Privacy Policy

Effective Date: February 2, 2026

Key Privacy Highlights

Full Legal Text

1. Introduction

Hiddouts ("we," "our," or "us") is a platform dedicated to discovering and sharing locations. We operate globally, with our legal registration in Nairobi, Kenya. We are committed to protecting your privacy and complying with the Data Protection Act, 2019 (Kenya) and the General Data Protection Regulation (EU) 2016/679 (GDPR).

2. Data Collection & Minimization

We adhere to a strict policy of "Data Minimization." We do not collect data unless it is absolutely necessary for the functionality of the service or required by law.

Data CategoryWhat We CollectPurpose
Identity DataName, Email, Password (Hashed)Authentication & Service Delivery
Billing DataBilling Address, Transaction IDsTax Compliance (KRA/Intl)
Image MetadataFile dimensions, typeDisplay optimization.
Geolocation data is stripped during processing before storage.

3. Location Data & Images

  • Real-time Location: We only access your device's location when you explicitly use "Near Me" features. This data is ephemeral and is not stored permanently in our database.
  • Image Sanitization: All images uploaded to Hiddouts are processed immediately. We strip EXIF data (including GPS coordinates) to protect your privacy before the file is saved to our storage.

4. Communications

We use your email address strictly for transactional purposes: account verification, password resets, and billing receipts. We do not send marketing emails and we do not sell your contact information to third parties.

5. Data Retention

We retain personal data only as long as necessary.

  • General Account Data: Retained while your account is active.
  • Billing Records: Retained for a minimum of five (5) years from the transaction date, as strictly required by the Tax Procedures Act (Kenya) and international tax laws.
  • Deletion: Upon your request via settings, your Identity Data is permanently deleted.

6. International Transfers

Hiddouts serves a global user base. Your data may be processed in countries outside of your residence, including Kenya and regions where our cloud infrastructure operates. We ensure these transfers comply with Article 46 of the GDPR via Standard Contractual Clauses (SCCs).

7. Your Rights

You have the right to Access, Rectify, and Erase your data. You may delete your account at any time via the "Profile" page.