Human Hub Privacy Policy

Privacy Policy

Human Hub · Last updated: 2026-06-04

Who we are

Human Hub (the app, we, us) is a personal-CRM app published by Melmiztonian LLC. Contact: hey@hellomelmo.com.

What this policy covers

How Human Hub collects, stores, uses, and shares the personal data you give it. We do not track you across other apps or websites. We do not sell your data. We do not run ads.

Data we collect

We collect only what you actively give us.

From you, when you sign in

  • Your email address and display name from your Google or Apple account, depending on which sign-in method you choose. Apple may give us a private relay email instead; we treat it the same way.
  • Your profile photo if you choose to set one (camera or library).

From you, when you use the app

  • Your contacts: names, nicknames, phone numbers, emails, birthdays, photos, notes, and anything else you type into a contact's profile.
  • Your check-ins: dates, channel (call/text/etc.), mood, free-form notes, and optional photos.
  • Your follow-ups, events, memories, gratitude entries, and custom items, the same as you would write them in a notebook.
  • Voice transcripts of commands you dictate (for example, "log a check-in with Sarah"). Audio is captured by Apple's Speech Recognition framework. Only the resulting text transcript is sent to our server, which forwards it to Anthropic's Claude API to extract dates, names, and action data.

From your device

  • iOS Contacts access (only if you grant it) so you can pick which contacts to import. We do not upload your full address book. Only contacts you explicitly tap to import are stored.
  • iOS Calendar access (only if you grant it) to mirror Human Hub follow-ups and birthdays into a separate "Human Hub" calendar. We do not read or modify your other calendars.
  • Microphone and Speech Recognition access (only if you grant it) so you can use voice commands.

Purchase and crash data

  • Purchase data: when you buy a Pro or Lifetime tier, RevenueCat stores the entitlement metadata so the app can unlock features and offer Restore Purchases. Apple-side receipt data stays with Apple.
  • Crash and error data: in Release builds only, Sentry collects crash reports and non-PII breadcrumbs (events like "paywall opened" or "voice command fired") so we can debug what the user was doing before a crash.

Where your data lives

  • Database: Supabase (Postgres), encrypted at rest with AES-256.
  • File storage (profile photo and check-in photos): Supabase Storage, encrypted at rest with AES-256.
  • Voice command processing: Anthropic (Claude API) processes the transcript text of voice commands you dictate. Per Anthropic's data usage policy, prompts are not used to train models.
  • Calendar sync (optional): if you connect Apple or Google Calendar, the app writes a separate "Human Hub" calendar on your account containing follow-ups and birthdays. This data lives in Apple or Google's calendar service.
  • iOS Keychain: your sign-in session token is stored on your device, secured by your device passcode and Secure Enclave.

All network traffic uses HTTPS / TLS 1.2 or higher.

Who can see your data

Only you. Every database row is gated by Row-Level Security policies that check the row's owner against the signed-in user. We do not have a "see everything" admin view; we only look at your data if you explicitly send it to support (see "Contact us" below).

The exception is voice commands: when you dictate one, the transcript text is sent to Anthropic's API for parsing. Anthropic processes the request and returns the parsed actions. They do not store the transcript or use it for training.

What we do not do

  • No tracking across other apps, websites, or sessions.
  • No third-party usage analytics (no Google Analytics, Mixpanel, Amplitude, Firebase Analytics).
  • No advertising. We do not run ads, we do not sell your data to advertisers.
  • No selling your data to anyone.
  • No password storage. Auth happens through Google or Apple Sign-In; we never see your password.

Your rights

Regardless of where you live, you can:

  • See your data: Settings, tap your profile card at the top, then "Export My Data" produces a JSON file with everything we have about you.
  • Delete your data: Settings, tap your profile card at the top, then "Delete All Data" at the bottom permanently removes every row and photo we hold for you, including your account itself. This action is irreversible.
  • Withdraw consent: sign out and stop using the app.
  • Contact us: hey@hellomelmo.com for questions, complaints, or requests we have not surfaced as in-app actions yet.

If you are in the EU or UK (GDPR) or California (CCPA), you have additional rights, including the right to know what we hold, the right to correct inaccuracies, and the right to lodge a complaint with your data protection authority.

How long we keep your data

For as long as your account is active. When you delete your account, all your data is removed within 30 days from active systems and backups (Supabase Pro daily backups roll off after 7 days, after which deletion is final).

Children

Human Hub is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has signed up, email hey@hellomelmo.com and we will delete the account.

Changes to this policy

If we change how we handle your data, we will update this page and adjust the Last updated date. Material changes (for example, a new third-party processor) will be surfaced as an in-app notice.

Contact us

Questions, complaints, requests: hey@hellomelmo.com