WE DO NOT SELL YOUR DATA. WE DO NOT EXPOSE YOUR PHONE NUMBER.
Effective date: April 2, 2026 — Last updated: April 2, 2026
HONK will never sell, rent, license, or otherwise distribute your personal information to any third party for any reason, under any circumstances, period.
1. Who We Are
HONK is operated by Hackemy ("we," "us," "our"). HONK is a privacy-first vehicle communication platform that allows drivers to send messages to other vehicle owners using only a license plate number — without ever exchanging phone numbers, email addresses, or personal identities.
2. Our Core Privacy Commitment
Your phone number, email address, and personal identity are NEVER shared with other users. Not partially, not in hashed form, not in metadata. Never.
When someone sends a message to your license plate, they do not learn:
Your name
Your phone number
Your email address
Your physical address
Any account identifiers
When you send a message to someone else's plate, the same protections apply to you. HONK is a privacy wall between vehicle owners.
3. What We Collect
3.1 Account Information
When you create an account, we collect:
Email address or phone number — used solely for one-time password (OTP) verification. This is your login credential.
We do not collect your name, physical address, date of birth, government ID, or any demographic information.
3.2 Vehicle Information
When you register a vehicle, we store:
License plate number and country code
Optional nickname (e.g., "Family Car") — visible only to you
Optional parked location (latitude/longitude) — if you choose to tag where your car is parked
3.3 Messages
When a message is sent through HONK, we store:
The message text
A timestamp
The sender's proximity to the vehicle (at vehicle, nearby, far, or unknown) — not the sender's exact coordinates
Whether the sender is a verified official (if applicable)
Messages are stored to enable the conversation thread. The sender's identity is never attached to messages in a way visible to the recipient.
3.4 Push Notification Subscriptions
If you enable push notifications, we store a browser-generated push subscription token. This is a technical endpoint URL generated by your browser — it is not your phone number, email, or any personal identifier.
3.5 Geolocation (Optional)
If you grant location permission when sending a message, your browser provides your current coordinates. We use this only to:
Calculate your distance from the target vehicle (stored as a proximity label, not exact coordinates)
Provide safety context to the recipient (e.g., "sender is at your vehicle" vs. "sender is far away")
Detect potential luring attempts (fake emergency messages sent from far away)
Exact sender coordinates are not shared with the message recipient. Only the proximity label is visible.
4. What We Do NOT Collect
We do not use cookies for tracking or advertising
We do not use analytics trackers, pixel beacons, or fingerprinting
We do not collect browsing history or app usage patterns
We do not access your contacts, camera, microphone, or files
We do not create advertising profiles
We do not share data with social media platforms
5. How We Use Your Data
Your data is used exclusively to operate the HONK service:
Authentication — sending you a one-time verification code via email or SMS
Message delivery — routing messages to the correct vehicle owner via push notification
Safety moderation — messages are automatically screened for threats, harassment, phishing, and luring attempts before delivery
Proximity calculation — computing sender-to-vehicle distance for safety context
We do NOT use your data for advertising, profiling, marketing, resale, or any purpose other than delivering the HONK service.
6. Content Moderation
All messages are automatically screened before delivery using AI-based content moderation. This screening:
Blocks threats, harassment, sexual content, hate speech, and phishing
Detects fake emergency messages designed to lure vehicle owners to unsafe locations
Verifies that claims of official authority (law enforcement, towing, etc.) come from certified accounts
Considers sender proximity — urgent claims from far-away senders are flagged as suspicious
If moderation cannot be completed (e.g., service unavailable), the message is blocked by default. We fail closed to protect recipients.
7. Data Sharing
We do not sell, rent, trade, or share your personal data with any third party for commercial purposes. Full stop.
We may disclose data only in these narrow circumstances:
Law enforcement — when compelled by a valid court order, subpoena, or legal process. We will notify you unless legally prohibited from doing so.
Safety emergencies — if we have a good-faith belief that disclosure is necessary to prevent imminent bodily harm or death.
Service providers — we use Amazon Web Services (AWS) for infrastructure. AWS processes data on our behalf under strict data processing agreements. AWS does not have independent access to your data.
8. Data Retention
OTP codes — automatically deleted after 5 minutes or upon use, whichever comes first
Messages — retained as long as your account exists
Account data — retained until you delete your account
Push subscriptions — automatically removed when they expire or become invalid
9. Account Deletion
You can delete your account at any time from the Account page. When you delete your account, we permanently delete:
Your account record (email/phone)
All your registered vehicles
All your channel subscriptions
All your push notification subscriptions
All messages on your channels
This deletion is immediate and irreversible. We do not retain backups of deleted accounts.
10. Data Security
All data in transit is encrypted via TLS 1.2+
All data at rest is encrypted using AWS KMS
Authentication uses one-time passwords — we never store persistent passwords
Session tokens (JWT) expire after 24 hours
Push subscription endpoints are stored as cryptographic hashes
We do not store credit card numbers or payment information
11. Your Rights
Regardless of where you live, you have the right to:
Access your data — see what we store about you
Delete your data — remove your entire account and all associated data
Withdraw consent — unsubscribe from push notifications at any time
Object to processing — contact us to discuss any concerns
Portability — request a copy of your data in a standard format
For EU residents: these rights are guaranteed under the General Data Protection Regulation (GDPR). Our lawful basis for processing is consent (you chose to create an account) and legitimate interest (operating the service and ensuring safety through content moderation).
For California residents: under the CCPA, you have the right to know what data we collect, request deletion, and opt out of data sales. We do not sell personal information, so there is nothing to opt out of.
12. Children's Privacy
HONK is not intended for use by anyone under the age of 16. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it immediately.
13. International Data Transfers
Your data is processed and stored on AWS infrastructure in the United States (us-east-1 region). If you are located outside the United States, your data is transferred to and processed in the US. We rely on AWS's compliance certifications (including EU-US Data Privacy Framework) to ensure adequate data protection.
14. Changes to This Policy
If we make material changes to this privacy policy, we will:
Update the "Last updated" date at the top of this page
Send a push notification to all registered users
Provide at least 30 days notice before changes take effect
We will never change this policy to allow the sale of personal data.
15. Contact
For privacy questions, data requests, or concerns:
Email: privacy@hackemy.com
We aim to respond to all privacy requests within 72 hours.