Privacy Policy

• Virdigo is a location-based app. We collect your GPS location while you use it.
• You decide what to pin. Pinning attaches coordinates to a photo and note, and that data may be visible to other users.
• "Secret" spots are hidden in the UI but are not encrypted — we can see them and so could anyone with lawful access to our servers.
• You can delete your account anytime. Some data is retained for safety and legal reasons.

• Account data: email, username, password (hashed), display name, optional avatar and bio.
• Location data: GPS coordinates when you create a spot, when you check distance to a spot, and when the app's reveal flow is open. We also store the coordinates you choose to attach to a pin.
• Content: photos you upload, notes you write, echoes you post, likes, flags, and visit history.
• Social graph: friends, followers, group memberships, subscriptions.
• Device data: device type, OS, app version, IP address, language, basic crash and performance logs.
• Payments: if you subscribe to a creator, Stripe processes your payment. We store the subscription status and identifiers, never your card number.

• Run the app: show maps, gate reveals by distance, deliver echoes and notifications.
• Keep you safe: detect abuse, review reports, ban bad actors.
• Improve the product: aggregate, anonymized analytics on which features are used.
• Process payments and prevent fraud (Stripe).
• Communicate with you (transactional email, never sold to third parties).

• Your current device location is used in real time to determine if you are within reveal range. It is not continuously logged or sold.
• The coordinates of spots you pin are stored permanently and may be visible to other users depending on the spot's visibility settings.
• Pinning content at locations meaningful to you (home, work, a child's school, a partner's address) can reveal where you live or routinely are. Even patterns of "open" spots can build a movement profile. Use your discretion.
• Home privacy zone: If you set a home location in account settings, we store its coordinates and a small radius so we can block drops there. This location is never shown to other users — it is only used to prevent you from accidentally pinning your own address. You can clear it at any time.
• Sensitive-place checks: When you try to pin, we send the coordinates to Mapbox's reverse-geocoding API to identify nearby points of interest so we can block or warn about schools, medical facilities, places of worship, shelters, and government / emergency facilities. Coordinates sent for this lookup are not stored by us beyond the immediate request.
• We do not sell raw location data. We may use aggregated, non-identifying location heatmaps for product analytics.
• You can revoke location permission at any time in your device settings. The app will be largely non-functional without it.

• Photos you upload may include EXIF metadata (including embedded GPS). We strip embedded EXIF GPS on upload, but check your photos before posting.
• Photos may unintentionally capture bystanders, license plates, addresses, or signage. You are responsible for what you upload.
• Reported content is reviewed by moderators. Removed content may be retained in moderation logs to enforce repeat-offender policies.

When you mark a spot as Secret, we hide its location and content from other users until they arrive. We do not end-to-end encrypt that data. Virdigo staff can technically view it, our cloud provider can view it under their access controls, and law enforcement can request it via valid legal process. Do not pin anything you would not be comfortable having reviewed under a subpoena.

• Open spots: visible on the public map to all users with their pin location.
• Secret spots: approximate area visible on the map; exact location and content revealed only to users physically nearby.
• Subscriber-only content: visible only to that creator's active paying subscribers.
• Echoes and visits: visibility depends on the spot's wall settings (public, private to creator).
• Profile: your username, display name, bio, and public spots are visible to other users.

We do not sell your personal data. We share data with:

• Cloud infrastructure (database, file storage, edge functions) to operate the service.
• Stripe for payment processing.
• Email providers for transactional email.
• Map tile providers (e.g. OpenStreetMap) — your IP and approximate viewport reach them when maps load.
• Law enforcement in response to valid legal process, or when we believe in good faith it is necessary to prevent imminent harm.

Virdigo is not intended for users under 13. If we learn we have collected data from a child under 13, we will delete it. Parents who believe a child has registered may contact support@theyolo.app.

Depending on your jurisdiction (GDPR, CCPA, and similar laws), you have the right to:

• Access the data we hold about you.
• Request a copy or export of your data.
• Correct inaccurate data.
• Delete your account and associated data.
• Object to certain processing or withdraw consent.

You can delete your account from your profile. For other requests, email support@theyolo.app.

• Active account data is retained while your account exists.
• On account deletion, we remove your content from public view within 30 days.
• Backups may persist for up to 90 days before they roll over.
• Moderation, abuse, and fraud-prevention logs (including device identifiers and IPs of banned accounts) may be retained longer to enforce bans.
• Payment records are retained as required by tax and accounting law.

We use industry-standard practices: encrypted connections (HTTPS), hashed passwords, row-level access controls in our database, and least-privilege access for staff. No system is perfectly secure. If we discover a breach affecting you, we will notify you as required by law.

Virdigo is operated from the United States. By using the app, you consent to your data being processed in the U.S. and other countries where our service providers operate.

We may update this policy. Material changes will be announced in-app. The "Last updated" date above reflects the latest version.

Privacy questions, deletion requests, or data access requests: support@theyolo.app