Five by Hashgrid — Privacy Policy

Version 2026-05-06 · Effective as of this date.

1. Who we are

Five is operated by Hashgrid. This Privacy Policy explains what data Five collects, how it is used, who it is shared with, and how you can access, export, or delete it. It applies to the Five mobile app and to the public web pages hosted at five.hashgrid.ai.

2. Eligibility

Five is intended for users 17 and older. We ask for an age attestation before profile completion, listings, direct messaging, AI features, and push notifications. Users below the threshold cannot access social features and may only use Delete Account, Privacy, Terms, and Support.

3. Data we collect

We collect only what we need to operate the service. Data collected from the Five app is linked to your identity (your account):

3.1 Contact information

• Name — the display name you choose; visible to other users.
• Email address — provided by Sign in with Google or Sign in with Apple; used to identify your account and to deliver account-related email such as deletion verification.

3.2 User content

• Profile content — display name, sex, date of birth, location text, optional avatar.
• Listings — the text and metadata of any listing or node you publish.
• Direct messages — message text, timestamps, and recipients of chats you send and receive in Five.
• Photos — avatar images you upload. New-account avatars are held for human review before they are visible to other users.

3.3 Location

• Coarse location — the city/region text you provide on your profile. Five does not request GPS or device-level location.

3.4 Search history

• In-app searches — the queries you run inside Five, retained against your account to power the experience.

3.5 Identifiers

• User ID — the internal account identifier we assign you.
• Push device tokens — APNs (iOS) and FCM (Android) tokens registered to your account so we can deliver chat notifications. We do not use these for advertising or tracking.
• Identity provider subject — the Google or Apple subject identifier returned during sign-in, stored to recognize returning logins.

4. How we use data

All data is used for App Functionality only. Five does not run advertising, does not sell or share data for cross-app tracking, and does not use the App Tracking Transparency framework.

• To create your account and authenticate you (Sign in with Google, Sign in with Apple).
• To show your profile to other Five users.
• To deliver direct messages, listings, and matches.
• To deliver push notifications for new direct messages. Notification body is your sender's display name plus the literal phrase "wrote you a message" — we do not include message content in push payloads.
• To moderate content (review reports, hold avatars for review, enforce blocks, retain evidence).
• To respond to support, deletion, or child-safety requests.

5. AI-generated content

Five includes an AI assistant. AI processing is off by default and only runs after you explicitly consent in the app. We record the timestamp of your consent (ai_processing_consented_at) and block all AI calls until consent exists.

• Provider: we use a third-party large language model provider (OpenAI-compatible) configured by Hashgrid. The provider name in effect at the time you read this is published in our in-app AI consent screen.
• What is sent: the chat or listing context relevant to your AI request, plus minimal account context required to respond. We do not send your email address, identity-provider subject, or push tokens to the AI provider.
• Retention: the AI provider may temporarily process inputs/outputs under its own terms; Hashgrid does not allow the provider to use your content to train models.
• Reportable: AI-generated responses are user-visible content and can be reported the same way human messages can.
• Withdrawal: you can withdraw AI consent at any time, after which no further LLM calls will be made for your account.

6. Sharing and third-party services

We share the minimum required with these processors:

• Google — Sign in with Google authenticates you; we receive an ID token, your email, and your Google subject identifier.
• Apple — Sign in with Apple authenticates you; we receive an identity token, your Apple subject identifier, and an authorization code we use to call Apple's revoke endpoint when you delete your account.
• Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM) — deliver push notifications to your device. We send the sender's display name and the literal phrase "wrote you a message" only.
• Object storage — avatars are stored in object storage operated on Hashgrid's behalf, accessed via signed URLs.
• AI provider — see Section 5.

We do not sell personal data. We do not share data with advertisers, data brokers, or analytics networks.

7. Data retention, deletion, and anonymization

You can delete your Five account at any time:

• In the app: Profile → Delete account.
• On the web: at five.hashgrid.ai/legal/delete-account — we send a one-time email verification link, then call DELETE /accounts/me on your behalf.

On deletion:

• Hard-deleted: your account record, profile/users you own across grids, your chat memberships, and your push device tokens.
• Anonymized: message content is replaced with [deleted]; listings/edges retain row continuity for other users but personal text fields are nulled; your display name is replaced with [deleted user] and your avatar URL, Apple subject, and Google subject are cleared on any retained rows.
• Retained for moderation evidence: reports where you are reporter or target, immutable evidence snapshots, and any media under active CSAE/CSAM review. Personal fields on these rows are minimized as described above.
• Apple revoke: if you signed in with Apple, we call POST https://appleid.apple.com/auth/revoke to unlink your Apple ID from Five before completing deletion.
• Push: deletion stops all future notifications immediately.

Beyond account deletion, we retain operational logs (server/access logs, error logs) for a short period for security and reliability. These do not contain message contents.

8. Security

Data is transmitted over HTTPS. Authentication uses signed JWTs. Avatar uploads are stored in object storage with signed-URL access. Apple refresh tokens used for revoke are encrypted at rest. We restrict administrative moderation endpoints to an internal admin token and log access.

9. Children's safety

Five is not for users under 17 and we do not knowingly collect data from them. If you believe a Five user is under 17, contact us at the child-safety address below and we will investigate. We publish a separate Child Safety Standards page describing our reporting flow, takedown SLA, and NCMEC procedure.

10. Reporting and moderation

You can report users, messages, AI-generated assistant messages, and avatars from inside the app. You can block other users from your profile, the chat header, or the message long-press menu. Blocks are enforced server-side on every list, send, and notification path. Direct messages are not filtered before sending; abuse is handled after the fact through reporting, blocking, and moderation review.

11. Your rights

You can review, correct, or delete profile information from inside the app at any time. For access or portability requests beyond what the app exposes, or if you are in a jurisdiction that grants additional rights (e.g., GDPR, CCPA), email support@hashgrid.ai.

12. International transfers

Five is operated from the United States. If you access Five from outside the US, your data is processed in the US and other regions where our processors operate. By using Five you consent to that transfer.

13. Changes to this policy

We will publish a new version identifier and effective date at the top of this page when we update this policy. Continued use after the effective date constitutes acceptance of the updated policy.

14. Contact

• General support: support@hashgrid.ai
• Account deletion (web): five.hashgrid.ai/legal/delete-account
• Privacy questions: privacy@hashgrid.ai
• Child-safety reports: office@hashgrid.ai