HengGang

Privacy Policy

Effective date: May 15, 2026

Overview

HengGang is a family-first social network. Because we handle sensitive personal information — including family relationships, photos of loved ones, private messages, and in some cases biometric data — we take your privacy seriously. This Policy explains what we collect, how we use it, who we share it with, and your rights over it.

1. Information We Collect

Information you provide directly

  • Account data: name, email address, password (hashed, never stored in plaintext).
  • Profile data: bio, birth date, location, profile photo — all optional.
  • Family tree data: names, relationships, birth dates, and photos of family members you add.
  • User Content: photos, captions, posts, and messages you create on the Service.
  • Consent records: timestamps of when you accepted our Terms and consented to biometric data processing.

Information collected automatically

  • Session data: IP address, browser type, and device information — used to maintain your login session.
  • We do not use advertising trackers, analytics pixels, or third-party tracking cookies.

Information from third parties

  • If you sign in with Google, we receive your name, email address, and profile photo from Google, subject to your Google privacy settings.

2. Biometric Data Policy

This section is required by the Illinois Biometric Information Privacy Act (BIPA) and applies to all users who enable the face tagging feature.

What we collect

When you upload a photo and face detection is enabled, our system uses automated image analysis to identify faces and extract facial geometry data (a "biometric identifier" under BIPA). This data is used solely to suggest family member tags on your photos.

Purpose and legal basis

We process biometric data for the sole purpose of providing the photo tagging feature. The legal basis is your explicit consent, given at account creation. We do not use biometric data for any other purpose without your separate consent.

Retention and deletion

Biometric identifiers are retained for no longer than three (3) years from your last activity on the Service, or until you request deletion — whichever comes first. Upon withdrawal of consent or account deletion, we will permanently destroy all stored biometric data within 30 days.

No sale or profit

We do not sell, lease, trade, or otherwise profit from your biometric data. We do not share biometric data with third parties except as required to operate the Service (e.g., our cloud infrastructure provider, Cloudflare) under contractual data processing agreements.

Withdrawing biometric consent

You may withdraw your biometric consent at any time by emailing us at [email protected]. Withdrawal disables face detection on future uploads and triggers deletion of existing biometric data within 30 days.

3. How We Use Your Information

  • To create and maintain your account and authenticate you.
  • To display your profile, family tree, photos, and posts to you and users you have authorized.
  • To provide the photo face-tagging feature (with your consent).
  • To send you transactional emails (e.g., invitation emails, security alerts).
  • To detect and prevent abuse, fraud, and violations of our Terms.
  • To comply with legal obligations.

We do not use your personal data for advertising, profiling, or sale to third parties.

4. Sharing & Disclosure

We do not sell your personal data. We share it only in these limited circumstances:

  • Service providers: Cloudflare (cloud infrastructure, storage, compute) processes data on our behalf under a Data Processing Agreement. They do not use your data for their own purposes.
  • Other users: Content you post is shared with users you have authorized (your network, a specific family group, or only yourself, depending on your privacy settings).
  • Legal requirements: We may disclose data if required by law, court order, or government authority, or to protect the rights or safety of users.
  • Business transfer: If HengGang is acquired or merges, your data may be transferred to the new owner, subject to the same privacy protections.

5. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except:

  • Data we are required to retain by law.
  • Anonymized or aggregated data that cannot identify you.
  • Consent records (kept for legal compliance purposes for up to 7 years).

6. Your Rights

Depending on where you live, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your personal data ("right to be forgotten").
  • Portability: Request your data in a machine-readable format.
  • Objection / Restriction: Object to or request restriction of certain processing.
  • Withdraw consent: Withdraw consent for biometric processing at any time.

To exercise any of these rights, email [email protected]. We will respond within 30 days (or 45 days under CCPA).

7. Children's Privacy (COPPA)

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at [email protected] and we will delete it promptly.

8. Security

We implement reasonable technical and organizational security measures, including encrypted transmission (HTTPS), hashed passwords, and access controls. However, no system is perfectly secure. In the event of a data breach that materially affects your personal information, we will notify you by email within the timeframe required by applicable law.

9. Third-Party Services

We use the following third-party services whose privacy practices apply to data they process:

  • Cloudflare — infrastructure, storage, and compute.
  • Google — optional OAuth sign-in.

We are not responsible for the privacy practices of these third parties beyond our contractual obligations.

10. Changes to This Policy

We may update this Policy from time to time. We will notify you of material changes by email or by a prominent notice in the Service. Your continued use of the Service after notice constitutes acceptance of the updated Policy.

11. Contact

For privacy-related questions, data requests, or biometric consent withdrawal:

HengGang
[email protected]

Terms of Service · Back to HengGang