Privacy Policy

1.1 Account Information

When you register for an account, we collect:

• Your name
• Your email address
• Your phone number (used for OTP verification)
• A password (stored in encrypted form)

1.2 Phone Number & SMS / OTP Verification

To verify your identity during account registration and login, we send a One-Time Password (OTP) via SMS to the phone number you provide. By entering your phone number and submitting the registration or login form, you expressly consent to receive SMS messages from Footprinx™ for authentication purposes only.

• Message frequency: 1 message per authentication request (login or account verification).
• Msg & data rates may apply.
• Opt-out: Reply STOP to any SMS to stop receiving messages. After opting out you will no longer be able to use SMS-based login; contact us to switch to an alternative authentication method.
• Help: Reply HELP to any SMS for assistance, or email [email protected].
• Carriers are not liable for delayed or undelivered messages.

We do not use your phone number for marketing, promotional, or any purpose other than authentication. Your phone number is never sold or shared with third parties for marketing purposes.

See our SMS Opt-In Flow page for a full visual example of how consent is collected in the app.

1.3 Location Data

With your permission, the App collects your device's location data to provide location-based features. You can enable or disable location access at any time through your device settings. We do not share your location data with third parties for advertising purposes.

1.4 User-Generated Content

When you create guides, journals, places, comments, or upload photos and videos, we store that content so the App can display it back to you and (if you choose to share it) to others. Photos and videos are stored in private cloud storage; only you can read your private content. Content you mark public goes through the review process described in Section 5.

Important: once you share content (publicly or via an invite link), viewers may screenshot, save, or re-share it on devices and platforms outside our control. We cannot detect, prevent, or undo third-party copying or redistribution. See the Terms and Conditions, Section 10, for the full description of this risk.

1.5 Usage Data

We may automatically collect certain information when you use the App, including:

• Device type and operating system version
• App activity and interaction logs
• Crash reports and performance data

We use the information we collect to:

• Create and manage your account
• Verify your identity via OTP/SMS authentication
• Provide location-based features and services
• Run automated and human content review on content you choose to share, to keep the App safe and to comply with applicable law (see Section 5)
• Improve and maintain the App's performance
• Respond to your support requests and content reports
• Send important notices (e.g., security alerts, policy updates)
• Comply with legal obligations, including mandatory reporting of apparent CSAM

We do not sell, rent, or trade your personal information. We may share your information only in the following limited circumstances:

3.1 Service Providers

We may share data with trusted third-party service providers, including:

• Twilio Inc. — our SMS delivery provider. Your phone number is transmitted to Twilio solely to deliver OTP authentication messages. Twilio's privacy policy is available at twilio.com/en-us/legal/privacy.
• Hive Moderation (Hive AI, Inc.) — our image and video classifier. When you submit a guide, journal, or place for public sharing, we transmit short-lived signed URLs to your uploaded images and videos so Hive can return a content-safety classification. Hive does not retain your media beyond the scan window. Hive's privacy policy is available at hivemoderation.com/privacy-policy.
• OpenAI, L.L.C. — used for three distinct purposes: (a) Content-safety classification. When you submit a guide, journal, or place for public sharing, we transmit the title and description text to OpenAI's Moderation API. OpenAI does not use moderation inputs to train its models. (b) AI auto-fill (BETA). When you tap “Describe in words” on the journal or guide builder and submit a paragraph, we transmit that paragraph to OpenAI's Chat Completions API for structured extraction (place names, tags, notes). If you use the microphone button to dictate the paragraph instead of typing it, we also transmit the audio recording to OpenAI's Whisper API for speech-to-text transcription. Per OpenAI's API data policy, API inputs are not used to train OpenAI's models and are retained by OpenAI for up to 30 days for abuse monitoring. We retain the resulting transcript and text in our own database, but we do not retain the audio recording itself (see Section 6 below). (c) Comment moderation. When you post a comment, we transmit the comment text to OpenAI's Moderation API (for content-safety classification) and to OpenAI's Chat Completions API (the gpt-4o-mini model, to detect links and contact-sharing). Per OpenAI's API data policy, these inputs are not used to train OpenAI's models; Moderation inputs are not retained, while Chat Completions inputs are retained by OpenAI for up to 30 days for abuse monitoring. OpenAI's privacy policy is available at openai.com/policies/privacy-policy.
• Supabase Inc. — our cloud database, storage, and authentication provider. Account information, content, and media are stored on Supabase's infrastructure. Supabase's privacy policy is available at supabase.com/privacy.
• National Center for Missing & Exploited Children (NCMEC). If our automated review or a user report identifies apparent child sexual abuse material (CSAM), we are required by 18 U.S.C. § 2258A to report the incident to NCMEC's CyberTipline. In such cases the relevant content, account information, and metadata are shared with NCMEC and may be further shared with law enforcement. This sharing is mandatory and is not subject to user consent or opt-out.
• Analytics providers (anonymized data only)

All service providers are contractually required to protect your data and may not use it for any purpose other than providing services to us.

3.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal requests (e.g., a court order or government authority).

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.

We retain your personal information for as long as your account is active or as needed to provide services. If you delete your account:

• Your account data will be deleted within 30 days
• Location history will be deleted within 30 days
• SMS/OTP logs are deleted immediately after verification
• AI auto-fill log entries (see Section 6) are deleted within 30 days as part of the account-data cascade
• Anonymized usage data may be retained for analytical purposes

Moderation-related exceptions: media on content that has been removed for a policy violation other than CSAM is retained for an additional 90 days after the removal date to allow time for appeal. Media and metadata associated with an apparent CSAM report are retained for the period required by 18 U.S.C. § 2258A (at least 90 days) and longer where NCMEC or law enforcement requests. These retention windows take precedence over an account-deletion request. See Section 5.

5.1 Automated Review of Shared Content

When you choose to make a guide, journal, or place publicly visible or share it via an invite link, we send the relevant media (images, video) and text (title, description, notes) to third-party machine-learning classifiers — Hive Moderation for media and OpenAI Moderation for text — for content-safety classification. Review typically completes within seconds.

Comments are handled separately: after you post a comment, we send the comment text to OpenAI (its Moderation API and a gpt-4o-mini classifier) to detect prohibited content and links. Unlike the pre-publish review above, comments post immediately and are scanned afterward; a comment that fails is removed and shown to others as a “[comment removed]” placeholder. See Section 3.1.

5.2 What Gets Stored

The classifier's response (a numeric score per category — sexual, violence, hate, etc.) is stored in our database alongside the originating content row so that an admin can review the decision if you appeal it. We do not store the classifier output beyond the lifetime of the content row.

5.3 CSAM Evidence Preservation

If our automated review or a user report identifies apparent child sexual abuse material (CSAM), we are required by U.S. federal law (18 U.S.C. § 2258A) to:

• Report the incident to NCMEC's CyberTipline as soon as reasonably possible.
• Preserve the offending file, its cryptographic hash, the uploader's account information, the upload IP (where available), and the upload timestamp for at least 90 days from the report date, and longer where NCMEC or law enforcement requests.
• Refrain from notifying the offending user that a report has been filed, since doing so would violate § 2258A.

We preserve this evidence in a separate, access-restricted location reachable only by authorized administrators and service accounts. We do not access, view, or share the preserved content outside of mandatory legal reporting and any subsequent law-enforcement request.

5.4 Human Admin Review

Our admin team reviews user reports, appeals against moderation decisions, and otherwise investigates trust-and-safety issues. Admins access account and content data only as necessary to perform these duties and are bound by confidentiality. CSAM-related content is accessed only to confirm the report and complete the NCMEC submission.

6.1 What it is

The journal and guide builders include an optional “Describe in words” feature, currently in BETA. You type a paragraph describing places you want to log; the App sends the paragraph to a large language model (LLM) and returns a structured draft (place names, suggested categories, tags, short notes) that pre-fills the builder so you can review and edit before saving.

This feature is opt-in per use — nothing is sent to the LLM unless you actively choose to use the “Describe in words” card and tap Generate. The rest of the App works without invoking AI.

6.2 What we send

• The text paragraph you type into the AI auto-fill input (up to 4,000 characters).
• If you use voice input: the audio recording (up to 60 seconds, M4A format) is transmitted to OpenAI's Whisper API for speech-to-text. The audio is processed and discarded — only the resulting text transcript reaches the AI auto-fill flow (and our log; see 6.3). We never store the audio file.
• For the guide builder, a list of the App's built-in category definitions so the model knows which categories to choose from. This list contains no personal data.
• Your Supabase user identifier, used solely so our server can authenticate the request and enforce per-user rate limits.

After the LLM returns place names, the App separately queries Mapbox for each place to obtain coordinates and addresses. Only short place-name strings are sent to Mapbox for this lookup — your full paragraph is not shared with Mapbox.

6.3 What we store

For each AI auto-fill request we log the following in our database (table: ai_fill_log):

• The input text you submitted
• The raw structured response from the LLM
• The final draft you ultimately saved (if any), so we can compare what the AI suggested versus what you actually used
• Operational metadata — timestamp, token counts, model version, request latency
• Your user identifier

We use this log to (i) enforce rate limits, (ii) measure feature quality, and (iii) improve the feature in future versions (for example, by tuning the LLM prompt or training a smaller model). It is not shared with anyone outside the providers listed in Section 3.1.

6.4 Accuracy disclaimer

AI-generated drafts may be incorrect, incomplete, or out-of-date — particularly location pins for businesses that have closed or that the underlying map provider does not have indexed. The App marks imprecise location matches in red in the preview and prompts you to adjust them on the map before saving. You are solely responsible for verifying the accuracy of any content you save and publish, whether or not it originated from AI auto-fill.

6.5 Language support

Voice input via Whisper supports 90+ languages and auto-detects the language you speak. Text-based AI auto-fill currently works best in English; other languages may produce lower-quality extractions or geocoding misses. We may expand text-input language support in future versions.

6.6 Deleting your AI history

When you delete your account, your ai_fill_log rows are deleted within the same 30-day window as the rest of your account data (Section 4). If you want your AI history deleted while keeping your account, contact us at [email protected].

When you grant the App permission to send push notifications, we register your device with Apple Push Notification service (APNs) through Expo, the third-party push relay we use. As part of this registration we collect and store:

• An Expo push token — a device-specific identifier issued by Expo (not Apple's raw APNs token), stored in our push_tokens table and linked to your user account.
• Your notification preferences (per-event toggles for likes, saves, comments) stored in our notification_preferences table.
• Your preferred language (currently English or Simplified Chinese) so we can localize notification copy. Stored on your profile.

What we send

When another user likes, saves, or comments on your public guide or journal, we generate a notification containing that user's display name and the title of your content (for example: Alice liked your guide “Tokyo eats”). This text leaves our servers, passes through Expo and Apple, and is visible on your device's lock screen.

Third parties involved

• Expo — relays push payloads from us to Apple. Subject to Expo's privacy policy.
• Apple Push Notification service (APNs) — delivers the push to your iOS device. Subject to Apple's privacy policy.

Retention & deletion

We delete your push token when (a) you sign out, (b) Apple reports the token as invalid (uninstalls or device transfers), or (c) you delete your account. Notification preferences and language choice are deleted with your account.

Your controls

• Per-event toggles — open Settings → Notification preferences in the App and turn off Likes, Saves, or Comments individually.
• Master switch — revoke notification permission in iOS Settings → Notifications → Footprinx. The App will stop receiving pushes immediately.
• Delete account — removes all push tokens and preferences.

We only send notifications about activity on your own content. We do not send marketing or promotional push notifications.

You have the right to access, correct, or request deletion of your personal data, withdraw consent for location access at any time via device settings, and opt out of non-essential data collection.

To exercise any of these rights, contact us at: [email protected]

We implement industry-standard security measures including encrypted data transmission (HTTPS/TLS), encrypted password storage, time-limited OTP codes, and regular security audits. However, no method of electronic transmission is 100% secure.

The Footprinx™ App is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe your child has provided us with personal data, please contact us and we will delete it immediately.

The App may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies.

We may update this Privacy Policy from time to time. We will revise the "Last Updated" date at the top of this page and notify you of significant changes via email or in-app notification. Your continued use of the App after changes constitutes your acceptance of the updated policy.

If you have any questions or concerns about this Privacy Policy, please contact us:

• Name: Danxu Wang
• App: Footprinx™
• Country: United States of America
• Email: [email protected]