What Holler collects, and what it does not.

If you are a visitor.

You can use Holler without an account, and we never ask you to create one. We do keep first-party analytics so we can see how the site is used and improve it. It is all our own: no third-party analytics, no ad networks, no tracking pixels, and no cookies.

For each event (a page view, how far you scroll, how long a page is open, which tiles you tap) we store a small, deliberately coarse record:

• A one-way hash of your IP address. The raw IP is hashed with a salt that rotates daily and is never written to disk or logs. We keep the hash to tell sessions apart, not to identify you.
• Your country and region. Never your city, never precise coordinates.
• Your browser and device family, bucketed (for example “Safari, iOS, phone”), never the full user-agent string.
• Your screen size.

Events within a single visit share a random id kept in your browser's session storage. It is not a cookie, it never leaves as one, and it clears the moment you close the tab. We do not use it to recognize you on a later visit.

Location. When you grant location access, your coordinates are used in memory to sort the feed to what is nearby. They are not logged, not sent to anyone, and not kept beyond that request. If you do not grant location, we fall back to a coarse regional feed based on the country/region above. Nothing about your location is stored either way.

If you run a business on Holler.

To run a business account we store your email address, business name, business address, and verification status. Your email is how you sign in: we send a magic link, you tap it, you are in. No passwords. In the mobile app, a sign-in token is stored securely on your device (the iOS keychain) so you stay signed in between visits.

Your hollers are public by design. That is the whole point: you are saying something to the people nearby. We store the words you write and the photo you compose (photos live in Holler's own media storage) and show them on onholler.com to people in range, for the duration of each post.

Holler is built to feed the Neighborhood Commons, an open dataset licensed CC BY 4.0 that lets other local apps surface neighborhood activity with credit to the business that posted it. As we connect that pipe, your public hollers become part of that open dataset. Until then they live in Holler's own systems. Either way, a holler is a public statement, not private data.

We will never sell or rent your account data. Ask us to delete your account and we delete it, including the posts you made. See how to delete your account for the in-app and email paths.

Who helps us run Holler.

A few infrastructure providers process data on our behalf, under their own security and privacy terms, only so the app works:

• Supabase hosts our database and issues the sign-in magic link; it stores your account email and your posts.
• Resend delivers our transactional email (the sign-in link and team invites).
• Cloudflare R2 stores and serves the photos you attach to a holler.
• Sentry receives crash reports when it is enabled, scrubbed of your email and any sign-in token.

These are processors that run the service, not partners we sell to. We share nothing with advertisers or data brokers.

What we do not do.

• We do not set tracking cookies or recognize visitors across separate visits.
• We do not run third-party analytics, heatmaps, session recording, or fingerprinting SDKs.
• We do not sell, rent, or share your data with advertisers or data brokers.
• We do not store your precise location or your raw IP address.
• We do not use your data to train models unrelated to running Holler.

Questions.

Email [email protected]. A real person answers.