PRIVACY

Last updated: April 23, 2026

1971 Hook LLC ("we", "us") operates Dish KO. This policy describes what data we collect when you use the app, how we use it, and your rights.

What we collect

Information you give us directly

• Email + password (or an Apple Sign-In token + the email Apple supplies). Used to sign you in and recover your account.
• Your name + handle. Displayed on your profile and the leaderboard.
• Dish photos + captions + optional videos. The product.
• Social links (Instagram, TikTok, X, website), if you add them to your profile.
• Support messages you send us.

Information we generate from your use

• Duel votes, flames, follows, blocks, reports. Stored against your account id.
• Device push token. Used to deliver notifications (new follower, KO streaks). Not shared with anyone.
• Structured event logs (signup, login, duel vote, flame, etc.) with your user id. Used to run the product + monitor for abuse.
• Crash + performance data via Sentry. A device hash groups reports across sessions but is not tied to your name or email.

Information we DO NOT collect

• Precise location.
• Contacts.
• Health, finance, or biometric data.
• IDFA or any advertising identifier.
• Browsing or app usage outside Dish KO.

How we use it

• Run the product: show duels, count votes, maintain rankings, deliver notifications.
• Moderate content: review reports, block bad actors, enforce the Content Policy.
• Prevent abuse: rate-limit, detect vote manipulation, apply the pre-moderation gate.
• Communicate with you: email verification, password reset, service notices. We do not send marketing email unless you opt in.
• Improve reliability: Sentry for crash + performance signals. Aggregate only.

Who we share with

• Infrastructure providers — Hetzner (hosting), AWS (S3 storage, SES email), Apple (push notifications, Sign in with Apple), Sentry (crash reporting). Each sees only what's needed to provide their service.
• Law enforcement, where required by valid legal process or to protect people from imminent harm.
• Nobody else. We do not sell your data. We do not run ads. We do not share with data brokers.

Your rights

• Access: email support@dishko.app for a copy of your data.
• Correction: Profile → Edit fixes most things; ask support for anything you can't edit yourself.
• Deletion: Profile → Delete Account. Immediate cascade across posts, votes, follows, notifications. Irreversible.
• Portability: request a JSON export via support.
• Object or restrict: email support; we'll respond within 30 days.

If you're in the EU/UK, these rights are your GDPR rights. If you're in California, your CCPA/CPRA rights are equivalent.

Children

Dish KO is not for children under 13. If you believe a child has given us personal information, email support@dishko.app and we'll delete it.

Security

Passwords are stored as bcrypt hashes, not plaintext. Transport is HTTPS-only. Tokens are short-lived and can be invalidated by account deletion or a password reset. We've never had a breach; if we do, we'll notify you within 72 hours of confirming it.

Changes

We may update this policy. Material changes get an in-app notice. We keep the full changelog in this repository and will surface older versions on request.

Contact

privacy@dishko.app for privacy requests and support@dishko.app for everything else.