The short version: We built InstaHowler on a simple principle — your data belongs to you. We don't sell it, we can't read your messages, and we collect as little as possible to make the app work. This policy explains exactly what we do and don't do.
Table of Contents
01 Who we are
InstaHowler is a secure messaging application developed and operated by InstaHowler LLC, a limited liability company registered in the United States.
This Privacy Policy applies to the InstaHowler mobile application ("App"), our website at instahowler.com ("Site"), and any related services we offer (collectively, the "Services").
For questions about this policy, contact us at support@instahowler.com.
02 What information we collect
Information you provide
- Account information — your username and email address when you register
- Verification codes — temporary codes sent to verify your email during registration
- Profile settings — optional display preferences you choose to set
Information collected automatically
- Connection metadata — timestamps of when you connected to our servers (not message content)
- Device type — general device category (iOS / Android) for technical compatibility
- App version — to ensure you're running supported software
- Crash reports — anonymous error logs if the app crashes, with no personally identifiable content
What we do NOT collect: We do not collect your message content, your contact list, your location, your IP address logs, or any behavioral tracking data.
03 How we use your information
We use the limited information we collect solely to operate and improve the Services:
- To create and authenticate your account
- To deliver messages between users via encrypted channels
- To send you account-related emails (verification, security notices)
- To diagnose technical issues and improve app stability
- To comply with applicable law
We do not use your information for advertising, profiling, or any purpose beyond operating the App.
04 How we protect your messages
InstaHowler uses end-to-end encryption (E2EE) for all messages. Here's what that means in practice:
- AES-256-GCM encryption — your messages are encrypted on your device before transmission
- ECDH key exchange — encryption keys are negotiated directly between devices
- Device-only private keys — your private encryption keys are stored only on your device using secure storage. We never have access to them.
- Server stores only ciphertext — even if our servers were compromised, attackers would only see encrypted data they cannot read
- Safety number verification — you can verify the identity of anyone you message using safety numbers
Important: Because of our end-to-end encryption, we are technically unable to read your messages or provide them to any third party, including law enforcement, even if legally compelled. We can only provide account registration information (username, email) if required by valid legal process.
05 What we do NOT do
We want to be completely clear about what InstaHowler will never do:
- We do not sell, rent, or trade your personal information to any third party
- We do not read, scan, or analyze your messages
- We do not serve advertisements in the App
- We do not track your behavior across other apps or websites
- We do not build profiles about you for marketing purposes
- We do not share your data with data brokers
- We do not store unencrypted message content on our servers
- We do not collect your contacts list
- We do not collect your precise location
06 Data sharing and third parties
We share your information only in the following limited circumstances:
- Service providers — we use third-party services to operate the App, including email delivery (SendGrid) for verification emails. These providers are contractually prohibited from using your data for any other purpose.
- Legal requirements — we may disclose account registration information (not messages, which we cannot access) if required by law, court order, or to protect the safety of users.
- Business transfers — if InstaHowler LLC is acquired or merges with another company, we will notify you and your data will remain subject to this Privacy Policy.
We do not share your data with any other parties for any other reason.
07 Data retention
We retain different types of data for different periods:
- Account information — retained while your account is active and deleted within 30 days of account deletion
- Encrypted messages — stored on our servers only until delivered to the recipient's device, then deleted
- Connection logs — retained for up to 90 days for security and troubleshooting, then automatically deleted
- Crash reports — retained for up to 60 days then deleted
You can request deletion of your account and all associated data at any time through the app settings or by contacting us.
08 Your rights and choices
You have the following rights regarding your personal information:
- Access — request a copy of the personal information we hold about you
- Correction — update your account information at any time in the app
- Deletion — delete your account and all associated data
- Portability — request your data in a machine-readable format
- Objection — object to any processing of your data
To exercise any of these rights, contact us at support@instahowler.com. We will respond within 30 days.
If you are a resident of California, the European Union, or another jurisdiction with specific privacy rights, those rights apply in full. Contact us for jurisdiction-specific requests.
09 Age requirement
InstaHowler is strictly for users 18 years of age and older. Parental consent does not create an exception to this rule.
We do not knowingly collect personal information from anyone under 18. If we discover an account belongs to someone under 18, we will permanently deactivate it and delete all associated data immediately, without notice.
If you believe an account is held by someone under 18, report it to support@instahowler.com and we will investigate promptly.
For our educational learning games (when released), no account or personal information is required to use them.
10 Changes to this policy
We may update this Privacy Policy at any time. While we aim to provide advance notice of material changes, updates may take effect immediately when required — including for legal compliance, security reasons, or other urgent circumstances.
When we make changes, we will update the "Last updated" date at the top of this page. For significant changes, we will make reasonable efforts to notify you via in-app notification or email. However, we are not bound to a fixed notice period.
If a change requires your renewed consent to continue using the Services, we will ask for it. If you do not agree to the updated policy, you may delete your account at any time.
Continued use of the App after changes are posted constitutes your acceptance of the updated policy. We encourage you to review this page periodically.
11 Contact us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
- Email: support@instahowler.com
- Company: InstaHowler LLC
- Response time: Within 30 days