How we handle your information.

Information we collect

We collect the minimum information needed to run the Service. Concretely:

• Account information through Clerk, our identity provider — your email address, name, and an optional username when you sign up.
• Vendor profile information you submit when listing your business — business name, contact email, phone number, Instagram handle, business website, island, town, category, bio, packages, pricing range, years in business, GET license number when provided, languages, service areas, and policies (cancellation, deposit, travel, backup, insurance).
• Planner inquiry information — the event details and message you send when contacting a vendor (event date, type, guest count range, budget range, location, free-text message, contact phone if provided).
• Booking and conversation records — confirmed bookings between vendors and planners, message threads inside an inquiry, review submissions, and saved-vendor bookmarks.
• Photographs and other content you upload — cover images, portfolio images, and (when applicable) review photos hosted through Uploadthing.
• Limited usage information — anonymized profile-view and inquiry-submission events that include the time, the vendor profile in question, the source page (browse, category, search, referral, homepage), the referrer URL, and the user-agent string. We use the user-agent solely for bot filtering.
• Anonymized search queries — the text you type into the vendor search and the number of results returned, recorded so we can improve search and surface what people are actually looking for. We do not store your account or session with the search query.
• Subscription billing information through Stripe — Stripe handles all payment data; we receive only your customer and subscription identifiers, never your card number.

How we use your information

We use the information above to run the marketplace and to do nothing more invasive than that. Specifically:

• Matching planners to vendors — surfacing relevant listings in browse, search, category, and island pages.
• Sending transactional emails — inquiry notifications and reminders, vendor replies, booking confirmations with iCal attachments, review requests, cancellation notices, account verification, and welcome messages.
• Operating the booking workflow — recording inquiries, threaded messages, confirmations, completions, and cancellations between vendors and planners.
• Maintaining vendor reputation — calculating average rating and review count from published reviews, attaching the verified-booking signal to reviews tied to a real booking on Hanahou.
• Improving the product — analyzing aggregated profile-view counts, search queries (especially zero-result searches), and conversion patterns so we can curate categories and prioritize which features to build next.
• Preventing fraud and abuse — filtering out bot traffic, blocking obvious abuse patterns, and reviewing flagged content.
• Billing and tax compliance — Stripe processes subscription payments for Pro and Premium tiers; we keep customer and subscription identifiers so we can manage upgrades and cancellations.

Cookies and similar technologies

Hanahou uses one functional cookie: the session cookie set by Clerk so you can stay signed in across pages. We do not use third-party advertising cookies, analytics cookies, social retargeting pixels, or fingerprinting scripts. We do not sell or rent your information to anyone.

Your browser may also store a small amount of data locally so the vendor onboarding form can recover your draft if you close the page mid-application. That data lives only on your device.

Third-party processors

We trust a small set of well-known providers to run essential parts of the Service. Each one acts on our instructions and only sees the data they need to do their job:

• Clerk — authentication, account identity, and session cookies.
• Resend — delivering transactional email (welcome, inquiry, booking, review, and cancellation notifications).
• Uploadthing — hosting cover, portfolio, and review images uploaded by users.
• Stripe — processing subscription payments for the Pro and Premium tiers.
• Supabase — hosting our Postgres database where vendor, inquiry, booking, review, and analytics records live.
• Netlify — hosting the website and serverless functions, including the scheduled jobs that send reminder and review-request emails.

These providers each have their own privacy practices. We pick partners with clear data-handling stances and U.S. infrastructure where available.

Data retention

Inquiry, booking, and review records are retained indefinitely while your account remains open, because both vendors and planners depend on them as a working record of the engagement. Aggregated and anonymized analytics events are retained for sixty (60) days in their raw form, after which they are aggregated into per-vendor counters and the original rows can be discarded.

If you would like your account, listing, or any individual records deleted, email us at hello@hanahouhi.co and we will process the request manually within a reasonable time. We are a small team; right now this is a hand-handled process rather than a self-service button. We apologize for the friction and are working toward a self-service flow.

Your rights and choices

Regardless of where you live, you can ask us to access, correct, export, or delete your personal information. Email hello@hanahouhi.co with your request. We will respond within thirty (30) days.

California residents (and Hawaiʻi residents under the umbrella of California’s consumer-privacy framework) have specific rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete it, the right to correct inaccuracies, and the right to opt out of the sale or sharing of personal information. Hanahou does not sell or share personal information for cross-context behavioral advertising; there is nothing for you to opt out of.

Residents of the European Economic Area, the United Kingdom, and Switzerland have rights under the General Data Protection Regulation (GDPR), including access, rectification, erasure, restriction, portability, and the right to object. Our lawful bases for processing are consent (for account creation), contract (for fulfilling the Service), and legitimate interest (for fraud prevention and product improvement).

We will never charge you for exercising these rights or treat you differently for doing so.

Children

Hanahou is intended for adults eighteen (18) and over. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected information from a minor, contact us at hello@hanahouhi.co and we will delete it.

Security

We protect the information we hold using industry-standard practices: TLS for data in transit, encrypted databases at rest through Supabase, password handling delegated to Clerk, payment handling delegated to Stripe. No system is perfectly secure, but we treat protecting your information as a baseline obligation, not a feature.

International users

Hanahou is operated from the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to that transfer.

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you by email or by a banner on the site. Continued use of the Service after the change takes effect constitutes acceptance of the new policy.

Contact us

Questions, requests, or concerns? Email hello@hanahouhi.co. We read every message.