Privacy Policy

We collect the following categories of information when you use Hundred Miles:

• Account information: Your display name, email address, date of birth, and gender. These are provided by you during registration.
• Approximate location: We collect your approximate geographic location (city/region level) to enforce the 100-mile minimum distance requirement between penpals. We do not collect or store your precise GPS coordinates.
• Letters and messages: The content of letters you write and receive within the app.
• Device identifiers: Firebase Cloud Messaging (FCM) registration tokens, used solely to deliver push notifications to your device.
• Usage data: Basic app interaction data such as account creation timestamps and letter delivery metadata (e.g., timestamps).

We use the information we collect for the following purposes:

• Matching: To identify and suggest compatible penpals who are at least 100 miles from your approximate location.
• Delivering letters: To route your letters to the correct recipient and simulate travel time based on distance.
• Push notifications: To notify you when a new letter arrives, using FCM tokens associated with your account.
• Account management: To authenticate your identity, enforce account settings (such as privacy toggles), and allow you to manage or delete your account.
• Safety and moderation: To review flagged content and respond to reports of abuse or policy violations.

We do not use your information for advertising, behavioral profiling, or any purpose beyond the direct operation of the Hundred Miles service.

We do not sell, trade, or rent your personal information to third parties. We do not share your information with advertisers or data brokers.

We share data only with the following infrastructure providers, strictly for the purpose of operating the app:

• Google Firebase / Google Cloud: We use Firebase Authentication, Cloud Firestore, Firebase Cloud Messaging, and Cloud Functions to store data, authenticate users, and deliver notifications. Google's privacy policy applies to data processed through these services.

We may disclose information if required by law, court order, or to protect the safety of our users or the public.

All data is stored in Google Cloud / Firebase infrastructure, which provides encryption at rest and in transit using industry-standard TLS protocols.

We enforce access controls so that only authorized administrators can access raw user data, and only when necessary for safety or moderation purposes.

While we take reasonable precautions, no internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

Depending on your jurisdiction (including the European Economic Area and California), you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your account and associated personal data. You can initiate account deletion directly from within the app under Settings. Upon deletion, your profile, letters, and personal data are permanently removed from our systems.
• Data export: Request a machine-readable export of your personal data.
• Objection: Object to certain processing activities where we rely on legitimate interest as the legal basis.

To exercise any of these rights, contact us at privacy@hundred-miles.world. We will respond within 30 days.

Hundred Miles is not intended for, and does not knowingly collect personal information from, individuals under the age of 16.

If we become aware that we have collected personal data from a user under 16 without verifiable parental consent, we will delete that information promptly. If you believe a minor has provided us with personal information, please contact us at privacy@hundred-miles.world.

We use Firebase Cloud Messaging (FCM) to send push notifications to your device. FCM tokens — device identifiers used to route notifications — are stored securely in Firestore associated with your account.

You can opt out of push notifications at any time through your device's notification settings (iOS: Settings → Notifications → Hundred Miles; Android: Settings → Apps → Hundred Miles → Notifications). You can also manage notification preferences within the app under Settings.

Disabling notifications does not delete your account or affect letter delivery — you will still receive letters; you simply won't be notified in real time.

The Hundred Miles mobile application does not use cookies, advertising identifiers, or tracking pixels.

We do not use third-party analytics SDKs (such as Google Analytics, Mixpanel, or Amplitude) in the mobile app. We do not engage in cross-app tracking.

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will provide notice within the app or via email where we have your email address.

Your continued use of Hundred Miles after any changes to this Privacy Policy constitutes your acceptance of the updated terms.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: