Last updated: 2026-05-29

Privacy Policy

Our Privacy Commitment

Hako is built with privacy at its core. We use zero-knowledge encryption, which means your content is encrypted on your device before it reaches our servers. We cannot read your notes, recipes, or any other content you save—only you can.

1. Information We Collect

Information You Provide

• Account Information: When you sign in with Apple, we receive your Apple ID user identifier and, if you choose to share it, your email address and name.
• Encrypted Content: Your saved items (URLs, recipes, todos, notes) are encrypted on your device. We store only the encrypted data, which we cannot decrypt.
• Device Information: We store device identifiers and public keys to enable multi-device sync and end-to-end encryption.

Information Collected Automatically

• Usage Data: Basic app usage analytics to improve the service (e.g., landing-page traffic, feature usage, crash reports). We use PostHog for privacy-respecting analytics with Do Not Track honored, autocapture off, and session recording disabled. This data is anonymized and does not include your content.
• Push Notification Tokens: If you enable notifications, we store tokens to deliver reminders and updates.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve Hako
• Sync your encrypted data across your devices
• Send push notifications for reminders (if enabled)
• Process subscription payments through Apple
• Respond to your support requests
• Protect against fraud and abuse

3. Zero-Knowledge Architecture

Our zero-knowledge design means:

• Encryption happens on your device: Your content is encrypted using AES-256-GCM before transmission.
• We never see your encryption keys: Keys are derived on your device and never sent to our servers.
• We cannot decrypt your data: Even with a court order, we could only provide encrypted data that is meaningless without your keys.
• Recovery requires your key: If you lose your recovery phrase and all devices, your data cannot be recovered—by anyone.

4. Data Sharing

We do not sell your personal information. We may share limited data with:

• Apple: For authentication (Sign in with Apple) and payment processing (App Store subscriptions).
• Service Providers: Infrastructure providers who help us operate the service (e.g., hosting, analytics). They process data on our behalf and are bound by confidentiality agreements.
• Legal Requirements: If required by law, we may disclose information. However, due to encryption, we can only provide encrypted data and metadata.

5. Data Retention

We retain your data as follows:

• Account Data: Retained while your account is active.
• Encrypted Content: Retained until you delete it or delete your account.
• Deleted Data: Permanently removed within 30 days of deletion.
• Anonymized Analytics: May be retained indefinitely for service improvement.

6. Your Rights and Choices

You have control over your data:

• Access: You can view all your data in the App at any time.
• Export: You can export your data through the App.
• Deletion: You can delete individual items or your entire account. Account deletion permanently removes all data.
• Notifications: You can enable or disable push notifications in the App settings.
• Subscription: You can manage or cancel subscriptions through your App Store settings.

7. Data Security

We implement robust security measures:

• End-to-end encryption (AES-256-GCM) for all user content
• X25519 key exchange for secure device pairing
• TLS 1.3 for all data in transit
• Encrypted database storage
• Regular security audits and updates

8. Children's Privacy

Hako is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

9. International Data Transfers

Your encrypted data may be processed on servers located in the United States. By using Hako, you consent to this transfer. Due to our encryption architecture, your actual content remains protected regardless of where the encrypted data is stored.

10. California Privacy Rights

California residents have additional rights under the CCPA:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising your rights

11. European Privacy Rights

If you are in the European Economic Area (EEA), you have rights under GDPR including:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to data portability
• Right to object to processing
• Right to lodge a complaint with a supervisory authority

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the App or via email. Your continued use of Hako after changes take effect constitutes acceptance of the revised policy.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at privacy@hakoapp.co.