Havyyn
Get started

Legal

Privacy Policy

Last updated: June 5, 2026

Havyyn ("we," "us") helps creators moderate comments and direct messages, schedule multi-platform content, and analyze audience engagement across Instagram, YouTube, TikTok, and Facebook. This policy explains what data we collect, how we use it, and the choices you have.

1. Data we collect

From you

  • Account info: email address, password (hashed via Firebase Auth).
  • Workspace info: workspace name, members and their roles.
  • Billing info: name, billing address, payment method last-4 (via Stripe). We do not store full card numbers.

From the platforms you connect

When you connect Instagram, YouTube, TikTok, or Facebook, we receive — and store encrypted at rest — an access token that lets us act on your behalf. We then retrieve:

  • Your platform account profile (id, username, display name).
  • Comments and direct messages on accounts you own, including the author's public profile id and message text.
  • Engagement and audience metrics (views, likes, comments, demographics where the platform provides them).

From Facebook Login (if you choose to sign in with Facebook)

If you sign in to Havyyn using your Facebook account, we receive from Facebook only the data covered by the public_profile and email scopes:

  • Your Facebook user ID.
  • Your name and profile picture.
  • Your email address (used to identify and contact you in Havyyn).

We do not request access to your friends list, posts, page list, or any other Facebook data via Facebook Login. (Connecting a Facebook Page for moderation is a separate, explicit step with its own consent flow.)

Automatically

  • IP address, browser type, device type for security and rate-limiting.
  • App audit log: which actions you took and when.

2. How we use it

  • To run the service you signed up for: moderating, scheduling, analyzing.
  • To classify comment sentiment and detect harassment via our AI service.
  • To bill your account.
  • To detect abuse of the service itself.
  • To comply with legal obligations.

3. AI processing, automated decisions, and profiling

Comment and DM text may be sent to our AI provider (Anthropic) for sentiment and harassment classification or, on the creator's explicit request, conversation summarization or reply suggestion. AI providers process the text only for the requested task and do not train on it.

Havyyn gives creators automated tools that act on the content on their connected accounts. Depending on the settings a creator chooses, these may:

  • automatically hide, hold for review, or delete comments that match moderation rules the creator configures;
  • score comments for sentiment and toxicity, and rank frequent, positive commenters (a "superfan" signal) so the creator can prioritize who to engage;
  • where the creator explicitly enables it, send replies or direct messages on the creator's behalf.

These tools are configured and controlled by the creator who manages the account you interacted with — they decide how their audience is moderated, and Havyyn acts on their instructions. Action-taking automations are off by default, and the creator can keep a person in the loop (for example, holding rule matches for review rather than removing them automatically). We log every automated action so it can be reviewed.

If a decision was made about your content — for example, a comment was hidden — and you would like a person to review it or an explanation of why, contact the creator whose account you interacted with, or email privacy@havyyn.com and we will route your request to them.

4. Who we share it with

  • The platforms. When you ask us to hide a comment, we tell Instagram/YouTube. That's the point of the product.
  • Our subprocessors. Hosting (your cloud provider), Stripe (billing), Anthropic (AI), SendGrid (email). A current list is available on request.
  • Legal authorities. Only when compelled by valid legal process.
  • Buyers. If we sell the business, the buyer inherits this policy. We'll tell you before any change.

We do not sell your personal data to advertisers.

5. Retention

  • Tokens: until you disconnect or revoke.
  • Comments, DMs, and engagement data: kept while your workspace is active so the service works, and deleted when you delete your workspace.
  • Audit log: the record of an action (what happened, by whom, and when) is retained; the associated IP address and device information are removed after 180 days.
  • Workspace deletion: 30 days, then irrecoverable.

6. Your rights

Depending on where you live, you have rights to access, correct, delete, or port your data; to object to or restrict processing; and to lodge a complaint with your data protection authority. Email privacy@havyyn.com.

Workspace owners can download a complete copy of their workspace's data at any time from Settings → Your data.

You can revoke our access from the platform you signed in or connected through, at any time:

  • Instagram: Settings → Apps and websites → Havyyn → Remove.
  • Facebook: Settings & Privacy → Settings → Apps and Websites → Havyyn → Remove.
  • Google / YouTube: myaccount.google.com → Security → Your connections to third-party apps → Havyyn → Remove access.
  • TikTok: Settings → Privacy → Manage app permissions → Havyyn → Remove.

Doing so triggers an automatic disconnect on our side. To also delete the data we've stored, follow the steps on our data deletion page.

7. Security

Encrypted at rest (AES-256-GCM for OAuth tokens, disk-level for everything else), TLS 1.2+ in transit, and role-based access control on every workspace action. Optional MFA and SOC 2 Type II are on our roadmap.

8. Children

Havyyn is not intended for users under 18. We do not knowingly collect data from children. If you believe we have, contact us and we will delete it.

9. International transfers

Your data is stored in either US or EU data centers depending on your account's region. Cross-region transfer happens only under standard contractual clauses.

10. Changes

Material changes will be announced in-app and via email at least 14 days before they take effect.

11. Contact

Email: privacy@havyyn.com