Last Updated: February 27, 2025
Welcome to OnlyHugs. We are committed to protecting your privacy and being transparent about the information we collect and how we use it. This Privacy Policy explains our data practices for our website at http://oh and any related services we offer. By using our site, you agree to the collection and use of information in accordance with this policy.
When you sign up for our waitlist, we collect the following information that you provide directly:
Personal information you submit: your first name, email address, ZIP code, and your selected role preference (whether you want to find hugs, give hugs, or both). This is the information you enter into the waitlist signup form on our site.
Automatically collected information: when you submit the waitlist form, we also record your IP address, your browser's user agent string (which identifies your browser type and operating system), and the HTTP referrer URL (the page that directed you to our site, if any). We collect this technical data for security, fraud prevention, and to understand how visitors find OnlyHugs.
Session data: we use server-side sessions to manage security features like CSRF (cross-site request forgery) protection and rate limiting. These sessions are temporary and are tied to a session cookie stored in your browser. We do not use session data to build a profile about you or to track your activity across other websites.
We use the information we collect for the following purposes:
Waitlist management: your name, email, ZIP code, and role preference allow us to manage the pre-launch waitlist, prioritize invitations by geographic area, and understand the demand for different roles on the platform.
Communication: we use your email address to send you updates about OnlyHugs, including launch announcements, early access invitations, and occasional product news. You can unsubscribe from these communications at any time by following the link in any email we send or by contacting us directly.
Analytics and improvement: we use aggregated, non-identifying data — such as the total number of signups by ZIP code or role — to understand interest in OnlyHugs and to guide product development decisions. When our analytics tracking is fully enabled, we may use third-party analytics services to understand website traffic patterns.
Security and fraud prevention: your IP address, user agent, and session data help us protect the site from abuse, enforce rate limits on form submissions, validate CSRF tokens, and detect fraudulent or automated signups.
OnlyHugs uses a minimal number of cookies and tracking technologies:
Session cookies: we set a session cookie in your browser to enable server-side sessions. This cookie is essential for CSRF protection (preventing malicious form submissions) and rate limiting (preventing abuse of our signup form). The session cookie does not contain personal information and expires when you close your browser or after the server-side session times out.
Analytics and advertising pixels: our site is configured to support Google Analytics (GA4), Google Tag Manager, Facebook/Meta Pixel, TikTok Pixel, and LinkedIn Insight Tag. These tools use their own cookies and tracking technologies to help us measure website traffic and the effectiveness of any advertising campaigns. As of the date of this policy, these tracking IDs are not yet active. When they are enabled, they will operate according to the respective privacy policies of Google, Meta, TikTok, and LinkedIn. We will update this policy accordingly when analytics tracking is activated.
You can control cookies through your browser settings. Disabling cookies may affect the functionality of our signup form, particularly the CSRF protection mechanism.
We do not sell, rent, or trade your personal information to third parties. We may share your data only in the following limited circumstances:
Hosting and infrastructure providers: our website is hosted on servers provided by third-party hosting companies. These providers may process your data as part of delivering their hosting services to us, but they do not use your personal information for their own purposes.
Email service providers: we use third-party email platforms to send waitlist communications. These providers process your name and email address on our behalf and are contractually obligated to protect your information.
Analytics platforms: when enabled, the third-party analytics services described in Section 3 will receive anonymized or pseudonymized usage data from your visit to our site. This data is governed by those platforms' own privacy policies.
Legal requirements: we may disclose your information if required to do so by law, or if we believe in good faith that such action is necessary to comply with a legal obligation, protect our rights or property, prevent fraud, or ensure the safety of our users or the public.
We retain your waitlist information for as long as it is needed to fulfill the purposes described in this policy — primarily to manage the waitlist and communicate with you about OnlyHugs's launch. If you unsubscribe from our communications, we will retain a record of your email address and unsubscribe date to ensure we honor your request and do not contact you again.
If you request deletion of your data (see Section 6), we will remove your personal information from our active systems within 30 days of your request. Some information may persist in encrypted backups for a limited period, but it will not be used for any purpose and will be purged according to our backup rotation schedule.
You have the following rights regarding your personal information:
Access: you can request a copy of the personal data we hold about you.
Correction: if any of the information we have is inaccurate or incomplete, you can ask us to update it.
Deletion: you can request that we delete your personal information from our systems.
Unsubscribe: you can opt out of marketing communications at any time by clicking the unsubscribe link in any email we send or by contacting us.
To exercise any of these rights, please contact us at hello@onlyhugs.co. We will respond to your request within 30 days.
OnlyHugs is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected data from a minor, we will take prompt steps to delete that information from our systems. If you believe that a child under 18 has provided us with personal information, please contact us at hello@onlyhugs.co so we can take appropriate action.
We take the security of your data seriously and employ a number of measures to protect it:
Our site is served over HTTPS, which encrypts data in transit between your browser and our servers. We use CSRF tokens on all forms to prevent cross-site request forgery attacks. Server-side rate limiting is in place to prevent brute-force or automated abuse of our signup endpoints. Sessions are managed securely on the server with standard PHP session handling and appropriate cookie flags.
While we implement these safeguards and follow industry best practices, no method of data transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your information to the best of our ability and to promptly addressing any security incidents that may arise.
We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or business operations. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you by email. We encourage you to review this policy periodically to stay informed about how we protect your information.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
OnlyHugs
Email: hello@onlyhugs.co
Website: http://oh
Disclaimer: This privacy policy is provided for informational purposes and reflects OnlyHugs's current data practices as accurately as possible. It does not constitute legal advice. We recommend consulting with qualified legal counsel to ensure full compliance with applicable privacy laws and regulations in your jurisdiction.