Privacy Policy
Last updated: November 13, 2025
1. Overview
Howl Chat (“Howl,” “we,” “our,” or “us”) provides a real-time chat experience that balances low-latency delivery with encrypted direct messages. This Privacy Policy explains the data we collect, how we use it, and the choices available to you.
2. Data We Collect
- Authentication data: When you sign in via Auth0 we receive identifiers such as your Auth0
sub, display name, email, and avatar URL as provided by your identity provider. - Profile & preference data: Avatars, bios, statuses, recent rooms, and saved themes you edit inside Howl are stored so they can sync across browsers.
- Chat & DM content: Room messages, DM envelopes (ciphertext, IV, wrapped keys), DM request previews, and timestamps are persisted through the Howl data API so that roughly the latest 150 entries per room remain available. When the storage layer is offline we temporarily buffer messages in memory.
- Attachments and uploads: Files you share in rooms, DMs, or commission samples (including avatars) are scanned, gzip-compressed when appropriate, and stored alongside metadata such as uploader, filename, mime type, and download path so we can serve them back to authorized participants.
- Commission & billing data: Public commission posts, work requests, budgets, sample links, and ledger entries (invoice/payment IDs, Kill Bill account references, platform fees, and statuses) are retained so artists, buyers, and the platform can track requests and payments.
- Encryption material: We store the public keys you upload so others can start encrypted DMs, as well as our escrow public key. Your private keys stay in your browser’s local storage unless you choose to export them.
- Technical and usage data: We log minimal diagnostics such as IP region, browser or device information, request identifiers, SSE session IDs, and error traces to defend the service and troubleshoot incidents.
- Support communications: Emails or other messages you send to support or the billing team are kept so we can respond and maintain audit trails.
3. How We Use Data
- Authenticate you and keep sessions active.
- Deliver room messages, attachments, DM previews, and user settings, while routing DM and commission workflows.
- Power the commission marketplace, including Kill Bill invoices/payments, ledger updates, and artist payouts.
- Detect abuse, spam, or behavior that violates our Terms; this may include decrypting DM payloads with the escrow key when legally required or to investigate a report.
- Operate, secure, and improve the infrastructure, including load balancing, caching, uploads, and troubleshooting.
- Comply with legal obligations and enforce our agreements.
4. Data Storage and Retention
- Messages and DM requests reside in our SQLite-backed data API hosted on infrastructure we control. We aim to retain only the newest ~150 entries per room, though backups, logs, or lawful preservation orders may extend retention.
- Attachments and commission samples are stored under
data/uploads/along with a manifest that records uploader, file name, MIME type, and download path; files remain until you delete them or we are asked to remove them for compliance. - Commission posts, work requests, and the billing ledger (
data/commissions.jsonanddata/billing-ledger.json) persist so we can honor requests, track budgets, and reconcile platform revenue. Updates, cancellations, or deletion requests trigger corresponding record updates or anonymization unless retention is required by law. - Profile data and saved themes stay on file until you edit or ask us to delete them.
- Diagnostic logs are typically kept for short periods (days or weeks) and then rotated or aggregated.
- If you delete your account or request erasure, we will remove or irreversibly anonymize associated personal data unless retention is required by law.
5. Sharing and Processors
We do not sell or rent your personal data. We work with trusted processors who help us run Howl Chat:
- Auth0 handles authentication and stores your identity information under its own privacy terms.
- Kill Bill manages commission invoices and payments; we share invoice/payment identifiers, account references, and related metadata so that billing remains in sync, while Kill Bill processes card/payment data under its own policies.
- Hosting providers such as Hetzner supply compute, networking, and storage.
- Compliance and legal authorities may receive data when required by law or necessary to protect users.
6. Security
We implement network isolation, TLS in transit, encrypted DM envelopes, and an escrow public/private key pair that is kept on secure servers. While we try to maintain the security of your data, we acknowledge and are aware that no method of transmission or storage is 100% secure.
7. Your Rights and Choices
- You may request access, correction, export, or deletion of your personal data by emailing contact@howl-chat.com.
- You can update most profile information directly in the app or revoke browser-stored keys by clearing local storage.
- You may opt out of direct messages from specific people by declining their DM requests.
8. Cookies and Local Storage
We use a minimal cookie (howl_rt_id) to keep long-lived SSE connections stable. The application also uses
your browser’s local storage to cache encryption keys, presence, and UI preferences; these never leave your device unless
you explicitly sync or export them.
9. International Transfers
Your data may be processed in any country where our infrastructure or service providers operate. We take steps to ensure transfers occur with appropriate safeguards.
10. Children
The Service is not directed to children under 13. If we learn that we unintentionally collected personal information from a child under 13, we will delete it.
11. Changes to This Policy
We may update this Privacy Policy to reflect product, operational, or legal changes. We will revise the “Last updated” date and, when required, provide additional notice.
12. Contact
Questions or privacy requests can be sent to contact@howl-chat.com.
By using Howl Chat, you acknowledge that you have read and understood this Privacy Policy.