Privacy Policy

Information You Provide Directly:

• Account Information: Name, email address, password, phone number (optional), profile photo, and demographic information (age, gender - optional).
• Payment Information: Payment details for premium subscriptions processed through our payment processor (Stripe). We do not directly store full payment card details.
• Preferences and Interests: Your event preferences, favorite venues, cuisine preferences, activity interests, budget preferences, accessibility needs, dietary restrictions, and other personalization settings.
• User-Generated Content: Reviews, ratings, photos, comments, event descriptions, group messages, and other content you create or share on the platform.
• Social Connections: Friend connections, group memberships, and social graph information within Hangouty.
• Calendar Information: Event RSVPs, saved events, and calendar integrations (with your permission).
• Communications: Messages you send through our support channels, feedback forms, or in-app messaging.

Location Data:

Location data is essential to Hangouty's core functionality. We collect location information to provide personalized recommendations and services:

• Precise Location: With your permission, we collect GPS coordinates, WiFi access points, and cell tower information from your mobile device to show nearby venues, events, and activities.
• Approximate Location: IP address-based location for web users or when precise location is disabled.
• Location History: We may store your location history to improve recommendations and show you places you've visited.
• Search Locations: Locations you manually enter or search for within the app.
• Check-ins: Venue check-ins and attendance confirmations you voluntarily share.

Location Controls: You can control location permissions through your device settings (iOS/Android) or browser settings (web). Disabling location services will limit certain features but you can still use the Service with manual location entry.

Information Collected Automatically:

• Usage Data: Features used, pages viewed, events browsed, venues saved, search queries, recommendations clicked, time spent, navigation patterns, and interaction data.
• Device Information: Device type, operating system, browser type, device identifiers (IDFA on iOS, Advertising ID on Android), mobile carrier, screen resolution, and app version.
• Log Data: IP address, access times, crash reports, error logs, and performance data.
• Cookies and Tracking Technologies: Cookies, web beacons, local storage, and similar technologies to track activity and personalize experience (see Section 5).
• Camera and Photos: With permission, access to camera and photo library for uploading venue photos and profile pictures.
• Notifications: With permission, push notification tokens and notification interaction data.

Core Service Provision:

• Create and manage your account
• Process subscriptions, payments, and billing
• Authenticate your identity and maintain secure sessions
• Provide customer support and respond to inquiries
• Send transactional communications (confirmations, receipts, updates)
• Enable social features (friend connections, group planning, messaging)

Personalization and Recommendations:

• Provide personalized event, venue, and activity recommendations based on your location, preferences, and history
• Customize your feed and discover page based on your interests
• Show nearby events and venues relevant to your current or saved locations
• Suggest friends and groups based on common interests and connections
• Generate AI-powered itineraries and event plans
• Remember your favorite places and preferences
• Tailor search results to your preferences

Analytics and Improvement:

• Analyze usage patterns to improve the Service
• Monitor Service performance and troubleshoot technical issues
• Conduct research and analytics to understand user behavior
• Test new features and measure their effectiveness
• Improve our AI recommendation algorithms
• Generate aggregated statistics and insights

Communications:

• Send event reminders and notifications
• Notify you of friend activity and group updates
• Inform you of material changes to Terms of Service or Privacy Policy
• Send promotional emails and newsletters (with your consent; opt-out anytime)
• Deliver push notifications about events, friends, and recommendations (with your permission)

Third-Party Service Providers:

• Google Maps: Location data, search queries, and map interactions to provide mapping and directions.
• Yelp: Location data and search queries to retrieve business information and reviews.
• Ticketmaster: Location and event preferences to show relevant events and ticket options.
• OpenTable: Dining preferences and party size for restaurant reservations.
• Weather Services: Location data to provide weather forecasts.
• Payment Processor (Stripe): Payment and billing information to process subscriptions and transactions.
• Cloud Hosting Providers: AWS, Vercel, and other infrastructure providers that host our Service.
• Analytics Services: Anonymized usage data for analytics (Google Analytics, Mixpanel, etc.).
• Email Services: Email addresses for transactional and marketing emails.
• Push Notification Services: Device tokens for mobile push notifications (Apple Push Notification Service, Firebase Cloud Messaging).
• AI/ML Services: Usage data and preferences to power our recommendation algorithms.

These service providers act as data processors and are contractually obligated to protect your information and use it only for the purposes we specify.

Social Sharing Within Hangouty:

• Your profile information, reviews, ratings, and photos are visible to other Hangouty users based on your privacy settings
• Event attendance and check-ins may be visible to your friends
• Group planning information is shared with group members
• You control what information is public vs. visible only to friends through privacy settings

Enterprise Accounts:

• For users with enterprise accounts (PMI, corporate clients), we may share usage data and analytics with your organization's administrators as specified in the enterprise agreement
• Enterprise administrators have access to user management, usage reports, and administrative controls
• We share data with your organization's SSO provider for authentication

Legal Requirements:

• We may disclose information if required by law, court order, subpoena, or government request
• We may disclose information to enforce our Terms of Service, protect our rights, or prevent harm
• We may disclose information to comply with GDPR, CCPA, or other privacy regulations

Business Transfers:

If Hangouty is acquired, merged, or sold, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

Aggregate and Anonymized Data:

We may share aggregated or anonymized data that cannot identify you personally (e.g., "Popular venues in San Francisco" or "Average event attendance trends").

Types of Cookies and Technologies We Use:

• Essential Cookies: Required for core functionality (authentication, session management, security, login state). These cannot be disabled without breaking the Service.
• Preference Cookies: Remember your settings, preferences, saved locations, favorite venues, and personalization choices.
• Analytics Cookies: Measure app performance, user behavior, feature usage, and engagement through services like Google Analytics, Mixpanel, and Amplitude.
• Location Cookies: Store recent locations and search history for faster recommendations.
• Third-Party Cookies: Google Maps, Yelp, Ticketmaster, and other integrated services may set cookies to track interactions with their content.
• Mobile Identifiers: iOS IDFA and Android Advertising ID for analytics and attribution (can be reset in device settings).

Cookie Consent:

• We do not require consent for essential functional cookies required for the Service to operate
• For non-essential cookies (analytics, tracking), we obtain your consent through a cookie banner on first visit
• By continuing to use the Service after dismissing the cookie notice, you consent to non-essential cookies
• You can modify your cookie preferences through our cookie settings panel

Security Practices:

• Encryption: HTTPS/TLS encryption for data in transit; AES-256 encryption for sensitive data at rest
• Access Controls: Role-based access control (RBAC) limiting access to personal information to authorized personnel only
• Payment Security: Payment processing complies with PCI DSS (Payment Card Industry Data Security Standard)
• Authentication: Secure password hashing (bcrypt), multi-factor authentication options, and session management
• Infrastructure: Secure cloud hosting with AWS and Vercel, firewalls, DDoS protection
• Monitoring: 24/7 security monitoring, intrusion detection, and automated threat response
• Code Security: Regular security audits, penetration testing, and SAST/DAST scanning in CI/CD pipeline
• Employee Training: Security awareness training and background checks for employees with data access

Security Limitations:

• No security system is 100% secure. We cannot guarantee absolute security of information transmitted over the internet
• You are responsible for maintaining the confidentiality of your account credentials
• Notify us immediately at amr.metwaly1@outlook.com if you suspect unauthorized access to your account
• Use strong, unique passwords and enable two-factor authentication

Universal Rights (All Users):

• Access Your Information: Request a copy of personal information we hold about you by emailingamr.metwaly1@outlook.com with "Data Access Request" in the subject line.
• Correct Your Information: Update account information through account settings or contact us for assistance.
• Delete Your Information: Request deletion by emailing amr.metwaly1@outlook.com with "Data Deletion Request" in the subject line.
• Opt Out of Communications: Unsubscribe from promotional emails using the unsubscribe link; disable push notifications in app settings or device settings.
• Manage Cookies: Control cookies through our cookie settings panel or browser settings.
• Control Location Data: Disable location services in device settings or app settings.
• Privacy Settings: Control visibility of your profile, reviews, and activity through privacy settings.

We will respond to privacy requests within 30 days.

California Consumer Privacy Act (CCPA) Rights:

If you are a California resident, you have the following rights under CCPA:

• Right to Know: Request what personal information we collect, use, disclose, and sell (if any).
• Right to Delete: Request deletion of personal information (with limited exceptions for legal compliance).
• Right to Opt-Out: Request that we do not sell or share your personal information (note: we do not sell personal information).
• Right to Correction: Request correction of inaccurate personal information.
• Right to Limit: Request that we limit use of sensitive personal information (location, preferences).
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

GDPR Rights (EU/EEA/UK Residents):

If you are located in the EU, EEA, or UK, you have rights under GDPR:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion ("right to be forgotten")
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for processing at any time
• Right to Lodge a Complaint: File a complaint with your local supervisory authority

Legal Basis for Processing: We process your data based on consent, contract performance, legal obligations, and legitimate interests (service improvement, security, analytics).

Contact our EU representative or DPO at amr.metwaly1@outlook.com for GDPR inquiries.

Notification of Changes:

• Material changes will be communicated via email to your registered email address
• We will post an updated "Last Updated" date at the top of this policy
• Prominent in-app notifications for significant changes
• Your continued use of Hangouty after updates constitutes acceptance of the revised Privacy Policy
• For significant changes affecting your rights, we may request your affirmative consent

Contact Information:

• Privacy Inquiries: amr.metwaly1@outlook.com
• GDPR/CCPA Requests: amr.metwaly1@outlook.com (subject: "GDPR Request" or "CCPA Request")
• Data Protection Officer: amr.metwaly1@outlook.com
• Security Issues: amr.metwaly1@outlook.com
• General Support: amr.metwaly1@outlook.com
• Enterprise Inquiries: amr.metwaly1@outlook.com
• Mailing Address: 131 Continental Drive Suite 305 Newark DE 19713 USA