Privacy Policy

Last updated July 5, 2026

Scope and contact

This Privacy Policy explains how HumVision handles personal information across gethumvision.com, the account dashboard, HumVision APIs, Supabase-backed web APIs, and the HumVision desktop application. It does not apply to websites or services that we do not control.

HumVision is the controller of the personal information described here unless a written agreement says otherwise. Questions, privacy requests, and support requests can be sent to hello@gethumvision.com.

HumVision is built as a local-first desktop workbench. We do not receive your unshared sonar recordings, projects, annotations, exports, or app settings just because you open the app. Team sharing changes that only when you choose to share a recording or project.

What stays local

The desktop app reads Humminbird recording folders from locations you authorize on your own computer or storage media. Unless you use Team or Department sharing, the following data stays on your device:

  • Humminbird recording files and folders, including .DAT, .SON, and .IDX files.
  • Unshared recordings, unshared projects, local library entries, pinned items, display settings, map style choices, palette choices, units, and other app preferences.
  • Exported files such as GPX, KML, KMZ, GeoTIFF, CSV, snapshots, reports, or other files you save to your own drive.
  • The visual act of scrubbing sonar, changing channels, panning, zooming, measuring, or reviewing a recording inside an unshared local session.

Information we collect

We collect the minimum information needed to run accounts, license access, billing, downloads, and team collaboration.

  • Account and profile information: email address, Supabase user ID, first name, last name, display name, password authentication state handled by Supabase, and optional avatar or profile details you save.
  • License and entitlement information: plan tier, trial start and expiration, subscription expiration, role, organization name, seat ID, revocation status, and device identifiers used to enforce license limits. For Pro licenses, the desktop app generates a short hash from local machine characteristics and sends that machine ID for device registration.
  • Billing information: Stripe customer ID, checkout session ID, subscription ID, plan metadata, payment status, renewal timing, and invoice status. Stripe processes card details. We do not store full payment card numbers.
  • Organization and seat information: organization name, department, industry, address, phone, logo, accent color, operator invite email addresses, seat status, assigned user IDs, owner/admin/member roles, and timestamps for seat actions.
  • Shared workspace metadata: when you share a recording or project, we store the shared item name, notes, owner email, owner user ID, organization name, duration, ping count, channel list, GPS track coordinates, bounds, location label, project recording IDs, annotation/contact records, blob upload status, storage path, file size, checksum, and related timestamps.
  • Shared recording archives: when you share a recording with a Team or Department workspace, HumVision packs the selected recording folder into a tar archive and uploads that archive to Cloudflare R2 object storage using short-lived signed URLs. That archive may include the files present in the selected recording folder.
  • Technical and security information: IP address, user agent, browser or operating system signals needed for downloads, authentication logs, API request logs, error logs, signed URL activity, and security events generated by our hosting, Supabase, Stripe, Cloudflare, GitHub, and infrastructure providers.
  • Website analytics information: if you allow analytics cookies, Google Analytics may collect page views, referral source, approximate location derived from IP address, device and browser information, and interaction events on public website pages.
  • Support communications: information you include when you email us, request support, ask for an invoice copy, report a bug, or send feedback.

How we use information

We use personal information for the following purposes:

  • Create accounts, authenticate users, maintain sessions, and let users sign in to the desktop app and web dashboard.
  • Start and enforce trials, issue paid entitlements, register licensed devices, refresh license claims, and provide authenticated app downloads.
  • Process payments, renewals, cancellations, invoices, refunds, taxes, chargebacks, and billing support through Stripe.
  • Operate Team and Department workspaces, including seat invitations, shared recording and project visibility, shared annotation sync, upload/download/delete flows, and admin controls.
  • Provide support, respond to privacy requests, send service notices, diagnose issues, secure the product, prevent abuse, and comply with legal obligations.
  • Measure public website traffic, content performance, and conversion paths when you allow analytics cookies.
  • Improve the product using aggregated or operationally necessary information. We do not use your unshared sonar review activity for advertising.

How information is shared

We share information only as needed to provide HumVision, process requests, protect the service, or comply with law.

  • Service providers: Supabase for authentication, database, realtime sync, and security logs; Stripe for checkout, subscriptions, tax and payment records; Google Analytics for optional public website analytics; Cloudflare R2 for shared recording archives; Vercel for web hosting; GitHub Releases for app downloads and auto-update assets; and email/support tooling used to communicate with you.
  • Map and data providers: when the desktop app loads map tiles, your device may request tiles from the provider selected in the app, such as MapTiler, OpenStreetMap, Esri, Carto, or OpenTopoMap. Those providers receive the technical request information needed to serve map tiles.
  • Team and Department workspaces: shared recordings, shared projects, metadata, contacts, annotations, owner labels, and related files are visible to members of the same organization workspace according to their role and plan.
  • Legal and safety: we may disclose information if we believe it is required by law, subpoena, court order, valid government request, payment dispute, security incident response, or to protect rights, safety, and property.
  • Business transfers: if HumVision is involved in a merger, acquisition, financing, reorganization, or sale of assets, information may transfer as part of that transaction subject to this Policy or a successor policy.
We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We do not run third-party ad networks in the desktop app, and HumVision configures Google Analytics with advertising storage and ad personalization disabled unless we update this Policy and the site controls.

Sensitive operational data

HumVision is used in search, recovery, dive, survey, and field operations. Your recordings, GPS tracks, notes, annotations, contacts, exports, organization profile, and support messages may contain sensitive location, incident, agency, operational, or personal information.

You are responsible for deciding what content is appropriate to import, save, export, share, or send to support. Do not upload or share information unless you have the legal authority and operational permission to do so. If you work inside an organization, your organization may control the shared workspace and may be able to access, remove, export, or manage shared content.

Cookies, local storage, and auth storage

The public marketing pages use optional Google Analytics cookies only if you allow them. The authenticated dashboard and desktop app use browser or app storage for practical product functions.

  • Google Analytics may use cookies such as _ga and related identifiers to measure public website visits and interactions after you accept analytics cookies.
  • Supabase Auth may use browser storage, IndexedDB, or related browser mechanisms to keep you signed in.
  • The dashboard may use local storage for UI preferences such as theme or sidebar state.
  • The desktop app uses local storage for app preferences, onboarding state, last successful license refresh, display settings, map preferences, and the last shared-download folder.
  • Stripe, Supabase, GitHub, Vercel, Cloudflare, map providers, and other third-party services may use their own cookies or logs when you interact with their services.

You can change your analytics cookie choice from the site prompt or by visiting analytics cookie choices.

Retention and deletion

We keep information only as long as needed for the purposes described in this Policy, unless a longer period is required for legal, accounting, security, tax, backup, dispute, or abuse-prevention reasons.

  • Account, profile, entitlement, device, and organization records are generally kept while your account or organization remains active.
  • Billing records are retained as needed for payment, tax, accounting, refund, chargeback, and compliance purposes.
  • Shared recordings and shared projects remain in the organization workspace until an authorized owner or admin removes them, subject to backups and legal retention needs.
  • Local recordings, local projects, local settings, and exports remain on your own device until you delete them. HumVision cannot delete files from storage locations it does not control unless the app is running with the relevant local permissions and you take the relevant action.
  • Server logs and provider logs are retained according to operational, security, and provider practices.

You can request account access, correction, export, or deletion by emailing hello@gethumvision.com. If you use an organization workspace, we may direct certain shared-workspace requests to the organization admin or require admin approval before removing organization-controlled content.

Security

We use technical and organizational safeguards designed for the type of data HumVision handles, including Supabase authentication, row-level security, role-based organization access, short-lived signed URLs for R2 uploads and downloads, HTTPS, provider access controls, validation of shared storage paths, checksum handling for shared blobs, and limits around download size and archive extraction.

No system is perfectly secure. You are responsible for protecting your account password, device access, exported files, local recording folders, and any case materials you choose to store or share.

International transfers

HumVision and its service providers may process information in the United States and other countries where we or our providers operate. Those countries may have data protection laws different from the laws where you live.

Where required, we use appropriate transfer mechanisms or provider commitments for international processing, such as data processing terms, contractual safeguards, and provider security commitments.

Your privacy rights

Depending on where you live, you may have rights to access, correct, delete, export, or restrict certain personal information, object to certain processing, withdraw consent, appeal a decision, or lodge a complaint with a regulator.

  • California residents may have rights to know, delete, correct, limit certain sensitive personal information uses, opt out of sale or sharing, and receive equal treatment for exercising privacy rights. HumVision does not sell personal information or share it for cross-context behavioral advertising.
  • EEA and UK users may have rights to be informed, access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and protection from solely automated decisions that produce legal or similarly significant effects.
  • We may verify your identity before acting on a request. We may deny or limit a request when allowed by law, such as when we need information for security, billing, legal claims, tax records, fraud prevention, another person's rights, or organization-controlled workspace records.

Children

HumVision is intended for professional, organizational, research, and adult operator use. It is not directed to children under 16, and we do not knowingly collect personal information from children under 16.

Changes to this Policy

We may update this Privacy Policy as HumVision changes. The updated version will be posted on this page with a new last updated date. If a change materially affects how we handle personal information, we will provide additional notice when required by law.

Contact: hello@gethumvision.com.