Hatpass markHatpass
← Back to home

Privacy

Updated November 2025

This policy describes what Hatpass collects, what it does not, and how it handles the data you give it.

What the app collects

Phone number (used for sign-in OTP). Full name. Bank verification number (BVN), used once for identity verification through our regulated banking partner. Hat data: names, targets, deadlines, descriptions, photos you upload. Contribution data: amounts, timestamps, sender bank metadata as passed to us by our payments partner. Device push tokens. App diagnostic data (crash reports), aggregated and anonymized.

What the app does NOT collect

Your contacts. Your location. Your photo library beyond images you actively upload to a hat. Your bank balance, bank statements, or transaction history outside of contributions to your hats. Browsing behavior outside Hatpass. We do not run third-party analytics SDKs.

Where data is stored

Hat data, names, and identifiers in encrypted Supabase Postgres (EU region). Photos in encrypted Supabase Storage. Identity records and BVN verification with our regulated payments partner (a licensed Nigerian bank), retained as required by Nigerian financial regulation.

Who can see your data

You. Stalwart Crest engineering staff with audit-logged access for support and operations. Our payments partner, for the regulated portion of money movement. Nobody else. We do not sell, rent, or share your data with advertisers, brokers, or analytics platforms.

Third-party services

The complete list:

  • Supabase: backend (auth, database, storage, realtime).
  • Our regulated banking/payments partner: virtual accounts, KYC, payouts. Disclosed by name in the in-app legal disclosures.
  • Apple Push Notification Service: push notifications.

That is the complete list.

Your rights

Access: request a full export of your Hatpass data via support. Correction: fix any field directly in the app. Deletion: see the next section.

How to delete your account

Open the app, Profile → Account → Delete account. Or email support@stalwartcrest.com. Deletion is permanent within 30 days. Some financial transaction records are retained for the period required by Nigerian financial regulation, but they are dissociated from your personal identifiers.

Children's privacy

Hatpass is for people 13 and older. We don't knowingly collect data from anyone younger. If you believe a child has used Hatpass, email support@stalwartcrest.com and we'll remove the account.

Changes to this policy

We'll post any change here with a revised "Updated" date. Material changes will be announced in-app.

Contact

support@stalwartcrest.com.

Questions? support@stalwartcrest.com