Privacy Policy
This policy explains what personal data hengspot collects, why, who can see it, and the rights you have under the EU General Data Protection Regulation (GDPR). Because hengspot helps you meet and train with other people, some of your information is shown to other users by design — see What other users can see.
- 1. Who is responsible
- 2. Data we collect
- 3. How & why we use it
- 4. Location data
- 5. What other users can see
- 6. Sharing & processors
- 7. How long we keep data
- 8. Security
- 9. Your GDPR rights
- 10. Children
- 11. International transfers
- 12. Cookies & analytics
- 13. Changes
- 14. Contact
1. Who is responsible for your data
hengspot ("we", "us", "our") is the data controller for the personal data described in this policy. hengspot is operated from Slovenia. For any privacy question or to exercise your rights, contact us at info@hengspot.com.
2. Data we collect
Information you give us
- Account details: your email address and a password (which we store only in hashed form).
- Profile: your username, display name, date of birth, and bio. We use your date of birth to confirm you meet our minimum age (16).
- Content you create: activities you post or join (including the time, location, and any participant limit), messages you send, friend requests and connections, and spots you suggest.
- Communications: if you email us or join the waitlist, we keep your email and the contents of your message.
Information we collect automatically
- Location: with your permission, your device's location, used to show the map, nearby spots, and nearby activities. See Location data.
- Technical & usage data: basic device and app information needed to deliver and secure the Service, and privacy-friendly, aggregated analytics about how the website and app are used (see Cookies & analytics).
We do not ask for or intend to collect special categories of data (such as health data). Please don't put sensitive information in your bio, messages, or activity descriptions.
3. How & why we use your data (legal bases)
Under the GDPR we only process your data where we have a legal basis to do so:
- To provide the Service (contract): creating and managing your account, showing the map, letting you post and join activities, message, and add friends.
- With your consent: accessing your device location, and sending you the waitlist / beta emails you signed up for. You can withdraw consent at any time (for example, by turning off location permission in your device settings or unsubscribing).
- Legitimate interests: keeping the Service secure, preventing abuse and fraud, understanding usage through aggregated analytics, and improving hengspot — balanced against your rights.
- Legal obligation: where we must keep or disclose data to comply with the law.
- Age verification: we use your date of birth to enforce our 16+ minimum age.
4. Location data
hengspot uses your device location to center the map on you, find spots near you, and surface nearby activities. We only access location when you grant the permission, and you can revoke it at any time in your device settings — the public map still works without it. We use your location to provide these features in the moment; we do not build a continuous history of your movements for advertising or sell your location to anyone.
Note that when you create an activity, the activity's location and time are shown to other users so they can join — that is the point of the feature. Choose meetup points you're comfortable sharing.
5. What other users can see
hengspot is a social, meet-up service, so some information is visible to others by design:
- Public to other users: your username, display name, and bio, and the activities you host or join (including their location and time) and who else is attending.
- Visible only to you: your email, your password, and your date of birth. Your bio is shown to other users on your profile; your date of birth is not shown to anyone — we use it only to verify your age.
- Friends & messages: friend requests are visible to the person you send them to; messages are visible to the people in that conversation.
Think of anything you'd consider public the way you would on any social app. Don't share information in your profile or activities that you wouldn't want other users to see.
7. How long we keep your data
We keep your account data for as long as your account is active. When your account is deleted (you can request this at any time — see Your GDPR rights), we delete or anonymise your personal data within a reasonable period, except where we need to keep some information to comply with the law, resolve disputes, or enforce our agreements. Content you shared with others (such as messages) may remain visible to those users. Aggregated analytics that can no longer identify you may be kept.
8. Security
We take reasonable technical and organisational measures to protect your data. Passwords are stored hashed, your session token is stored in your device's secure keystore (iOS Keychain / Android Keystore / encrypted storage on web) rather than in plain text, and traffic is encrypted in transit. No service can be completely secure, but we work to protect your information and to respond promptly to any incident.
9. Your rights under the GDPR
If you are in the EU/EEA, you have the right to:
- Access the personal data we hold about you, and get a copy;
- Rectify data that is inaccurate or incomplete;
- Erase your data ("right to be forgotten");
- Restrict or object to certain processing;
- Data portability — receive your data in a portable format;
- Withdraw consent at any time, where we rely on consent (this doesn't affect processing already carried out).
To exercise any of these — including having your account and data deleted — email info@hengspot.com. (Self-service account deletion in the app isn't available yet, so we handle deletion requests by email for now.) If you believe we've mishandled your data, you have the right to complain to your local data-protection authority — in Slovenia, the Information Commissioner (Informacijski pooblaščenec).
10. Children
hengspot is not intended for anyone under 16. We don't knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, contact us at info@hengspot.com and we'll delete it.
11. International transfers
We aim to keep data within the EU/EEA. If any of our service providers process data outside the EEA, we rely on appropriate safeguards — such as the European Commission's Standard Contractual Clauses or an adequacy decision — to protect it.
13. Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we'll update the "Last updated" date above and, where appropriate, notify you in the app or by email. Please check back periodically.
14. Contact
Questions about your privacy or this policy? Email us at info@hengspot.com.
Last updated: 13 June 2026.