Privacy Policy

SheHaven is built on a Privacy by Design principle. Personal data is protected by row-level security policies, encrypted at rest and in transit, minimised to only what is necessary, and automatically deleted when no longer required.

SheHaven provides venue discovery and referral services only. Bookings, reservations, payments, pricing and availability are managed solely by third-party providers or the venues themselves. When you tap a booking link we record an anonymous referral event (pseudonymous session id, coarse device type, and the venue you were viewing) so we can keep our directory healthy. We never see or store your booking details, payment information or reservation outcomes.

SheHaven is a community app for verified women aged 18 and over. If you need to contact us about your data, please use the contact form below.

To confirm you are a woman aged 18+, we ask for a government ID and a live selfie. These are reviewed by a small team of trained admins, are never shared with third parties, and are deleted as soon as a verification decision is made.

You can request a copy of your data, ask us to correct or delete it, or withdraw consent at any time. Contact us and we will respond within 30 days.

If you are in the UK or EU/EEA, you may also complain to your local data protection authority (in the UK, the Information Commissioner's Office at ico.org.uk). If you are a California resident, you have rights under CCPA including access, deletion and opt-out of sale — we do not sell personal data.

Sisters can only be added by scanning each other's QR code in person. There is no name search, no link sharing, no contact import. This is intentional, it keeps the network real-world and accountable.

You decide who to swap codes with. SheHaven cannot guarantee the safety, honesty or intentions of any other member, even if verified. Use the same care you would use meeting anyone new.

Sister Signals are a community signal, they are not an emergency-services replacement. If you are in immediate danger, call 999 (police, ambulance, fire). For non-urgent concerns the police number is 101. Domestic abuse helpline: 0808 2000 247. On the rail network you can text the British Transport Police on 61016.

If you press the Sister Signal button your IP address and location will be stored for 28 days and then deleted, to aid with any pending police investigations should they arise.

When a Sister Signal is in progress, both sisters can exchange a quick selfie so they can recognise each other on arrival. These photos are end-to-end encrypted in your browser using AES-GCM before upload. The server only ever stores ciphertext and cannot view them; only the two sisters involved in the alert can decrypt them.

Your location is only stored when you choose to share it (for the map and the Sister Signal system). You can turn it off at any time in your profile. "Track me" mode updates your pin while the map is open and stops automatically when you close the map.

Monitor Me lets you set a timer for a journey or activity and optionally share live location with chosen sisters. Location pings are kept only for the duration of the session and are automatically deleted when the session ends or expires. Scheduled check-ins follow the same rule.

Messages and check-ins you post inside a group are visible to the other members of that group. We retain them for the lifetime of the group so members can scroll back. You can leave a group at any time, and a group owner can delete the group, which removes its messages.

If you allow notifications, your device push token is stored so we can deliver Sister Signals, check-in reminders and group activity. We never use push tokens for marketing. You can revoke notifications at any time in your device settings.

Paid plans are handled by Stripe. Card details are entered directly into Stripe and never touch our servers — we only store your Stripe customer ID and your subscription status. See Stripe's privacy policy for how they handle payment data.

We send transactional emails (sign-in, verification outcomes, replies to your contact messages) via our email provider. Non-essential emails include a one-click unsubscribe link and we honour our suppression list. We do not sell or share your email address.

Features like the map, TfL station info, crime insights and safe-haven lookups call third-party APIs from our servers, not from your device. Your personal location is not forwarded to those providers — we query general areas only.

We use a small amount of browser storage to keep you signed in and remember basic preferences. We do not use advertising cookies or cross-site tracking.

You can delete your account from your profile at any time. Deletion wipes your profile, friendships, alerts, encrypted photos, group memberships, push tokens and your Stripe customer link. Some records may be retained briefly in backups or where required by law (e.g. an active police investigation) and are then permanently removed.

SheHaven is strictly for adults aged 18 and over. Accounts found to belong to anyone under 18 are removed immediately.

SheHaven is provided on an "as is" basis. To the fullest extent permitted by applicable law, SheHaven and its operators are not liable for any loss or harm arising from your use of the app, including any interaction with venues, friends or other members.

The locations shown in SheHaven are user-rated and SheHaven does not endorse any individual places or locations. User ratings are down to the individual sister who left them. Offensive, racist or discriminatory comments will be removed and the person's account will be deleted, no refund will be given if they are a paid subscriber.

We may update this policy as the app evolves. The "Last updated" date at the top will change, and for material changes we will notify affected members by email.