Privacy Policy

Starzhive — Privacy Policy

1. Introduction

This Privacy Policy explains how Starzmeet Inc. ("Starzmeet", "we", "our", "us") collects, uses, shares, and protects information when you ("you", "User") use Starzhive (the "Service"). It covers information you provide directly, information we collect automatically when you use the Service, and information we receive from third parties.

By creating an account or using the Service, you acknowledge that you have read and understood this Policy. If you do not agree with it, please do not use the Service.

This Policy is incorporated into our Terms of Use by reference; defined terms in the Terms have the same meaning here unless stated otherwise.

2. Who we are

Starzmeet Inc. is the data controller for the Service.

Starzmeet Inc. 254 Chapman Rd, Ste 208 #17796 Newark, Delaware 19702 USA

Privacy queries: privacy@starzmeet.com General contact: info@starzmeet.com

For users in the European Union, United Kingdom, or other jurisdictions that require an in-region representative, please email privacy@starzmeet.com and we will provide current representative details.

3. HIPAA status — please read

Starzhive is not currently HIPAA-compliant. Our AI processing partners are not yet covered by Business Associate Agreements (BAAs). The Service is not designed for use by covered entities, business associates, or healthcare providers acting in their professional capacity.

Please do not enter Protected Health Information (PHI) you would not share in a normal text message or email. This includes detailed medical records, prescription details, insurance numbers, or clinical assessments from licensed professionals.

We are working towards HIPAA compliance and a BAA-eligible LLM provider; this notice will be updated when that completes.

4. Information we collect

4.1 Information you provide directly

Account information

  • Name
  • Email address
  • Password (stored as a hashed value, never in plain text)
  • Profile photo (optional)
  • Display name (optional)
  • Country / region (optional)
  • Language preference

Child profile information (entered by you as parent / guardian)

  • Child's first name (or chosen identifier)
  • Age or birth year
  • Diagnosis (e.g., autism spectrum, ADHD, sensory processing disorder)
  • Therapies (e.g., ABA, OT, speech therapy)
  • Sensory profile (triggers, calming supports)
  • Strengths and goals
  • Notes you choose to add

Behavioural and observational logs

  • Meltdown entries (time, location, trigger, resolution)
  • Milestone records (first words, social wins, learning achievements)
  • Daily observations and parent insights
  • Questions you record for follow-up

Conversations and messages

  • Messages you exchange with the AI Agent
  • Messages you exchange with other users (within the Service's social features)
  • Posts and comments you submit to the community

Optional location

  • ZIP code or city (only if you provide it, used for regional service matching and resource recommendations)

Communications with us

  • Support requests, bug reports, feedback, and any other messages you send to our support email addresses

4.2 Information collected automatically

When you use the Service we automatically collect:

  • Device and browser data — browser type and version, operating system, device type, screen size
  • IP address and approximate location derived from it
  • Log data — pages visited, features used, timestamps, referring URLs, error logs
  • Cookies and local storage — session tokens, preference cookies, basic first-party analytics (no third-party advertising trackers; see Section 17)

4.3 Information from third parties

If you choose to sign in with Google (or another OAuth provider we integrate with), we receive from that provider your name, email address, and profile image. We do not receive your password.

If you are introduced to the Service by another user (e.g., parent-to-parent matching), we may receive your acceptance of that introduction.

5. How we use your information

We use your information to:

  1. Operate the Service — create and maintain your Account, deliver features, personalise the AI Agent's responses to your child.
  2. Personalise AI responses — the AI Agent uses your child's profile, recent memories, and conversation history to generate replies that are specific to your family. We do not use your data to train external public models.
  3. Match you with similar parents (mutual consent only) — based on age, diagnosis, therapies, and other criteria you've provided.
  4. Surface relevant content — research articles, educational videos, local services, and provider directories tailored to your child's profile.
  5. Send you service-related emails — waitlist confirmations, account notices, security alerts, important policy changes. These are not promotional and you cannot opt out of them while you have an active Account.
  6. Send you optional marketing communications if you have opted in (you can opt out at any time; see Section 16).
  7. Investigate fraud, abuse, and security incidents — detect unauthorised access, spam, harassment, or violations of our Terms of Use.
  8. Comply with legal obligations — respond to lawful requests from law enforcement, regulators, or courts.
  9. Improve the Service — analyse aggregated, de-identified usage to understand which features help families most.

6. Legal basis for processing (GDPR / UK GDPR)

If you are in the European Union, United Kingdom, or another GDPR-equivalent jurisdiction, we rely on the following legal bases:

  • Performance of a contract — to provide the Service you signed up for.
  • Consent — for parent-to-parent matching, marketing emails, optional features, cookies that are not strictly necessary, and any processing of special-category data you submit.
  • Legitimate interests — security, fraud prevention, service improvement, defending legal claims. We balance these against your rights.
  • Legal obligation — when we are required to process information by law.
  • Vital interests — in rare cases involving an imminent threat to safety (e.g., crisis-safety routing).

You may withdraw consent at any time without affecting the lawfulness of prior processing.

7. Special protections for child information

Child Information is the most sensitive data on the Service and we treat it with extra care:

  1. No advertising — we do not show advertising of any kind to anyone, child or adult.
  2. No selling — we do not sell Child Information to anyone.
  3. No cross-family training — we do not use one family's Child Information to train AI models that serve other families.
  4. Parent-controlled — you can export, correct, or delete your child's data at any time from settings or by emailing privacy@starzmeet.com.
  5. Limited internal access — only authorised Starzmeet staff with a job-related need can access Child Information; access is logged.
  6. No accounts for children under 13 — see Section 22 (Children's Privacy) for our COPPA approach.
  7. Sharing requires consent — Child Information is never shared with other users or third parties without your explicit opt-in (e.g., parent-to-parent matching).

8. AI processing — what to know

The AI Agent processes your child's profile, recent memories (up to the most recent 15 entries), and recent conversation history (up to the most recent 20 messages) to generate replies. Processing happens through third-party large-language-model providers — currently Anthropic Claude.

Per Anthropic's API terms, your data sent to the model is not retained for training Anthropic's public models. We periodically review provider terms; if a provider's data-handling commitments materially change, we will notify you and (where required by law) seek your renewed consent.

We do not enrol any user data in any provider's customer-facing model-improvement programs.

9. How we share your information

We share information only in the limited circumstances below. We do not sell your information.

Service providers (data processors acting on our instructions)

We share information with vendors that help us operate the Service:

  • AI model providers (currently Anthropic Claude) — for AI Agent responses
  • Cloud hosting — for storage and compute
  • Email delivery — for transactional and waitlist emails
  • Analytics — first-party only, no third-party advertising trackers
  • Customer support tools — to help us respond to your messages

These providers are contractually bound to protect your information, use it only for the purposes we authorise, and not retain it beyond what is necessary.

  • Parent-to-parent matching — when you opt in, we share first names plus matching criteria (age range, diagnosis category) only — never your child's full profile.
  • Community posts — what you post in community features is visible to other users of the Service.

We may disclose information if we have a good-faith belief that doing so is necessary to:

  • Comply with a valid law, legal process, court order, or government request
  • Enforce our Terms of Use, including investigating violations
  • Detect, prevent, or address fraud, security, or technical issues
  • Protect the rights, property, or safety of Starzmeet, our users, or the public

Where the law allows, we will give you notice before responding to a legal request involving your information.

Safety

If we believe action is necessary to prevent imminent harm to you, your child, or another person, we may disclose information to emergency services, public authorities, or designated guardians.

Business transfers

If Starzmeet is involved in a merger, acquisition, restructuring, sale of assets, or bankruptcy, your information may be transferred to a successor entity. We will require the successor to honour this Privacy Policy or notify you of any material changes.

10. International data transfers

Our servers and most service providers are located in the United States. If you access the Service from outside the US, your information will be transferred to and processed in the US, which may have different data-protection laws than your home country.

For transfers from the European Union, United Kingdom, or Switzerland to the US, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable
  • Equivalent UK and Swiss instruments where applicable
  • Other lawful transfer mechanisms as the legal landscape evolves

You may request a copy of the safeguards in place by emailing privacy@starzmeet.com.

11. Storage and security

We use industry-standard security practices to protect your information:

  • Encryption in transit — HTTPS/TLS for all communications between your device and our servers
  • Encryption at rest — your data is stored on encrypted disks at our cloud provider
  • Access controls — role-based access, multi-factor authentication for admin access
  • Logging and monitoring — security events are logged and reviewed
  • Vendor due diligence — we vet and contractually bind our service providers

No system is perfectly secure. We cannot guarantee that information you transmit to or store on the Service will never be accessed without authorisation. If a security incident materially affects your information, we will notify you in accordance with applicable law (see Section 21).

12. Data retention

We retain information for as long as it is needed for the purposes described in this Policy, then delete or anonymise it.

Data Retention
Active Account data While your Account is active
Account, Child Information, behavioural logs after Account deletion Deleted within 30 days of your deletion request
Backups Purged on a 90-day rolling cycle
Anonymised aggregate analytics May be retained indefinitely (no link to you or your child)
Records required by law (tax, accounting, dispute records) Retained for the legally required period
Security and fraud investigation records Retained as long as needed for the investigation, then deleted

You can request earlier deletion by emailing privacy@starzmeet.com.

13. Your rights

Depending on where you live, you may have the following rights with respect to your personal information:

  • Access — request a copy of the personal information we hold about you
  • Correction — request that we correct inaccurate or incomplete information
  • Deletion — request that we delete your personal information ("right to be forgotten")
  • Portability — receive your information in a structured, commonly used, machine-readable format and transmit it to another controller
  • Restriction — request that we limit how we process your information
  • Objection — object to certain processing activities, including direct marketing
  • Withdrawal of consent — withdraw consent at any time, where processing is based on consent
  • Complaint — lodge a complaint with your local data-protection authority (see Section 25)

To exercise any of these rights, email privacy@starzmeet.com. We will respond within 30 days (or longer where the law allows, with notice to you). We may need to verify your identity before acting on a request.

14. California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) gives you specific rights:

Categories of information collected (last 12 months)

  • Identifiers (name, email, IP address)
  • Personal information (account credentials, profile data)
  • Internet activity (logs, usage data)
  • Geolocation (approximate, from IP or optional ZIP)
  • Sensitive personal information (Child Information you choose to enter, including health-related categories)

Sources

  • Directly from you
  • Automatically when you use the Service
  • From third-party sign-in providers (if you use them)

Purposes for collection

See Section 5 (How we use your information).

Disclosures for a business purpose

We disclose information to the categories of service providers listed in Section 9 for the purposes described there.

Sale or sharing

We do not sell or share personal information for cross-context behavioural advertising.

Your CCPA rights

  • Right to know — request the categories and specific pieces of information we have collected about you
  • Right to delete — request deletion (subject to certain exceptions)
  • Right to correct — request correction of inaccurate information
  • Right to limit use of sensitive personal information — direct us to use sensitive PI only as necessary to provide the Service
  • Right to opt out of sale or sharing — not applicable, since we do not sell or share for advertising
  • Right to non-discrimination — we will not discriminate against you for exercising your rights

To exercise any of these, email privacy@starzmeet.com. You may use an authorised agent; we will require proof of authorisation.

15. EU and UK Privacy Rights (GDPR / UK GDPR)

In addition to the rights in Section 13, EU and UK users have the right to:

  • Lodge a complaint with a supervisory authority, including the data-protection authority in your country of residence
  • Request information about cross-border transfers, including the safeguards we use (Section 10)

Where we process special-category data (which can include Child Information related to health), we do so only where we have a lawful basis under Article 9 GDPR — typically your explicit consent.

16. Marketing communications

We will only send you marketing emails (e.g., product updates, family-success stories, optional newsletters) if you have opted in. You can opt out at any time by:

  • Clicking the unsubscribe link in any marketing email
  • Updating your preferences in Account Settings
  • Emailing info@starzmeet.com

Opting out of marketing does not affect transactional emails (security alerts, account notices, waitlist invitations, important policy updates), which we send while you have an active Account.

17. Cookies and similar technologies

We use a minimal set of cookies and local-storage entries:

  • Strictly necessary — session cookies that keep you logged in; CSRF tokens; security cookies
  • Functional — remembering your language and theme preferences
  • First-party analytics — basic usage statistics so we can understand which features help families. Aggregated; not used for cross-site tracking.

We do not use third-party advertising cookies, behavioural-advertising trackers, social-media pixels, or fingerprinting techniques.

You can disable cookies through your browser settings, but the Service may not function correctly without strictly-necessary cookies.

We honour the Global Privacy Control (GPC) signal where required by law and treat it as a valid opt-out request.

18. Do Not Track

Some browsers send a "Do Not Track" (DNT) signal. There is no industry-wide standard for how to interpret DNT, so we do not currently respond to DNT signals. We do honour the Global Privacy Control signal where applicable (see Section 17).

19. Automated decision-making

The AI Agent generates personalised content but does not make legally significant or similarly significant decisions about you (such as determining your eligibility for benefits, employment, or credit) without human involvement. If we ever introduce such automated decision-making, we will update this Policy and provide additional disclosures and rights as required by law.

The Service may contain links to third-party websites (research articles, news, provider directories). We are not responsible for those sites' privacy practices. Review their privacy policies before sharing information with them.

21. Data breach notification

If we discover a security incident that materially affects your personal information, we will:

  • Notify you and any required regulators within the timeframes required by applicable law (e.g., 72 hours for GDPR)
  • Describe the nature of the incident, the categories of information affected, and the steps we are taking to address it
  • Recommend steps you can take to protect yourself

You can help us protect your account by using a strong unique password, enabling multi-factor authentication where offered, and reporting suspicious activity to info@starzmeet.com immediately.

22. Children's privacy (COPPA)

The Service is intended for use by adults (18+) acting as parents, guardians, or authorised caregivers. Children under 13 are not permitted to create their own Accounts.

If you are 13 or older but under the age of majority in your jurisdiction (typically 18), you may use the Service only with the involvement and consent of a parent or guardian.

We do not knowingly collect personal information directly from children under 13. If we learn we have collected such information without the verified consent of a parent or guardian, we will delete it as soon as practicable. If you believe a child has provided information without parental consent, please contact privacy@starzmeet.com.

Child Information entered by a parent or guardian on their own Account is governed by Section 7 (Special protections for child information).

23. Account deletion

You can delete your Account at any time:

  1. From within Account Settings, or
  2. By emailing privacy@starzmeet.com from the email associated with your Account

Upon deletion:

  • Your Account, Child Information, behavioural logs, AI conversation history, and personal profile are deleted within 30 days
  • Backups are purged on a 90-day rolling cycle
  • We retain records required by law (e.g., tax records, evidence of disputes) for the legally required period
  • Anonymised aggregate analytics may be retained indefinitely with no link back to you

If you have posted content publicly (e.g., to community features) and want it removed, request it in your deletion email. We will remove your content but may retain de-identified copies to preserve the integrity of conversations involving other users (e.g., a reply you wrote to another parent's question).

24. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes — those that meaningfully affect your rights or how we handle your information — will be communicated to you by email or in-app notice at least 30 days before they take effect.

Non-material changes (typo fixes, formatting, references to renamed services) are effective on posting.

The "Effective date" at the top of this Policy reflects the most recent material update.

25. Complaints

If you have a concern about how we handle your personal information, please contact us first at privacy@starzmeet.com so we can address it directly.

If you are not satisfied with our response, you may lodge a complaint with your local data-protection authority. For example:

  • United States — your state attorney general's office, or the Federal Trade Commission (reportfraud.ftc.gov)
  • California — California Privacy Protection Agency (cppa.ca.gov)
  • European Union — your national data-protection authority (list)
  • United Kingdom — Information Commissioner's Office (ico.org.uk)

26. Contact

For privacy-related questions, requests, or complaints:

Starzmeet Inc. — Privacy Office 254 Chapman Rd, Ste 208 #17796 Newark, Delaware 19702 USA

privacy@starzmeet.com

For general questions about the Service, please use info@starzmeet.com.

© 2026 Starzhive