Privacy Policy

1. Data Controller

Haven is operated by Public Discourse Foundation, a Swiss non-profit organization. We are the data controller responsible for your personal information.

2. Data We Collect

We collect the following categories of personal data:

Account Information

• Email address
• Display name (optional)
• Profile information you choose to provide
• Account preferences and settings

Authentication Data

• OAuth tokens from third-party authentication providers (Google, Apple)
• Session tokens and authentication state

Activity Data

• Support requests created (Figures)
• Responses submitted (Allies)
• Interactions with the platform
• Timestamps and usage patterns

Technical Data

• Device information and identifiers
• IP address (anonymized for analytics)
• App version and operating system
• Crash reports and performance data

3. Purpose of Processing

We process your personal data for the following purposes:

• Service delivery: To operate Haven, connect Figures with Allies, and facilitate counterspeech responses
• Account management: To create and maintain your account, authenticate access, and communicate with you
• Safety and moderation: To enforce our Terms of Service and Code of Conduct, and prevent misuse
• Research: To conduct IRB-approved academic research on counterspeech effectiveness (see Section 7)
• Improvement: To analyze usage patterns and improve the Service

4. Legal Basis for Processing

We process your data based on the following legal grounds:

• Contract: Processing necessary to provide the Service you requested
• Legitimate interest: Processing necessary for our legitimate interests in operating, improving, and securing the Service, provided these interests are not overridden by your rights
• Consent: Where you have given explicit consent, such as for research participation or marketing communications
• Legal obligation: Processing required to comply with applicable laws

5. Third-Party Services

We use the following third-party services to operate Haven:

• Supabase: Database and authentication infrastructure (PostgreSQL hosting, user authentication)
• Firebase: Push notifications and analytics
• Google Sign-In: Optional authentication provider
• Apple Sign-In: Optional authentication provider

These services have their own privacy policies. We encourage you to review them. We only share data necessary for these services to function.

6. Data Retention

We retain your data for the following periods:

• Account data: Until you delete your account or request deletion
• Activity data: 2 years from creation, then anonymized or deleted
• Research data: Anonymized data may be retained indefinitely for research purposes
• Technical logs: 90 days

After account deletion, we may retain certain data as required by law or for legitimate business purposes (e.g., fraud prevention), but this data will be minimized and protected.

7. Research Data Use

Haven is developed as part of an IRB-approved academic research study. Our research practices include:

• All research data is anonymized before analysis—no personally identifiable information is included in datasets
• Research findings may be published in academic journals and conferences
• Aggregated statistics about platform usage may be shared publicly
• You may be invited to participate in optional surveys or interviews (separate consent required)

You can opt out of research data collection at any time in your account settings. Opting out will not affect your ability to use the Service.

8. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), Switzerland, or the UK, you have the following rights:

• Right of access: Request a copy of your personal data
• Right to rectification: Request correction of inaccurate data
• Right to erasure: Request deletion of your data (“right to be forgotten”)
• Right to restrict processing: Request limitation of how we use your data
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interest, including profiling
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, contact us at info@public-discourse.app. You also have the right to lodge a complaint with your local data protection authority.

9. Your Rights Under CCPA

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to know: Request information about the categories and specific pieces of personal information we collect, use, and disclose
• Right to delete: Request deletion of your personal information
• Right to opt-out: Opt out of the sale of personal information (note: we do not sell personal information)
• Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise these rights, contact us at info@public-discourse.app.

10. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States and countries in the European Union. We ensure appropriate safeguards are in place for such transfers, including:

• Standard Contractual Clauses approved by the European Commission
• Transfers to countries with adequacy decisions
• Appropriate technical and organizational security measures

11. Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS) and at rest
• Regular security assessments and updates
• Access controls and authentication requirements
• Employee training on data protection
• Incident response procedures

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

12. Children's Privacy

Haven is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will delete that information promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the app. We encourage you to review this policy periodically. Your continued use of Haven after changes constitutes acceptance of the updated policy.

14. Contact Us

For questions about this Privacy Policy or to exercise your rights, please contact:

We will respond to your request within 30 days, or sooner as required by applicable law.