Privacy Policy
Last updated 12 June 2026
HotPlace is a live map for discovering places through real activity and honest reviews. This policy explains what personal data we collect, why, who we share it with, and the rights you have under Singapore's Personal Data Protection Act 2012 (PDPA). We've tried to write it the way we write everything else: short, specific and honest.
Who we are and how to reach us
HotPlace ("HotPlace", "we", "us") operates the HotPlace mobile application and the website at hotplace.app from Singapore.
Our Data Protection Officer can be reached at privacy@hotplace.app. The mailbox is monitored during Singapore business hours, and we aim to respond to any privacy request within a reasonable time and in any case as the PDPA requires.
Data we collect
- Account data. Your username, display name, and optionally a short bio and a profile picture. Your password is stored only as a salted hash using a modern memory-hard algorithm (Argon2id) — we never store or see it in plain text. Accounts created with Google sign-in have no password at all.
- Contact data.Your email address (optional), and your phone number if you choose to verify one. Phone verification is optional and exists for exactly one reason: it gates joining a shop's queue. We store the number and the fact that it was verified.
- Google sign-in data. If you sign in with Google, we verify your Google identity token and receive your basic profile: name, email address and profile picture. We use it to create or link your HotPlace account and nothing else.
- Location data.Two distinct uses. First, the map: your device's GPS position is used to centre the map and show what's hot near you — this position is used live and is not stored on our servers. Second, queues: when you join a shop's queue, we check your coordinates against the shop's join radius and record the coordinates of that join on your queue ticket, together with your name and phone number at that moment, so the ticket is a stable record. We never collect location in the background.
- Content you create. Reviews, ratings and review photos; place submissions and suggested edits; bookmarks and your recent searches (both private to you); and who you follow.
- Rewards and wallet data. If you earn rewards for verified reviews, we keep a wallet ledger: every credit, its amount, the review that caused it, and the state of each withdrawal. Ledger entries are append-only — they are a financial record and are never silently edited.
- Identity verification (KYC). Before your first cash withdrawal we may require identity verification through a specialist provider. The provider handles your documents; on our side we store only a reference to the verification and its result (verified or rejected) — not the documents, and not your NRIC details. See the NRIC section below.
- Device and service data. Push notification tokens (only if you enable notifications), and standard server logs kept for security and reliability. The app currently includes no third-party analytics or advertising SDKs; if that ever changes, this policy will be updated first.
Why we collect it
We collect and use personal data for these purposes:
- Operating the service: the map, reviews, queues, bookmarks, follows, notifications and your profile.
- Computing place hotness from aggregate recent activity. Hotness is calculated per place, not per person — your individual movements are never published or sold.
- Verifying that reviews and queue joins are genuine (this is what the location check and phone verification are for), and preventing spam, fraud and abuse.
- Running the reviewer rewards programme: crediting verified reviews, processing withdrawals, and meeting record-keeping duties that come with paying people.
- Communicating with you about your account and the service. Marketing messages are sent only if you opt in, and every one of them can be turned off.
- Meeting our legal obligations.
We do not sell personal data, and we do not use your data for third-party advertising.
Consent, and taking it back
We collect personal data with your consent — given when you create an account, grant a device permission (like location or notifications), or use a feature that plainly requires the data (joining a queue requires checking where you are). We only use data for purposes a reasonable person would consider appropriate in the circumstances.
You can withdraw consent at any time: revoke device permissions in your phone's settings, turn off notifications, or write to privacy@hotplace.app. We will explain the consequences before acting — withdrawing consent for essential processing (for example, location while joining a queue) simply means that feature can't work for you.
What other people can see
Your public profile shows your username, display name, bio, profile picture, your published reviews (with their photos and ratings) and your follower and following counts. If you anonymise a review, your byline is hidden from it permanently. Your bookmarks, search history, wallet, phone number and email are private. Your precise location is never shown to anyone.
Who we share data with
We share personal data only with providers who process it on our behalf to run HotPlace:
- Database and file storage — our managed Postgres database and the storage bucket that holds review photos (currently Supabase).
- Map and place search— when you search for a place, your search terms (and the area being searched) may be sent to Google's Places service to supplement our own results. The request goes through our servers; Google does not receive your HotPlace identity.
- Push notifications— delivery through Expo's push service to your device.
- Sign-in — Google, if you choose Google sign-in.
- Identity verification and payouts — if you withdraw rewards, a KYC provider verifies your identity and a payment provider moves the money. They receive what they need for that task and nothing more.
We may also disclose data where the law requires it or to protect the safety of our users. There are no other recipients.
Where data is stored
Our infrastructure is hosted in the Asia-Pacific region, targeting Singapore (AWS ap-southeast-1). Some providers above may process data outside Singapore. Where personal data leaves Singapore, we transfer it only under arrangements — contractual or otherwise — that ensure a standard of protection comparable to the PDPA, as section 26 of the Act requires.
Cookies
The website sets a single, strictly necessary session cookie to keep you signed in. It is httpOnly (not readable by scripts) and is not used for tracking or advertising. There are no analytics or advertising cookies. Details live in the Cookie Policy.
How we protect data
- Passwords hashed with Argon2id; never stored or logged in plain text.
- Sessions carried in httpOnly cookies, inaccessible to browser scripts; all traffic over HTTPS.
- API keys for third-party services (maps, storage, push) are held server-side only and never shipped in the app or to the browser.
- The wallet ledger is append-only, so financial history cannot be silently altered.
- Administrative access is role-gated and actions on your content or wallet are recorded with the actor who performed them.
How long we keep data
We keep personal data only as long as it serves the purposes above or as the law requires:
- Account data: for the life of your account, then deleted or anonymised within 30 days of account deletion.
- Reviews you retract: removed from public view; where a paid reward has already been withdrawn against a review, the review may instead be anonymised (your name removed) — the policy on this is described in the Rewards Programme Terms.
- Wallet, payout and identity-verification records: retained after account deletion for as long as financial record-keeping and anti-fraud obligations require.
- Queue ticket snapshots: kept for the operational life of the queue record.
- Server logs: kept briefly for security and then rotated out.
Your rights
Under the PDPA you may:
- Access — ask what personal data of yours we hold and how it has been used or disclosed in the past year.
- Correction — ask us to correct inaccurate or incomplete data.
- Withdrawal — withdraw consent, as described above.
- Deletion — delete your account and personal data; see Delete your account for exactly how, and what is retained.
Send any request to privacy@hotplace.app. If you are unhappy with our handling of your data or your request, tell us and we will try to put it right; you may also complain to Singapore's Personal Data Protection Commission (PDPC).
NRIC and identity documents
We do not collect NRIC numbers or identity documents at sign-up, and we never will for ordinary use of HotPlace. Identity verification happens only if you withdraw cash rewards, it is performed by a specialist verification provider, and it is done because verifying identity to a high degree of accuracy is necessary before paying out money. The provider holds the documents; we store only the verification result.
If something goes wrong
If a data breach occurs that is likely to result in significant harm to you, or affects 500 or more people, we will assess it promptly, notify the PDPC as soon as practicable (and in any case within three calendar days of assessing it as notifiable), and notify you directly where the law requires it.
Children
HotPlace is not directed at children under 13, and we do not knowingly collect personal data from them. If you believe a child has created an account, contact us and we will remove it.
Changes to this policy
We may update this policy as the service evolves — for example, when deferred features such as real SMS verification or new payout providers go live. Material changes will be announced in the app or by email before they take effect. The date at the top shows the last revision.