Privacy Policy

Your Data:

We collect your name, email, posts, messages, and basic device and usage info to run the app. We collect what we need. No more.

Your Content:

Your posts and messages are stored on our servers. You can delete them at any time.

Our Rules:

We do not sell your personal information to anyone. We share data with service providers who help us run the app, under confidentiality agreements.

Our Duty:

We are required by law to report certain content (CSAM) to NCMEC. We respond to valid legal process. We cooperate with law enforcement as the law requires.

1. Who We Are

Phomo LLC is a Connecticut limited liability company operating the Phomo mobile application. This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use Phomo.

Questions? Email us at privacy@phomo.com.

2. What We Collect

2.a. Information You Give Us

• When you create an account and use Phomo, you provide us with:
  Account information: name, username, email address, and password (stored as a one-way hash)
• Profile information: profile photo, bio, and any other information you add to your profile
• User Content: photos, videos, captions, and direct messages you post or send through the Service
• Subscription information: your subscription status (free or Premium). We do not receive your payment card information. That stays with Apple or Google.

2.b. Information We Collect Automatically

When you use the app, we automatically collect:

• Device information: device type, operating system, and version
• Usage data: features you use, time spent in the app, posts you view, trophies you give, and the time and date of your actions
• Log data: IP address, access times, and error logs
• Push notification tokens: to send you in-app notifications about activity on your posts and follows

2.c. Information From Others

Other users may tag you in a post or DM you. That content is part of their User Content, but it involves you. You can control tagging preferences and DM access in your settings.

3. How We Use Your Information

We use the information we collect to:

• Provide the Service: process your posts, unlock your feed, deliver notifications, enable DMs, and manage your subscription
  Keep the Service secure: detect and prevent fraud, abuse, and violations of our policies
• Improve the Service: analyze usage patterns to fix problems, improve features, and understand what users find valuable
• Communicate with you: send you service-related emails (account confirmation, security alerts, policy updates) and, if you opt in, product news
• Comply with law: respond to legal process, comply with reporting obligations (including mandatory NCMEC reporting), and enforce our Terms

We do not use your personal information to serve you third-party advertising. We do not build advertising profiles from your data. We do not sell your personal information to anyone.

We are a small, early-stage company. Our data practices are intentionally limited because we are not in the data monetization business. If that changes, we will ask for your re-consent before we do anything different with your data.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area, we process your information under the following legal bases:

• Contract: we process your account information and User Content because it is necessary to perform our contract with you (the Terms of Service).
• Legitimate Interest: we process usage data and log data to keep the Service secure and improve performance.
• Consent: we send you marketing communications only if you opt in. You can withdraw consent at any time.
• Legal Obligation: we process and retain certain information as required by law, including mandatory reporting obligations.

5. Who We Share Your Information With

5.a. Other Users

Your posts, username, and profile are visible to other Phomo users in the daily feed (after they post), on your profile, and in any DMs you send. Your email address is not visible to other users.

5.b. Service Providers

We share data with third-party service providers who help us operate the Service. These providers have access to your data only as necessary to perform their services and are contractually required to protect it. Our current categories of providers include:

• Cloud hosting and infrastructure (server storage and compute)
• Push notification delivery
• In-app subscription management (Apple App Store and Google Play Store)
• Analytics (aggregated, de-identified usage data)
• Customer support tools

5.c. Law Enforcement and Legal Process

We disclose information to law enforcement or government agencies when required by law or valid legal process (court order, subpoena, or similar). Where legally permitted, we will notify you before disclosing. We do not notify you if prohibited by law or if doing so would risk harm to another person.

5.d. NCMEC Reporting

We are required by federal law (18 U.S.C. § 2258A) to report apparent child sexual abuse material (CSAM) to the National Center for Missing and Exploited Children (NCMEC). When we detect or receive a report of CSAM, we remove it immediately, report it to NCMEC, and cooperate with any law enforcement investigation that follows.

5.e. Business Transfers

If Phomo LLC is acquired, merged, or sold, your information may transfer to the acquiring entity. We will notify you before your information is transferred to a party that operates under materially different privacy practices, and you will have the option to delete your account.

5.f. No Sale of Personal Information

We do not sell your personal information. We do not share it with advertisers. This is not a privacy-bypolicy statement. It reflects how we actually operate.

6. Your Rights and Choices

6.a. Access and Correction

You can view and edit your account information at any time through your profile settings. If you cannot access certain information yourself, contact us at privacy@phomo.com and we will help.

6.b. Deletion

You can delete individual posts at any time through the app. You can delete your entire account through your account settings. When you delete your account, we remove your profile and posts from public view within 30 days and permanently delete the underlying data within 90 days, except:

• Data we are required to retain by law
• Content that other users have reported, which we may retain for a limited period as part of an active investigation or legal hold
• Backup copies, which cycle out within 90 days

6.c. Portability

You may request a copy of your account data (posts, profile info, and account settings) by emailing privacy@phomo.com. We will provide it in a machine-readable format within 30 days.

6.d. Opt-Out of Marketing

If you receive marketing emails from us, you can opt out at any time using the unsubscribe link in the email. You will continue to receive service-related communications regardless (account alerts, security notices, policy updates).

6.e. Notification Preferences

You can control which in-app push notifications you receive through your device settings or through Phomo’s notification preferences.

6.f. California Residents (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and share
• Delete your personal information (subject to certain exceptions)
• Opt out of the sale or sharing of your personal information (we do not sell or share, but you have this right)
• Non-discrimination for exercising these rights
• Submit a verifiable consumer request to privacy@phomo.com. We respond within 45 days. EEA/UK Residents (GDPR/UK GDPR)
• In addition to the rights above, you have the right to:
• Restrict processing of your personal data
• Object to processing based on legitimate interest
• Lodge a complaint with your local data protection authority
• Submit a request to privacy@phomo.com. We respond within 30 days.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. When you delete your account:

• Your profile and posts are removed from public view within 30 days
• Your data is permanently deleted within 90 days, except as described in Section

8. Data Security

We use industry-standard technical and organizational measures to protect your data, including:

• Encryption of data in transit (TLS) and at rest
• Access controls limiting who within Phomo LLC can access your data
• Regular security assessments

No system is perfectly secure. If we experience a data breach that is likely to result in a risk to your rights or freedoms, we will notify you and the applicable regulatory authority as required by law. For breaches involving sensitive personal information, we will notify you without undue delay and no later
than 72 hours after becoming aware of the breach.

9. Children’s Privacy

Phomo is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information promptly.If you are a parent and believe your child under 13 has created a Phomo account, contact us at privacy@phomo.com.

10.Third-Party Links and Services

Phomo may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties. We encourage you to review their privacy policies before providing them with any personal information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you in-app before the changes take effect and update the “Last Updated” date at the top of this policy. If the changes materially affect how we use your data, we will ask for your re-consent where required
by law.

12.Contact Us

Phomo LLC

privacy@phomo.com (privacy requests and questions)
safety@phomo.com (urgent safety concerns)
legal@phomo.com (law enforcement and legal process)

CALIFORNIA CONSUMER PRIVACY NOTICE

This Notice applies to California residents and supplements the Phomo Privacy Policy above. It is provided under the California Consumer Privacy Act of 2018 and the California Privacy Rights Act of 2020 (together, “CCPA/CPRA”).

1. Categories of Personal Information We Collect

In the twelve months preceding the Effective Date, we have collected the following categories of personal information from California consumers:

• Identifiers (name, username, email address, IP address, device identifiers)
• Commercial information (subscription status)
• Internet or other electronic network activity (usage data, log data, features used, time in app)
• Audio, electronic, visual, or similar information (photos and videos you post)
• Inferences drawn from the above to understand user preferences and app performance

We do not collect Social Security numbers, financial account numbers, precise geolocation, biometric data, or health information.

2. Purposes of Collection

We collect personal information for the purposes described in “How We Use Your Information” above: to provide and improve the Service, keep the Service secure, communicate with you, and comply with law.

3. Disclosure of Personal Information

In the twelve months preceding the Effective Date, we have disclosed personal information to the following categories of third parties:

• Service providers (cloud hosting, push notifications, subscription management, analytics, customer support) — under written contracts that restrict use to the services performed
• Law enforcement and government agencies — when required by law or valid legal process
• NCMEC — as required by federal law (18 U.S.C. § 2258A)
• Successor entities — in the event of a merger, acquisition, or sale, as described in the “Business Transfers” section above

4. No Sale or Sharing of Personal Information

We do not sell your personal information. We do not share your personal information with third parties for cross-context behavioral advertising. You have the right to opt out of any future sale or sharing; to exercise this right, contact us at privacy@phomo.com.

5. Your CCPA/CPRA Rights

As a California resident, you have the following rights:

• Right to Know: request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes of collection, and the categories of third parties with whom we share it.
• Right to Delete: request deletion of personal information we have collected from you, subject to certain exceptions (e.g., information needed to complete a transaction, detect security incidents, comply with a legal obligation, or exercise free speech).
• Right to Correct: request correction of inaccurate personal information we maintain about you.
• Right to Opt Out of Sale or Sharing: we do not sell or share personal information for crosscontext behavioral advertising, but you may assert this right at any time.
• Right to Limit Use of Sensitive Personal Information: we do not use sensitive personal information for any purpose other than providing the Service, so no further limitation is required; you may nonetheless submit a request.
• Right to Non-Discrimination: we will not discriminate against you for exercising any of these rights.

6. How to Submit a Verifiable Consumer Request

To exercise your rights, email privacy@phomo.com with “CCPA Request” in the subject line. We will respond within 45 days of receiving a verifiable request. We may extend this period by an additional 45 days when reasonably necessary, with prior notice. You may submit a request on behalf of a minor
child. You may designate an authorized agent to submit a request on your behalf; we may require written proof of authorization and verification of your identity.

7. Shine the Light

California Civil Code § 1798.83 (the “Shine the Light” law) permits California residents to request information about disclosures of personal information to third parties for their direct marketing purposes. We do not disclose personal information to third parties for direct marketing purposes, so no disclosure list is available. For questions, contact us at privacy@phomo.com.