Privacy Policy
Effective Date: 21 April 2026
Operated by: HEAL APP | ABN 21 359 071 753
Contact: healapp.reports@gmail.com
1. Overview
This Privacy Policy explains how HEAL APP (ABN 21 359 071 753) (“we”, “us”, or “our”) collects, uses, stores, and discloses information in connection with the heal. mobile application (the “App”).
We are committed to protecting your privacy. The App has been designed from the ground up to minimise data collection. We do not require users to create accounts, provide names, email addresses, or any other personal identifying information to use the App.
This Privacy Policy should be read together with our Terms of Service and Community Guidelines. By using the App, you consent to the practices described in this Privacy Policy.
2. Who We Are
The App is operated by HEAL APP, an Australian sole trader registered under ABN 21 359 071 753, based in Melbourne, Victoria, Australia.
For any privacy-related enquiries, please contact us at healapp.reports@gmail.com.
3. Information We Collect
We collect only the minimum information necessary to operate the App safely and effectively. The following information is collected:
3.1 Device Identifier
Upon first use, a randomly generated device ID (UUID) is created and stored locally on your device using your device’s local storage. This identifier is not linked to your name, email address, or any other personal information. It is used solely to administer the ban system, that is, to prevent users who have been banned from re-accessing the App on the same device.
3.2 Firebase Anonymous Authentication UID
The App uses Google Firebase Anonymous Authentication to generate a temporary, anonymous session identifier (UID) each time you use the App. This UID is not linked to any personal identity and is not associated with any Google account. It is used solely to facilitate the technical operation of the App, including matchmaking and chat delivery.
3.3 Queue & Session Data
When you enter the matching queue, we collect and temporarily store the following:
• Your selected role (Feeler or Healer);
• Your randomly assigned session username; and
• The timestamp of your queue entry.
This information is deleted automatically when you are matched with another user or when you exit the queue.
3.4 Chat Message Content
Messages exchanged during a chat session are transmitted and stored temporarily in our Firebase database solely for the purpose of delivering those messages to the other participant in real time. Upon conclusion of a chat session, whether by either participant leaving or the session otherwise ending, all message content is permanently and automatically deleted from our systems.
We do not read, analyse, or store chat content beyond what is necessary to deliver messages in real time, except in the circumstances described in Section 3.5 below.
3.5 Report Data
If a user submits a report against another user during or at the conclusion of a chat session, the following information is captured and retained:
• The full conversation from that chat session, transmitted as an attachment to the app operator’s secure mailbox;
• The anonymous UID of the reporting user;
• The randomly assigned username of the reported user;
• The timestamp of the report; and
• The chat session identifier.
This information is retained for the purposes of reviewing the report, administering the ban system, and, where necessary, complying with legal obligations. It is accessible only to the app operator.
By submitting a report, you expressly consent to the capture and operator review of the full conversation from that session. By using the App, you acknowledge that if a report is submitted against you, the conversation in which the reported conduct occurred may be reviewed by the app operator.
3.6 Strike & Ban Records
Where a user is found to have breached our Community Guidelines, a strike record associated with their anonymous device ID and Firebase UID is created and maintained in our Firebase database. This record contains the number of strikes recorded against that identifier and, where applicable, the duration and expiry of any ban imposed. No personal identifying information is associated with these records.
4. How We Use Your Information
We use the information collected solely for the following purposes:
• To operate and deliver the core functionality of the App, including matchmaking and real-time chat;
• To administer the ban and strike system to protect users from harmful conduct;
• To review reports submitted by users and take appropriate moderation action;
• To maintain the security and integrity of the App; and
• To comply with applicable legal obligations.
We do not use your information for advertising, profiling, or any commercial purpose beyond the operation of the App.
5. Disclosure of Information
We do not sell, rent, or trade any information collected through the App.
Information may be disclosed in the following limited circumstances:
• To Google Firebase, as our infrastructure and database provider, solely to the extent necessary to operate the App. Firebase’s privacy practices are governed by Google’s Privacy Policy, available at https://policies.google.com/privacy;
• To law enforcement or regulatory authorities where we are required to do so by law, or where we reasonably believe that disclosure is necessary to prevent imminent harm or unlawful conduct; and
In connection with any sale, merger, or transfer of the App or our business, provided that any successor operator is bound by obligations no less protective of user privacy than those set out in this Privacy Policy.
6. Data Storage & Security
Data collected through the App is stored on Google Firebase servers. Firebase maintains industry-standard security measures including encryption in transit and at rest. Information about Firebase’s security practices is available at https://firebase.google.com/support/privacy.
Report data, including full chat transcripts submitted upon a report, is transmitted to and stored in a secure operator-controlled mailbox accessible only to the app operator.
While we take reasonable steps to protect information from unauthorised access, disclosure, or misuse, no method of electronic storage or transmission is completely secure. We cannot guarantee absolute security.
7. Data Retention
We retain information only for as long as necessary for the purposes for which it was collected:
• Queue and session data: deleted automatically upon match or queue exit;
• Chat message content: permanently deleted upon conclusion of the chat session, except where a report has been submitted;
• Report data (including full chat transcripts): retained for as long as reasonably necessary to administer the moderation and ban system and to comply with any applicable legal obligations; and
• Device ID and ban/strike records: retained for as long as necessary to administer the ban system.
8. Third-Party Services
The App uses the following third-party services in the course of its operation:
• Google Firebase: authentication, real-time database, and cloud functions. Governed by Google’s Privacy Policy: https://policies.google.com/privacy
• Google Play Store / Apple App Store: app distribution platforms. Their respective privacy policies apply to any data collected in connection with app download and installation.
We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies independently.
9. Children’s Privacy
The App is intended solely for users aged 18 years and over. We do not knowingly collect any information from persons under the age of 18. If we become aware that information has been collected from a person under 18, we will take immediate steps to delete that information and terminate the relevant user’s access.
If you believe that a person under 18 has provided information through the App, please contact us at healapp.reports@gmail.com.
10. Your Privacy Rights
10.1 Australian Users
The App is operated in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
The App is designed to be anonymous by default. We do not collect your name, email address, phone number, or any other information that directly identifies you. Because of this, we are generally unable to link any data held in our systems to a specific individual. In practice, this means that most access, correction, or erasure requests cannot be actioned, not because we are refusing, but because we genuinely cannot identify you in our data.
If you believe we hold information that can be linked to you and you wish to make a request, please contact us at healapp.reports@gmail.com with as much context as possible. We will make reasonable efforts to locate and action your request where it is technically feasible to do so.
If you believe we have breached the APPs, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
10.2 European Users (GDPR)
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, rights under the General Data Protection Regulation (GDPR) or equivalent legislation may apply to you, including rights of access, rectification, erasure, restriction, portability, and objection.
As noted above, the App is anonymous by design. We are generally unable to identify any individual from the data we hold. As a result, it may not be technically possible to action GDPR requests in most cases. This is a function of the App’s privacy-first architecture, not a refusal to comply.
Our lawful basis for processing under the GDPR is our legitimate interest in operating a safe and functional anonymous communication platform, and, in respect of report data, compliance with legal obligations and the protection of the vital interests of users.
To exercise your rights or lodge a complaint, please contact us at healapp.reports@gmail.com or contact your local supervisory authority.
11. Cookies & Tracking Technologies
The App does not use cookies. We do not employ tracking technologies, advertising trackers, or analytics tools that collect behavioural data about users across sessions or across third-party platforms.
Firebase may collect certain technical diagnostic data as part of its standard infrastructure operation. This is governed by Google’s Privacy Policy.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. Where we make material changes, we will notify users via the App. The updated Privacy Policy will be effective from the date it is published.
Continued use of the App following publication of an updated Privacy Policy constitutes your acceptance of the changes.
13. Contact & Complaints
For any questions, concerns, or complaints regarding this Privacy Policy or our privacy practices, please contact:
HEAL APP
ABN 21 359 071 753
Melbourne, Victoria, Australia
We will endeavour to respond to all enquiries within a reasonable timeframe. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.