HanahouHawaiʻi
Privacy Policy

How we handle your information.

Hanahou is built around trust. This page explains exactly what we collect, why we collect it, who we share it with, and the choices you have.

Last updated: June 12, 2026Read our Terms of Servicehello@hanahouhi.co
In plain English

The full policy is below. Here's the short version of what it actually means in practice. The formal sections are what binds, but these bullets are what you can safely tell your aunty about over the phone.

  • We collect what we need to run the marketplace — your account info, your listing or inquiry details, and what you upload — and nothing else.
  • We do not sell your data. Not to advertisers, not to data brokers. Not now, not later.
  • We do not run ads on Hanahou. No retargeting pixels, no advertising cookies.
  • Vendors only see the inquiry details you send them. Your phone number is shared with a vendor only if you choose to type it in.
  • Stripe handles all subscription card details. Hanahou never sees or stores card numbers. Card via Stripe is the only payment method right now.
  • You can request a copy of everything we have on you, or ask us to delete your account, by emailing hello@hanahouhi.co. No charge, no penalty for asking.
  • If we ever change what we do with your data, we'll tell you 30 days before anything ships and give you the chance to opt out.

Who we are

Hanahou is a Hawaiʻi-native marketplace that connects event vendors with the planners and families booking them. The site is operated by Hanahou HI (“Hanahou,” “we,” “us”). This Privacy Policy explains what information we collect when you use hanahouhi.co (the “Service”), how we use it, and the choices you have.

By using the Service you agree to the practices described here. If you do not agree, please do not use Hanahou.

Information we collect

We collect the minimum information needed to run the Service. Concretely:

  • Account information through Clerk, our identity provider — your email address, name, and an optional username when you sign up.
  • Vendor profile information you submit when listing your business — business name, contact email, phone number, Instagram handle, business website, island, town, category, bio, packages, pricing range, years in business, GET license number when provided, languages, service areas, and policies (cancellation, deposit, travel, backup, insurance).
  • Planner inquiry information — the event details and message you send when contacting a vendor (event date, type, guest count range, budget range, location, free-text message, contact phone if provided).
  • Booking and conversation records — confirmed bookings between vendors and planners, message threads inside an inquiry, review submissions, and saved-vendor bookmarks.
  • Photographs and other content you upload — cover images, portfolio images, and (when applicable) review photos hosted through Uploadthing. On the iOS app, when you choose to upload a photo we request camera or photo library access through Apple's permission system; we read only the specific photo you choose and never browse your library beyond that.
  • Limited usage information — anonymized profile-view and inquiry-submission events that include the time, the vendor profile in question, the source page (browse, category, search, referral, homepage), the referrer URL, and the user-agent string. We use the user-agent solely for bot filtering.
  • Anonymized search queries — the text you type into the vendor search and the number of results returned, recorded so we can improve search and surface what people are actually looking for. We do not store your account or session with the search query.
  • Product-analytics events through PostHog — pageviews and a defined set of funnel actions (for example, starting a vendor signup or sending an inquiry). For visitors who are not signed in, these are tied only to an anonymous identifier. We do not capture what you type into form fields, and screen recording is turned off.
  • Crash and performance diagnostics through Sentry — stack traces, error messages, and request timing for our own application. Personal information (emails, phone numbers, names, request bodies, cookies, and sensitive query strings) is redacted from every event before it leaves the server; we use this data only to fix bugs and address slow paths.
  • iOS push notification device tokens — when you use the Hanahou iOS app and turn on push notifications, we store the opaque device token Apple's Push Notification service gives us so we can deliver inquiry, booking, and review pings to your phone. The token is opaque to us; we never decode or share it.
  • Subscription billing information through Stripe — Stripe handles all payment data; we receive only your customer and subscription identifiers, never your card number.
  • In-app purchase information through Apple — when you subscribe in the Hanahou iOS app, Apple processes the payment. We receive transaction and subscription identifiers plus the subscription's status from Apple so your plan unlocks on your listing; we never see your payment details.

How we use your information

We use the information above to run the marketplace and to do nothing more invasive than that. Specifically:

  • Matching planners to vendors — surfacing relevant listings in browse, search, category, and island pages.
  • Sending transactional emails — inquiry notifications and reminders, vendor replies, booking confirmations with iCal attachments, review requests, cancellation notices, account verification, and welcome messages.
  • Delivering push notifications on the iOS app — inquiry, booking, and review pings, when you have granted notification permission through iOS and your email preferences allow operational push. Push respects the same opt-out posture as operational email; turning off operational email turns off operational push.
  • Diagnosing crashes and slow requests through Sentry — when something breaks for you, the stack trace lets us find and fix it. We never receive your personal information through this channel; the redactor in our codebase strips it before each event leaves the server.
  • Operating the booking workflow — recording inquiries, threaded messages, confirmations, completions, and cancellations between vendors and planners.
  • Maintaining vendor reputation — calculating average rating and review count from published reviews, attaching the verified-booking signal to reviews tied to a real booking on Hanahou.
  • Improving the product — analyzing aggregated profile-view counts, search queries (especially zero-result searches), and conversion patterns so we can curate categories and prioritize which features to build next.
  • Preventing fraud and abuse — filtering out bot traffic, blocking obvious abuse patterns, and reviewing flagged content.
  • Billing and tax compliance — Stripe processes subscription payments for Pro and Premium tiers; we keep customer and subscription identifiers so we can manage upgrades and cancellations.

What we don’t do

Hanahou makes money two ways: vendor subscriptions (Pro at $10 per month and Premium at $30 per month) and the Manawaleʻa donation program. Everything in this section is what we deliberately don’t do, and what we are committing to not do as the business grows.

We don’t sell your data. Not to advertisers, not to data brokers, not to industry research firms, not to anyone. The information vendors and planners hand us — business contact details, inquiries, messages, photos, account identity — stays inside Hanahou’s systems and the small set of third-party processors named in the next section, each of which only sees what it needs to do its job.

We don’t process or hold payments between vendors and planners. Hanahou is a discovery and introduction platform — once a planner finds someone they want to work with here, the actual booking transaction happens directly between the two parties. We don’t run a checkout flow, we don’t take a percentage, we don’t hold deposits in escrow. Vendors tell planners how they want to be paid (Venmo, Zelle, check, deposit and balance, day-of cash, contract terms — whatever works for them) and the two of them handle it from there. Stripe is in the picture for one thing only: collecting our monthly subscription fee from vendors who choose Pro or Premium. Stripe is never in the path of a vendor-planner transaction.

We don’t sell ranking. Vendor placement on the browse page, search results, category pages, and island pages reflects the kinds of trust signals a planner would weigh themselves — recent activity, response time, completed bookings, review counts, profile completeness. We do not accept payment for ranking position, sponsored placements, or featured slots above the organic order. A vendor cannot pay to appear higher than they’ve earned.

We don’t run paid advertising on the site. There are no advertiser scripts, no retargeting pixels, no programmatic ad tags on any Hanahou page. Vendors pay for their own listing tier; nobody pays to advertise to vendors or planners through us.

If Hanahou ever expands beyond subscriptions and Manawaleʻa — for example, into aggregate market-intelligence reports drawn from anonymized platform activity, or vendor benchmarking inside a higher subscription tier — we will tell you about it at least 30 days before anything ships, and we will give vendors and planners meaningful opt-out controls. Even in that future, we will not sell individual user identities, inquiry messages, contact information, or personal data. That commitment doesn’t change with the business model.

Cookies and similar technologies

Hanahou uses a small set of first-party cookies and similar browser storage to run the site and understand how it is used. We do not use third-party advertising cookies, social retargeting pixels, or fingerprinting scripts, and we do not sell or rent your information to anyone.

  • A functional session cookie set by Clerk, our identity provider, so you can stay signed in as you move between pages.
  • First-party analytics storage set by PostHog, our product-analytics provider. PostHog places a cookie and keeps a small amount of data in your browser’s local storage so it can recognize a returning visitor and show us how people move through the site — which pages are viewed, and where signups or inquiries start and drop off. This is strictly first-party: the data is not used for advertising, is not shared with ad networks, and is never sold. We have turned off PostHog’s autocapture and session-recording features, so we do not record your screen, and we measure only the specific events we have chosen to track — not every click or keystroke.

Your browser may also store a small amount of data locally so the vendor onboarding form can recover your draft if you close the page mid-application. That data lives only on your device.

Email preferences and how to opt out

Every email we send falls into one of four categories. The first is always-on; the other three are opt-out-able from any email’s footer.

  • Transactional — booking confirmations, account-related comms, vendor approvals, and other emails required to use the service. CAN-SPAM treats these as required for service delivery; they cannot be opted out of, but they always carry a “Manage email preferences” link in the footer.
  • Operational — inquiry replies, booking change requests, review requests. The day-to-day flow of using the marketplace. Opting out means you’ll need to check your dashboard regularly to see new messages — we surface in-app notifications as the fallback.
  • Notification — cross-sell suggestions, referral credits, tier transitions, milestones. Auxiliary signals that don’t affect bookings.
  • Marketing — founder broadcasts and platform updates. Lowest signal, easiest to opt out.

How to opt out: every email’s footer carries a one-click “Unsubscribe” link for that email’s category, and a “Manage email preferences” link for granular control across all three opt-out-able categories. Inbox-aware mail clients (Gmail, Apple Mail) also surface a native “Unsubscribe” affordance in the message header, which fires the same one-click flow via RFC 8058. Signed-in users can also manage preferences any time at /account/email-preferences. Anon recipients (who submitted an inquiry without signing up) use the footer link in any email they’ve received from us — the link works for one year from when the email was sent.

Opt-outs apply within minutes — the next email in the affected category will be skipped at the application layer. We retain the preferences record so opt-outs survive server restarts, deployments, and credential rotations. If you opt back in via the same flow, future emails resume at the next send.

If you would like to opt out of a category and the link isn’t working for any reason, email hello@hanahouhi.co with the email address you want updated and we will apply the change manually.

Third-party processors

We trust a small set of well-known providers to run essential parts of the Service. Each one acts on our instructions and only sees the data they need to do their job:

  • Clerk — authentication, account identity, and session cookies.
  • Resend — delivering transactional email (welcome, inquiry, booking, review, and cancellation notifications).
  • Uploadthing — hosting cover, portfolio, and review images uploaded by users.
  • Stripe — processing subscription payments for the Pro and Premium tiers on the web.
  • Apple — processing in-app subscription purchases in the Hanahou iOS app (the App Store) and sending us subscription-status updates so your plan stays in sync. Apple handles the payment itself; we receive transaction and subscription identifiers, never your payment details.
  • Supabase — hosting our Postgres database where vendor, inquiry, booking, review, and analytics records live.
  • Netlify — hosting the website and serverless functions, including the scheduled jobs that send reminder and review-request emails.
  • PostHog — first-party product analytics that show us, in aggregate, how the marketplace is used so we can decide what to improve.
  • Sentry — error tracking and performance monitoring. Personal information is redacted from every event we send.
  • Apple Push Notification service (APNs) — delivering push notifications to your iPhone when you use the Hanahou iOS app and have granted notification permission. Apple receives only the opaque device token and the notification payload, which we keep free of personal information (titles and bodies like “New inquiry on Hanahou” rather than naming specific people).

These providers each have their own privacy practices. We pick partners with clear data-handling stances and U.S. infrastructure where available.

Data retention

Inquiry, booking, and review records are retained indefinitely while your account remains open, because both vendors and planners depend on them as a working record of the engagement. Aggregated and anonymized analytics events are retained for sixty (60) days in their raw form, after which they are aggregated into per-vendor counters and the original rows can be discarded.

If you would like your account deleted, the iOS app carries an in-app path: open the Account tab and tap “Delete my account.” You will receive a confirmation email; clicking the link schedules deletion 14 days out. During the 14-day window you can cancel from any device through the “Cancel deletion” link in any of the emails or through your account dashboard. After the window, your account, profile, saved vendors, notifications, and most associated rows are removed from our systems; reviews you wrote and inquiries you sent are anonymized so the vendor's history stays intact but no longer identifies you.

If you prefer to email us directly, or if you are on the web app rather than the iOS app, write to hello@hanahouhi.co with your request and we will process it manually within a reasonable time. The web-app self-service delete path is on our roadmap.

Vendors who want to take their listing off Hanahou can request that from the dashboard (Profile → Danger zone). The flow goes through founder review so we can reach out before anything finalizes, and you can choose between a reversible pause (your reviews and history stay intact, restorable later) or a permanent delete.

Your rights and choices

Regardless of where you live, you can ask us to access, correct, export, or delete your personal information. Email hello@hanahouhi.co with your request. We will respond within thirty (30) days.

California residents (and Hawaiʻi residents under the category of California’s consumer-privacy framework) have specific rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete it, the right to correct inaccuracies, and the right to opt out of the sale or sharing of personal information. Hanahou does not sell or share personal information for cross-context behavioral advertising; there is nothing for you to opt out of.

Residents of the European Economic Area, the United Kingdom, and Switzerland have rights under the General Data Protection Regulation (GDPR), including access, rectification, erasure, restriction, portability, and the right to object. Our lawful bases for processing are consent (for account creation), contract (for fulfilling the Service), and legitimate interest (for fraud prevention and product improvement).

We will never charge you for exercising these rights or treat you differently for doing so.

Children

Hanahou is intended for adults eighteen (18) and over. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected information from a minor, contact us at hello@hanahouhi.co and we will delete it.

Security

We protect the information we hold using industry-standard practices: TLS for data in transit, encrypted databases at rest through Supabase, password handling delegated to Clerk, payment handling delegated to Stripe. No system is perfectly secure, but we treat protecting your information as a baseline obligation, not a feature.

International users

Hanahou is operated from the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to that transfer.

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you by email or by a banner on the site. Continued use of the Service after the change takes effect constitutes acceptance of the new policy.

Contact us

Questions, requests, or concerns? Email hello@hanahouhi.co. We read every message.

Questions about this policy? Email us. Every message gets read and answered personally.