Skip to content

Table of Contents

Privacy Policy

Last updated: February 9, 2026

Privacy at a Glance

Your Data is Encrypted

All data is encrypted in transit and at rest

No Selling of Data

We never sell your personal information

Delete Anytime

Request complete data deletion at any time

1. Introduction

HikeWise ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (available on iOS and Android) and website at hikewise.app.

By using HikeWise, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

  • Account Information: Name, email address, and password when you create an account
  • Profile Data: Avatar, display name, study preferences, goals, and academic interests
  • Study Data: Focus session durations, subjects studied, streaks, achievements, and progress tracking
  • Communications: Messages you send through Study Rooms, support requests, and feedback
  • Payment Information: If you subscribe to premium features (processed securely by our payment provider Stripe - we do not store full credit card details)
  • User-Generated Content: Study notes, goals, custom tags, and any content you create within the app
  • Device Information: Device type, operating system version, unique device identifiers, mobile network information
  • Usage Data: Features used, time spent in app, interaction patterns, session frequency, and feature engagement
  • Log Data: IP address, browser type, pages visited, access times, referring URLs
  • Analytics: Aggregated data about app performance and user behavior (we use privacy-focused analytics)
  • Location Data: Approximate location based on IP address (we do not collect precise GPS location)
  • Social Login: If you sign in with Apple, Google, or other OAuth providers, we receive your name, email, and profile picture (if you grant permission)
  • App Store Data: Subscription status and transaction history from Apple App Store or Google Play Store
  • Integration Partners: If you connect third-party services (calendar, task managers), we receive only the data necessary for the integration to function

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Personalize your study experience with Nora, our AI companion
  • Track your progress and generate personalized insights and recommendations
  • Enable social features like Study Rooms, leaderboards, and study groups
  • Send notifications about streaks, achievements, reminders, and product updates
  • Process payments and manage subscriptions
  • Respond to support requests and communicate with you
  • Analyze usage patterns to improve our app and develop new features
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations and enforce our Terms of Service

4. AI Data Processing (Nora AI Companion)

Important: How Nora AI Uses Your Data

Nora, our AI study companion, processes your study data to provide personalized recommendations and insights. Here's what you need to know:

  • Data Used: Nora analyzes your study sessions, subjects, goals, and progress to generate personalized recommendations
  • AI Provider: We use OpenAI's GPT-4 API for AI processing. Your data is sent to OpenAI only when you interact with Nora
  • Data Protection: OpenAI does not use your data to train their models. All API communications are encrypted
  • Opt-Out: You can disable Nora AI features at any time in your settings. This will prevent any data from being sent to AI providers
  • Retention: AI conversations are stored on our servers for 90 days to maintain context, then automatically deleted

5. Virtual Study Rooms Privacy

Study Rooms are shared spaces where students can study together. Here's how your privacy is protected:

  • Visibility Control: You choose which information is visible to other users (display name, avatar, current study status)
  • Private Data: Your personal study data, goals, and detailed progress are never visible to other users unless you explicitly share them
  • Chat Messages: Messages sent in Study Rooms are visible to all room members and stored for 30 days
  • Moderation: We monitor Study Rooms for inappropriate content and may review reported messages for safety
  • Leave Anytime: You can leave any Study Room at any time, and your presence history will be removed

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your data with:

  • Service Providers: Third parties who help us operate our services (cloud hosting, analytics, customer support, payment processing)
  • Other Users: Your profile name and study status when using Study Rooms or leaderboards (you control visibility settings)
  • Legal Requirements: When required by law, subpoena, or to protect our rights, property, or safety
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (we will notify you and you can request data deletion)
  • With Your Consent: Any other third parties with your explicit permission

7. Third-Party Integrations

HikeWise integrates with third-party services to enhance your experience. These integrations are optional:

  • Calendar Sync: Connect your Google Calendar or Apple Calendar to sync study sessions. We access only calendar events you grant permission for.
  • Cloud Storage: Optionally backup your study notes to Google Drive, Dropbox, or iCloud. We do not access files outside of HikeWise data.
  • Analytics: We use privacy-focused analytics (PostHog) that do not track users across websites or sell data to third parties.
  • Payment Processing: Stripe processes all payments. They handle credit card information according to PCI-DSS standards. We never see full card details.

8. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.3
  • Encryption at Rest: All data stored on our servers is encrypted using AES-256 encryption
  • Regular Security Audits: We conduct regular security audits and vulnerability assessments
  • Access Controls: Staff access to user data is strictly limited and logged. All employees undergo security training.
  • Secure Infrastructure: We use enterprise-grade cloud providers (Vercel, Supabase) with SOC 2 compliance
  • Password Protection: Passwords are hashed using bcrypt with salt. We never store plaintext passwords.

While we strive to protect your information using commercially acceptable means, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we will notify you promptly of any security breach.

9. Data Retention

We retain your data for as long as necessary to provide our services. Our retention policy:

  • Active Accounts: Data is retained while your account is active and for 90 days after your last login
  • Account Deletion: When you delete your account, personal data is permanently deleted within 30 days
  • Anonymized Analytics: Aggregated, anonymized data may be retained for up to 2 years for product improvement
  • Legal Records: Financial records and legal compliance data may be retained as required by law (typically 7 years)
  • Backups: Deleted data may persist in backups for up to 90 days before being permanently purged

10. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of your personal data in a portable format (JSON or CSV)
  • Correction: Update or correct inaccurate data directly in your account settings
  • Deletion: Request deletion of your personal data (right to be forgotten)
  • Portability: Receive your data in a machine-readable format to transfer to another service
  • Opt-Out: Unsubscribe from marketing communications (you'll still receive essential service emails)
  • Restrict Processing: Limit how we use your data in certain circumstances
  • Object: Object to processing of your data for certain purposes (like marketing)

To exercise these rights, contact us at privacy@hikewise.app or use the privacy settings in your account. We will respond to your request within 30 days.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve your experience:

Required for the app to function properly. These cannot be disabled:

  • • Authentication cookies (keep you logged in)
  • • Security cookies (prevent fraud and abuse)
  • • Session cookies (maintain your session state)

Help us understand how you use HikeWise to improve the app:

  • • Page views and navigation patterns
  • • Feature usage and engagement metrics
  • • Performance and error tracking

You can opt out of analytics cookies in your account settings or browser preferences.

Used to show you relevant content and measure campaign effectiveness:

  • • Personalized content recommendations
  • • Ad campaign performance tracking
  • • Social media integration

You can opt out of marketing cookies through your browser or our cookie consent banner.

To control cookies, adjust your browser settings or use our cookie preference center (accessible from the website footer). Note that disabling certain cookies may limit functionality.

12. Children's Privacy (COPPA Compliance)

Age Requirement

HikeWise is designed for users aged 13 and older. We do not knowingly collect personal information from children under 13.

  • Age Verification: We ask users to confirm they are 13+ during registration
  • Parental Rights: If you believe your child under 13 has created an account, contact us immediately at privacy@hikewise.app
  • Data Deletion: If we learn we have collected data from a child under 13, we will delete it immediately
  • Teen Safety: For users aged 13-17, we recommend parental supervision and provide enhanced privacy settings

13. International Data Transfers

HikeWise is operated from the United States. If you access our services from outside the US, your data may be transferred to and processed in the United States or other countries where our service providers operate.

  • Legal Framework: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for EU data transfers
  • Safeguards: We ensure appropriate safeguards are in place for all international transfers
  • Data Protection: Regardless of location, your data receives the same level of protection described in this policy

14. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we collect
  • Right to Delete: Request deletion of personal information we have collected
  • Right to Opt-Out: Opt out of the "sale" of personal information (we do not sell your data)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
  • Authorized Agent: You may designate an authorized agent to make requests on your behalf

California Privacy Notice

In the past 12 months, we collected the following categories of personal information: identifiers, commercial information, internet activity, and inferences. We do not sell personal information. To exercise your CCPA rights, contact privacy@hikewise.app.

15. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) provides you with specific rights:

  • Legal Basis: We process your data based on (1) contract performance, (2) legitimate interests, (3) consent, or (4) legal obligations
  • Right of Access: Obtain confirmation of whether we process your data and receive a copy
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restriction: Limit processing of your data in certain circumstances
  • Right to Data Portability: Receive your data in a structured, commonly used format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise your GDPR rights or for questions about data processing, contact our Data Protection Officer at dpo@hikewise.app.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

  • Notification: We will notify you of significant changes by email, in-app notification, or prominent notice on our website
  • Review: We encourage you to review this policy periodically
  • Effective Date: Changes become effective when posted, unless otherwise stated
  • Continued Use: Continued use of HikeWise after changes constitutes acceptance of the updated policy

17. Contact Us

If you have questions about this Privacy Policy, want to exercise your rights, or have privacy concerns, please contact us:

Email (General)

privacy@hikewise.app

Data Protection Officer

dpo@hikewise.app

Response Time

Within 30 days