Privacy Policy

Last updated: March 2026

The short version

We collect the minimum information needed to run the platform. We don't sell your data, track you across the internet, show you ads, or share your information with third parties except where strictly necessary to operate the service. This is the kind of privacy policy we'd want to read ourselves.

What we collect

  • Account information: your email address, username, and hashed password
  • Activity data: the product links you post, your likes, follows, and “not for me” signals
  • Profile data: your avatar image, if you choose to upload one
  • Payment data: your subscription status and renewal date. We do not store your card details — payments are processed directly by Stripe

What we don't collect

  • Your name, phone number, or address
  • Your browsing history or behaviour outside How You Say
  • Device fingerprints or advertising identifiers
  • Location data
  • Analytics beyond basic server logs (page views, errors)

How we use your data

  • To authenticate you and manage your account
  • To power the recommendation engine — your likes and “not for me” signals are used to personalise your feed
  • To process your subscription payment
  • To send transactional emails (account confirmation, password reset). We don't send marketing email unless you ask us to

Third-party services

We use a small number of infrastructure providers to run the platform:

  • Supabase — database and authentication. Your account data lives here
  • Vercel — application hosting and deployment
  • Cloudflare R2 — storage for product and profile images
  • Stripe — payment processing. Stripe's privacy policy governs what they collect during checkout

None of these providers receive your data for advertising purposes.

Public information

Your username, profile, posts, and likes are public by default — that's how discovery works. Your email address, password, and “not for me” signals are private and never exposed to other users.

Data retention

We keep your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days. Some information may be retained in backups for a short period thereafter.

Your rights

Depending on where you live, you may have rights including:

  • Access to the personal data we hold about you
  • Correction of inaccurate data
  • Deletion of your account and associated data
  • Portability of your data in a machine-readable format

To exercise any of these rights, email us at hello@howyousay.co.

Changes to this policy

If we make material changes to this policy, we'll notify you by email or with a notice on the site. The date at the top of this page will always reflect the most recent update.

Contact

Questions or requests? hello@howyousay.co

See also our Terms of Service.