Privacy Policy
Last updated: March 23, 2026
HourProof ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the HourProof mobile application ("App").
1. Information We Collect
1.1 Account Information
When you create an account, we collect the following information depending on your sign-in method:
- Email/Password: Your email address and a securely hashed password.
- Google Sign-In: Your name, email address, and profile photo as provided by Google's OAuth 2.0 API. We receive an authentication token from Google for sign-in purposes.
- Apple Sign-In: Your name and email address (or Apple relay email). We receive an authentication token from Apple solely for sign-in purposes.
1.2 Google Calendar Data (Optional)
HourProof offers an optional Google Calendar integration for Premium subscribers. When you choose to connect your Google Calendar, we request read-only access to your calendar events using the calendar.events.readonly OAuth scope. This allows HourProof to:
- Read event titles, dates, times, and descriptions from your primary calendar
- Classify which events relate to real estate investment activities
- Suggest those events as material participation hour entries for your review
We never create, modify, or delete your calendar events. Calendar event data is processed on our server solely to generate activity suggestions. You review and explicitly accept or dismiss each suggestion — nothing is logged to your account automatically. We do not store raw calendar event data after processing is complete.
Revoking access: You can disconnect Google Calendar at any time from Settings > Integrations in the App. Disconnecting immediately revokes HourProof's access and deletes your stored refresh token from our servers. You can also revoke access from your Google Account permissions page.
1.3 Activity Data
Data you voluntarily enter into the App, including:
- Property information (name, address, type, color)
- Property groups and configurations
- Activity logs (category, description, duration, date)
- Evidence attachments (photos, receipts, documents, emails)
- Timer and duration data
1.4 Device Permissions
The App may request access to device features. These permissions are optional and only activated when you use the corresponding feature:
- Camera: Used only to capture photos for evidence attachments. Photos are stored with your activity records and are not shared with third parties.
- Microphone: Used only for voice-to-activity input via on-device or platform speech recognition. Audio is not recorded or stored by HourProof.
- Photo Library: Used only to let you select existing photos as evidence attachments.
- Speech Recognition: Used to convert voice input to text. Processing may occur on-device or via platform speech recognition services (Apple Speech or Google Speech-to-Text).
2. How We Use Your Information
We use your information solely to:
- Provide, maintain, and improve the App
- Authenticate your identity and manage your account
- Store and sync your activity records across devices
- Generate reports and statistics based on your data
- Respond to your support requests
We do not use your data for advertising, profiling, analytics tracking, or any purpose other than providing the service.
3. Third-Party Services
HourProof uses the following third-party services that may process your data:
3.1 Google Sign-In and Google Calendar
When you authenticate with Google, we use Google's OAuth 2.0 protocol. For sign-in, we request the "profile" and "email" scopes to verify your identity.
If you choose to connect Google Calendar (a separate, optional step available to Premium subscribers), we additionally request the calendar.events.readonly scope. This grants HourProof read-only access to your calendar events. We use this data solely to identify real estate investment activities and suggest them as material participation hour entries. See Section 1.2 above for full details on how calendar data is handled.
Google's use of your data is governed by the Google Privacy Policy.
3.2 Apple Sign-In
When you authenticate with Apple, we receive your name and email (or Apple's private relay email). We do not receive any other Apple account data. Apple's use of your data is governed by the Apple Privacy Policy.
3.3 Firebase (Google Cloud)
We use Google Firebase for authentication, cloud data storage (Firestore), and cloud functions. Your data is stored on Firebase servers in the United States. Firebase's data processing is governed by the Firebase Privacy and Security documentation.
3.4 OpenAI API (Optional)
If you choose to use the AI-assisted activity logging feature, your activity descriptions are sent to OpenAI's API for natural language processing. This feature requires you to provide your own OpenAI API key. We do not store or transmit your API key to our servers. OpenAI's data handling is governed by the OpenAI Privacy Policy.
4. Data Storage and Security
Your data is stored locally on your device using encrypted storage and may be synced to Firebase cloud storage for backup and cross-device access. We implement industry-standard security measures including:
- Encrypted data transmission (TLS/SSL)
- Firebase Authentication security rules
- Firestore security rules limiting data access to authenticated users
- No plain-text storage of sensitive credentials
5. Data Sharing
We do not sell, rent, trade, or otherwise share your personal information with third parties for their marketing or commercial purposes. We may share data only:
- With service providers (Firebase, as described above) solely to operate the App
- If required by law, legal process, or governmental request
- To protect our rights, privacy, safety, or property
6. Google API Services User Data Policy
HourProof's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We only use Google Calendar data to provide and improve the calendar sync feature described in this policy (suggesting material participation activities).
- We do not transfer Google Calendar data to third parties, except as necessary to provide the service, with your explicit consent, for security purposes, or to comply with applicable laws.
- We do not use Google Calendar data for serving advertisements or for any advertising or user profiling purpose.
- Humans do not read your Google Calendar data unless you provide affirmative consent (e.g., in a support request), it is necessary for security purposes, it is aggregated and anonymized for internal operations, or it is required by law.
7. Data Retention and Deletion
We retain your data for as long as your account is active. You may delete your account and all associated data at any time through the App settings. Upon account deletion:
- Your activity logs, property data, and evidence are permanently deleted from our servers
- Your authentication credentials are removed from Firebase Authentication
- Local data on your device can be removed by uninstalling the App
Deletion is permanent and cannot be undone. We recommend exporting your records before deleting your account.
8. Children's Privacy
HourProof is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will delete that information promptly. If you believe a child has provided us with personal information, please contact us at support@hourproof.app.
9. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
9.1 California Residents (CCPA)
- Right to know what personal information is collected
- Right to delete your personal information
- Right to opt-out of the sale of personal information (we do not sell your data)
- Right to non-discrimination for exercising your privacy rights
9.2 EU/EEA Residents (GDPR)
- Right of access to your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
To exercise any of these rights, contact us at support@hourproof.app.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy within the App or by email. Your continued use of the App after changes are posted constitutes your acceptance of the revised policy.
11. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at: