hoop

LEGAL

Privacy policy

Last updated April 30, 2026 · Effective immediately

The short version

Hoop is a birthday-invitation app for iPhone, made by Sercan Toprak in Istanbul. We collect the minimum we need to make it work, we don't sell anything, and we don't use your invitations to train external AI models. Detailed disclosures follow below.

Information we collect

  • Account info. When you sign in with Apple or Google, we receive your name (optional) and a private identifier. We never see your password.
  • Profile. A display name and, optionally, yourown profile photo (used only as your in-app avatar — never placed on the invitations).
  • Invitation content. The names, ages, party dates, venues, and contact lines you type into the form. The custom prompts you write in Studio mode. The invitation images we generate for you. All of this stays tied to your account.
  • Birthday reminders. The names, birth dates, and optional notes you save in the Birthdays tab. Only you see them.
  • Purchase receipts. When you buy credits or subscribe, Apple sends us a receipt so we can unlock what you paid for. We never see your card.
  • Diagnostics.Anonymous crash reports and aggregated usage counts (e.g. "500 trending-template views today"). No personal identifiers attached.

Information we do not collect

So you know what is not on the table:

  • Recipient emails or phone numbers. When you share an invitation, you copy a link or image into your own messaging app (WhatsApp, iMessage, Mail). Hoop never sees who you invited.
  • Photos of children. Hoop does not collect or process any photo of a child. There is no photo-upload step in the invitation flow, and every invitation is rendered as an AI-generated illustration — never a real-child image. (Türkçe: Hoop çocuk fotoğrafı toplamaz veya işlemez. Tüm davetiyeler AI tarafından üretilen illüstrasyonlardır.)
  • Location. No GPS, no location services, no geofencing.
  • Advertising identifiers.We don't use Apple's IDFA, no ad networks, no third-party analytics SDKs that fingerprint your device.
  • Address book or contacts. The Birthdays tab is typed by you; Hoop never reads your iPhone Contacts.

How we use what we collect

To provide the service: generate invitations, deliver birthday reminders, process subscription state, keep the app reliable. That is the entire purpose. We do not profile you for ads. We do not sell or rent your data. We do not feed your prompts or invitations to external AI training pipelines.

Third-party services we use

Hoop runs on a small, vetted set of providers. Each one receives only what it needs:

  • Apple — Sign in with Apple, in-app purchases, push notifications. (United States, EU regions.)
  • Google — Sign in with Google (only when you choose this option). (United States.)
  • Supabase — Database, authentication, file storage for your invitation images. (Frankfurt and other EU/US regions.)
  • fal.ai— AI image generation. We send the prompt (theme, kid's name, age, party date, venue, contact line); we do not send your email or any account identifier. (United States.)
  • OpenAI — Content moderation on names and venues, to keep the app family-friendly. (United States.)
  • RevenueCat — Subscription state and receipts. Receives an Apple-issued user identifier; never sees your name. (United States.)

Each provider is bound by its own privacy and DPA terms. International data transfers (e.g. EU → US) rely on Standard Contractual Clauses where applicable.

How long we keep your data

  • While your account is active — your invitations, saved birthdays, and purchases stay available so you can reuse and refer back to them.
  • If your account is inactive for 24 months — we email you and, with no response, archive your invitations and anonymize your account.
  • If you delete your account — we erase your profile, invitations, prompts, and saved birthdays within 30 days. Anonymized billing records may be retained for tax-compliance periods required by Turkish and EU law.

Your rights

You can, at any time, from inside the app or by emailing us:

  • Export the invitations you've created.
  • Delete any single invitation or saved birthday.
  • Delete your entire account — Profile › Delete account. We finalize the deletion within 30 days.
  • Request a copy of all personal data we hold about you, or correct any inaccuracy. Email us and we'll respond within 30 days.

Children's privacy (COPPA & GDPR-K)

Hoop is intended for adults aged 18 or older — parents, guardians, relatives, or family friends planning a child's birthday. The app is not directed to children under 13, and we do not knowingly create accounts for, or collect personal information from, anyone under 13.

No photos of children. Hoop has no photo-upload step in the invitation flow. Every invitation is an AI-generated illustration — Hoop never receives, stores, or processes a real-child image. The names and ages you type about a child are stored as invitation content controlled by you, never used to build a profile of the child, never shared with advertisers, and can be deleted at any moment. If you believe a child under 13 has created a Hoop account, contact us at help@gethoop.appand we'll remove it within 7 days.

For users in the EU/EEA and UK (GDPR)

The data controller is Sercan Toprak (sole proprietor, Hoop), Istanbul, Türkiye. Contact: help@gethoop.app.

Legal bases for processing:

  • Performance of a contract — to deliver the invitation-generation service you signed up for.
  • Legitimate interests — to keep the service secure and reliable (e.g. anonymous diagnostics).
  • Consent — for optional features such as push notifications. You can withdraw consent at any time in iOS Settings.

You have the rights to access, rectify, erase, restrict, port, and object to processing of your personal data, and to lodge a complaint with your local data-protection authority. We do not engage in automated decision-making with legal effects.

For users in Türkiye (KVKK)

6698 sayılı Kişisel Verilerin Korunması Kanunu kapsamında veri sorumlusu Sercan Toprak'tır. İşlenen kişisel veri kategorileri: kimlik (ad), iletişim (e-posta), müşteri işlem (davetiye geçmişi, abonelik), pazarlama (yalnızca açık rıza ile). İşleme amaçları: hizmet sunumu ve sürekliliği, abonelik yönetimi, mevzuatsal yükümlülüklerin yerine getirilmesi.

Kişisel veriler bu politikada listelenen yurt dışı hizmet sağlayıcılara (Apple, Supabase, fal.ai, OpenAI, RevenueCat — ABD/AB) açık rızanız çerçevesinde aktarılmaktadır. KVKK'nın 11. maddesi uyarınca; kişisel verilerinizin işlenip işlenmediğini öğrenme, düzeltilmesini, silinmesini, anonim hale getirilmesini isteme ve veri aktarımı işlemlerine itiraz hakkınız bulunmaktadır. Talepler için help@gethoop.app adresine başvurabilirsiniz; en geç 30 gün içinde yanıt veriyoruz.

For users in California (CCPA/CPRA)

We do not sell or share personal information for cross-context behavioral advertising. California residents have the right to know what personal information we collect, to request deletion, and to be free from discrimination for exercising these rights. To exercise any of them, email help@gethoop.app.

Security

Data is encrypted in transit (HTTPS/TLS) and at rest. Authentication uses Apple/Google identity providers — Hoop never sees or stores passwords. Production database access is restricted by row-level security: each user can read or write only their own rows.

Changes to this policy

If we materially change how Hoop handles your data, we'll notify you in-app and by email at least 14 days before the change takes effect, and update the “Last updated” date at the top. Routine clarifications may be reflected without prior notice.

Contact us

Questions, concerns, or data requests: help@gethoop.app. We read every email. Postal address available on request.