Privacy Policy

    OUR CORE COMMITMENT
    No Data. No Logs. No Trace.

    We designed HUSH so that there is nothing to collect, read, or hand over. This is not a marketing slogan — it is the technical reality of our architecture.

  1. Our Core Commitment

    At FinaryLabs, we treat privacy not as a feature but as a foundational design principle. HUSH's technical architecture structurally ensures that user data is inaccessible to us. This is not merely a policy choice — it is the natural consequence of how the system works.

  2. Data We Collect

    The following minimal data is processed when creating and using a HUSH account:

    DATA PURPOSE RETENTION
    Username (optional) Account identification and contact functionality Until account deletion
    User ID System identifier Until account deletion
    Subscription status Plan management (via App Store/Google Play) Duration of subscription
    Free usage counter Trial plan management Until upgrade to Plus

  3. Data We Never Collect

    The following data never enters our systems under any circumstances:

    • Real name, surname, or identity documents
    • Phone number
    • Email address
    • IP address or location data
    • Device identifiers (IMEI, MAC address, etc.)
    • Call content (audio or video)
    • Call metadata (who called whom, when, for how long)
    • Contact list contents
    • Application usage analytics and behavioral data
    • Advertising identifiers (IDFA, AAID, etc.)

  4. Technical Architecture and Encryption

    1. End-to-End Encryption All voice and video calls are conducted with End-to-End Encryption (E2EE) over the LiveKit infrastructure. Media streams are encrypted using the AES-256-GCM algorithm. Encryption keys are generated exclusively on the devices of call participants and never leave those devices.
    2. Signaling Server The signaling server used for connection establishment is aware only that a call is beginning at that moment. When the call ends, this transient state is cleared from memory and never written to disk.
    3. Media Server Media packets pass through our servers in encrypted form. Our server transmits only encrypted data and does not possess the technical capacity to decrypt it — even if compelled to do so.
    4. Server Locations HUSH server locations vary by geographic region and are adjusted over time in line with where our users are concentrated and where capacity is needed. Enterprise users seeking further information about server jurisdiction may submit a written request.

  5. Payment and Anonymity

    Payments are processed through Apple Pay or Google Pay. These platforms manage their own payment infrastructure and process payment information under their respective privacy policies. FinaryLabs does not access or store any payment information.

    TRANSPARENCY NOTE

    Payments made via Apple Pay or Google Pay are linked to your Apple or Google account. This means payment records exist within those platforms. FinaryLabs does not access this information; however, complete payment anonymity is technically achievable only through cash transactions.

  6. Legal Requests

    1. What We Can Provide If we receive a valid legal request from an authorized authority, our honest answer is: We have very little to hand over. What we can confirm is limited to:
      • Whether a particular account identifier exists
      • The active subscription status of an account
      What we cannot provide — because it does not exist in our systems — includes: phone numbers, email addresses, real identities, call history, call content, IP addresses, or location data.
    2. Warrant Canaryr FinaryLabs periodically publishes public statements confirming that it has not received secret government demands or mass surveillance orders. If this statement ceases to be updated, it may indicate that circumstances have changed.

  7. Third Parties

    FinaryLabs does not sell, rent, or commercially share user data with any third party.

    SERVICE PURPOSE DATA SHARED
    LiveKit WebRTC infrastructure Encrypted media packets only
    Apple App Store App distribution and subscriptions Subscription status (managed by Apple)
    Google Play Store App distribution and subscriptions Subscription status (managed by Google)

    There are no integrations with advertising networks, analytics platforms, or behavioral tracking tools.

  8. Data Retention and Deletion

    1. Account Deletion When you delete your account, all data associated with you in our system is permanently destroyed. There is no "soft delete" or "30-day recovery" mechanism. Deletion is irreversible.
    2. Call Data Call content is never recorded. Call metadata (who, when, how long) is never written to disk.
    3. App Uninstall Uninstalling the application from your device clears the local cache on that device. Your account remains active on our servers. To permanently delete your account and all associated data, you must use the "Delete Account" function within the application.

  9. Your Rights

    Depending on your jurisdiction, you may have the following rights regarding your personal data:

    • Right to know whether your personal data is being processed
    • Right to access information about such processing
    • Right to know the purpose of processing and whether data is used in accordance with that purpose
    • Right to know third parties to whom data has been transferred
    • Right to request correction of incomplete or inaccurate data
    • Right to request deletion or destruction of personal data
    • Right to object to decisions made solely through automated processing

    To exercise any of these rights, please submit your request through the in-app support channel. Requests will be responded to within the legally required period of 30 days.

  10. ⁠Child Safety Standards and CSAE Policy

    1. Target Audience Hush Privacy is a communication application exclusively intended for adults aged 18 and over. The application contains no content, features, or marketing activities directed at children. In accordance with Google Play Families Policy and Apple App Store age classification requirements, the application is rated 17+ / Mature.
    2. Prohibition on Access by Minors Individuals under the age of 18 may not:
      • Create a Hush Privacy account
      • Use the application in any capacity
      • Purchase a subscription or access a free trial
      By using the application, each user represents that they are at least 18 years of age. Parental or guardian consent does not override this prohibition.
    3. Zero Tolerance for Child Sexual Abuse Imagery (CSAE) Hush Privacy maintains a zero-tolerance policy regarding Child Sexual Abuse Imagery (CSAE). The use of Hush Privacy infrastructure for the transmission, storage, or promotion of CSAE is strictly prohibited and constitutes the most severe violation of these Terms.
    4. Published Standards and Enforcement To ensure compliance with Google Play Child Safety Standards, Hush Privacy adheres to the following published protocols:
      • Immediate Termination: Hush Privacy will immediately and permanently close any account found to be involved in distributing or promoting CSAE.
      • 24-Hour Review: All reports regarding child safety or CSAE are reviewed by the Hush Privacy safety team within 24 hours.
      • Reporting: Users can report CSAE or safety concerns through the in-app support channel or via support@hushprivacy.app
    5. Legal Reporting (NCMEC) As required by law, Hush Privacy reports all identified instances of CSAE to the National Center for Missing & Exploited Children (NCMEC) and relevant law enforcement agencies.
    6. Google Play Families Policy Compliance This application is not eligible under the Google Play Families Policy and may not be listed in child-directed application categories. The application is listed exclusively in the adult user segment on Google Play Store. No advertising, content, or data collection activities directed at children are conducted within this application.

  11. Policy Changes

    If this Privacy Policy is updated, the new version will be published within the application with the effective date clearly stated. An in-app notification will be sent for material changes. Continued use of the application after changes are published constitutes acceptance of the updated policy.

HUSH

Developed by FinaryLabs.

Registered company in the Republic of Turkey.

Effective Date: April 2026 | Version 1.0