Privacy Policy

1. Introduction and Scope

Pipoll S.A. ("Pipoll", "we", "us", or "our"), a company duly incorporated under the laws of the Republic of Panama, with registered offices at BMW Plaza, Piso 9, Calle 50, Panama City, Republic of Panama, operates the mobile application "Pipoll" (the "App").

This Privacy Policy describes how we collect, use, store, transfer, and protect personal data when you download, install, register, or otherwise use the App. This policy applies to all users worldwide, regardless of nationality or country of residence.

By using the App, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please uninstall the App and cease all use immediately.

2. Data Controller / Responsible Party

The entity responsible for the processing of your personal data is:

3. Information We Collect

3.1 Information You Provide Directly

• Full name or username chosen during registration
• Email address
• Password (never stored in plaintext — stored exclusively as a bcrypt hash)
• Date of birth or age range (collected for age verification and minor-status determination)
• Personal goals: any text you voluntarily enter as a goal, aspiration, or objective. This content is entirely user-generated and may incidentally contain highly personal information including references to health, mental wellbeing, finances, relationships, beliefs, or any other personal matter
• Profile photo or avatar (if provided)

3.2 Information Collected Automatically

• Precise or approximate geographic location data (collected only when location permissions are granted; used exclusively for local peer matching)
• Device identifiers: Advertising ID (IDFA on iOS; GAID on Android), device model, operating system version
• Usage analytics: features accessed, goal interactions, session duration, token investment events, screens visited
• App performance data: crash logs, error reports, response times
• IP address (collected by Firebase infrastructure)
• Timestamps of account creation, goal creation, logins, and token events

3.3 Information Received from Third-Party Integrations

• Firebase (Google LLC): authentication tokens, crash data, real-time database activity, performance traces
• Google Analytics for Firebase: aggregated behavioral analytics and session data
• Third-party goal verification APIs: when a user connects an external service (e.g., a fitness platform, productivity tool, or other software) to verify goal completion, Pipoll receives only the data necessary to confirm goal status

4. Legal Basis for Processing (GDPR / UK GDPR)

For users in the EEA, UK, and other jurisdictions requiring a documented lawful basis for processing, we rely on the following:

4.1 Contractual Necessity — Art. 6(1)(b) GDPR

Processing of your name, email, goals, and location is necessary to provide the core services of Pipoll, including account creation, goal publication, local peer matching, and the virtual token system.

4.2 Legitimate Interests — Art. 6(1)(f) GDPR

We process device identifiers, usage analytics, and performance data to maintain and improve the App, detect fraud and abuse, and ensure platform security. We have conducted a Legitimate Interests Assessment confirming these interests are proportionate and not overridden by your fundamental rights.

4.3 Consent — Art. 6(1)(a) GDPR

We rely on your explicit consent for: (a) collection of precise location data; (b) processing of sensitive goal content relating to health, wellbeing, or other special categories; (c) connection of third-party APIs for goal verification. Consent may be withdrawn at any time without affecting the lawfulness of processing prior to withdrawal.

4.4 Legal Obligation — Art. 6(1)(c) GDPR

We may process data where required by applicable law, regulatory authority, or binding court order.

5. How We Use Your Information

5.1 Core App Functionality

• Creating and authenticating your account
• Publishing your goals to other users (publicly, by default)
• Facilitating the virtual token investment system
• Verifying goal completion via self-report and third-party API integrations
• Calculating and updating token balances following goal outcomes
• Sending preset in-app notifications relating to goal activity and token events

5.2 Analytics and Product Improvement

• Understanding user engagement and feature adoption
• Identifying technical issues and improving performance
• Informing future product development

5.3 Location-Based Peer Matching

Your location data is used solely to identify and display other Pipoll users in your geographic vicinity, enabling local accountability communities. We do not use location data for advertising, share precise coordinates with other users, sell location data, or retain location history beyond active real-time session requirements.

5.4 Safety, Fraud Prevention, and Legal Compliance

• Detecting and preventing fraudulent manipulation of the token system
• Investigating abuse, harassment, or other violations of our Terms
• Complying with applicable legal obligations and lawful requests from authorities
• Protecting the rights, safety, and integrity of Pipoll and its users

6. Third-Party Integrations and Goal Verification APIs

Pipoll integrates with third-party software APIs to enable automated verification of certain goal types. When you choose to connect a third-party service, you are granting both Pipoll and the relevant third-party access to data as described below.

6.1 What We Access

When you authorize a third-party API connection, Pipoll requests only the minimum permissions necessary to verify whether a specific goal has been completed (e.g., workout logged, task marked complete, streak maintained). We do not request access to your full account data, contacts, payment information, or any data unrelated to goal verification.

6.2 Data Handling from APIs

• API data is used solely to determine goal completion status (pass/fail)
• Raw API data is processed and the completion result is stored; raw third-party records are not retained beyond what is technically necessary for verification
• You may revoke API connections at any time through the App settings. Upon revocation, we will cease collecting new data from that API and delete previously collected API verification data upon request

6.3 Third-Party Responsibility

Each third-party service you connect is governed by its own privacy policy and terms of service. Pipoll is not responsible for the data practices of third-party API providers. We encourage you to review the privacy policies of any external services you connect.

7. Sensitive Data and Personal Goals

Your personal goals are free-form text and may, at your discretion, contain references to physical health, mental health, sexual orientation, religious beliefs, financial circumstances, family situations, or any other personal matter. Pipoll treats all goal content as potentially sensitive and applies the following heightened protections:

• All goal content is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption
• Goal content is processed by automated systems only; no Pipoll employee reads your goal content without your explicit written consent or a binding legal order
• We do not use goal content to infer sensitive attributes for profiling, advertising, scoring, or any automated decision-making
• You may delete individual goals at any time; deleted goal content is permanently removed from our systems within 7 days

For EU/EEA users: where goal content constitutes special category data under Article 9 GDPR (including health, religious beliefs, or sexual orientation data), processing is based on your explicit consent, which is captured at the point of goal entry for relevant categories.

8. Public-by-Default Goals — Important Notice

By publishing a goal, you acknowledge and accept that:

• Your goal text, username, and associated token activity will be visible to all registered Pipoll users
• Other users may invest virtual tokens on your goal, creating a social record of your stated objective
• Goal content, once published, may be viewed, commented on, or referenced by other users before it is deleted
• Pipoll cannot guarantee that content deleted by you has not already been seen, noted, or informally recorded by other users prior to deletion

We strongly recommend that users — especially minor users — exercise care regarding what personal information they include in publicly posted goals. Do not include full names, contact information, addresses, or other identifying information in goal text.

9. Children, Minors, and Teen Users

9.1 Minimum Age

Pipoll is not directed to, and does not knowingly collect personal data from, children under 13 years of age. If we become aware that we have collected data from a child under 13, we will delete it promptly and without undue delay. Parents or guardians who believe a child under 13 has created a Pipoll account should contact coppa@pipoll.live immediately.

9.2 Teen Users (Ages 13–17)

The following additional protections apply specifically to users under 18:

• Location data is collected only with explicit parental consent and shared with other users only at the city/region level — never precise GPS coordinates
• Teen accounts are subject to the same public-by-default goal setting; parents should be aware of this and supervise goal content posted by minors
• Pipoll does not display targeted advertising to any user, including teens
• Parents and guardians may request access to, correction of, or deletion of their minor child's personal data by contacting privacy@pipoll.live
• Pipoll complies with COPPA (U.S.), the UK Age Appropriate Design Code (Children's Code), and applicable local minors protection legislation in all jurisdictions where the App is available

9.3 COPPA Compliance (U.S.)

For U.S. users: Pipoll does not knowingly collect personal information from children under 13 as defined by COPPA (15 U.S.C. § 6501 et seq.). Parents who discover their child under 13 has registered may request deletion of all associated data by emailing coppa@pipoll.live. We will process such requests within 30 days.

10. Data Sharing and Disclosure

10.1 Authorized Service Providers

We share personal data only with the following categories of processors, each bound by data processing agreements (DPAs) imposing GDPR-equivalent protections:

• Google LLC / Firebase: cloud hosting, authentication, real-time database, crash analytics, and performance monitoring. Google processes data on servers that may be located in the United States and other countries. Data transfers are governed by Standard Contractual Clauses (SCCs).
• Third-party goal verification API providers: receive only the minimum data necessary to confirm goal completion. The specific providers depend on which integrations you activate.
• Apple Inc. (App Store) / Google LLC (Play Store): receive app metadata for distribution purposes; they do not receive your personal goal or location data directly from Pipoll.

10.2 Legal Requirements and Protection of Rights

We may disclose your personal data to government authorities, law enforcement, or courts if we are: (a) legally required to do so by a binding order, subpoena, or law; (b) acting in good faith that disclosure is necessary to protect the safety of any person; or (c) defending Pipoll's legal rights in litigation.

10.3 Business Transfers

In the event of a merger, acquisition, asset sale, or corporate restructuring, your personal data may be transferred as a business asset. We will provide advance notice via in-app notification and, where required by law, obtain your consent before subjecting your data to materially different privacy terms.

10.4 What We Never Do

• We never sell your personal data to any third party
• We never share your data with advertisers or ad networks
• We never share your goal content with employers, schools, insurers, or government agencies absent a binding legal order
• We never use your data to build advertising profiles or engage in behavioral advertising

11. International Data Transfers

Pipoll operates globally. Your personal data may be transferred to and processed in countries other than your country of residence, including the United States, where Google/Firebase infrastructure is maintained.

We implement the following safeguards for international transfers:

• Standard Contractual Clauses (SCCs) — European Commission Decision (EU) 2021/914 for transfers from the EEA
• UK International Data Transfer Agreements (IDTAs) for transfers from the United Kingdom
• Transfer Impact Assessments (TIAs) conducted where required by supervisory authority guidance
• AES-256 encryption of data at rest and TLS 1.3 encryption in transit as supplementary technical measures
• Contractual obligations on sub-processors to maintain equivalent protections

For transfers from Panama: data transfers outside Panama comply with Article 22 of Law No. 81 of 2019, including verification of adequate protection levels or application of appropriate safeguards in the receiving jurisdiction.

12. Your Privacy Rights

12.1 Universal Rights (All Users)

• Right to access: request a copy of the personal data we hold about you, including goal content, account data, and analytics associated with your profile
• Right to correction: request that inaccurate or incomplete data be corrected
• Right to erasure: request deletion of your account and all associated personal data, subject to legal retention obligations
• Right to data portability: receive your data in a structured, machine-readable format (JSON or CSV)
• Right to withdraw consent: revoke any consent-based processing at any time, without affecting prior lawful processing

12.2 Additional Rights — EU/EEA/UK Users (GDPR / UK GDPR)

• Right to object to processing based on legitimate interests
• Right to restrict processing during ongoing disputes about accuracy or lawfulness
• Right not to be subject to solely automated decision-making producing legal or significant effects
• Right to lodge a complaint with your national supervisory authority (e.g., your country's Data Protection Authority)

12.3 Additional Rights — California Users (CCPA / CPRA)

• Right to know: the categories and specific pieces of personal information collected, used, shared, or sold (we do not sell personal information)
• Right to delete personal information collected from you
• Right to correct inaccurate personal information
• Right to limit use of sensitive personal information
• Right to opt-out of sale or sharing of personal information (Pipoll does not sell or share personal information for cross-context behavioral advertising)
• Right to non-discrimination for exercising your CCPA/CPRA rights

12.4 How to Exercise Your Rights

Submit requests to: privacy@pipoll.live

We will acknowledge your request within 5 business days and respond substantively within 30 days (or as required by applicable law — GDPR requires one month, CCPA requires 45 days). We may verify your identity before processing requests. Requests are free of charge unless manifestly unfounded or excessive.

13. Data Retention

We retain personal data only as long as necessary for the purposes described herein, unless a longer period is required by law:

• Account data (name, email, password hash): retained for the life of your account, plus 30 days following a deletion request (grace period for account recovery), then permanently deleted
• Personal goal content: deleted within 7 days of an individual goal deletion request or account deletion, whichever applies first
• Location data: not stored persistently. Location is processed in real-time for peer matching and is not retained after each session ends
• Third-party API verification data: raw API data deleted within 14 days of verification; goal completion status (pass/fail) retained for the life of the goal record
• Usage analytics (individual event logs): deleted after 14 months. Aggregated, anonymized analytics may be retained indefinitely
• Device identifiers: retained for up to 24 months for fraud prevention and analytics continuity, then deleted
• Crash logs and performance data: retained for 90 days, then deleted
• Parental consent records and age verification logs: retained for 5 years as required by applicable law
• Legal hold data: retained for the duration required by applicable legal proceedings or regulatory investigations

14. Data Security

Pipoll implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or disclosure:

• TLS 1.3 encryption for all data in transit between the App and our servers
• AES-256 encryption for sensitive data stored at rest
• Bcrypt password hashing — plaintext passwords are never stored or accessible
• Firebase Security Rules controlling database access at the document level
• Role-based access controls limiting internal staff access to personal data
• Regular security assessments and code reviews
• Incident response plan in place for data breaches

No method of electronic transmission or storage is completely secure. While we employ industry-standard safeguards, Pipoll cannot guarantee absolute security.

15. Cookies and Tracking Technologies

As a native mobile application, Pipoll does not use browser cookies. We do use the following tracking technologies:

• Firebase SDK: collects device identifiers and usage events for authentication, database access, and crash reporting
• Google Analytics for Firebase: analyzes user behavior patterns and app performance at an aggregate level
• Device advertising identifiers (IDFA on iOS, GAID on Android): used exclusively for analytics session continuity — not for targeted advertising

You may limit the collection of advertising identifier data through your device operating system settings:

• iOS: Settings > Privacy & Security > Tracking > Disable tracking
• Android: Settings > Google > Ads > Delete advertising ID

To opt out of all Pipoll analytics collection, contact privacy@pipoll.live. Note that opting out of analytics does not affect core App functionality.

16. Virtual Tokens — Data Notice

In connection with Pipoll's virtual token system, we collect and process:

• Token balance associated with your account
• Records of token investments you have made on other users' goals
• Records of token investments made by others on your goals
• Goal outcome events (completed / not completed) that trigger token transfers

This data is retained for the life of your account and deleted upon account deletion. Token transaction records may be retained for up to 2 years for fraud prevention and audit purposes.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this document
• Display a prominent in-app notification to all users
• For changes affecting teen users, notify registered parent/guardian email addresses and seek renewed consent where required by applicable law
• For significant changes affecting EU/EEA/UK users, provide at least 30 days' notice prior to implementation

Your continued use of the App following the effective date of a revised Privacy Policy constitutes your acceptance of the updated terms. If you do not agree to the revised policy, you must stop using the App and request account deletion.

18. Contact Information

For all privacy-related inquiries, requests, or complaints: