habo

Privacy Policy

Last updated: April 2026

What Habo Does

Habo ("Help A Brother Out") is a gifting platform that lets people send money to friends, family, or anyone they care about. Gifts can be sent anonymously or with your name attached — the sender chooses. Recipients are notified by SMS and claim their gift at habo.help.

What We Collect

From Donors (no account required)

  • Recipient's mobile number— required to notify them via SMS that a gift has been sent. This is the only information needed about the recipient.
  • Your email(optional) — if provided, used solely to notify you when the recipient accepts or declines. Never shared with the recipient.
  • Your name(optional) — only collected if you choose to reveal your identity. If you stay anonymous, no name is stored or shared.
  • Payment information— processed entirely by Stripe or Zepto. We never see or store card numbers or bank details.
  • Gift details— amount, reason, and optional message.

From Recipients

  • Mobile number— used as your primary identifier. Verified via one-time SMS code (OTP). This is how we match you to gifts sent to your number.
  • Email address(optional) — if you choose to add one, we'll use it for future gift notifications alongside SMS. Never required.
  • Payout details— handled entirely by third-party providers. PayID uses your existing bank-linked email or phone. Stripe Connect collects bank details on their own secure page. PayPal uses your PayPal email. Habo never sees, stores, or handles your bank account details.

How We Protect Anonymity

  • When a donor chooses to stay anonymous, their identity is never exposed to recipients through any API, SMS, or UI.
  • When a donor chooses to reveal their identity, only their chosen display name is shown — never their email, phone, or payment details.
  • Our API architecture enforces this at the code level — recipient-facing endpoints physically cannot return donor contact information.
  • Internal logs use reference IDs rather than personal information where possible.

SMS & Communications

  • SMS is our primary notification channel. We send texts for: gift notifications, OTP verification codes, and reminders about unclaimed gifts.
  • SMS messages never contain links — we only direct you to visit habo.help. This is a deliberate security choice.
  • We will never sell your phone number or use it for marketing. It is used solely for gift-related notifications and account verification.
  • Standard SMS rates from your carrier may apply.

Payment Security

Payments are processed by Stripe (cards, Apple Pay, Google Pay, bank transfers) and Zepto (Australian PayTo/bank transfers). Recipient payouts are handled by PayID, Stripe Connect, or PayPal.

Habo is fully PCI compliant because we never handle, store, or transmit raw card numbers or bank account details. All payment data goes directly to the payment provider's secure servers.

Data Encryption & Security

  • All data transmitted over HTTPS/TLS.
  • Personal data encrypted at rest in our database.
  • Phone-based OTP verification (no passwords stored).
  • Security headers enforced (X-Content-Type-Options, X-Frame-Options, XSS Protection, Referrer-Policy).
  • Rate limiting on all sensitive endpoints to prevent abuse.
  • Cloudflare Turnstile CAPTCHA to prevent automated abuse.

Third-Party Services

  • Stripe— card/wallet payment processing and recipient bank payouts (global).
  • Zepto— Australian PayTo bank transfers and PayID payouts (AU only).
  • PayPal— alternative payout method (global).
  • Twilio— SMS notifications and OTP verification codes.
  • Resend— optional email notifications for donors.
  • Cloudflare— DNS, security, and CAPTCHA.

Your Rights

You can request to:

  • Access any personal data we hold about you.
  • Delete your account and associated data.
  • Export your data in a portable format.

Contact us at privacy@habo.help for any data requests.

Cookies & Local Storage

Habo uses minimal local storage. We store a JWT authentication token in your browser's localStorage for session management. We do not use tracking cookies, advertising cookies, or any third-party cookies.

Changes

We may update this policy from time to time. We'll notify users of significant changes via SMS or email (if provided).

Contact

Questions? Contact us at hello@habo.help.