Privacy Policy

This Privacy Policy describes how Phlout LLC ("Birln," "we," "us," or "our") collects, uses, shares, and protects your personal information when you use our mobile application, website, and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use the Service.

Information You Provide

When you create an account or use the Service, you may provide:

• Account Information: Name, email address, phone number, username, password, profile photo, date of birth
• Payment Information: Payment card details, billing address (processed securely through Stripe)
• Profile Information: Bio, interests, social media links, preferences
• User Content: Photos, videos, reviews, check-ins, comments, messages
• Communications: When you contact us for support or feedback

Location Information

With your permission, we collect location data to provide core features:

• Precise Location: GPS coordinates for check-ins and venue discovery
• Background Location: May be collected when the app is in the background to provide location-based notifications and features (with explicit permission)
• Location History: Your check-in history and past locations visited

Automatically Collected Information

When you use the Service, we automatically collect:

• Device Information: Device type, operating system, unique device identifiers, mobile network information
• Usage Information: App interactions, features used, time spent, search queries, check-in patterns
• Log Data: IP address, browser type, access times, pages viewed, crashes, errors
• Camera & Photos: When you use camera features or upload photos (only with permission)
• Notifications: Push notification token and preferences

Information from Third Parties

• Social Media: If you connect social media accounts, we may receive profile information
• Payment Processors: Transaction verification from Stripe
• Analytics Providers: Aggregated usage and performance data
• Venues: Information about orders, visits, and interactions with venue partners

We use the information we collect for the following purposes:

Provide and Improve the Service

• Create and manage your account
• Enable check-ins, venue discovery, and social features
• Process orders and payments
• Provide customer support
• Send service-related notifications (e.g., order confirmations, account updates)
• Improve app performance, features, and user experience
• Develop new features and services

Personalization

• Recommend venues, events, and content based on your location and preferences
• Customize your experience and feed
• Show relevant promotional offers from venues

Communication

• Send promotional messages, newsletters, and special offers (with your consent)
• Respond to your inquiries and support requests
• Send push notifications about activity, friends, and nearby events (with your permission)

Safety and Security

• Verify user identity and age
• Detect and prevent fraud, abuse, and security incidents
• Enforce our Terms of Service and policies
• Protect the rights, property, and safety of Birln, users, and the public

Content Moderation and Safety

To keep our community safe, we use automated systems and human review to detect and address harmful content. This includes:

• Public content: Photos in posts, profile pictures, and venue photos may be analyzed by AI to detect inappropriate content (e.g., nudity, violence, hate symbols, spam)
• Private messages: Text and images sent in direct or ephemeral messages may be scanned before delivery to detect illegal content, including child sexual abuse material (CSAM), grooming, and other harmful content
• Legal compliance: We are required by law (e.g., U.S. REPORT Act, UK Online Safety) to detect and report suspected CSAM to appropriate authorities (such as the National Center for Missing & Exploited Children)
• Human review: Flagged content may be reviewed by trained moderators to confirm violations and take appropriate action

We process content only as necessary for safety and legal compliance. We do not use moderation systems for advertising or other commercial purposes. For more details, see our Terms of Service.

Analytics and Research

• Analyze usage patterns and trends
• Measure effectiveness of marketing campaigns
• Conduct research to improve our Service
• Generate aggregated, de-identified statistics

Legal Compliance

• Comply with legal obligations and regulations
• Respond to legal requests, court orders, and law enforcement
• Enforce our rights and defend against legal claims

We share your information in the following circumstances:

Public Information

Some information is public by default:

• Your profile information (name, username, profile photo, bio)
• Check-ins and venue visits (if you choose to share them publicly)
• Reviews, photos, and other user-generated content
• Social connections (friends, followers)

You can control privacy settings for some content in your account settings.

With Other Users

• Friends and followers can see your activity based on your privacy settings
• Venues you check in to can see your visit and basic profile information
• Users can see content you post in public areas of the Service

With Venue Partners

• When you check in or order from a venue, they receive your name and order details
• Venues may see aggregated, anonymized data about their customers

Service Providers

We share information with trusted third-party service providers who help us operate the Service:

• Supabase: Database and authentication services
• Stripe: Payment processing and payouts
• Resend: Email delivery
• Vercel: Hosting and infrastructure
• Analytics Providers: Usage analytics and crash reporting
• Cloud Storage: Photo and video storage

These providers are contractually obligated to protect your information and may only use it to provide services to us.

Business Transfers

If Birln is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred to the successor entity.

Legal Requirements

We may disclose your information if required by law or in response to:

• Valid legal process (subpoenas, court orders, warrants)
• Government or law enforcement requests
• Emergencies involving danger of death or serious physical injury
• Protection of our rights, property, or safety

With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

Aggregated/De-identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you.

Access and Update Your Information

You can access and update your account information at any time through the app settings.

Delete Your Account

You can delete your account at any time:

• Through the app settings, or
• By contacting us at our contact form

When you delete your account:

• Your profile and personal information will be deleted
• Some content may remain visible if it was shared publicly (e.g., reviews)
• We may retain certain information for legal compliance, fraud prevention, or legitimate business purposes
• Backup copies may persist for a limited time

Location Permissions

You can control location access through your device settings:

• Allow: Full access to location-based features
• While Using: Location only when app is open
• Deny: No location access (limits some features)

Camera & Photo Library

You can control camera and photo access through device settings. You can also disable auto-save to photo library in app settings.

Push Notifications

Control notification preferences in app settings or device settings.

Marketing Communications

You can opt out of promotional emails by:

• Clicking "unsubscribe" in any promotional email
• Adjusting preferences in your account settings

Note: You cannot opt out of service-related communications (e.g., account security alerts).

State-Specific Privacy Rights

California Residents (CCPA/CPRA):

• Right to know what personal information we collect
• Right to delete your personal information
• Right to opt out of "sale" or "sharing" of personal information
• Right to non-discrimination for exercising your rights

Note: Birln does not sell personal information in the traditional sense. We share data with service providers and partners as described in this policy.

European Economic Area (GDPR):

• Right to access your personal data
• Right to rectification (correction)
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

Exercise Your Rights

To exercise any of these rights, you can:

• Download your data — Request a copy of your personal data (data portability)
• Manage consent — Update your consent preferences
• Delete your account: In the Birln app, go to Settings → Account information → Pause or Delete Account
• Contact us at our contact form for other requests

We will respond within the timeframe required by applicable law (typically 30 days for GDPR requests).

EU/EEA users: You have the right to lodge a complaint with a supervisory authority. Find your data protection authority at edpb.europa.eu.

Data Protection Contact: For privacy-related inquiries, email privacy@birln.com.

We implement reasonable security measures to protect your information from unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of sensitive data at rest
• Secure authentication (password hashing, multi-factor authentication)
• Access controls and permissions
• Regular security audits and monitoring
• Secure payment processing through PCI-compliant providers (Stripe)

We retain your information for as long as necessary to provide the Service and for legitimate business purposes, including:

• Active Accounts: While your account is active and for a reasonable period after deactivation
• Legal Compliance: As required by law (e.g., tax records, transaction logs)
• Fraud Prevention: To detect and prevent fraudulent activity
• Dispute Resolution: To resolve disputes and enforce agreements

When information is no longer needed, we securely delete or anonymize it. Backup copies may persist temporarily before automatic deletion.

We use cookies and similar tracking technologies to enhance your experience:

Types of Cookies We Use

• Essential Cookies: Required for basic functionality (authentication, security)
• Analytics Cookies: Help us understand how you use the Service
• Preference Cookies: Remember your settings and preferences
• Advertising Cookies: May be used for targeted advertising (with consent)

Mobile App Tracking

The mobile app may use:

• Device identifiers (Advertising ID, IDFV)
• Analytics SDKs
• Crash reporting tools

Your Choices

• Browser settings: Most browsers allow you to refuse or delete cookies
• Mobile settings: You can limit ad tracking in iOS and Android settings
• Analytics opt-out: Some analytics providers offer opt-out mechanisms

Note: Disabling cookies may affect some Service functionality.

The Service may contain links to third-party websites, apps, or services (including venue websites, social media platforms, and partner services). We are not responsible for the privacy practices of these third parties.

When you interact with third-party services:

• Their privacy policies apply (not ours)
• We do not control how they collect or use your information
• You should review their privacy policies before providing information

Key Third-Party Services:

• Stripe: Stripe Privacy Policy
• Supabase: Supabase Privacy Policy
• OpenAI: Content moderation (text and image analysis) for safety and policy enforcement. OpenAI Privacy Policy

Birln is based in the United States. If you use the Service from outside the U.S., your information will be transferred to, stored, and processed in the United States and other countries where our service providers operate.

These countries may have data protection laws that differ from those in your country. By using the Service, you consent to this transfer and processing.

For users in the European Economic Area (EEA), we implement appropriate safeguards to protect your personal data when it is transferred internationally. We use Standard Contractual Clauses (SCCs) approved by the European Commission with US service providers where required.

Our key service providers (Supabase, Stripe, OpenAI) provide Data Processing Agreements (DPAs) and SCCs. You can find more information in their privacy policies: Supabase, Stripe, OpenAI.

We may update this Privacy Policy from time to time. When we make changes:

• We will update the "Last Updated" date at the top
• We may notify you via email or in-app notification for material changes
• Your continued use of the Service after changes constitutes acceptance

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.