Privacy Policy

Effective Date: July 25, 2025

Last Updated: July 25, 2025

Introduction

At Shoutout (the "App"), protecting your privacy and personal data is our highest priority. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our proximity-based social networking application.

This Privacy Policy applies to all users of Shoutout and is designed to comply with:

  • EU General Data Protection Regulation (GDPR)
  • Austrian Data Protection Act (DSG)
  • Children's Online Privacy Protection Act (COPPA) where applicable
  • Other applicable privacy and data protection laws

By using Shoutout, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

1.1 Personal Data You Provide

Account Registration:

  • Name (first and last)
  • Email address
  • Phone number
  • Date of birth (for age verification)
  • Profile photo and bio (optional)

Verification Data:

  • Facial scan data via Yoti Face Scan (processed by Yoti, not stored by us)
  • Government-issued ID (optional, for enhanced verification)
  • Phone number verification codes

Profile Information:

  • Profile photos and videos
  • Bio and personal descriptions
  • Preferences and interests

1.2 Automatically Collected Data

Location Information:

  • Approximate location (randomized within 200m radius)
  • We do NOT store or share your precise GPS coordinates
  • Location data is used only for proximity-based matching

Usage Data:

  • App interactions and feature usage
  • Connection requests sent and received
  • Time spent in different app sections
  • Error logs and crash reports

Device Information:

  • Device type and operating system
  • Unique device identifiers
  • IP address (temporarily, for security)
  • Mobile network information

Communication Data:

  • Messages between users (encrypted)
  • Report submissions and safety notifications
  • Customer support communications

1.3 Information from Third Parties

Age Verification (Yoti):

  • Yoti processes facial scan data to verify age
  • We receive only age verification results, not biometric data
  • Yoti's privacy policy governs their data processing

Social Media (Optional):

  • If you connect social media accounts, we may receive basic profile information
  • This is entirely optional and user-controlled

2. How We Use Your Information

2.1 Core App Functionality

  • Account Management: Creating and maintaining your user account
  • Age Verification: Ensuring users meet minimum age requirements
  • Proximity Matching: Showing nearby users (with location privacy)
  • Age Separation: Preventing interaction between minors and adults
  • Communication: Enabling secure messaging between matched users

2.2 Safety and Security

  • Content Moderation: AI-powered detection of inappropriate content
  • User Safety: Investigating reports and preventing abuse
  • Fraud Prevention: Detecting fake accounts and suspicious activity
  • Security Monitoring: Protecting against unauthorized access and threats

2.3 Service Improvement

  • Analytics: Understanding app usage to improve features
  • Performance Optimization: Identifying and fixing technical issues
  • Feature Development: Developing new safety and user experience features
  • Research: Conducting privacy-preserving research on user behavior

2.4 Legal Compliance

  • Law Enforcement: Responding to valid legal requests
  • Regulatory Compliance: Meeting obligations under applicable laws
  • Safety Reporting: Reporting serious safety concerns to authorities when required

2.5 Communications

  • Service Updates: Notifying you of important app changes
  • Safety Alerts: Communicating security or safety information
  • Customer Support: Responding to your questions and concerns
  • Marketing: Promotional communications (with your consent, where required)

3. Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contract Performance: Processing necessary to provide Shoutout services
  • Legitimate Interests: Safety, security, and service improvement
  • Legal Obligation: Compliance with applicable laws and regulations
  • Consent: Marketing communications and optional features
  • Vital Interests: Protecting users from serious harm

4. Information Sharing and Disclosure

4.1 We DO NOT Share Your Data Except:

With Other Users (Limited):

  • Profile information you choose to make visible
  • Messages you send (encrypted end-to-end)
  • Your randomized location for proximity matching

With Service Providers:

  • Yoti (age verification processing)
  • RevenueCat (subscription management)
  • Cloud hosting providers (encrypted data storage)
  • Analytics services (anonymized data only)

For Legal Reasons:

  • Valid court orders or legal process
  • Law enforcement requests for serious crimes
  • Protecting users from imminent harm
  • Enforcing our Terms of Service

Business Transfers:

  • In case of merger, acquisition, or sale of assets (with equivalent privacy protection)

4.2 We Never Share:

  • Your precise location coordinates
  • Your private messages content (except for safety moderation)
  • Your personal data for advertising or marketing by third parties
  • Data with unauthorized parties or for commercial gain

5. Data Security and Protection

5.1 Security Measures

  • Encryption: All data encrypted in transit and at rest
  • Access Controls: Strict employee access limitations
  • Regular Audits: Security assessments and vulnerability testing
  • Secure Infrastructure: Industry-standard cloud security practices

5.2 Age Verification Security

  • Facial scan data processed by Yoti, not stored by us
  • Age verification results only (no biometric data retention)
  • Secure transmission protocols for all verification data

5.3 Communication Security

  • End-to-end encryption for user messages
  • Automated content moderation before message delivery
  • Secure reporting mechanisms for safety concerns

6. Data Retention

6.1 Account Data

  • Active Accounts: Retained while your account is active
  • Deleted Accounts: Most data deleted within 30 days
  • Legal Requirements: Some data retained as legally required

6.2 Specific Retention Periods

  • Messages: Deleted when either user deletes their account
  • Location Data: Processed in real-time, not stored long-term
  • Usage Analytics: Anonymized after 12 months
  • Safety Reports: Retained for investigation and legal compliance

6.3 Data Minimization

We collect and retain only data necessary for legitimate purposes and delete data when no longer needed.

7. Your Privacy Rights

7.1 All Users Can:

  • Access: Request copies of your personal data
  • Correct: Update incorrect or incomplete information
  • Delete: Request deletion of your account and data
  • Control: Manage privacy settings and data sharing preferences
  • Download: Export your data in a portable format

7.2 GDPR Rights (EU Users)

  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request data deletion ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for optional processing

7.3 Exercising Your Rights

Contact us at [Email] to exercise any privacy rights. We respond within 30 days and verify your identity before processing requests.

8. Children's Privacy

8.1 Age Requirements

  • Minimum age: 14 years old
  • Users under 18 require parental consent
  • Special protections for all minor users

8.2 Parental Rights

Parents of users under 18 can:

  • Review their child's personal data
  • Request deletion of their child's data
  • Withdraw consent for data processing
  • Contact us about their child's account

8.3 Enhanced Protections for Minors

  • Stricter content moderation
  • Age-based user separation
  • Limited data collection
  • Enhanced privacy settings
  • Parental oversight capabilities

9. International Data Transfers

9.1 Data Processing Locations

Your data may be processed in:

  • European Union (primary)
  • Countries with adequate data protection (EU adequacy decisions)
  • Other countries with appropriate safeguards (Standard Contractual Clauses)

9.2 Transfer Safeguards

  • Standard Contractual Clauses approved by EU Commission
  • Binding Corporate Rules where applicable
  • Adequacy decisions for certain countries
  • Your explicit consent where required

10. Cookies and Tracking

10.1 Types of Cookies We Use

  • Essential Cookies: Required for app functionality
  • Analytics Cookies: Understanding app usage (anonymized)
  • Security Cookies: Preventing fraud and abuse

10.2 Your Cookie Choices

  • Essential cookies cannot be disabled (required for functionality)
  • You can opt out of analytics cookies in app settings
  • Clear cookies through your device settings

10.3 Third-Party Tracking

We do not allow third-party advertising tracking or behavioral profiling for marketing purposes.

11. California Privacy Rights (CCPA)

11.1 Information Categories

We collect the following categories of personal information:

  • Identifiers (name, email, phone)
  • Personal characteristics (age, photos)
  • Internet activity (app usage)
  • Geolocation data (approximate, randomized)

11.2 Your CCPA Rights

  • Right to Know: What personal information we collect and how it's used
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of sale of personal information (we don't sell data)
  • Right to Non-Discrimination: Equal service regardless of privacy choices

12. Updates to This Privacy Policy

12.1 Policy Changes

We may update this Privacy Policy to reflect:

  • Changes in our data practices
  • Legal or regulatory requirements
  • New app features or functionality

12.2 Notice of Changes

  • Material Changes: 30 days advance notice via app notification
  • Minor Changes: Updated "Last Updated" date
  • Emergency Changes: Immediate notice for security or legal reasons

12.3 Continued Use

Continued use of Shoutout after policy updates constitutes acceptance of the revised Privacy Policy.

13. Contact Information

13.1 Privacy Questions

For any privacy-related questions or concerns:

  • Email: [Privacy contact email]
  • Response Time: Within 48 hours for urgent privacy matters

13.2 Data Protection Officer

For GDPR-related inquiries:

Email: [DPO contact email]

13.3 Supervisory Authority

EU users can contact their local data protection authority if unsatisfied with our response to privacy concerns.

This Privacy Policy is designed to be transparent about our data practices while ensuring your privacy and safety on Shoutout.