentication/session, locale, theme). Any analytics or marketing cookies are set only with your consent, which you can change at any time (ePrivacy Directive Art. 5(3); PECR reg. 6).
11. Security
- HTTPS for all data in transit; Supabase-managed password hashing
- Row-level security on sensitive tables; least-privilege access
- AES-256-GCM encryption at rest for sensitive payout fields
No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
12. Children
Hannect is for users 18 and older. We do not knowingly collect data from anyone under 18, and we do not knowingly collect data from children under 13 (COPPA, 16 CFR Part 312). If we learn we have, we delete it promptly.
13. Changes & Contact
We post material changes and notify you by email or in-app. Questions or complaints: privacy@hannect.com or our support page.