PalAbout Privacy Policy
Effective Date: July 27, 2025
Operator: Spire Interactive, LLC (“Spire,” “we,” “our,” or “us”)
Covered Services: The PalAbout mobile application(s), website(s), and related services (collectively, the “Service”).
Contact: support@spireinteractive.com
1. Purpose and Scope
1.1 This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information when you use the Service. It also describes your privacy choices and rights under U.S. and California law. If you do not agree with this Privacy Policy, do not use the Service.
1.2 This Policy is tailored to PalAbout’s features—profiles, collaborative posts tied to events, QR code “fistbump” connections and social‑graph map, messaging (not end‑to‑end encrypted), location features, and Pal Points—and should be read together with our Terms of Service. See Terms §§2 (Eligibility), 3 (Overview of Features), 4 (Information We Collect), and 6 (Privacy Controls & Profiles) for feature context.
2. Definitions
2.1 “Personal information” means information that identifies, relates to, describes, or can reasonably be associated with a particular consumer or household.
2.2 “Sensitive Personal Information (SPI)” includes precise geolocation as defined under California law (generally location within ~1,850 feet, subject to regulation). See the California Addendum (Summary) A.1 of the Terms.
2.3 “Processing” means any operation performed on personal information, such as collection, use, disclosure, storage, or deletion.
3. Information We Collect
3.1 Information You Provide.
(a) Account/Profile: email (required), zip code (optional; not associated with your profile and used solely in aggregate to understand regional adoption), username, bio, and profile photo.
(b) Content: posts, photos/captions, collaborative contributions, event details, and feedback you submit.
(c) Messages: one‑to‑one and group messages, including message content (stored to enable delivery and multi‑device sync; messages are not end‑to‑end encrypted). See also §12.3.
3.2 Information Collected Automatically.
(a) Location Data: with your permission, real-time device location (including county, latitude, longitude, country, state, and zip code) to power discovery and safety and to help locate events in your area; we also collect QR connection metadata (e.g., participating users and the location information listed above) to help prevent fraud/abuse and power in-app functionality.
(b) Usage/Telemetry: event participation logs; interactions (posts, contributions, fistbumps); notification and in‑app activity; device/diagnostic data; and cookies/SDKs used for security, performance, and fraud/abuse prevention.
3.3 Information from Others / Visible to Others.
Other users may see your username and profile photo, and—depending on settings and event type—collaborative posts tied to public or private events (see §7.2–§7.3).
3.4 California Categories.
For California disclosure, we collect: identifiers; internet/electronic activity; geolocation (including precise geolocation); photos/visual content you upload; in‑app communications content; and inferences for personalization (subject to your settings). Zip code is optional, not associated with your profile, and used solely in aggregate to understand regional adoption. SPI includes precise geolocation (see §2.2).
3.5 Starter Codes (Temporary). For the first three (3) days after you register your account, you may allow up to three (3) users to friend you immediately by entering your one-time starter code generated at registration. We process limited starter-code metadata (e.g., redemption timestamp and the accounts connected) to facilitate connections and prevent abuse; codes may not be sold or transferred.
4. How We Use Personal Information
4.1 Service Delivery. Provide, operate, and improve core features (posts, events, messaging, connections).
4.2 Social Graph & Discovery. Facilitate QR‑code fistbumps and display your fistbump map.
4.3 Collaboration & Events. Enable collaborative posts and event experiences.
4.4 Personalization. Tailor content/notifications and improve relevance (subject to your settings).
4.5 Safety/Integrity/Moderation. Maintain platform safety, including automated and human review and vendor tooling (e.g., image moderation), and prevent fraud/abuse.
4.6 Compliance & Legal. Respond to valid legal process or emergencies where disclosure is necessary to prevent imminent harm (see §9.4).
4.7 Research & Development. Improve functionality, reliability, and user experience.
4.8 No Sale; Conditional “Share.” We do not sell personal information. If we ever “share” personal information for cross‑context behavioral advertising, we will first provide a clear opt‑out and honor legally required browser‑level signals (see §8.3 and §10.4).
5. Notice at Collection (California)
5.1 Categories Collected: identifiers; internet/electronic activity; geolocation (including precise geolocation); photos/visual content you upload; in‑app communications; and inferences (see §3.4).
5.2 Purposes of Use: service delivery (§4.1), social graph (§4.2), collaboration (§4.3), personalization (§4.4), safety/integrity (§4.5), legal compliance (§4.6), and R&D (§4.7).
5.3 Retention: we maintain schedules and do not retain personal information longer than reasonably necessary for the disclosed purposes (see §11).
5.4 Sale/Share: no sale; any future “share” will include an opt‑out and recognition of required browser‑level signals (see §4.8 and §10.4).
5.5 SPI (Precise Geolocation): you have a right to limit certain uses/disclosures of SPI when used beyond service‑necessary purposes (see §10.3).
6. Cookies, SDKs, and Tracking Technologies
6.1 We use cookies/SDKs and similar technologies for authentication, security, performance, fraud prevention, and product analytics (see §3.2(b)).
6.2 Where required, you will see in‑product controls for targeted advertising/“sharing” and SPI limits (see §10.3–§10.4).
6.3 Opt‑Out Preference Signals. If and when sale/sharing controls are applicable, we will honor legally required browser‑ or device‑level signals (e.g., Global Privacy Control) as an opt‑out of sale/sharing (see §10.4).
7. Visibility Rules Inside PalAbout
7.1 Profiles. Profiles are not viewable without a friend connection.
7.2 Public Events. Collaborative posts tied to public events are visible to all users.
7.3 Private Events. For private events, collaborative posts are visible only to participants during the event and become visible to participants’ friends after the event concludes.
7.4 User Controls. You determine which personal posts appear on your profile and may leave a collaborative post at any time.
7.5 Messaging. Private but not end‑to‑end encrypted; exercise discretion (see §3.1(c) and §12.3).
8. How We Disclose Personal Information
8.1 Service Providers/Contractors. Vendors under contracts that restrict processing to our instructions (e.g., hosting, analytics, moderation, crash reporting, messaging).
8.2 Other Users. Disclosures consistent with §7 visibility rules (e.g., collaborators, event participants).
8.3 No Sale; Conditional “Share.” We do not sell personal information. If we ever engage in “sharing” for cross‑context behavioral advertising, we will provide an opt‑out and honor required signals before doing so.
8.4 Legal Process & Emergencies. We respond to valid legal process and may disclose limited data in good‑faith emergencies to prevent imminent death or serious bodily harm. Where lawful and practicable, we strive to notify users.
8.5 Business Transfers. We may disclose information in connection with a merger, acquisition, or similar transaction with appropriate notice.
8.6 Third‑Party Integrations You Authorize. If you connect third‑party services (e.g., payment, ticketing), their terms and privacy policies govern those services.
9. Your Choices and Controls
9.1 Access/Update/Delete. Use in‑app controls where available or contact us to request access, corrections, or deletion, subject to verification and legal exceptions (see §20 for contact).
9.2 Event and Content Controls. Manage collaborative contributions and visibility per §§7.2–7.4.
9.3 Communications Preferences. Control in‑app notifications; email preferences can be adjusted or opted out (see §§12.1–12.2).
9.4 Safety Reports. Use in‑app tools to report users, content, events, and messages; we may act and disclose as described in §8.4.
10. California Privacy Rights (CPRA/CCPA)
10.1 Rights. California residents have the rights to know/access, delete, correct, opt‑out of sale or sharing, limit certain uses/disclosures of SPI (including precise geolocation), and to non‑discrimination for exercising rights.
10.2 How to Exercise. Submit requests via in‑app mechanisms where available or email support@spireinteractive.com. We will verify your request and respond within timelines required by law, subject to permitted extensions. Authorized agents may submit requests consistent with regulations.
10.3 Limit Use/Disclosure of SPI. We provide controls to limit certain uses/disclosures of precise geolocation when used beyond service‑necessary purposes. See §§5.5 and 3.2(a).
10.4 Opt‑Out of Sale/Sharing & Preference Signals. We do not sell personal information. If we later “share,” we will provide an opt‑out and honor required opt‑out preference signals (e.g., Global Privacy Control). See §§4.8 and 6.3.
10.5 Minors (California “Online Eraser”). Registered users under 18 who are California residents may request removal of content they posted, subject to statutory exceptions.
11. Data Retention and Deletion
11.1 Account Deletion. You may delete your account in‑app or via support; deletion removes your profile and personal posts from active systems.
11.2 Backups/Logs. Certain information may persist temporarily in backups (e.g., 30–90 days) and security logs for a limited period.
11.3 Legal Holds & Safety. We may retain data as necessary to comply with legal obligations (including legal holds), prevent fraud/abuse, support safety investigations, resolve disputes, or enforce our Terms.
11.4 Messaging. Messages are not end‑to‑end encrypted and may be retained as necessary for delivery/sync and safety; deleted messages may persist briefly in backups or legal holds.
11.5 Connections/Telemetry. Limited QR connection metadata (e.g., timestamp and participating users) may be retained for reasonable periods and analyzed in aggregated or de-identified form.
11.6 Schedules. We maintain retention schedules and do not retain personal information longer than reasonably necessary for the disclosed purposes.
12. Communications, Messaging, and Marketing
12.1 Email. We include appropriate sender information and an unsubscribe mechanism in commercial email. You can opt out at any time.
12.2 Organizer Messaging (no SMS). We do not collect phone numbers and do not send SMS/A2P messages. Where organizer or service messaging is enabled, senders must obtain required consents; identify themselves; and honor opt-out. Messaging occurs via in-app notices or email.
12.3 Messaging Privacy. In‑app messages are private but not end‑to‑end encrypted; exercise discretion when sharing sensitive information (see §§3.1(c) and 7.5).
13. Data Security and Incident Response
13.1 Safeguards. We use reasonable administrative, technical, and physical safeguards, including HTTPS, access controls, authentication, and periodic security reviews.
13.2 No Absolute Security. No method of transmission or storage is entirely secure.
13.3 Breach Notice. If a data breach affects you, we will notify you as required by law and take appropriate remedial measures. Where required (including breaches affecting more than 500 California residents), we will submit a sample notice to the California Attorney General.
14. International Processing
14.1 The Service is currently offered to U.S. residents; vendors may process data outside your state. We require appropriate protections for such transfers.
15. Financial Incentives; Pal Points
15.1 Pal Points. Pal Points have no cash value, are non‑transferable, and may be modified, capped, or discontinued.
15.2 Notice of Financial Incentive. If we introduce programs that qualify as a “financial incentive” related to personal information, we will provide a separate, legally compliant notice describing material terms, categories of personal information involved, and how to opt in/out at any time.
16. Changes to This Privacy Policy
16.1 We may update this Privacy Policy when we add major features or change services. We will notify you at next app launch or by reasonable means; continued use after the effective date constitutes acceptance.
17. Children and Teens
17.1 Minimum Age. You must be 13+ to use the Service. If we learn a user under 13 has an account, we will delete the account and associated personal information. Users under 18 must have parent/guardian permission.
17.2 California Minors’ Removal Right. Registered users under 18 who are California residents may request removal of content they posted, subject to statutory exceptions (e.g., legal obligations and reposts by others).
18. Third‑Party Services
18.1 If you connect third‑party services (e.g., payment, ticketing, or other integrations), those services are governed by their own terms and privacy policies. You are responsible for the integrations you choose and any data you share with those third parties.
19. In‑Product Photos/Recording; Community Safety
19.1 Hosts should disclose if photos/videos will be taken and how they’ll be used; attendees should assume images captured at events may include them. Do not misuse others’ likenesses or personal data.
19.2 We use automated tools and human review to detect and address violations; grave violations may result in immediate termination and referral to authorities. We may publish aggregate transparency metrics.
20. Contact
20.1 Questions about this Privacy Policy or your privacy rights: support@spireinteractive.com