Your privacy is the foundation of HMS. We collect the minimum, share nothing, and your real identity stays yours.
We do not sell your data. We do not show advertisements. We do not require your real name. We store the minimum possible information to operate the service. This policy explains exactly what we collect, why, and what we never do.
When you create an account, we collect: your email address (stored securely, used only for login and account recovery), and the pseudonym you choose. We do not collect your real name, phone number, physical address, date of birth, government-issued identifier, photograph, or any biometric data.
Posts, comments, private messages, group interactions, mood journal entries, and self-assessment responses you voluntarily submit. This content is stored to provide the service.
Standard server logs including IP address, browser type, device type, pages visited, and session timestamps. This data is used for security, fraud prevention, and improving the service. We retain server logs for a maximum of 30 days.
We use collected information solely to: provide and maintain platform access; enable posting, commenting, messaging, and community features; send optional account notifications you have enabled in Settings; enforce Community Guidelines and protect the community from abuse; improve the platform through aggregate, anonymised analytics; and comply with legal obligations.
We never build advertising profiles, share data with ad networks, or use your mental health disclosures for any commercial purpose.
Your pseudonym is the only identity visible to other members. When you post anonymously, only "Anonymous" is displayed — even your pseudonym is hidden. Your email address is never visible to any member, professional, or moderator through the platform interface.
Our human moderation team can see the account behind an anonymous post for safety and moderation purposes only. This capability exists exclusively to protect community safety and is not used for any other purpose.
Choose a pseudonym that is not linked to your real identity on other platforms. Avoid usernames you use on social media or email services to maintain your private space.
Depending on your jurisdiction, you may have the following rights regarding your personal data:
To exercise any of these rights, contact us at privacy@hearmesafe.com. We will respond within 30 days. Most requests can be actioned directly from your Settings page without needing to contact us.
We retain your account data for as long as your account is active. When you delete your account, your personal data — including email address, pseudonym, posts, comments, messages, and mood journal entries — is permanently and irreversibly deleted within 24 hours.
Certain anonymised and aggregated statistical data (total post counts, aggregate platform analytics) may be retained for platform improvement purposes. This data contains no personally identifiable information and cannot be linked to any individual account.
Server access logs are retained for a maximum of 30 days before automatic deletion.
We implement multiple layers of security to protect your data: TLS encryption for all data in transit; AES-256 encryption for sensitive data at rest; bcrypt password hashing with a high cost factor; rate limiting and brute-force protection on all authentication endpoints; regular security audits and penetration testing; strict access controls limiting staff access to personal data on a need-to-know basis.
In the event of a data breach that affects your personal information, we will notify you and relevant regulatory authorities within 72 hours of becoming aware of the breach, as required by applicable law.
HearMeSafe requires users to be at least 16 years old. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided us with personal data, we will delete that data promptly. If you believe a child under 16 has created an account, please contact us at safety@hearmesafe.com.
Our servers are currently located in the European Economic Area (EEA). If you access HearMeSafe from outside the EEA, your data may be transferred to and processed in the EEA. We ensure appropriate safeguards are in place for all international transfers, in accordance with applicable data protection law, including Standard Contractual Clauses where required.
We will notify you of any material changes to this Privacy Policy by email (to the address registered with your account) and by a prominent notice on the platform, at least 14 days before the changes take effect. Continued use of HearMeSafe after that date constitutes acceptance of the updated policy. Previous versions of this policy are available on request.
For all privacy-related enquiries, data subject requests, or concerns:
If you are not satisfied with our response, you have the right to lodge a complaint with the data protection authority in your country of residence.