Privacy Policy

HUMN ("we", "us", or "our") operates the HUMN Discord bot and the HUMNbot.com website. This Privacy Policy explains what information we collect, how we use it, and how we protect it.

1. Information We Collect

We collect the following information when you use HUMN:

• Discord User ID — used to identify your account within your group
• Email address — collected when you connect Gmail or Yahoo to identify your inbox
• Gmail OAuth tokens — access and refresh tokens used to read your Gmail inbox on your behalf. We request read-only access and only process order confirmation emails.
• Yahoo app password — stored encrypted using AES-256-GCM encryption. Used only to connect to your Yahoo inbox via IMAP.
• Order confirmation data — product name, price, quantity, retailer, and order date extracted from emails. We do not store full email contents.
• Group and membership data — which group you belong to and your role within it.

2. How We Use Your Information

• To detect and post collectible checkout events to your group's Discord channel
• To calculate group analytics, leaderboards, and spend tracking
• To send you Discord DM notifications when your connection status changes
• To maintain your account and group membership

3. What We Do Not Do

• We do not read, store, or process any email content beyond order confirmation details
• We do not share your data with third parties for marketing purposes
• We do not sell your personal information
• We do not access emails unrelated to order confirmations

4. Data Storage and Security

Your data is stored in Supabase with Row Level Security enabled. Yahoo app passwords are encrypted at rest using AES-256-GCM. Gmail tokens are stored securely and refreshed automatically. We take reasonable measures to protect your information from unauthorized access.

5. Data Retention

We retain your data for as long as you have an active account. You can disconnect your email at any time using the /disconnect-email command, which removes your credentials from our system. You can leave your group using /leave-group, which removes your membership and email connection.

6. Third-Party Services

HUMN uses the following third-party services:

• Google (Gmail API) — for Gmail inbox access. Subject to Google's Privacy Policy.
• Yahoo (IMAP) — for Yahoo inbox access.
• Supabase — for database storage.
• Stripe — for subscription billing. Subject to Stripe's Privacy Policy.
• Railway — for application hosting.

7. Your Rights

You have the right to:

• Access the data we hold about you
• Request deletion of your data
• Disconnect your email connection at any time
• Leave your group and have your data removed

To request data deletion or access, contact us at our Discord server or via email.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes via our Discord server. Continued use of HUMN after changes constitutes acceptance of the updated policy.

9. Contact

If you have questions about this Privacy Policy, please reach out through our Discord server.