Privacy Policy
Last updated: May 3, 2026
The short version
- We collect your email, listening preferences, and playback progress. That’s it.
- We may use Google Analytics on web for aggregate usage metrics.
- No ads. No data sales. No fingerprinting.
- You can export or delete your data anytime from Settings.
1. Who We Are
Held is a service of ManovaAI LLC. If you have questions about this policy or your data, contact us at support@held.fm.
2. What We Collect
We collect only what we need to run the service. Here is a complete list:
| Data | Purpose | Legal Basis |
|---|---|---|
| Email, hashed password, display name | Authentication | Contract |
| Listening progress, playback speed, preferred categories | Service functionality | Contract |
| Bookmarks, notes, reviews | Features you use | Contract |
| Subscription status, plan, provider, credit balance | Payment processing | Contract |
| One-way hash of email (Stripe users) | Trial fraud prevention | Legitimate interest |
| Web usage events and device/browser metadata | Aggregate product analytics | Legitimate interest |
Your password is always hashed — we never store it in plain text.
3. What We Do Not Collect
We believe in collecting less, not more. Here is what we deliberately do not collect:
- No advertising pixels or retargeting beacons
- No device fingerprinting
- No advertising identifiers
- No location data
- No contacts or address book access
- No cross-app or cross-site ad tracking
5. Sign-In Providers
When you sign in with Google or Apple, we receive only your email address and a unique identifier. We do not access your contacts, calendar, photos, or any other data from your Google or Apple account.
6. How Our Content Is Made
All stories on Held are originally produced by our creative team using proprietary tools and technology. No user data is used in content production. Your listening habits, preferences, and personal information are never fed into our content creation process.
7. Data Retention
- Active account: Your data is retained while your account is active.
- Account deletion: When you delete your account, your data enters a 30-day grace period. If you change your mind, sign in again during that window to restore it automatically. After that, the app account is hard-deleted. Limited purchase and activity records may still be retained internally for audit, fraud prevention, accounting, and legal compliance.
- Trial prevention hashes: Retained indefinitely for fraud prevention. These are one-way hashes and cannot be linked back to your identity.
- Payment records: Retained as required for accounting, tax, and dispute resolution purposes.
8. Your Rights
For all users
- Export your data — request from Settings or email support@held.fm
- Delete your account — request from Settings or email support@held.fm
- Email us — support@held.fm for any data request
If you are in the EU/EEA (GDPR)
You have the right to access, rectification, erasure, data portability, restriction of processing, and objection. ManovaAI LLC is the data controller. To exercise any right, use the self-service tools in Settings or email support@held.fm.
If you are in California (CCPA/CPRA)
You have the right to know what personal information we collect, the right to delete it, and the right to opt out of the sale of personal information. We do not sell your personal information. We honor Global Privacy Control (GPC) browser signals.
9. Children's Privacy
Held is not directed at children under 16. We do not knowingly collect personal information from anyone under 16. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child under 16 has provided us with personal information, please contact us at support@held.fm.
11. Changes to This Policy
We may update this policy from time to time. The “Last updated” date at the top of this page will change. For material changes, we will notify you via email or an in-app notice.
12. Contact
For any questions or concerns about this Privacy Policy or your data, contact us at support@held.fm.