← Back

Privacy Policy

Last updated: 2026-05-01

People Person is a personal contact-management app built by Jason Hong. This Privacy Policy explains what data we collect, how we use it, and your rights.

1. Information We Collect

  • Account info: email address and a hashed password (we never store the plain password).
  • Contacts you add: names, phone numbers, email addresses, social handles, addresses (city/country), birthdays, photos, free-form tags, and notes you write about people you meet.
  • Meeting voice recordings: when you tap the microphone, the resulting audio file is uploaded to our server for transcription via Google Gemini, then deleted from disk immediately after transcription finishes. Transcripts and AI summaries remain in your account.
  • Business card photos (OCR): when you scan a card, the image is sent to Google Gemini Vision for one-time text extraction. The image is not stored on our servers after processing.
  • Calendar data (optional, OAuth): if you connect Google Calendar or Outlook, we read today's events to display them and match attendees to your People list. OAuth tokens are stored encrypted at rest. Event data is fetched on-demand and not persisted in our database. We never write to your calendar.
  • Profile shares (Collect from friends): when a friend submits the form via your share link, the data they shared is stored in your account, encrypted at rest. Friends can refuse any field.
  • Push subscription tokens (optional): if you allow notifications, we store the browser-issued push subscription endpoint.
  • App activity: high-level events (signup, login, meeting logged, integration connected) are recorded server-side for product analytics and audit logging. No third-party analytics SDK is embedded.
  • Crash reports (optional): when Sentry is configured by the operator, stack traces of unhandled errors are sent to Sentry with PII stripped.

2. How We Use Your Data

  • To run the app: store and display your contacts, meeting notes, calendars, reminders, and other personal records.
  • Transcription & AI summaries & OCR: audio, text, and images are sent to Google Gemini for processing. Google's processing is governed by their Generative AI Terms.
  • Push reminders: when reminders are due, we send an encrypted push notification to your device.
  • Account communications: verification, password reset, and "friend submitted profile" notifications are sent via the Gmail API on the operator's Workspace account.
  • Audit log: login attempts and sensitive actions (2FA enrollment, integration connect/disconnect, account deletion) are logged for security review.

3. Third Parties

  • Google Gemini API — receives audio (for transcription), images (for OCR), and text (for summaries). Subject to Google's AI / API terms.
  • Google Calendar API / Microsoft Graph API — only when you explicitly connect via OAuth. Scope is read-only. Tokens are encrypted at rest and used only to fetch your current events.
  • Google Workspace (Gmail API) — used to send transactional emails on the operator's domain (jason@peopleperson.me).
  • Railway — our hosting provider. Data at rest lives on Railway's managed infrastructure.
  • Cloudflare — DNS, CDN, DDoS protection. Receives connection metadata.
  • Sentry (optional) — receives anonymized stack traces if the operator has configured it.
  • We do not sell your data to advertisers or third parties. We do not embed advertising SDKs. We do not use your data to train AI models.

4. How Your Data Is Protected

  • All traffic to the app uses HTTPS.
  • Passwords are hashed (Werkzeug PBKDF2). Password-reset tokens are HMAC-hashed in the database.
  • Profile data and shareable card data are encrypted at rest using Fernet (AES-128-CBC) with a server-side secret.
  • Sessions use HTTP-only, SameSite=Lax cookies.

5. Your Rights

  • Access: view all your data inside the app at any time.
  • Edit: modify any contact, meeting, profile, or note.
  • Export: download all your data as a single JSON file (Settings → Privacy & data → Export).
  • Delete: remove individual records, or permanently delete your entire account (Settings → Privacy & data → Delete Account). Account deletion erases your contacts, meetings, profile, integration tokens, and push subscriptions immediately and irreversibly.
  • Disconnect integrations: remove a connected calendar at any time (Settings → Calendar & integrations → Disconnect). For Google we call the OAuth revoke endpoint; for Microsoft you can additionally remove consent at account.live.com/consent/Manage.
  • EU / UK users (GDPR): you have the right to access, rectify, erase, restrict processing, port, and object. Use the in-app controls above or email us.
  • California users (CCPA/CPRA): you have the right to know what data we collect, the right to delete, and the right to opt out of sale (we do not sell data).

6. Data Retention

  • Your data lives in our database until you delete it.
  • Audio files: deleted from disk within seconds of transcription. We do not keep recordings.
  • Business card images: deleted immediately after OCR (not persisted).
  • Calendar event payloads: never persisted (fetched on-demand only).
  • OAuth tokens: stored encrypted at rest until you disconnect or delete the account.
  • After account deletion: data is removed from active databases immediately. Backups are retained for up to 30 days for disaster recovery and then purged.

7. Children

People Person is not directed at children under 13 (under 16 in EU/UK). The app's signup flow requires age confirmation. If you believe a child has created an account, contact us and we will remove it.

8. International Data Transfers

The app is hosted in the United States (Railway). If you access it from outside the US, your data is processed in the US. By using the app you consent to this transfer. We rely on Standard Contractual Clauses for transfers from the EU/UK.

9. Security Practices

  • HTTPS/TLS everywhere
  • Sensitive profile fields encrypted at rest with Fernet (AES-128)
  • Optional TOTP two-factor authentication
  • Login rate-limiting + audit log
  • Sessions: HTTP-only, SameSite=Lax cookies, Secure flag in production
  • CSRF protection: double-submit cookie + header on every state-changing request

10. Changes

We may update this policy from time to time. Material changes will be communicated via the app or email at least 7 days before they take effect.

11. Contact

For privacy questions, data requests, or to exercise GDPR/CCPA rights, email jason@peopleperson.me.