Privacy Policy

1. Information We Collect

1.1 Personal Information You Provide

When you create an account or use the App, we may collect the following:

• Account Information: Email address, username, first and last name, phone number, state of residence, and password
• Profile Information: Profile photo (optional)
• Shipping Information (when redeeming prizes): First name, last name, phone number, email address, street address, city, state, ZIP code, and apparel size
• User-Generated Content: Posts, comments, images, videos, and reactions you submit through the App
• Survey Responses: Answers to optional surveys within the App
• Counterfeit Reports: Product descriptions, QR code values, and images submitted when reporting suspected counterfeit products

1.2 Information Collected Automatically

When you use the App, we may automatically collect:

• Device Information: Device type, operating system, and unique device identifiers
• Usage Data: App interactions, screen views, feature usage, and session information (via Firebase Analytics / Google Analytics 4)
• IP Address and User Agent: Collected for security auditing and logged with account activity
• Push Notification Tokens: Device tokens for delivering push notifications via OneSignal
• Location Data: With your permission, we may collect your precise location to auto-fill shipping addresses for prize delivery. Location data is cached locally on your device and is not stored on our servers for user profiles.

1.3 Information from Third-Party Authentication

If you sign in using Google or Apple:

• Google Sign-In: We receive your email address and display name from your Google account
• Apple Sign-In: We receive your email address (or Apple's private relay email) and display name from your Apple account

We do not receive or store your Google or Apple passwords.

2. How We Use Your Information

We use the information we collect to:

• Provide and maintain the App, including account creation, authentication, and profile management
• Process product verifications via QR code scanning
• Facilitate the rewards program, including prize fulfillment and shipping
• Enable social features such as posting, commenting, and reacting to content
• Send transactional communications, including account verification emails, password reset codes, order confirmations, and shipping notifications
• Send push notifications about comments, reactions, event updates, and order status changes
• Moderate content to enforce community guidelines and maintain a safe environment
• Analyze usage patterns to improve App performance and user experience
• Ensure security by monitoring for unauthorized access, fraud, and abuse
• Provide event information including location-based event details and reminders
• Fulfill legal obligations and respond to lawful requests

3. Content Moderation

We use automated content moderation (powered by Amazon Web Services Rekognition) to analyze images and videos uploaded to the App. Content containing explicit nudity, violence, visually disturbing material, or hate symbols is automatically blocked. Content flagged for suggestive material, drugs, tobacco, alcohol, gambling, or rude gestures may be reviewed. Moderation events are logged for review by our team.

4. How We Share Your Information

We do not sell your personal information. We may share your information with the following categories of third parties:

4.1 Service Providers

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency).

4.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Storage and Security

• All data is transmitted over HTTPS (encrypted in transit)
• Passwords are hashed using bcrypt before storage
• Uploaded files are stored in private AWS S3 buckets
• Authentication uses JSON Web Tokens (JWT) with configurable expiration
• API endpoints are protected by rate limiting and security headers
• We use token versioning to enable force-logout of compromised sessions

While we implement commercially reasonable security measures, no method of transmission over the Internet or electronic storage is 100% secure.

6. Data Retention

• Account Data: Retained as long as your account is active. When you delete your account, your user record and associated data are removed from our database.
• User-Generated Content: Posts and comments may be retained even after account deletion if they are part of community threads. Hidden content is retained for moderation review purposes.
• Activity Logs: Security and audit logs (login events, account changes, IP addresses) are retained for security and debugging purposes.
• Moderation Logs: Records of content moderation decisions are retained for compliance and review.
• Shipping Information: Retained for order fulfillment, tracking, and customer support purposes.

7. Your Rights and Choices

7.1 Account Deletion

You may delete your account at any time through the App's profile settings. Account deletion removes your user record and cascades to related data.

7.2 Email Communications

You may unsubscribe from non-essential emails through the App. Transactional emails (account verification, password reset, order confirmations) cannot be opted out of while your account is active.

7.3 Push Notifications

You may disable push notifications through your device's system settings at any time.

7.4 Location Data

Location access is optional. You may deny or revoke location permission through your device settings. If denied, you can manually enter shipping addresses.

7.5 Tracking (iOS)

On iOS 14.5 and later, we request your permission before tracking your activity across other companies' apps and websites. You may deny this permission or change it in your device settings.

7.6 California Residents (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose
• Request deletion of your personal information
• Opt out of the sale of personal information (we do not sell personal information)
• Not be discriminated against for exercising your privacy rights

To exercise these rights, contact us at the information provided below.

8. Children's Privacy

The App is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information. If you believe a child under 18 has provided us with personal information, please contact us.

9. Third-Party Links

The App may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last Updated" date at the top of this Privacy Policy. Your continued use of the App after changes are posted constitutes your acceptance of the updated Privacy Policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: