The HangarLog In

Privacy Policy

Last updated: April 15, 2026

The Hangar ("we", "us", "our") is operated by Single Track Software LLC. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website at thehangar.appand our mobile applications (collectively, the "Service").

By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

1. Information We Collect

Account Information

When you create an account, we collect:

  • Email address — used for authentication, account recovery, and transactional emails
  • Password — stored as a salted hash (we never store or see your plaintext password)
  • Username — your chosen public identifier

Social Sign-In

If you sign in with Google or Apple, we receive:

  • Email address — from your Google or Apple account
  • Display name — your name as set in your Google or Apple profile
  • Profile photo URL — from Google (Apple does not provide one)

We do not receive or store your Google or Apple password. Authentication is handled by the respective provider via OAuth.

Profile Information

You may optionally provide:

  • Display name, bio, location
  • Avatar photo
  • Website URL and social media links

Vehicle and Activity Data

The core of the Service involves data you choose to enter:

  • Vehicle details (make, model, year, nickname, description)
  • Modifications, maintenance records, and projects
  • Photos you upload
  • Build posts and comments
  • Cost and pricing information (optional, never shared publicly without your consent)

Analytics and Usage Data

We collect anonymized usage data to understand how the Service is used:

  • Page views on public vehicle pages — tracked using a non-identifying fingerprint derived from IP address and user agent. We do not store raw IP addresses in our analytics.
  • Referrer information — the domain that referred a visitor to a public page (e.g., "google.com"), not the full URL
  • Vercel Analytics and Speed Insights — anonymized, aggregate performance metrics. See Vercel's privacy policy for details.

Device Information (Mobile App)

If you use our iOS or Android app, we may collect:

  • Push notification tokens — to send you notifications about likes, follows, and other activity (only with your permission)
  • Device platform — iOS or Android, to provide the appropriate experience

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Authenticate your identity and secure your account
  • Send transactional emails (account verification, password reset, welcome messages)
  • Send push notifications about activity on your content (with your consent)
  • Display your public profile and published vehicles to other users
  • Generate anonymized, aggregate analytics
  • Respond to support requests

What We Do Not Do

  • We do not sell, rent, or share your personal information with third parties for marketing purposes
  • We do not serve advertisements
  • We do not use your data to train AI models
  • We do not track your location

3. Data Storage and Security

Your data is stored securely using Supabase, which provides:

  • Encrypted data at rest and in transit (TLS 1.2+)
  • Row-level security (RLS) on all database tables — users can only access their own data unless explicitly published
  • Secure file storage for uploaded photos

The Service is hosted on Vercel with HTTPS enforced on all connections.

While we take reasonable measures to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

4. Data Visibility and Sharing

Public vs. Private

  • Private by default: All vehicle data, mods, maintenance, and projects are private until you explicitly publish them.
  • Public profiles: If you make your profile public, your username, display name, avatar, bio, and location are visible to anyone.
  • Published vehicles: When you publish a vehicle, its name, description, specs, public mods, photos, and timeline are visible at a public URL.
  • Cost data: Mod costs and purchase prices are never shown on public pages unless you explicitly include them.

Third-Party Services

We use the following third-party services:

  • Supabase — database, authentication, file storage
  • Vercel — hosting, edge functions, analytics
  • Google OAuth — social sign-in (if you choose to use it)
  • Apple Sign In — social sign-in (if you choose to use it)
  • Resend — transactional email delivery

Each service processes data in accordance with their own privacy policies. We only share the minimum data required for each service to function.

5. Cookies and Local Storage

We use:

  • Authentication cookies — HTTP-only, secure, same-site cookies managed by Supabase to maintain your session. These are essential for the Service to work.
  • Local storage — to remember your theme preference. No tracking data is stored in local storage.

We do not use advertising cookies, tracking pixels, or third-party cookie-based analytics.

6. Your Rights

You have the right to:

  • Access your data — everything you've entered is visible in your account. You can export your mods and maintenance data as CSV.
  • Correct your data — you can edit any information in your profile, vehicles, mods, and maintenance at any time.
  • Delete your data — you can delete individual vehicles, mods, maintenance records, photos, and projects. To delete your entire account and all associated data, contact us at the email below.
  • Withdraw consent — you can disconnect social sign-in providers in your account settings at any time.
  • Data portability — we provide CSV export for mods and maintenance data.

7. Age Restriction

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it promptly.

8. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete all associated personal data within 30 days, except where retention is required by law.

Anonymized analytics data (page view counts, referrer domains) may be retained indefinitely as it cannot be linked to any individual.

9. International Users

The Service is operated from the United States. If you are accessing the Service from outside the US, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, want to exercise your data rights, or need to report a concern, please contact us at:

Email: support@thehangar.app