Terms of Service

1. Account Information

Data Collected

We may collect the following account-related information:

• Email Address
• Username
• Encrypted Password
• Profile Photo
• Bio or Profile Description

Purpose of Processing

This information is used as:

• Create and manage user accounts
• Authenticate users and prevent unauthorized access
• Display user profiles within the platform
• Communicate important service-related messages
• Provide customer support and ensure platform security

Legal Basis (GDPR – Article 6)

• Performance of a Contract – Account creation and service delivery
• Legitimate Interests – Security, fraud prevention, and service improvement
• Consent – Where optional profile data is provided

CCPA/CPRA Notice

• This information constitutes Personal Information under California law.
• We do not sell or share account information for cross-context behavioral advertising.
• California residents may request access, correction, or deletion of this data.

2. Photos & Media

Data Collected

We collect images, videos, and other media content that you choose to upload.

EXIF Metadata Handling

• By default, EXIF metadata (such as camera model, timestamps, and GPS coordinates) is automatically removed from uploaded media.
• You may explicitly enable metadata retention through app settings if you choose to share it.

Purpose of Processing

• Enable content sharing and interaction
• Support platform features such as posting, moderation, and discovery
• Ensure compliance with community standards and legal obligations

Legal Basis (GDPR)

• Consent – Media uploads and optional metadata
• Performance of a Contract – Content sharing features
• Legitimate Interests – Platform safety and moderation

CCPA/CPRA Classification

• Media content may be considered Personal Information or Sensitive Personal Information depending on content.
• We do not use uploaded media for targeted advertising without explicit consent.

3. Location Information (Optional)

We collect location-data only if you choose to enable it. Location services are optional and can be disabled at any time.

Types of Location Data

• City-Level Location

  Used for general regional features and analytics.

• Neighborhood-Level Location

  Used to enhance localized content or community features.

• Precise GPS Location

  Collected only with explicit opt-in permission and only while location-based features are active.

Purpose of Processing

• Provide location-relevant content and features
• Improve user experience and feature accuracy
• Enable optional discovery or tagging functionality

Legal Basis (GDPR)

• Explicit Consent (Article 6 & Article 9 where applicable)

CCPA/CPRA – Sensitive Personal Information

• Precise geolocation is classified as Sensitive Personal Information.
• California residents have the right to limit the use and disclosure of precise geolocation data.

4. Children’s Privacy (COPPA Compliance)

Our services are not directed to children under the age of 13.

• We do not knowingly collect personal information from children under 13.
• If we become aware that such data has been collected, we will promptly delete it.
• Parents or guardians may contact us to review or request deletion of a child’s information.

If the service later introduces child-directed features, we will:

• Obtain verifiable parental consent
• Provide clear parental access and deletion rights

5. Your Privacy Rights

GDPR (EEA/UK Users)

You have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion (“right to be forgotten”)
• Restrict or object to processing
• Data portability
• Withdraw consent at any time

CCPA/CPRA (California Residents)

You have the right to:

• Know what personal information we collect
• Access and receive a copy of your data
• Request deletion or correction
• Opt out of sale or sharing (if applicable)
• Limit the use of sensitive personal information
• Not be discriminated against for exercising your rights

Requests can be made via the contact details provided in the Contact Us section of this policy.

6. User Control & Choices

• You can update or delete your account information at any time.
• You can control profile visibility, media sharing, and location permissions.
• You can withdraw consent for optional data processing without affecting core services.

1. Device Information

What Information Is Collected

We may automatically collect technical information about the device you use to access our services, including:

• Device model and manufacturer
• Operating system and version
• Device language and regional settings
• App version and build number
• Device identifiers (in anonymized or pseudonymized form where required by law)

Why We Collect This Information

• To ensure compatibility across devices and operating systems
• To diagnose technical issues and bugs
• To optimize user experience and app performance
• To support customer service and troubleshooting

Legal Basis

• GDPR: Legitimate Interests (service functionality, security, and improvement)
• CCPA/CPRA: Classified as Personal Information (Identifiers & Internet Activity)
• COPPA: Collected only as necessary for internal operations and not used for behavioral profiling

2. App Usage and Activity

What Information Is Collected

We automatically collect information about how you interact with the app, such as:

• Pages or screens viewed
• Features used and interaction patterns
• Time spent in the app
• Search queries and navigation behavior
• Timestamps of activity

Why We Collect This Information

• To understand how users engage with features
• To improve usability and design
• To detect misuse, abuse, or violations of our terms
• To support analytics and product development

Legal Basis

• GDPR: Legitimate Interests; Consent where required for analytics or cookies
• CCPA/CPRA: Internet or network activity information
• COPPA: Usage data is aggregated and not used to create child profiles

3. IP Address

What Information Is Collected

We collect your Internet Protocol (IP) address when you access the service.

Why We Collect This Information

• To protect against fraud, abuse, and unauthorized access
• To detect suspicious activity and enforce security controls
• To approximate geographic location at a city or regional level
• To comply with legal and regulatory requirements

How IP Addresses Are Handled

• IP addresses are used primarily for security and operational purposes
• Where required by law, IP addresses are truncated, anonymized, or stored only temporarily
• IP data is not used for precise location tracking without explicit consent

Legal Basis

• GDPR: Legitimate Interests; Legal Obligation
• CCPA/CPRA: Identifier data
• COPPA: Used strictly for security and internal operations

4. Crash Logs & Performance Analytics

What Information Is Collected

We collect diagnostic and performance data, including:

• Crash reports and error logs
• Performance metrics (app load times, response times)
• Stack traces and failure points
• Limited device and app state information at the time of a crash

This data does not intentionally include the content of your messages, photos, or private communications.

Why We Collect This Information

• To identify and fix bugs and crashes
• To improve stability, reliability, and performance
• To prevent repeated failures and service interruptions
• To enhance overall user experience

Legal Basis

• GDPR: Legitimate Interests; Consent where required by analytics tools
• CCPA/CPRA: Operational and diagnostic data
• COPPA: Used only to maintain service functionality

5. Data Minimization & Retention

• Automatically collected data is limited to what is necessary for the stated purposes.
• Data is retained only for as long as required to:
  • Ensure security and performance
  • Comply with legal obligations
  • Resolve disputes or enforce agreements
• Data is deleted or anonymized when no longer needed.

6. Your Privacy Rights & Controls

• You may limit or disable certain analytics through device or app settings (where available).
• You can request access to, correction of, or deletion of personal data.
• California residents may opt out of data sharing (if applicable).
• EU/UK users may object to processing or withdraw consent at any time.

7. Children’s Privacy (COPPA)

• Automatically collected data from users under 13 (if any) is strictly limited to what is necessary for internal operations.
• No behavioral profiling, targeted advertising, or data selling is performed.
• Any accidental collection is promptly deleted upon discovery.

1. Provide and Operate the App

How Information Is Used

We use account information, device data, and technical information to:

• Create and manage user accounts
• Authenticate users and maintain secure sessions
• Enable core app functionality and features
• Ensure reliable access across devices and platforms

Legal Basis

• GDPR: Performance of a Contract
• CCPA/CPRA: Business Purpose
• COPPA: Necessary for internal operations

2. Display Your Posts to Users You Choose

How Information Is Used

We use your profile information, posts, and media content to:

• Display your content according to your privacy and sharing settings
• Allow interaction with other users you approve or make public
• Respect visibility controls such as private, followers-only, or public posts

You control who can view your content, and you may change visibility settings at any time.

Legal Basis

• GDPR: Performance of a Contract; Consent
• CCPA/CPRA: Personal Information used as directed by the user
• COPPA: Content sharing is limited and controlled

3. Enable Location-Based Discovery (If You Allow It)

How Information Is Used

If you enable location services, we may use your location data to:

• Show nearby or location-relevant content
• Enable discovery or tagging features
• Improve relevance of local interactions

Important Safeguards

• Location sharing is optional and opt-in
• Precise GPS location is collected only with explicit permission
• You can disable location access at any time

Legal Basis

• GDPR: Explicit Consent
• CCPA/CPRA: Sensitive Personal Information (Right to Limit)
• COPPA: Not enabled for children without parental consent

4. Detect Fraud, Abuse, and Security Threats

How Information Is Used

We use IP addresses, device information, and activity data to:

• Detect suspicious or malicious activity
• Prevent fraud, impersonation, and unauthorized access
• Protect users and platform integrity
• Enforce security policies and safeguards

This processing is essential to maintaining a safe and secure environment.

Legal Basis

• GDPR: Legitimate Interests; Legal Obligation
• CCPA/CPRA: Security and fraud prevention
• COPPA: Permitted internal operations

5. Improve Performance and Features

How Information Is Used

We use usage data, analytics, and crash reports to:

• Identify bugs and performance issues
• Analyze feature usage and improve usability
• Test and optimize new features
• Enhance stability, reliability, and scalability

Where required, analytics data is aggregated or anonymized.

Legal Basis

• GDPR: Legitimate Interests; Consent where required
• CCPA/CPRA: Operational improvement
• COPPA: Aggregated and non-profiling use only

6. Provide Support and Respond to Inquiries

How Information Is Used

When you contact us, we use your information to:

• Verify your identity
• Respond to questions or support requests
• Troubleshoot issues and resolve complaints
• Maintain records of support interactions

Legal Basis

• GDPR: Performance of a Contract; Legitimate Interests
• CCPA/CPRA: Customer service purpose
• COPPA: Limited to necessary communications

7. Enforce Our Terms of Service

How Information Is Used

We may use account, content, and activity information to:

• Investigate violations of our Terms of Service
• Enforce community guidelines
• Take corrective actions such as content removal or account suspension
• Comply with lawful requests from authorities

Legal Basis

• GDPR: Legitimate Interests; Legal Obligation
• CCPA/CPRA: Compliance and enforcement
• COPPA: Protection of users and service integrity

8. No Sale of Precise Location Data

We do not sell your precise location data.

• Precise geolocation is never sold, rented, or shared for advertising purposes
• We do not engage in cross-context behavioral advertising using location data
• Any use of location data is limited to the purposes described and subject to your consent

9. Purpose Limitation & User Control

• Your information is used only for the purposes described in this policy.
• You may withdraw consent or modify permissions at any time.
• You may request access, correction, or deletion of your data as permitted by law.

4.1 Photos and Content Visibility

At our service, we prioritize your control over the privacy and visibility of your photos to ensure a secure and personalized experience. This policy outlines how we handle the sharing and access to your uploaded or shared photos, empowering you to decide who can view them. We are committed to protecting your personal data in compliance with applicable privacy laws, such as GDPR and CCPA, and we do not share your photos with third parties without your explicit consent, except as required by law or to provide the service (e.g., for storage and delivery through secure cloud providers).

Visibility Settings for Photos

Your photos are visible only to the audience you explicitly select at the time of upload or posting. We provide flexible options to tailor visibility on a per-photo or per-post basis, allowing you to adjust settings anytime after upload. The available audience levels include:

• Private (Only You): When selected, the photo is accessible exclusively to you. No other users, including followers, friends, or the public, can view, download, or interact with it. This setting is ideal for personal archives or sensitive content. Photos in this mode are stored encrypted on our servers and are not indexed in any search features or recommendations.
• Followers / Friends: This option restricts visibility to your approved followers or friends list. Only users you have mutually connected with or followed back (depending on your account settings) can see the photo. If a user is removed from your followers/friends list later, they will lose access to previously shared photos under this setting. We notify you of any access attempts or changes in your network that might affect visibility.
• Public: Selecting this makes the photo visible to anyone on the platform, including non-registered users via public links or searches. Public photos may appear in feeds, search results, recommendations, or be shared further by others. While we provide tools to monitor views and engagements, once shared publicly, we cannot control external copies or distributions (e.g., screenshots or downloads by viewers).
• Custom List: For more granular control, you can create and select a custom list of specific users or groups. This allows you to handpick individuals (e.g., family members, colleagues) who can view the photo, excluding all others. Custom lists can be edited at any time, and changes take effect immediately—revoking access for removed users. We ensure that only listed users receive notifications or see the photo in their feeds.

Changing Visibility Per Post

You have full flexibility to modify the visibility of any photo or post after it's been shared. Simply access the photo's settings menu to update the audience selection. Changes are applied retroactively where possible: for example, switching from Public to Private will hide the photo from non-authorized users, though we cannot retract views or copies made prior to the change. Audit logs are available in your account dashboard to track visibility adjustments and access history for the past 30 days. If a photo is part of a larger post or album, you can apply changes to individual items without affecting the rest.

Additional Privacy Protections

• Data Handling and Security: All photos are encrypted in transit and at rest using industry-standard protocols (e.g., AES-256). We do not use your photos for training AI models or advertising without opt-in consent. Metadata (e.g., location, timestamps) is stripped or anonymized unless you choose to include it.
• Sharing and Permissions: When sharing photos via links or embeds, the visibility setting overrides any link permissions—e.g., a Private photo link will prompt authentication and only work for you. We prohibit unauthorized scraping or bulk downloads through technical measures like rate limiting and CAPTCHA.
• User Controls and Rights: You can delete photos at any time, which permanently removes them from our servers and revokes all access. Under privacy regulations, you have the right to request data exports, corrections, or erasure. If you suspect misuse (e.g., unauthorized access), report it via our support tools for investigation.

4.2 Location Sharing

We give you full control over how and when your location information is shared. Location data is attached only to a post or profile when you explicitly choose to include it, and it is never shared automatically without your action.

How Location Is Shared

Location information is displayed only in the context of your post or profile, based on your selected settings. We do not continuously track your location or attach location data to your activity without your consent.

Location Display Levels

City or Neighborhood (Default)

• By default, posts and profiles display city-level or neighborhood-level location only.
• This provides general geographic context without revealing your exact whereabouts.
• This level of location sharing is designed to balance discovery features with user privacy.

Privacy Safeguard: City and neighborhood locations are approximate and do not reveal precise GPS coordinates.

Precise Location (Optional)

• Precise location (exact GPS coordinates) is shown only on a specific post when you explicitly enable it.
• Precise location is never displayed by default and requires clear user action.
• You may remove or edit precise location information at any time by updating or deleting the post.

Legal Basis for Processing

• GDPR:
  • City/Neighborhood: Legitimate Interests
  • Precise Location: Explicit Consent
• CCPA/CPRA:
  • Precise geolocation is treated as Sensitive Personal Information
  • Users have the right to limit its use and disclosure
• COPPA:
  • Location sharing is restricted and not enabled for users under 13 without verifiable parental consent

User Control & Transparency

• You control whether location is attached to each post.
• Location permissions can be changed or revoked at any time via app or device settings.
• Deleting a post removes its associated location data.

No Continuous Tracking

• We do not track your real-time movements.
• Location data is used only for the post or profile where you choose to include it.
• Location is not stored or reused beyond the stated purpose.

Safety & Data Minimization

• Location data is limited to what is necessary for display and feature functionality.
• Precise location data is stored securely and retained only as long as the associated content exists.
• Access to location data is restricted and logged.

1. Encryption in Transit (HTTPS/TLS)

All data transmitted between your device and our servers is protected using HTTPS with Transport Layer Security (TLS) encryption.

What This Means

• Data is encrypted while in transit over the internet
• Prevents interception, eavesdropping, and man-in-the-middle attacks
• Ensures the confidentiality and integrity of transmitted information

Compliance Alignment

• GDPR: Article 32 (Security of Processing)
• CCPA/CPRA: Reasonable security procedures
• COPPA: Protection of children’s data during transmission

2. Encryption at Rest

We encrypt sensitive data stored on our servers, including:

• Uploaded images and videos
• Precise GPS location coordinates
• Other sensitive personal data as appropriate

What This Means

• Data is encrypted while stored in databases and file systems
• Encryption keys are securely managed and access-restricted
• Protects data in the event of unauthorized server or storage access

3. Role-Based Access Controls (RBAC)

Access to personal data is limited using role-based access controls.

What This Means

• Only authorized personnel can access personal data
• Access is granted based on job responsibilities
• Access is logged and monitored
• Regular access reviews are conducted

Purpose

• Reduces insider risk
• Enforces least-privilege principles
• Supports audit and compliance requirements

4. Rate Limiting & Abuse Pattern Detection

We implement rate limiting and behavioral monitoring to prevent misuse, including stalking, scraping, or harassment patterns.

What This Means

• Limits the number of requests or actions per user or IP
• Detects abnormal behavior patterns
• Helps prevent automated abuse and tracking attempts
• Supports user safety and platform integrity

5. Automatic EXIF Metadata Stripping

All uploaded images and videos are processed server-side to:

• Automatically remove EXIF metadata
• Strip GPS coordinates, device identifiers, and timestamps
• Prevent accidental disclosure of hidden location or device data

This occurs by default and cannot be bypassed unless you explicitly enable metadata retention (if offered).

6. Encrypted and Access-Controlled Backups

We maintain secure backups to ensure data availability and disaster recovery.

Backup Protections

• Backups are encrypted
• Access to backups is strictly limited
• Backup systems are protected by authentication and monitoring
• Backup retention follows defined data retention policies

Purpose

• Protects against data loss
• Supports business continuity and disaster recovery

7. Organizational & Administrative Safeguards

In addition to technical controls, we implement organizational measures, including:

• Employee confidentiality obligations
• Security training and awareness programs
• Incident response and breach notification procedures
• Vendor security assessments where applicable

8. Data Breach Response & Notification

In the event of a personal data breach:

• We will promptly investigate and contain the incident
• We will notify affected users and regulators as required by law
• We will take corrective actions to prevent recurrence

9. Limitations

While we use commercially reasonable security measures, no system can be guaranteed to be 100% secure. We continuously work to improve our security posture and encourage users to protect their account credentials.

1. Cloud Storage & Infrastructure Providers (e.g., AWS, GCP)

We may use cloud infrastructure and storage providers to:

• Host application servers and databases
• Store encrypted images, videos, and other content
• Provide scalability, availability, and disaster recovery
• Support system reliability and performance

Safeguards:

• Data is encrypted in transit and at rest
• Access is restricted and logged
• Providers are required to maintain industry-standard security certifications

2. Analytics Providers (Aggregated, Non-Identifying)

We may use analytics services to understand how users interact with our platform.

How Analytics Data Is Used

• To measure app performance and feature usage
• To identify trends and improve user experience
• To support product development and optimization

Privacy Protections

• Data is aggregated where possible
• Personal identifiers are minimized or removed
• Analytics providers are prohibited from using data for advertising or profiling
• Consent is obtained where required by law

3. Content Moderation Services

We may use automated and/or human moderation services to:

• Detect and prevent harmful, illegal, or abusive content
• Enforce community guidelines and Terms of Service
• Protect user safety and platform integrity

Privacy Protections

• Moderation access is limited to what is necessary
• Moderators are bound by confidentiality obligations
• Content is reviewed only for policy enforcement purposes

4. Content Delivery Networks (CDNs)

We may use CDNs to:

• Deliver images and media content faster
• Improve performance and reduce latency
• Enhance availability and reliability worldwide

Privacy Protections

• CDNs cache content securely
• Access is restricted and monitored
• CDNs process data only to deliver requested content

Contractual & Legal Restrictions on Third Parties

All third-party service providers are:

• Contractually restricted from using your personal information for any purpose other than providing services to us
• Required to follow our documented instructions
• Required to implement appropriate security measures
• Prohibited from selling, sharing, or retaining your data for their own benefit

GDPR Compliance (Data Processors)

Under GDPR, these providers act as data processors and:

• Process data only under our instructions
• Are subject to Data Processing Agreements (DPAs)
• Are required to assist with data subject rights requests
• Must notify us of security incidents

CCPA/CPRA Compliance (Service Providers / Contractors)

Under California law, these providers are classified as Service Providers or Contractors and:

• Are prohibited from selling or sharing personal information
• May not use data for cross-context behavioral advertising
• May not combine your data with other sources for their own purposes

COPPA Compliance

• Third parties are restricted to using children’s data (if any) solely for internal operations
• No third party may use children’s data for marketing, profiling, or advertising
• Verifiable parental consent is required where applicable

International Data Transfers

If data is transferred outside your country:

• We use appropriate legal safeguards (such as Standard Contractual Clauses)
• We implement additional technical and organizational protections
• Transfers are limited to what is necessary to provide the service

1. Right to Access & Download Your Data

What This Means

You have the right to request access to the personal information we hold about you and to receive a copy of that information in a commonly used, machine-readable format.

Includes

• Account and profile information
• Uploaded content (where technically feasible)
• Basic usage and activity data
• Location data associated with your account or posts (if any)

Legal Basis

• GDPR: Right of Access & Data Portability (Articles 15 & 20)
• CCPA/CPRA: Right to Know

2. Right to Delete Your Account & Data

What This Means

You may request deletion of your account and associated personal data at any time.

Important Notes

• Deleting your account will remove your profile and personal information from active systems
• Some data may be retained where required by law, for security, fraud prevention, dispute resolution, or compliance obligations
• Backups may be retained for a limited period and deleted in accordance with our retention schedules

Legal Basis

• GDPR: Right to Erasure (Article 17)
• CCPA/CPRA: Right to Delete

3. Right to Correct Inaccurate Information

What This Means

You may request that we correct or update any inaccurate or incomplete personal information.

Examples

• Incorrect email address
• Outdated profile details
• Inaccurate location information associated with your profile

Legal Basis

• GDPR: Right to Rectification (Article 16)
• CCPA/CPRA: Right to Correct

4. Right to Withdraw Consent for Location at Any Time

What This Means

If you previously gave consent to collect or display your location, you may withdraw that consent at any time.

How to Withdraw

• Disable location services in your device settings
• Change location-sharing preferences in the app
• Remove location data from specific posts

Withdrawing consent will not affect the lawfulness of processing that occurred before withdrawal.

Legal Basis

• GDPR: Right to Withdraw Consent
• CCPA/CPRA: Right to Limit Use of Sensitive Personal Information

5. Right to Opt-Out of Analytics (Where Applicable)

What This Means

Where analytics or similar technologies are used, you may have the right to opt out.

How This Works

• You may disable certain analytics through in-app settings (if available)
• You may use device-level privacy controls (e.g., Limit Ad Tracking)
• You may exercise applicable cookie or tracking preferences (for web-based services)

Legal Basis

• GDPR: Consent & Right to Object
• CCPA/CPRA: Right to Opt Out of Sale or Sharing (if applicable)

6. How to Exercise Your Rights

To exercise any of these rights, you may:

• Use in-app privacy or account tools (if available)
• Contact us through the Contact Us section of this Privacy Policy
• Submit a verified consumer request where required by law

Verification & Response Time

• We may need to verify your identity before processing certain requests
• GDPR: We typically respond within 30 days
• CCPA/CPRA: We typically respond within 45 days (with possible extension)

7. Non-Discrimination

We will not discriminate against you for exercising your privacy rights, including by:

• Denying services
• Charging different prices
• Providing a lower quality of service

8. Children’s Rights (COPPA)

• Parents or legal guardians may review, request deletion of, or refuse further collection of a child’s information
• We will promptly comply with verified parental requests
• Children under 13 are not permitted to use the service without parental consent (if applicable)

Children’s Privacy (COPPA)

Our services are not directed to children under the age of 13, and we do not knowingly collect, use, or disclose personal information from children under 13 years of age, in compliance with the Children’s Online Privacy Protection Act (COPPA).

No Knowing Collection

We do not knowingly collect personal information from children under 13. Our platform is intended for use by individuals who are at least 13 years old (or the minimum age required by applicable law in their jurisdiction).

We take reasonable steps to prevent the registration and use of our services by children under 13, including through age-gating or other appropriate measures where applicable.

Accidental or Improper Collection

If we become aware that we have inadvertently collected personal information from a child under 13 without verifiable parental consent, we will:

• Promptly delete such information from our active systems
• Take reasonable steps to ensure the information is not further processed
• Update our records to prevent further collection from that child

Parent or Guardian Requests

If you are a parent or legal guardian and believe that your child has provided us with personal information, you may contact us at the contact information provided in this Privacy Policy.

Upon verification, we will:

• Provide access to the child’s information (where required by law)
• Delete the child’s personal information
• Stop further collection or use of the child’s information

Immediate Deletion Commitment

Upon receiving a valid notice of improper collection, we will make commercially reasonable efforts to delete the information as soon as practicable, subject to any legal obligations to retain limited data for security or compliance purposes.

Why International Transfers Occur

We may transfer personal information internationally in order to:

• Operate and host our services using global cloud infrastructure
• Provide customer support and technical operations
• Enable content delivery and performance optimization
• Use trusted third-party service providers located in different countries

Legal Safeguards for Transfers (GDPR)

Where required by applicable law, including the GDPR, we implement appropriate legal and technical safeguards to protect your personal information, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• UK International Data Transfer Addendum (where applicable)
• Additional technical and organizational measures, such as encryption and access controls
• Transfers to countries recognized as providing an adequate level of data protection, where applicable

Data Protection Measures

Regardless of where your data is processed, we apply the same security and privacy protections described in this Privacy Policy, including:

• Encryption in transit and at rest
• Role-based access controls
• Contractual confidentiality obligations
• Incident response and breach notification procedures

CCPA/CPRA Considerations

For California residents:

• International processing does not change your rights under California law
• We do not sell or share personal information as part of international transfers
• Service providers remain subject to contractual restrictions

Transparency & User Rights

You may request additional information about international data transfers and the safeguards we use by contacting us using the details provided in this Privacy Policy.

Material Changes

If we make changes that materially affect how we collect, use, share, or otherwise process your personal information, we will take reasonable steps to notify you in advance, including through one or more of the following methods:

• In-App Notifications: We may display prominent notices within the app to inform you of material changes.
• Email Notifications (If Provided): If you have provided an email address, we may send you an email describing the material changes.

How Updates Take Effect

• Non-material changes (such as clarifications or formatting updates) may take effect immediately upon posting.
• Material changes will become effective after notice is provided, as required by applicable law.
• Continued use of the service after the effective date of an updated Privacy Policy constitutes acceptance of the updated terms, where permitted by law.

Your Rights Regarding Changes

• You may review the updated Privacy Policy at any time.
• If you do not agree with material changes, you may stop using the service and request deletion of your account and data.
• Where required by law, we will obtain your consent for certain changes before they take effect.