Privacy Policy
Last updated: May 2025
Encrypted by default
Messages and payment data are encrypted in transit and at rest using industry-standard TLS and AES-256.
Minimal collection
We only collect what we need to provide the service. No tracking for advertising. No sale of personal data.
Secure infrastructure
Your data is stored with SOC 2 Type II certified providers, with regular penetration testing and audits.
Your right to deletion
You can request full account deletion at any time. We erase your data within 30 days, except where legally required to retain.
Information we collect
We collect information you provide directly (name, email, phone, profile photo), transaction data (amounts, recipients, timestamps), device information (IP address, device type, OS version), and usage data (feature interactions, crash logs). KYC verification may require ID documents and biometric data, which are processed by regulated partners.
How we use your information
We use your data to provide and improve HugSend services, process payments and screen transactions for fraud/compliance, communicate with you about your account, personalise your experience, and comply with legal obligations. We do not use your data for targeted advertising.
Data sharing
We share data only with: regulated payment partners (to process transactions), compliance and screening providers (Sentinel Global Pay), customer support tools, and legal authorities when required by law. We never sell your personal data to third parties.
Cookies & tracking
We use essential cookies for authentication and security. Analytics cookies help us understand app usage — you can opt out in settings. We do not use third-party advertising trackers.
Data retention
We retain your data as long as your account is active. After closure, we delete personal data within 30 days, except where we must retain it for legal, tax, or regulatory purposes (typically 6-10 years for financial records).
Your rights
Depending on your location, you may have rights to: access your data, correct inaccuracies, request deletion, restrict processing, data portability, and object to processing. Contact us to exercise these rights.
International transfers
HugSend operates globally. Your data may be processed in countries other than your own, including the UK, EU, and US. We use Standard Contractual Clauses and adequacy decisions to ensure lawful transfers.
Children's privacy
HugSend is not intended for children under 13. Junior accounts are parent-controlled and require verified parental consent. We do not knowingly collect data from children without parental approval.
Security
We implement technical and organisational measures to protect your data: encryption, access controls, regular audits, and staff training. Despite our efforts, no system is completely secure. Please use strong passwords and enable 2FA.
Changes to this policy
We may update this Privacy Policy periodically. Material changes will be notified via email or in-app alert. Continued use after changes constitutes acceptance.
Contact our Data Protection Officer
+44 20 3999 8000