Privacy Policy

1. Information We Collect

Account Information. If you create an account, we collect your email address, display name, profile photo (if provided), and authentication identifiers from the sign-in method you choose (email/password, Google, or Apple). If you sign in with Apple using "Hide My Email," we receive only the relay address Apple provides.

Business Listing Information. If you create a Free Listing or enroll in the Business Partner Program, we collect business name, category, address, hours, phone number, website, social and ticketing or reservation links, description, images, and a business contact email address. This information is published as part of your public listing and is governed by the Business Partner Terms & Conditions.

Payment Information. Cherry purchases and Business Partner subscriptions are processed by Stripe. We do not receive or store full payment card numbers. We receive transaction metadata such as the amount, currency, last four digits of the card, payment status, and a Stripe customer identifier. Stripe's handling of your payment information is governed by Stripe's Privacy Policy.

Usage Data. We collect information about how you interact with the Service, such as language selection, favorites, saved events, screens viewed, search queries, and interactions with promotions, in order to operate and improve the Service.

Device and Log Data. We collect device identifiers, device model and operating system, app version, IP address, push notification tokens, crash reports, and diagnostic logs to maintain reliable operation and security of the Service.

Approximate Location. Where you grant permission, the mobile app may use your approximate device location to surface nearby events and venues. You can revoke location permission at any time through your device settings; revoking permission does not delete location data we have already received.

Cookies and Similar Technologies (Web). The todointc.com website uses cookies and similar technologies that are strictly necessary to operate the site (such as authentication and session cookies) and to detect and diagnose errors (Sentry). We do not use third-party advertising cookies.

2. How We Use Information

We use the information we collect to: (a) provide, operate, and maintain the Service; (b) personalize content, including language and nearby-event suggestions; (c) process Cherry purchases, subscriptions, and refunds; (d) publish and manage Free Listings and Business Partner promotions; (e) send service-related emails to user and business contact addresses (such as account notices, billing and renewal reminders, promotion status updates, policy changes, security alerts, and responses to support requests); (f) detect, investigate, and prevent fraud, abuse, or other harmful activity; (g) monitor app performance and diagnose errors; and (h) comply with legal obligations and enforce our terms.

Service-related emails are sent in connection with the operation of your account or listing and you may not be able to opt out of them while your account or listing is active. Marketing emails, where offered, will include an unsubscribe link.

3. Sharing of Information

We do not sell your personal information. We share information only as described below:

• Service providers. We use third-party providers to help us operate the Service, including (without limitation) hosted database and authentication (Supabase), push notifications and authentication providers (such as Firebase, Apple, and Google), payment processing (Stripe), email delivery, hosting and content delivery (such as Netlify and similar providers), and error monitoring (Sentry). These providers process information on our behalf under appropriate confidentiality and security obligations.
• Public listings. Information you submit as part of a Free Listing or Partner Program profile (business name, category, address, hours, contact details, description, images, and links) is published in the Service and is publicly visible to users.
• Legal and safety. We may disclose information if required by law, subpoena, court order, or other legal process, or where we believe disclosure is necessary to protect our rights, the rights of our users, or the safety of any person.
• Business transfers. If we are involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction, subject to this Privacy Policy.

4. Third-Party Links and Content

The Service displays event information aggregated from public sources and may include links to third-party websites such as ticketing, reservation, social media, or business websites. We are not responsible for the content or privacy practices of those third parties. Visiting a linked site is governed by that site's own terms and privacy policy.

5. Data Retention

We retain information for as long as needed to provide the Service and for legitimate business purposes such as security, fraud prevention, dispute resolution, financial recordkeeping, and legal compliance. Transaction and billing records may be retained for the period required by applicable tax and accounting laws even after an account is closed.

6. Your Choices and Rights

You can use the app as a guest or sign in to personalize your experience. You can update your language, favorites, and account details in settings, and you can revoke device permissions (such as location and notifications) at any time through your device settings.

You may also request to access, correct, or delete the personal information we hold about you, or to receive a copy of certain information in a portable format. You can request account deletion through the in-app account settings, the delete account page on todointc.com, or by emailing us at the address in Section 11. We may need to verify your identity before fulfilling certain requests, and we may retain limited information as described in Section 5.

Depending on where you live, you may have additional rights under laws such as the California Consumer Privacy Act (CCPA) or comparable state laws, including the right to know what personal information we collect and to opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising.

7. Security

We implement reasonable administrative, technical, and physical safeguards designed to protect your information, including encryption in transit, restricted access to production systems, and authenticated access controls. However, no system is completely secure and we cannot guarantee absolute security.

8. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take reasonable steps to delete it.

9. International Users

The Service is operated in the United States. If you access the Service from outside the U.S., you consent to the transfer and processing of your information in the U.S. and in countries where our service providers operate, where data-protection laws may differ from those in your country.

10. Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by in-app notice, by email to the address associated with your account or business listing, or by other reasonable means. Your continued use of the Service after the changes take effect signifies your acceptance of the updated Policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at hello@todointc.com.