Last updated: 4 April 2026
Highku is operated by John Peart, an individual based in the United Kingdom. This policy explains what data the app collects, why, and your rights under UK GDPR.
John Peart is the data controller for Highku. For any privacy questions or requests, use the in-app support form (Profile > Contact us).
Email address — for account creation and sign-in via Google or Apple. Lawful basis: legitimate interest.
Haiku text — the poems you publish in the app. Lawful basis: legitimate interest.
Votes — when you high-five haikus and the scores that result. Lawful basis: legitimate interest.
Avatar choice and user ID — to display your public profile. Lawful basis: legitimate interest.
Account timestamps — when your account was created and when you accepted community guidelines. Lawful basis: legitimate interest.
Push notification token — to deliver notifications you have opted into. Lawful basis: consent. You can withdraw consent at any time by disabling notifications in iOS Settings or in the app under Profile > Settings > Notifications.
Support tickets — messages you send via the in-app support form, including ticket status and replies. Lawful basis: legitimate interest.
Moderation records — reports and strikes to enforce community guidelines. Lawful basis: legitimate interest.
App version — the version and build number of the app you are using, to manage compatibility and deliver update notifications. Lawful basis: legitimate interest.
Most data is processed on the basis of legitimate interest — the controller's interest in operating the service that you have voluntarily signed up for. A full Legitimate Interest Assessment for each data type is maintained internally. You have the right to object to processing based on legitimate interest; see "Your rights" below.
Push notification tokens are processed on the basis of consent, obtained via the iOS system permission prompt.
Highku does not use cookies, analytics, advertising, tracking, or profiling of any kind. No data is sold or shared with third parties for marketing purposes.
Your data is stored in Google Firebase (Firestore and Firebase Authentication), hosted in the europe-west2 (London) region. Google acts as a data processor under its Data Processing Addendum.
While primary data storage is in the London region, Google may process some data in other regions for operational purposes such as authentication and infrastructure support. Google's Data Processing Addendum includes Standard Contractual Clauses and the UK International Data Transfer Agreement to provide appropriate safeguards for any transfers outside the UK.
Apple processes authentication data for Sign in with Apple under Apple's own privacy terms, which may involve transfers outside the UK under Apple's own transfer mechanisms.
Your data is kept for as long as your account exists. You can delete your account at any time from within the app. When you do, your haikus, votes, profile, support tickets, and authentication data are permanently deleted. Moderation records may be retained for safety purposes.
Under UK GDPR, you have the right to:
You can access, export, and delete your data directly in the app. To exercise any other rights, use the in-app support form (Profile > Contact us).
Highku is for users aged 18 and over. Age restrictions are enforced through Apple's App Store age rating and parental controls, and verified during onboarding.
If this policy changes, the updated version will be published here with a new date.