HushLog in
Legal

Privacy Policy

Effective Date: April 26, 2026

At Hush, we believe your communications are a private sanctuary. Our service is built from the ground up to protect your peace of mind and your personal data. We do not sell your data, and we do not use your private interactions for advertising purposes.

1. Information We Collect

Information you provide directly

  • Account details — your name, pronouns, and email address, provided at signup
  • Relationship context — names and roles of relevant parties (e.g., co-parents or children) used to ensure accurate pronoun and point-of-view mapping in processed messages.
  • Messages — the content of emails and replies you send or receive through Hush
  • Contact form submissions — your name, email, and message when you contact support
  • Payment information — we do not collect any payment information as this is provided directly to and processed by third-party Stripe

Information collected automatically

  • Usage data — pages visited, features used, and timestamps of actions
  • Device information — browser type and push notification subscription tokens
  • Email metadata — sender address, subject line, and message headers of relayed emails

Information from third parties

When your co-parent sends you an email through your relay address, we receive and process that message on your behalf. They are not a Hush user and have not agreed to these terms; you are responsible for informing them that their messages will be processed by the service.

2. How We Use Your Information

We use the information we collect to:

  • Create and maintain your account and authenticate your identity
  • Relay, filter, and neutralise messages as the core function of the service
  • Process subscription payments and send billing receipts
  • Send push notifications about new messages (only if you opt in)
  • Respond to support requests and contact form submissions
  • Detect and prevent fraud, abuse, or violations of our Terms of Service
  • Comply with legal obligations

3. LLM Processing and Data Usage

We use enterprise-grade language learning model IBM Granite to analyze and rephrase your communications.

  • No training — we do not use your personal messages, private data, or relationship history to train, tune, or improve LLM models.
  • Ephemeral processing — your data is processed in a secure, isolated environment solely for the purpose of generating the requested translation or summary.

4. Data Security

We employ robust security measures to protect your information, including:

  • Encryption — all data is encrypted at rest and in transit using industry-standard protocols.
  • Sandboxing — we use cryptographic security measures to isolate and contain untrusted message content, preventing it from interacting with your broader account settings.
  • Strictly no "AI Agents" — you are always in control, and no generative or autonomous agent is making any decisions or taking any actions.

5. How We Share Your Information

We do not sell or rent your personal information. We share data only in these limited circumstances:

  • Service providers — we use Supabase (database & authentication), Cloudflare (email relay), Resend (email delivery), Stripe (payments), IBM WatsonX (LLM processing), and Vercel (hosting). These partners are strictly bound by confidentiality agreements and are prohibited from using your data for any purpose other than providing services to Hush. Each provider receives only the data necessary to perform their function, and does not store anything unless absolutely necessary to provide you the features of this service.
  • Legal requirements — we may disclose information if required to do so by law or in response to valid legal process.
  • Business transfers — in the event of a merger or acquisition, your data may be transferred as part of that transaction. We will notify you in advance.

6. Data Retention

We retain your account information and message history for as long as your account is active. If you ask us to delete your account, we remove your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

Anonymised, aggregated data (such as usage statistics) may be retained indefinitely as it cannot be used to identify you.

7. Your Rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Request deletion of your personal data
  • Object to or restrict certain types of processing
  • Receive a copy of your data in a portable format
  • Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us. We will respond within 30 days.

8. Cookies and Local Storage

Hush uses cookies solely to maintain your authenticated session. We do not use tracking cookies, advertising cookies, or third-party analytics. Push notification tokens are stored in our database only if you explicitly opt in to notifications.

9. Security

We use industry-standard measures to protect your data, including encryption in transit (TLS), encryption at rest, and row-level security policies that ensure each user can only access their own data. No system is completely secure, however, and we cannot guarantee absolute security.

10. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will notify you by email and update the date at the top of this page. Your continued use of Hush after the changes take effect constitutes acceptance of the updated policy.

11. Contact

If you have questions about this policy or how we handle your data, please contact us.