Privacy Policy

What we collect

• Account details you provide: email, name, username, profile info, date of birth (to confirm 18+), and optionally phone.
• Community activity: Hottubs you join, Soaks you RSVP to and attend, in-room messages, prompts, Heat Checks, and safety reports you submit.
• Sensitive signals you choose to share (e.g., accessibility needs, support-adjacent context) — stored minimally and treated as private.
• Technical data needed to operate and secure the service (e.g., session and device/log data).
• VR Soak data: if you join an immersive (VR) Soak, your headset shares movement (head/hand pose) and spatial audio with the other people in that room so your avatar and voice work. This is processed live to run the room — we do not store your motion or spatial data, and we never collect your headset’s camera feed, room scan, or guardian/boundary geometry.
• Payments/payout data through processors: if you pay or earn, payment processors collect what is needed for billing, payouts, tax rules, fraud prevention, and compliance.
• Reports and moderation records: reports, review notes, enforcement actions, and safety-related records.

How we use it

• To run your communities and gatherings, and to reflect your own activity back to you.
• To keep Hottub safe — reviewing reports, enforcing our Guidelines, and operating Lifeguard/admin moderation.
• To process payments and payouts, and to comply with law.
• To improve warmth: suggesting prompts and rooms, and surfacing better-fit connections. We may learn from the text you write (the prompts and messages you choose to share) to improve the service and these suggestions — but never to rank, score, or profile people. We optimize for belonging outcomes, never for time-in-app.

What’s private by design

• Community Standing / trust signals are private — never shown publicly, never a public score or ranking.
• Sensitive contexts (recovery, accessible-family, care, faith, minors) default to private/approval-required and are kept out of public discovery.
• You control profile visibility (public / people you share a Hottub with / just you) and whether you appear as a “familiar face.”
• Familiar Faces / Embers / connection signals are private according to product rules.
• Exact real-time location is not shared except in limited, opt-in, expiring contexts if ever enabled.

What we do not do

• We do not sell your personal data or content, and we do not share it for cross-context behavioral advertising — not to advertisers, not to data brokers, not to anyone.
• We do not share your exact real-time location (area-level only, opt-in, expiring — if ever).
• We do not run a surveillance ad feed; sponsorships are native and reported in aggregate.
• We do not expose contact info in open rooms — emails/phone numbers shared in a room are redacted.
• We do not set analytics cookies, advertising cookies, or third-party tracking pixels on Hottub domains.

Patent-pending privacy architecture helps Hottub support sponsors and Cabanas without relying on individual behavioral ad profiles.

Recordings of live Soaks

Draft clause Added in-house to give counsel a structure to refine; not final legal language.

Soaks are live sessions that may include audio and video; other participants can see and hear you while you’re in one. Some Soaks may be recorded — for safety review, for accessibility (captions or recaps), or at a Host’s election — and we indicate when a session is being recorded. Recordings are handled like the rest of your community activity above: kept minimally, used to operate and keep Hottub safe, never sold, and retained only as long as needed for that purpose and our legal and safety obligations. The same applies to immersive (VR) Soaks; a recording, if any, captures what’s shared in the room (voice and what your avatar does), not your headset’s sensors.

If you earn money on Hottub

Draft clause Added in-house to give counsel a structure to refine; not final legal language.

If you earn through Hottub — for example as the Host of a paid Soak or the steward of a sponsored Hottub — our payment processor collects what’s needed to pay you and to meet tax rules (such as identity and tax details, and a US W-9 / 1099 where thresholds apply). We receive payout and transaction records, not your full financial-account details. See the Payments section of our Terms for how splits and payouts work.

Cookies & local storage

Hottub uses only strictly-necessary cookies — the ones the site can’t operate without. We don’t set analytics cookies, advertising cookies, or third-party tracking pixels, on any of our web surfaces (marketing, app, or admin). Because none of our cookies are non-essential, we don’t show a cookie consent banner; under GDPR / ePrivacy, strictly-necessary cookies are exempt from consent requirements. We still disclose every cookie below in full so you can verify what’s set.

Both cookies are first-party (set by Hottub itself, not a third party), SameSite=Lax, and Secure in production. They’re sent only to Hottub.

Third-party cookies

None on Hottub’s domains. Payments are handled by Stripe, which we invoke as a server-side redirect — your browser interacts with Stripe on stripe.com, and any cookies Stripe sets there are governed by Stripe’s own privacy policy. A/V in live Soaks runs over LiveKit; LiveKit uses a WebSocket transport and does not set tracking cookies on Hottub. Voice in immersive (VR) Soaks instead runs peer-to-peer (WebRTC) directly between participants; as with any direct connection, peers exchange network connection details (including IP addresses) to reach each other, and we keep VR rooms small. No third-party tracking pixels.

Mobile apps (iOS & Android)

The native mobile apps don’t use cookies. Authentication tokens are kept in the OS’s secure storage — Keychain on iOS, EncryptedSharedPreferences on Android — and never synced via iCloud or Google account. We don’t bundle any analytics, crash-reporting, or advertising SDKs in the apps at launch.

Sharing & processors

We share data only with service providers needed to run Hottub, under contract, and when required by law or to protect people’s safety. Processor categories include: hosting/infrastructure, email delivery, payments/payouts when enabled, live A/V transport when enabled, moderation/safety tooling where applicable, and legal/compliance where required. We do not sell your data.

Retention & your choices

We keep data while your account is active and as needed for safety and legal obligations. You can edit your profile, change visibility, block users, close your account, export a copy where available, request deletion, and unsubscribe from nonessential emails. To exercise these, contact [email protected].

• Account data is retained while your account is active.
• Safety/moderation records are retained as needed.
• Legal/tax records are retained as required.
• Backups may persist for a limited time.
• Deleted content may remain if needed for legal, safety, tax, audit, or fraud-prevention reasons.

Your privacy rights

Draft clause Added in-house to give counsel a structure to refine; not final legal language.

Depending on where you live, you may have some or all of these rights over your personal data:

• Know & access — what we hold about you, and a copy of it.
• Correct — fix inaccurate data.
• Delete — ask us to erase your data, subject to legal and safety exceptions.
• Portability — receive a copy in a portable format.
• Opt out of sale or sharing — though there is nothing to opt out of: we do not sell or share your personal data for cross-context behavioral advertising.
• Limit use of sensitive information — we already minimize sensitive signals and keep them private by design.
• Object, restrict, or withdraw consent — where processing relies on your consent or our legitimate interests.
• Non-discrimination — we will never treat you worse for exercising any of these rights.

For users in the EEA and UK, our legal bases are: performing our contract with you (running the service), your consent (optional features), our legitimate interests (safety, security, and improving Hottub), and compliance with law. To exercise any right, email [email protected]. We may need to verify your identity; you may use an authorized agent; and we’ll respond within the time the law allows. If we decline a request, you may appeal by replying, and you may complain to your local data-protection authority (or, in California, the Attorney General). We honor browser Global Privacy Control (GPC) signals where required.

International data transfers

Draft clause Added in-house to give counsel a structure to refine; not final legal language.

Hottub is operated from the United States. If you use it from elsewhere, your data is processed in the US and in other countries where our service providers operate, with appropriate safeguards (such as standard contractual clauses) where required.

Changes to this policy

We may update this policy; we’ll note the date above and, for material changes, give notice. Continued use after a change means you accept the updated policy.

Children

Hottub is for adults (18+). We do not knowingly collect data from minors, and there are no public child profiles, ever.

Contact

Privacy questions or requests? Contact [email protected].