# Hefty — Privacy Policy > ⚠️ **DRAFT — NOT LAWYER-REVIEWED** > This document was drafted by an LLM and is acceptable for closed-beta testing (TestFlight + Play closed track). It must be reviewed by a lawyer admitted in your operating jurisdictions before public app-store submission. **Last updated:** 2026-04-30 ## Plain-English summary We don't store more than we have to. We use Firebase to handle your sign-in and a database to keep your account state. We don't sell your data. We don't show ads. If you want everything we have on you deleted, email support@hefty.app and we'll do it. ## What we collect When you sign in with Google or Apple, we receive (from those providers): - Your email (or Apple's private-relay alias if you choose) - Your display name (Apple gives this only on your first login) - Your profile photo URL (Google only) When you use the app, we store: - An account record (uid, email, displayName, photoURL, signupSource, timestamps) In future MVP-2 / MVP-3 phases (not yet live), we will store: - Subscription state (chosen plan, term, expiry) - Aggregate data usage (GB used per cycle) - eSIM identifiers (ICCID, EID) — shared with our wholesale carrier to provision your line We do not currently collect any analytics or ad-tracking data. ## How we use it - To run the app you signed up for. - To provide customer support if you ask for it. - To process payments via Stripe (when payments are live in MVP-2). We don't sell, rent, or share your data with anyone except the third parties listed below. ## Third parties - **Firebase (Google Cloud)** — authentication and database. Subject to https://firebase.google.com/support/privacy - **Apple Sign-In** — authentication. Subject to https://www.apple.com/legal/privacy/ - **Stripe** (MVP-2 onward) — payment processing. We never store your card numbers; Stripe does. - **Wholesale carrier** (MVP-3 onward) — to provision your eSIM. Disclosed on https://hefty.pushstack.io/coverage when the partner is finalised. ## Data retention We keep your account data while your account is active. You can ask us to delete it at any time by emailing support@hefty.app — we'll process the request within 30 days. Some records may be retained for legal/tax reasons (typically 7 years in Australia). ## Your rights (Australia / NZ) Under the Privacy Act 1988 (Cth) and the NZ Privacy Act 2020 you have the right to: - See what we hold on you. - Correct it if it's wrong. - Have it deleted (subject to legal-retention exceptions). Email support@hefty.app to exercise any of these. ## Contact Hefty c/o sam@pushstack.io. Operating company details will be added once incorporated. ## Changes to this policy We'll update the "Last updated" date and notify you via in-app banner if we change anything material.