Legal · Document 04

Delete your H2H account

Updated 2026-05-04

This page explains how to permanently delete your H2H Proximity account and all associated data, both on your device and on our servers.

⚠ This action is permanent

Once you delete your account, your local chat history, attachments, identity, and all preferences are erased from your device. Your anonymous backend identity and any optional profile metadata are deleted from our servers. None of this can be recovered.

1. Delete from inside the app (recommended)

The fastest and most complete way to delete your account is from inside the H2H Proximity app:

Steps

  1. Open the H2H Proximity app on your device.
  2. Tap your profile icon (top-right of the radar screen).
  3. Scroll to the Danger Zone section at the bottom of the Profile page.
  4. Tap Delete account.
  5. Read the confirmation dialog carefully, then tap Delete.

The app will then:

  • Delete your optional profile metadata document from our Firestore servers.
  • Delete your anonymous Firebase Authentication identity from our servers.
  • Erase your local chat history database and all message states.
  • Erase all chat attachments, voice recordings, and announcement-voice cache files from device storage.
  • Erase your device-bound cryptographic identity, Proximity preferences, and security material.
  • Sign you out of all backend services.
  • Run a postcondition audit and report whether anything remained. If anything fails to delete, the app surfaces an error so you can retry or contact us.

2. Request deletion by email (alternative)

If you cannot access the app — for example, you have already uninstalled it, lost the device, or the in-app deletion is failing — you can request deletion by email instead.

How to request

Send an email to privacy@h2hprotocol.com with:

  • Subject: "Account deletion request"
  • Body: a brief statement that you wish to delete your H2H account.
  • Optional: if you remember your six-character peer ID (visible in the app under Profile → Device & Identity), include it. This helps us locate any optional profile metadata associated with your account. Without it, we will still process the request based on identity-verification information you provide.

We aim to respond within 30 days of receiving a verifiable deletion request, in line with applicable data-protection law. If we cannot fulfil your request in that time, we will tell you why and provide an updated timeline.

3. What gets deleted

Whether you delete from inside the app or by email, the following data is removed:

  • Server-side: your anonymous backend identity (Firebase Auth account), your optional profile metadata document (Firestore users/{aid} — display name, photo, last-active timestamp).
  • Device-side (in-app deletion only): chat history database, message states, blocked-peer records, attachments, voice recordings, announcement-voice cache, peer profile cache, selected keywords, Proximity on/off state, security keys, identity material, all app preferences.

4. What may persist briefly

For service operation, abuse prevention, and legal compliance, the following data may be retained for the periods documented in our Privacy Policy § 6.3:

  • Push-notification delivery records (up to 30 days).
  • Crash reports and diagnostic logs (up to 90 days).
  • Server-side abuse-prevention records, if any (up to 6 months).
  • Operational backups of relay infrastructure (up to 30 days).
  • Audit and security records required by law (typically up to 7 years).

These records are not associated with your message content or your active identity after deletion — they exist as required by service operation and applicable law.

5. Data we never store on our servers

The following are never sent to our servers in the first place, so deletion is automatic the moment they leave your device:

  • Your chat messages, voice notes, images, files (these are end-to-end between peers, not stored on our relay).
  • Your Pulses content (encoded as a 1-byte index over BLE, not as plain text on the wire).
  • Your selected keywords (used locally for matching; advertised pseudonymously over BLE).

6. After deletion

You can reinstall H2H Proximity at any time. A new anonymous identity will be generated locally on first launch, and you will be treated as a new user. There is no link between your old and new identities — they are cryptographically distinct.

7. Questions

If anything on this page is unclear, or if you encounter problems with the deletion flow, please contact us at privacy@h2hprotocol.com. For general support, write to support@h2hprotocol.com.