Privacy

Effective: 2026-05-18 · Last updated: 2026-05-18

Short version: we collect almost nothing. No ads. No analytics. No tracking. Your tasks, your household, your data. Between the two of you.

This is the privacy policy for Hubby, an iOS app developed by Maarten Honig ("we", "us") under the bundle identifier com.hubby.app. We are based in Amsterdam, the Netherlands. Contact: hello@maartenhonig.com.

We tried to write this so a real person can actually read it.

What Hubby is

Hubby is a household task and mental-load tracking app for couples. Two people share a "household" and see the same tasks. We process the minimum data needed to make that work.

What we collect

Your display name (you type it during onboarding)
A color preference (the Wada color you pick)
Tasks you create. Title, notes, due date, who created them, who they're assigned to, completion state
Household membership. Which household you belong to, who else is in it
Weekly check-in values (a single mood/load number you optionally submit each week)
An optional avatar photo. A small JPEG thumbnail you can attach to your profile in Settings. Stored in Firebase Storage (see Where your data lives below).
Subscription status (whether you've started the free trial or are a Premium subscriber)
An anonymous Firebase user ID automatically generated to identify your device
Sign in with Apple (optional). If you choose to secure your account so it can be recovered on a new device, we store one Apple-issued token on our server. It is used for a single purpose: to revoke your Apple sign-in with Apple when you delete your account, as Apple requires. We do not request your name or email from Apple, and the token is deleted when you delete your account.

We do not collect your real name, email, phone, contacts, location, or device identifiers.

What we don't collect

No email address (sign-in is anonymous by default; Sign in with Apple is optional and does not share your email or name with us)
No analytics or tracking SDKs
No advertising identifiers
No third-party trackers (no Facebook SDK, Google Analytics, AppsFlyer, Branch, etc.)
No device location
No photos beyond the optional avatar thumbnail you attach yourself

Where your data lives

Tasks, household, check-in data live in Google Firebase Firestore in the europe-west4 region (Netherlands). Visible only to members of your household, enforced by Firestore Security Rules.
Avatars (the optional thumbnail you attach to your member entry) live in Google Cloud Storage in the us-central1 region (Iowa, USA). One JPEG per user, capped at 2 MB. Storage Security Rules let any signed-in member of any household read your avatar; only you can write or delete it.
Local cache lives only on your device.
Widget data is shared with Hubby widgets via an iOS App Group on your device only.
Apple Watch data is shared between your iPhone and Watch only, via WatchConnectivity. Doesn't pass through our servers.

What we send to Anthropic (Claude API)

Hubby uses Anthropic's Claude API in two places. In both, data is sent through a Cloud Function we operate, which forwards it to Anthropic.

Smart Add (free + premium). When you type or dictate a task in the Smart Add field, the raw text you wrote is sent to Claude so it can split compound requests, parse dates, and detect assignees. Examples: "buy milk and book dentist Wednesday", "remind me to call landlord". Your household members' first names are also sent so Claude can recognise "ask Sophie to..." phrasing.
Weekly insight (Premium only). Each Sunday Hubby asks Claude to write a short note about the household pattern. Only numeric statistics are sent. Counts, percentages, completed-today count, hour of day. Plus first names. No task titles or notes are sent for this one.

Internal request metadata accompanies each call: your household ID and member ID (both random identifiers we generate), your locale language code, and your Firebase Auth ID token (so the server can verify the call came from a member of your household). No email address, no real name beyond household first names.

Anthropic processes this data per their API privacy policy and does not use it to train their models.

Push notifications

If enabled, we send daily morning summaries and a Sunday weekly note (Premium only) via Firebase Cloud Messaging and Apple Push Notification service. Your APNs token is stored alongside your Firestore record so we know which device to send to. The notification body may include task titles (e.g. "Sophie added 'vet appointment' for you") which transit Apple's and Google's push infrastructure in plain text the way every iOS push does.

You can change your mind any time in iOS Settings → Notifications → Hubby. The app's Settings tab also shows a one-tap link to that pane if push has been denied.

Sharing

We do not sell, rent, or share your data with third parties for advertising, marketing, or any commercial purpose.

The only third parties involved are infrastructure providers strictly necessary to run Hubby:

Google Firebase (Auth, Firestore, Cloud Functions, Cloud Messaging). Data processor. Firebase privacy.
Google Cloud Logging. Receives Cloud Function execution metadata (random user/household IDs, error messages, timing). Default retention 30 days. Used only to debug failures.
Apple (App Store, APNs, StoreKit). Data processor
Anthropic (Claude API, Smart Add + Premium insight). Data processor. Anthropic privacy.

EU/UK data transfers: Your task content, household, and check-ins stay in Google Cloud's europe-west4 region (Eemshaven, Netherlands). No transfer outside the EEA. Three things do cross to us-central1 (Iowa, USA): your avatar JPEG, Cloud Function execution metadata (timing, error messages, random user/household IDs), and the Smart Add / weekly insight payloads that Cloud Functions forward to Anthropic. Google Cloud Platform's Standard Contractual Clauses cover all transfers to the US. Anthropic processes its inputs under its own Data Processing Agreement which also includes SCCs.

Your rights

See your data. Every task, check-in, and member is visible in the app itself
Leave a household. Settings → Leave household
Cancel Premium. Settings → Manage Subscription, or via your Apple ID
Delete your account or get an export. Use the in-app buttons in Settings → "Delete account" and Settings → "Export my data". Deletion is immediate and irreversible: your household membership, tasks, check-ins, insights, letters, and Firebase Auth record are removed. If the household has other members, shared task and check-in content remains for them (your per-member data is still erased). Or email hello@maartenhonig.com if you'd rather we process it manually within 30 days.

Under the EU GDPR and similar laws (UK, California CCPA, etc.) you have the right to access, correct, port, restrict processing of, and erase your personal data, and to lodge a complaint with your local data protection authority. The legal basis is your consent (withdrawable any time by deleting your account) and performance of our contract with you.

Children

Hubby is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect data from children. If you are a parent and believe your child has signed up, email us and we will delete the account.

Security

All data in transit is encrypted (TLS 1.2+).
Data at rest in Firestore is encrypted by Google.
Cloud Function endpoints require Firebase Authentication tokens.
We don't store passwords (anonymous auth, no password concept).

We are a small operation. We follow standard security practices but no system is perfectly secure. If you discover a vulnerability, please email hello@maartenhonig.com.

Changes to this policy

If we materially change what we collect or how we use it, we will notify you in the app before the change takes effect. Minor edits (typos, clarifications) may be made without notice. The "Last updated" date at the top reflects the current version.

Maarten Honig
hello@maartenhonig.com
Amsterdam, The Netherlands