Privacy Policy

1. Introduction

Chishingo Ventures Ltd. ("we," "us," or "our") operates the Human-in-the-Loop (HITL) mobile application and related services. We are committed to protecting your privacy and handling your personal information with transparency and care.

This Privacy Policy explains what data we collect, how we use it, who we share it with, and the rights you have regarding your personal information. By using HITL, you agree to the collection and use of information in accordance with this policy.

Contact Us: For privacy-related questions or requests, email us at contact@hitlrelay.app

2. Information We Collect

We collect the following categories of information:

2.1 Information You Provide

• Account Information: Email address, name, and authentication credentials when you create an account
• Profile Information: Optional profile settings and preferences
• Content: Messages, approvals, responses, and attachments you send through HITL
• Communication: Support requests, feedback, and correspondence with us

2.2 Information Collected Automatically

• Device Information: Device type, operating system, app version, device identifiers
• Push Notification Token: Firebase Cloud Messaging (FCM) token for delivering notifications
• Usage Data: Features used, interactions, session duration, and timestamps
• Log Data: IP address (for security and analytics), error logs, crash reports
• Diagnostics: Performance metrics, error rates, and technical diagnostics

2.3 Location Information

We collect approximate location information based on your IP address for analytics and service improvement. We do not collect precise geolocation data from your device.

3. Data Categories (Apple App Store Disclosure)

The following data types are collected and may be linked to your identity:

• Contact Information: Email address, name
• Identifiers: User ID, device ID, Firebase UID
• Usage Data: Product interaction, app interactions, feature usage
• Diagnostics: Crash data, performance data, error logs
• User Content: Messages, approvals, and responses you send through the app

4. How We Use Your Information

We use the collected information for the following purposes:

• Provide Services: Deliver notifications, relay agent requests, synchronize data, and maintain message history
• Authentication & Security: Verify your identity, prevent fraud, detect abuse, and protect against security threats
• Service Improvement: Analyze usage patterns, debug issues, improve features, and develop new functionality
• Communication: Send service updates, respond to support requests, and provide important notices
• Legal Compliance: Comply with legal obligations, enforce our terms, and respond to lawful requests
• Analytics: Understand how users interact with HITL to improve user experience (aggregated and pseudonymous)

5. Third-Party Services and Data Sharing

We use the following third-party service providers to operate HITL:

5.1 Infrastructure & Hosting

• Google Cloud Platform (GCP): Cloud infrastructure, database hosting, and API services
• Firebase (Google): Authentication, push notifications (FCM), and analytics

5.2 Analytics & Monitoring

• Google Analytics: Usage analytics and performance monitoring (aggregated data)

5.3 Payments (if applicable)

• Apple App Store / Google Play: In-app purchases and subscriptions
• RevenueCat: Subscription management and analytics

Data Sharing Policy: We do not sell your personal information. Third-party service providers are contractually bound to protect your data and may only use it to provide services on our behalf.

5.4 AI Service Providers (In-App Agents)

AI Providers We Use:

• Google Gemini: Your messages, prompts, conversation history, and any files or content you share with AI agents are sent to Google's Gemini API for AI processing. Google processes this data according to their Privacy Policy and may use it to improve their AI models unless you opt out through Google's settings.
• Anthropic Claude (Future): If we integrate Claude AI, your queries and context will be processed by Anthropic subject to their privacy policies and data retention practices.
• Other AI Providers: We may integrate additional AI providers in the future. We will update this policy and notify you when new AI services are added.

HITL Data Retention (Our Servers):

• Local Agent Conversations: HITL does not store or access the content of your local agent conversations. We only store agent names and configuration metadata
• Remote Agent Data: Messages from remote agents (via MCP) are retained for up to 24 hours during transit to ensure reliable delivery, then automatically deleted
• Agent Metadata: Agent names, types, and connection status are stored while your account is active

AI Provider Data Usage and Retention:

• AI providers (Google Gemini, etc.) process your data to generate responses and may retain it according to their policies
• Google Gemini may use your data to improve their AI models unless you specifically opt out through Google's privacy controls
• We cannot control how AI providers use or retain your data once transmitted to them
• AI provider retention periods vary (typically 30 days to indefinitely depending on the provider and your settings)
• Deleting your HITL account does not automatically delete data from AI providers' systems

Opting Out of AI Features:

If you do not want your data sent to AI providers, you can disable AI features in the app settings or avoid using in-app agents. However, this will limit core functionality of HITL's AI agent management features.

5.5 Legal Disclosures

We may disclose your information if required by law, legal process, or to protect the rights, property, or safety of our users or the public.

6. End-to-End Encryption (Optional)

HITL offers optional end-to-end encryption (E2EE) for sensitive communications. When E2EE is enabled:

• Message content is encrypted on your device and can only be decrypted by your authorized devices
• We cannot access the content of E2EE messages
• Metadata (timestamps, message sizes, delivery status) is still processed to operate the service
• E2EE requires the HITL CLI proxy for desktop clients

7. Data Retention

We retain your information for the following periods:

• Account Data: Retained while your account is active and for 90 days after account deletion
• Message History: Retained for up to 1 year or until you delete messages manually
• Usage & Analytics Data: Aggregated data retained for up to 2 years
• Log Data: Retained for up to 90 days for security and debugging purposes
• Legal Obligations: Some data may be retained longer if required by law or to resolve disputes

8. Data Security

We implement industry-standard security measures to protect your information:

• Data encryption in transit (TLS/HTTPS) and at rest
• Secure authentication using OAuth 2.1 and Firebase Authentication
• Access controls and authentication for all systems
• Regular security audits and monitoring
• Secure cloud infrastructure (Google Cloud Platform)

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

9. Your Rights and Choices

You have the following rights regarding your personal information:

9.1 Access and Portability

You can request a copy of your personal data in a machine-readable format.

9.2 Correction

You can update or correct your account information through the app settings or by contacting us.

9.3 Deletion

You can request deletion of your account and personal data:

• In the app: Go to Settings → Account → Delete Account
• Email us at contact@hitlrelay.app with "Delete My Account" in the subject line
• We will process deletion requests within 30 days
• Some data may be retained as required by law or for legitimate business purposes

9.4 Opt-Out Rights

• Marketing Communications: Unsubscribe from promotional emails via the unsubscribe link
• Push Notifications: Disable in your device settings or app settings
• Analytics: Contact us to opt out of analytics data collection

9.5 Object or Restrict Processing

Where applicable by law, you can object to or request restriction of certain data processing activities.

10. Account Deletion

Users have the right to request deletion of their account and all associated personal data. This section explains how to request account deletion and what happens to your data.

10.1 How to Request Account Deletion

To delete your account and all associated data:

1. Send an email to: contact@hitlrelay.app
2. Subject line: "Account Deletion Request"
3. Include: Your registered email address used for the HITL account

Alternatively, you can delete your account directly in the app: Go to Settings → Account → Delete Account

10.2 What Data Gets Deleted

When you request account deletion, we will permanently delete:

• User Profile: Email, name, and authentication tokens
• Authentication Data: Login credentials and session data
• Agent Requests & Responses: All AI agent interactions and message history
• Agent Configurations: Custom agent settings and preferences
• Device Tokens: Firebase Cloud Messaging (FCM) tokens for push notifications
• App Preferences: All user settings and customizations
• Uploaded Content: Any files or attachments you've uploaded
• Subscription Data: Payment information and subscription records (where applicable)

10.3 Deletion Timeline

• Account deletion requests are processed within 30 days of receipt
• You will receive a confirmation email once deletion is complete
• During the processing period, your account will be deactivated and inaccessible
• Some metadata may be retained for up to 90 days in backup systems before being permanently purged

10.4 Important Notes

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of the personal information we collect, use, and share
• Right to Delete: Request deletion of your personal information (subject to exceptions)
• Right to Opt-Out: We do not sell personal information. If our practices change, we will provide an opt-out mechanism
• Right to Non-Discrimination: You will not be discriminated against for exercising your CCPA rights

To exercise these rights, email us at contact@hitlrelay.app. We will verify your identity before processing your request.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States and European Union. These countries may have data protection laws that differ from your country.

When we transfer data internationally, we use approved transfer mechanisms such as Standard Contractual Clauses and ensure appropriate safeguards are in place to protect your information.

13. Children's Privacy

HITL is not intended for children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children.

If you believe we have inadvertently collected information from a child, please contact us immediately at contact@hitlrelay.app, and we will take steps to delete such information.

14. App Tracking Transparency (Apple)

HITL does not track users across apps or websites owned by other companies for advertising or advertising measurement purposes. We do not share your data with data brokers.

If our tracking practices change in the future, we will request your permission through Apple's App Tracking Transparency framework before enabling cross-app or cross-website tracking.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will notify you by:

• Updating the "Last Updated" date at the top of this policy
• Sending a notification through the app or via email
• Requiring you to accept the updated policy before continuing to use HITL (for significant changes)

Your continued use of HITL after the effective date of changes constitutes acceptance of the updated Privacy Policy.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to privacy requests within 30 days in accordance with applicable privacy laws.