Privacy Policy

Hui Harmony (“we”, “us”, “our”) is a meeting management application built for Māori organisations and other small-to-medium groups to record, track, and archive their hui (meetings). Hui Harmony is operated from Aotearoa New Zealand.

This Privacy Policy explains what information we collect about you when you use huiharmony.com, how we use it, and the rights you have over it.

We collect only what we need to provide the service:

• Account information — your name, email address, password hash, role (admin/member), and subscription tier.
• Hui content you create — meeting titles, dates, locations, agendas, attendance records, minutes, motions, attachments you upload.
• Committee data — the names, email addresses and (optionally) phone numbers of the members you add to your committees.
• Operational metadata — IP address (transient), browser type, login timestamps, and basic analytics events used only to keep the service running and secure.
• Payment metadata — handled by Stripe. We never store full card numbers; we only retain the Stripe customer/subscription identifiers.

When you choose to connect your Google account, Hui Harmony requests specific OAuth scopes. We use each one solely for the purpose described below, and only at your explicit request.

• Calendar (calendar.events) — Hui Harmony writes hui meetings (title, date, time, location, online meeting link, attendee list) to your primary Google Calendar when you click Add to Google Calendar. We do not read other events on your calendar, and we do not modify any event Hui Harmony did not create.
• Drive (drive.file) — Hui Harmony creates per-hui folders and uploads the meeting minutes (PDF), audio recording, and attachments to those folders only. Under this scope, Hui Harmony can see and modify onlyfiles and folders it has created or that you have explicitly opened with Hui Harmony via Google Drive’s picker. We cannot access the rest of your Drive.
• Contacts (contacts) — When you click Sync Committee to Google Contacts, Hui Harmony writes the committee’s members (name, email, phone) into your Google Contacts as a labelled group, so they appear in your address book. We do not read your existing contacts beyond verifying duplicates.
• Profile (openid, userinfo.email, userinfo.profile) — Used once to identify you and populate your Hui Harmony profile (name, profile picture, verified email).

Google user data is never sold, never shared with third parties, never used for advertising, and never used to train AI/ML models. Hui Harmony’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Data is stored in MongoDB on infrastructure hosted within commercial cloud providers (currently in Asia-Pacific regions). Passwords are hashed with bcrypt. All traffic to huiharmony.com is encrypted in transit via TLS. OAuth refresh tokens issued by Google are stored encrypted at rest and are only used to perform the actions you initiate.

We share data only with these processors, and only as needed to run the service:

• Google — when you connect your Google account, to perform calendar/drive/contacts actions you initiate.
• Stripe — to process subscription payments.
• Resend — to deliver transactional email (invitations, reminders, password resets).
• Web push providers (Apple, Mozilla, Google) — only the encrypted push subscription endpoint you opt-in to, used to deliver browser notifications.

We do not sell your personal data, ever.

You can, at any time:

• Access all your data via the app’s export/PDF/Drive sync features.
• Disconnect your Google account from Settings → Google Connection → Disconnect. This revokes our access immediately.
• Delete your account and all associated data by emailing support@huiharmony.com. We will purge your data within 30 days.
• Correct any inaccurate information from inside the app, or by contacting us.

You can also revoke Hui Harmony’s access to your Google data at any time from myaccount.google.com/permissions.

We retain your account data while your subscription is active and for up to 90 days after cancellation, after which it is deleted unless you ask us to keep it. Hui content (minutes, attendance) is retained according to your subscription tier’s history allowance (3, 6, or 12 most-recent huis).

Hui Harmony uses browser local storage for authentication tokens, your selected theme (light/dark), sound effects preference, and (for Pro+ users) the Local Minutes Folder handle. We do not use third-party advertising or tracking cookies.

Hui Harmony is not directed at children under 13 and we do not knowingly collect data from them.

We will update this page when we make material changes. The “Last updated” date at the top reflects the most recent revision. Significant changes will also be notified by email to active subscribers.

Questions about this policy, requests for data export or deletion, or anything else privacy-related? Email support@huiharmony.com.