Privacy Policy |

# Privacy Policy

Last Updated: January 21, 2026

## 1. Introduction

ShareFree ("Company", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect information when you use our website (the "Web App") and mobile application (the "Mobile App"), collectively referred to as the "Service".

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, you must not use the Service.

IMPORTANT: This Privacy Policy should be read in conjunction with our Terms and Conditions, which govern your use of the Service.

## 2. Key Privacy Principles

### 2.1 Data Minimization

We encourage you to provide only the minimum information necessary to use the Service. You control what personal information you share:

- You are not required to provide information beyond what is necessary for basic functionality

- You choose what to include in your profile

- You decide what information to share with other users

- You control your privacy settings

### 2.2 User Responsibility

YOU ARE RESPONSIBLE FOR:

- The accuracy and legality of information you provide

- Protecting your account credentials and personal information

- Decisions about what information to share with other users

- Understanding the privacy implications of sharing location, contact information, or other personal data

- Compliance with applicable privacy and data protection laws in your jurisdiction

### 2.3 No Guarantee of Absolute Security

While we implement industry-standard security measures:

- NO SYSTEM IS 100% SECURE

- We cannot guarantee absolute protection against unauthorized access, data breaches, or security incidents

- You use the Service at your own risk

- We are not liable for security breaches beyond our reasonable control

## 3. Information We Collect

We collect several types of information from and about users of the Service.

### 3.1 Information You Provide Directly

#### 3.1.1 Account Information

When you create an account, we collect:

- Email address (required for account creation and authentication)

- Authentication credentials (password or third-party OAuth tokens)

- Display name (required)

- Profile photo (optional)

- Bio/description (optional)

#### 3.1.2 Profile Information

You may optionally provide:

- Meet-up address (for coordinating item exchanges)

- Home address (for pickup/delivery coordination)

- Phone number (for communication with other users)

- Preferences and settings

IMPORTANT: You control whether and when to share addresses with other users. We do not require you to provide precise addresses, and we encourage using meet-up locations rather than home addresses when possible.

#### 3.1.3 Listing Content

When you create listings, we collect:

- Titles and descriptions

- Photos and images (stored in our cloud storage)

- Category and type information

- Condition and availability details

- Geographic location (approximate, see Section 3.3)

#### 3.1.4 Messages and Communications

We collect:

- Messages sent through the in-platform messaging system

- Customer support communications

- Feedback and survey responses

Messages may be monitored for safety, security, and compliance purposes, including through automated content moderation systems.

#### 3.1.5 Transaction Information

We collect information related to your use of the Service:

- Claims you create or receive

- Ratings and reviews you provide or receive

- Transaction history and status

- Favorites and bookmarks

- Notification preferences

- User blocking actions

### 3.2 Information Collected Automatically

#### 3.2.1 Web App (Browser-Based)

When you access the Web App, we automatically collect:

- Device Information:

- Device type and model

- Operating system and version

- Browser type and version

- Screen resolution

- Language preferences

- Usage Information:

- Pages visited and features used

- Time spent on pages

- Click and navigation patterns

- Search queries

- Interactions with content

- Technical Information:

- IP address (may be used for geolocation)

- User agent string

- Referring/exit pages

- Session identifiers

- Cookies and similar tracking technologies (see Section 6)

#### 3.2.2 Mobile App

When you use the Mobile App, we automatically collect:

- Device Information:

- Device unique identifier (UDID/Advertising ID)

- Device type, model, and manufacturer

- Operating system and version

- Mobile network information

- Device settings

- App version

- Usage Information:

- App features and screens accessed

- Interactions with app elements

- App performance and crash data

- Time spent in app and individual screens

- Technical Information:

- IP address

- Mobile carrier

- Time zone

- Network connection type (Wi-Fi, cellular)

- Push notification tokens (if enabled)

### 3.3 Location Information

We collect location data to provide community-based features:

#### 3.3.1 How Location is Collected

- Web App: Based on IP address or browser geolocation API (if you grant permission)

- Mobile App: Based on device GPS, Wi-Fi, or cellular tower information (with your permission)

#### 3.3.2 Location Precision

We prioritize location privacy:

- On mobile devices, we request coarse location permissions only (approximately 100-meter accuracy)

- Location coordinates are rounded to approximately 100 meters before storage

- We store approximate geographic areas, not precise locations

- We use location to determine community membership and display relevant listings

#### 3.3.3 Location Sharing

- Your approximate location is visible to users in your community

- You can choose to share more precise addresses (meetup or home addresses) with specific users on a per-transaction basis

- Precise addresses are only shared after you explicitly choose to share them

- Address information is "snapshotted" at the time of sharing and stored separately from your profile

### 3.4 Information from Third Parties

#### 3.4.1 Authentication Providers

When you authenticate using third-party services (Google, Apple), we receive:

- Profile information (name, email, profile picture) as permitted by the provider

- Unique identifier from the provider

- Authentication tokens

You should review the privacy policies of these authentication providers to understand what information they share with us.

#### 3.4.2 Analytics and Service Providers

We may receive aggregated, anonymized information from third-party analytics providers about how users interact with the Service.

### 3.5 Information You Are Not Required to Provide

We do NOT collect:

- Age or date of birth

- Gender or gender identity

- Race or ethnicity

- Financial information (unless you make purchases, in which case payment is processed by third parties)

- Biometric information

- Health information

- Social security numbers or government identifiers

## 4. How We Use Your Information

We use the information we collect for the following purposes:

### 4.1 Service Provision and Operation

- Create and manage your account

- Process and facilitate transactions between users

- Enable communication between users (messaging)

- Display listings and user profiles

- Match users based on geographic communities

- Calculate and display reputation metrics (ratings, transaction counts)

- Send transactional notifications (claim updates, messages, etc.)

- Provide customer support

### 4.2 Service Improvement

- Analyze usage patterns and trends (using aggregated, anonymized data)

- Identify and fix technical issues

- Test new features and improvements

- Conduct research and development

- Improve user experience and interface design

### 4.3 Safety and Security

- Detect and prevent fraud, abuse, and illegal activity

- Enforce our Terms and Conditions

- Moderate content using automated and manual review

- Monitor for prohibited content and behavior

- Protect the rights, property, and safety of the Company, users, and the public

- Comply with legal obligations and law enforcement requests

### 4.4 Content Moderation

We use AI-powered content moderation systems to:

- Analyze listings for prohibited or inappropriate content

- Detect potentially fraudulent or misleading listings

- Suggest appropriate categories for listings

- Monitor messages for safety and compliance

Note: AI systems are not perfect. We do not guarantee that all prohibited content will be detected, nor do we guarantee that legitimate content will never be incorrectly flagged.

### 4.5 Communication

- Send service-related announcements and updates

- Respond to your inquiries and support requests

- Send push notifications (mobile) and email notifications about your activity

- Send administrative messages about your account or the Service

You may opt out of non-essential communications, but some transactional communications are necessary for Service operation.

### 4.6 Analytics and Performance

- Measure and analyze Service usage and performance

- Understand user demographics and behavior (in aggregate)

- Conduct A/B testing and experiments

- Generate statistical and analytical reports

### 4.7 Legal Compliance

- Comply with applicable laws and regulations

- Respond to legal requests (subpoenas, court orders, legal processes)

- Protect our legal rights and interests

- Enforce our agreements and policies

## 5. How We Share Your Information

### 5.1 With Other Users

By design, the Service facilitates sharing information with other users:

#### 5.1.1 Publicly Visible Information

The following information is visible to other users in your community:

- Your display name and profile photo

- Your bio/description (if provided)

- Your listings (titles, descriptions, photos, approximate location)

- Your reputation metrics (ratings, transaction counts, member since date)

- Reviews and ratings you receive

#### 5.1.2 Information Shared Upon Claim Confirmation

When a giver confirms your claim (or you confirm a claim as a giver), the following information is shared between the two users:

- Contact information you've chosen to share (address, phone number)

- Real-time messaging capabilities

- Transaction status and updates

IMPORTANT: Once information is shared with another user, we cannot control how they use, store, or further share that information. Be cautious about what you share.

### 5.2 With Service Providers

We share information with third-party service providers who perform services on our behalf, including:

- Cloud infrastructure providers (server hosting, data storage)

- Authentication services (Google, Apple OAuth)

- Email delivery services (transactional and notification emails)

- Push notification services (mobile notifications)

- AI/machine learning services (content moderation, image analysis)

- Analytics providers (usage analytics, performance monitoring)

- Customer support tools

These providers are contractually obligated to use your information only for the purposes of providing services to us and are required to maintain reasonable security measures. However, WE ARE NOT LIABLE FOR THE ACTS OR OMISSIONS OF THIRD-PARTY SERVICE PROVIDERS.

### 5.3 For Legal Reasons

We may disclose your information:

- To comply with legal obligations (subpoenas, court orders, legal processes)

- To law enforcement when we believe disclosure is necessary to investigate, prevent, or take action regarding illegal activities, fraud, or threats to safety

- To enforce our Terms and Conditions and other agreements

- To protect the rights, property, or safety of the Company, our users, or others

- As required by law or in response to valid legal requests

We may notify you of legal requests unless prohibited by law.

### 5.4 In Business Transfers

If the Company is involved in a merger, acquisition, reorganization, sale of assets, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on the Service of any change in ownership or use of your information.

### 5.5 With Your Consent

We may share your information for purposes not described in this Privacy Policy with your explicit consent.

### 5.6 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for any purpose, including:

- Research and analysis

- Marketing and promotional purposes

- Public reports on Service usage and trends

## 6. Cookies and Tracking Technologies

### 6.1 Web App

We use cookies and similar tracking technologies on the Web App to:

- Authenticate users and maintain sessions

- Remember preferences and settings

- Analyze usage patterns (via analytics services)

- Improve performance and user experience

- Detect and prevent fraud

#### Types of Cookies:

- Essential Cookies: Required for authentication and core Service functionality. Cannot be disabled without preventing Service use.

- Analytics Cookies: Track usage patterns to help us improve the Service. May be disabled via browser settings.

- Preference Cookies: Remember your settings and preferences.

#### Managing Cookies:

You can control cookies through your browser settings. Note that disabling essential cookies will prevent you from using the Service. Disabling analytics cookies may limit our ability to improve the Service but will not affect core functionality.

### 6.2 Mobile App

The Mobile App uses similar tracking technologies:

- Session tokens for authentication

- Local storage for preferences and offline functionality

- Device identifiers for analytics and performance monitoring

- Push notification tokens (if you enable notifications)

You can control some tracking through your device settings (e.g., disable analytics, manage app permissions).

### 6.3 Third-Party Tracking

Third-party services integrated into our Service (analytics providers, authentication providers) may use their own tracking technologies. We do not control these third-party technologies. Please review the privacy policies of these third parties to understand their practices.

## 7. Data Storage and Security

### 7.1 Where Data is Stored

Your information is stored on servers provided by our cloud infrastructure partners (Supabase), which may be located in various jurisdictions. By using the Service, you consent to the transfer and storage of your information in these locations.

### 7.2 How Long We Retain Data

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention periods:

- Account information: Retained while your account is active

- Listings: Retained while your account is active (completed/cancelled listings may be archived)

- Messages: Retained while your account is active (deleted after account deletion, subject to legal requirements)

- Transaction history: Retained for a minimum of 3 years for dispute resolution, legal compliance, and fraud prevention

- Deleted accounts: Some information may be retained for legal, security, or operational purposes even after account deletion

You may request deletion of your data as described in Section 10.

### 7.3 Security Measures

We implement industry-standard security measures to protect your information, including:

- Encryption in transit (HTTPS/TLS)

- Encryption at rest for sensitive data

- Access controls limiting employee and contractor access to personal information

- Authentication and authorization systems

- Regular security assessments and monitoring

- Row-Level Security (RLS) policies in our database to restrict data access

### 7.4 Security Limitations

IMPORTANT: Despite our efforts:

- NO SECURITY SYSTEM IS IMPENETRABLE

- We cannot guarantee absolute security against hacking, data breaches, or unauthorized access

- Vulnerabilities may exist in third-party systems we rely on

- Users may be targeted through phishing, social engineering, or other attacks outside our control

WE ARE NOT LIABLE FOR SECURITY INCIDENTS BEYOND OUR REASONABLE CONTROL, INCLUDING:

- Breaches resulting from user negligence (weak passwords, sharing credentials)

- Breaches of third-party service providers

- Attacks using unknown vulnerabilities

- Force majeure events

### 7.5 Data Breaches

In the event of a data breach that affects your personal information:

- We will investigate and take steps to mitigate the impact

- We will notify affected users as required by applicable law

- We will cooperate with law enforcement and regulatory authorities

However, our liability for data breaches is limited as described in our Terms and Conditions.

## 8. Your Privacy Choices and Controls

### 8.1 Account Settings

You can control certain privacy settings through your account:

- Profile visibility: Choose what information appears in your profile

- Address sharing: Control when and with whom you share addresses

- Notification preferences: Manage email and push notifications

- Location permissions: Grant or deny location access (mobile)

### 8.2 Communication Preferences

You can opt out of:

- Marketing emails (if any)

- Push notifications (via device settings or app settings)

- Non-essential communications

You cannot opt out of essential transactional communications required for Service operation (e.g., claim updates, security alerts).

### 8.3 Cookie Management

- Web: Use browser settings to block or delete cookies

- Mobile: Use device settings to manage app tracking and permissions

### 8.4 Location Permissions

- Mobile: Grant or revoke location permissions through device settings

- Web: Control browser geolocation permissions

Note that denying location permissions may limit Service functionality.

### 8.5 Third-Party Account Connections

You may disconnect third-party authentication accounts (Google, Apple) through your account settings, though this may affect your ability to log in if it's your only authentication method.

## 9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18.

If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

If you believe we have collected information from a child under 18, please contact us immediately at privacy@sharefree.com.

## 10. Your Privacy Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information.

### 10.1 Access and Portability

You have the right to:

- Access your personal information held by us

- Request a copy of your data in a structured, commonly used format (data portability)

You can access most of your information through your account settings. For additional access requests, contact us at privacy@sharefree.com.

### 10.2 Correction and Updates

You have the right to:

- Correct inaccurate information

- Update outdated information

You can update most information through your account settings.

### 10.3 Deletion and Erasure

You have the right to request deletion of your personal information ("right to be forgotten"), subject to certain exceptions.

How to delete your account:

1. Access account settings in the Web App or Mobile App

2. Select "Delete Account"

3. Follow the prompts to confirm deletion

Important limitations:

- Some information may be retained for legal, security, or operational purposes (e.g., transaction records, legal compliance, fraud prevention)

- Information shared with other users (messages, reviews) may remain visible to those users even after your account is deleted

- Aggregated, anonymized data may be retained indefinitely

- Cached or archived copies may persist for a reasonable period

### 10.4 Restriction of Processing

In certain circumstances, you may request that we restrict processing of your personal information. This may limit Service functionality.

### 10.5 Objection to Processing

You may object to certain processing of your personal information, such as:

- Direct marketing (you can opt out via account settings)

- Automated decision-making (contact us to request human review)

### 10.6 Withdrawal of Consent

Where processing is based on your consent, you may withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.

### 10.7 Exercising Your Rights

To exercise any of these rights, contact us at privacy@sharefree.com with:

- Your name and email address associated with your account

- A description of the request

- Verification of your identity (we may request additional information to confirm your identity)

Response time: We will respond to verifiable requests within a reasonable timeframe as required by applicable law (typically 30-45 days).

Limitations: We may deny requests that:

- Are manifestly unfounded or excessive

- Would compromise the privacy of others

- Are prohibited by law

- Would compromise security or fraud prevention measures

- Require disproportionate technical effort

### 10.8 Complaints

If you believe we have not handled your personal information properly, you have the right to lodge a complaint with a data protection authority in your jurisdiction.

## 11. International Data Transfers

The Service is operated from and hosted in To be determined. If you are located outside To be determined, your information will be transferred to and processed in To be determined.

By using the Service, you consent to the transfer of your information to jurisdictions that may not provide the same level of data protection as your home jurisdiction.

We take steps to ensure that your information receives an adequate level of protection wherever it is processed, including through:

- Contractual commitments with service providers

- Compliance with applicable data protection frameworks

- Implementation of appropriate technical and organizational measures

## 12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

### 12.1 Right to Know

You have the right to request information about:

- Categories of personal information collected

- Categories of sources from which information is collected

- Business or commercial purposes for collection

- Categories of third parties with whom information is shared

- Specific pieces of personal information collected about you

### 12.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions (legal obligations, fraud prevention, etc.).

### 12.3 Right to Opt-Out

You have the right to opt out of:

- Sale of personal information: We do not sell personal information

- Sharing for cross-context behavioral advertising: We do not share information for this purpose

- Automated decision-making: Contact us to request human review

### 12.4 Right to Correct

You have the right to request correction of inaccurate personal information.

### 12.5 Right to Limit Use of Sensitive Personal Information

We do not use sensitive personal information for purposes other than Service provision.

### 12.6 Non-Discrimination

We will not discriminate against you for exercising your CCPA/CPRA rights.

### 12.7 Authorized Agents

You may designate an authorized agent to make requests on your behalf. We may require verification of the agent's authority.

### 12.8 Contact for California Residents

To exercise your CCPA/CPRA rights, contact us at privacy@sharefree.com or To be determined.

## 13. European Economic Area (EEA) and UK Privacy Rights (GDPR)

If you are located in the EEA or UK, you have rights under the General Data Protection Regulation (GDPR):

### 13.1 Legal Basis for Processing

We process your personal information based on:

- Contractual necessity: To provide the Service and fulfill our Terms and Conditions

- Legitimate interests: To improve the Service, prevent fraud, and ensure security

- Consent: Where you have provided explicit consent (e.g., location tracking, marketing communications)

- Legal obligations: To comply with applicable laws

### 13.2 GDPR Rights

You have the right to:

- Access your personal data

- Rectify inaccurate data

- Erase your data ("right to be forgotten")

- Restrict processing

- Object to processing

- Data portability

- Withdraw consent

- Lodge a complaint with a supervisory authority

### 13.3 Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer at dpo@sharefree.com.

### 13.4 International Transfers

Transfers of personal data outside the EEA/UK are protected by:

- Standard Contractual Clauses (SCCs)

- Adequacy decisions

- Other appropriate safeguards

## 14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in:

- Our practices

- Legal requirements

- Service features

- Technology

### 14.1 Notice of Changes

When we make changes, we will:

- Update the "Last Updated" date at the top of this Privacy Policy

- Post the revised Privacy Policy on the Service

- Notify you via email or in-app notification for material changes (at our discretion)

### 14.2 Effective Date

Changes are effective:

- Immediately upon posting for non-material changes

- Upon notice for material changes

### 14.3 Your Acceptance

Your continued use of the Service after changes are posted constitutes your acceptance of the revised Privacy Policy. If you do not agree with the changes, you must stop using the Service and may delete your account.

### 14.4 Your Responsibility

It is your responsibility to review this Privacy Policy periodically.

## 15. Third-Party Services and Links

The Service integrates with and links to third-party services that have their own privacy policies:

### 15.1 Third-Party Services We Use

- Supabase: Cloud database, authentication, and storage (Privacy Policy: https://supabase.com/privacy)

- Google OAuth: Authentication (Privacy Policy: https://policies.google.com/privacy)

- Apple Sign-In: Authentication (Privacy Policy: https://www.apple.com/legal/privacy/)

- Resend: Email delivery (Privacy Policy: https://resend.com/legal/privacy)

- AI/ML Services: Content moderation and image analysis

### 15.2 Third-Party Links

The Service may contain links to external websites. WE ARE NOT RESPONSIBLE FOR THE PRIVACY PRACTICES OF THIRD-PARTY WEBSITES. We encourage you to review the privacy policies of any third-party sites you visit.

### 15.3 No Control Over Third Parties

We do not control the privacy practices of third-party services and are not liable for their acts or omissions.

## 16. Push Notifications (Mobile App)

### 16.1 Push Notification Consent

When you install the Mobile App, you may be asked to allow push notifications. You can:

- Grant permission to receive push notifications about claims, messages, and updates

- Deny permission to disable all push notifications

### 16.2 Managing Push Notifications

You can manage push notification settings:

- In-app: Through the app settings menu

- Device-level: Through your device's notification settings

### 16.3 Push Notification Tokens

When you enable push notifications, we collect a push notification token to send notifications to your device. This token is stored securely and is not shared with third parties except our push notification service provider.

## 17. Analytics and Performance Monitoring

We use analytics and performance monitoring tools to understand how users interact with the Service and to identify technical issues.

### 17.1 Analytics Data Collected

- Page views and screen views

- User flows and navigation patterns

- Feature usage

- Session duration

- Device and browser information

- Performance metrics (load times, errors, crashes)

### 17.2 Analytics Providers

We may use third-party analytics providers, which may collect and process data according to their own privacy policies.

### 17.3 Opting Out of Analytics

You may opt out of analytics tracking:

- Web: Through browser settings or opt-out tools provided by analytics services

- Mobile: Through device settings (e.g., "Limit Ad Tracking" on iOS, "Opt out of Ads Personalization" on Android)

## 18. Do Not Track Signals

Some browsers support "Do Not Track" (DNT) signals. At this time, the Service does not respond to DNT signals. We will update this Privacy Policy if we implement DNT support in the future.

## 19. Data Security Best Practices for Users

While we implement security measures, YOU ARE RESPONSIBLE FOR PROTECTING YOUR INFORMATION. We recommend:

- Use strong, unique passwords for your account

- Enable two-factor authentication if available

- Do not share your account credentials with others

- Be cautious about what information you share with other users

- Use meetup addresses rather than home addresses when possible

- Log out of your account on shared or public devices

- Keep your device software updated to protect against security vulnerabilities

- Be wary of phishing attempts and only log in through official channels

## 20. Automated Decision-Making

We may use automated systems (including AI) for:

- Content moderation: Detecting prohibited or inappropriate content

- Fraud detection: Identifying suspicious activity

- Category suggestions: Recommending listing categories

- Spam filtering: Detecting spam or abusive messages

These systems are not perfect and may produce false positives or false negatives. You have the right to request human review of automated decisions that significantly affect you. Contact us at privacy@sharefree.com.

## 21. User-Generated Content and Public Information

Remember that any information you choose to share in public areas of the Service (listings, reviews, profile) may be:

- Viewed by other users

- Indexed by search engines

- Copied, saved, or shared by other users outside the platform

WE ARE NOT RESPONSIBLE FOR HOW OTHER USERS USE INFORMATION YOU MAKE PUBLIC. Think carefully before sharing personal information.

## 22. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Privacy Email: privacy@sharefree.com

Legal Email: legal@sharefree.com

Data Protection Officer (GDPR): dpo@sharefree.com

California Privacy Rights: privacy@sharefree.com or To be determined

Mailing Address:

To be determined

We will respond to inquiries within a reasonable timeframe as required by applicable law.

---

## 23. Summary of Key Points (Plain Language)

This section provides a plain-language summary of key points. The full Privacy Policy above governs in case of any conflict.

What information do we collect?

- Information you provide (name, email, profile details, listings, messages)

- Information collected automatically (device info, usage data, IP address)

- Approximate location data (rounded to ~100m for privacy)

How do we use your information?

- To provide and improve the Service

- To facilitate transactions between users

- For safety, security, and content moderation

- To send notifications and communications

- To comply with legal obligations

Who do we share your information with?

- Other users (profile info, listings, addresses when you choose to share)

- Service providers who help us operate the Service

- Law enforcement when required or to protect safety

- In business transfers (mergers, acquisitions)

How do we protect your information?

- Industry-standard security measures (encryption, access controls)

- But no system is 100% secure—you use the Service at your own risk

What are your rights?

- Access, correct, and delete your information

- Control what you share with other users

- Opt out of non-essential communications

- Lodge complaints with data protection authorities

How long do we keep your data?

- While your account is active

- Some data retained after deletion for legal/security purposes

How can you contact us?

- Email us at privacy@sharefree.com for privacy questions

Your responsibility:

- Protect your account credentials

- Only share information you're comfortable sharing

- Verify the legitimacy of transactions

- Be cautious about sharing addresses and contact information

---

By using the Service, you acknowledge that you have read, understood, and agree to this Privacy Policy.

# Privacy Policy

Last Updated: January 21, 2026

## 1. Introduction

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, you must not use the Service.

IMPORTANT: This Privacy Policy should be read in conjunction with our Terms and Conditions, which govern your use of the Service.

## 2. Key Privacy Principles

### 2.1 Data Minimization

We encourage you to provide only the minimum information necessary to use the Service. You control what personal information you share:

- You are not required to provide information beyond what is necessary for basic functionality

- You choose what to include in your profile

- You decide what information to share with other users

- You control your privacy settings

### 2.2 User Responsibility

YOU ARE RESPONSIBLE FOR:

- The accuracy and legality of information you provide

- Protecting your account credentials and personal information

- Decisions about what information to share with other users

- Understanding the privacy implications of sharing location, contact information, or other personal data

- Compliance with applicable privacy and data protection laws in your jurisdiction

### 2.3 No Guarantee of Absolute Security

While we implement industry-standard security measures:

- NO SYSTEM IS 100% SECURE

- We cannot guarantee absolute protection against unauthorized access, data breaches, or security incidents

- You use the Service at your own risk

- We are not liable for security breaches beyond our reasonable control

## 3. Information We Collect

We collect several types of information from and about users of the Service.

### 3.1 Information You Provide Directly

#### 3.1.1 Account Information

When you create an account, we collect:

- Email address (required for account creation and authentication)

- Authentication credentials (password or third-party OAuth tokens)

- Display name (required)

- Profile photo (optional)

- Bio/description (optional)

#### 3.1.2 Profile Information

You may optionally provide:

- Meet-up address (for coordinating item exchanges)

- Home address (for pickup/delivery coordination)

- Phone number (for communication with other users)

- Preferences and settings

#### 3.1.3 Listing Content

When you create listings, we collect:

- Titles and descriptions

- Photos and images (stored in our cloud storage)

- Category and type information

- Condition and availability details

- Geographic location (approximate, see Section 3.3)

#### 3.1.4 Messages and Communications

We collect:

- Messages sent through the in-platform messaging system

- Customer support communications

- Feedback and survey responses

Messages may be monitored for safety, security, and compliance purposes, including through automated content moderation systems.

#### 3.1.5 Transaction Information

We collect information related to your use of the Service:

- Claims you create or receive

- Ratings and reviews you provide or receive

- Transaction history and status

- Favorites and bookmarks

- Notification preferences

- User blocking actions

### 3.2 Information Collected Automatically

#### 3.2.1 Web App (Browser-Based)

When you access the Web App, we automatically collect:

- Device Information:

- Device type and model

- Operating system and version

- Browser type and version

- Screen resolution

- Language preferences

- Usage Information:

- Pages visited and features used

- Time spent on pages

- Click and navigation patterns

- Search queries

- Interactions with content

- Technical Information:

- IP address (may be used for geolocation)

- User agent string

- Referring/exit pages

- Session identifiers

- Cookies and similar tracking technologies (see Section 6)

#### 3.2.2 Mobile App

When you use the Mobile App, we automatically collect:

- Device Information:

- Device unique identifier (UDID/Advertising ID)

- Device type, model, and manufacturer

- Operating system and version

- Mobile network information

- Device settings

- App version

- Usage Information:

- App features and screens accessed

- Interactions with app elements

- App performance and crash data

- Time spent in app and individual screens

- Technical Information:

- IP address

- Mobile carrier

- Time zone

- Network connection type (Wi-Fi, cellular)

- Push notification tokens (if enabled)

### 3.3 Location Information

We collect location data to provide community-based features:

#### 3.3.1 How Location is Collected

- Web App: Based on IP address or browser geolocation API (if you grant permission)

- Mobile App: Based on device GPS, Wi-Fi, or cellular tower information (with your permission)

#### 3.3.2 Location Precision

We prioritize location privacy:

- On mobile devices, we request coarse location permissions only (approximately 100-meter accuracy)

- Location coordinates are rounded to approximately 100 meters before storage

- We store approximate geographic areas, not precise locations

- We use location to determine community membership and display relevant listings

#### 3.3.3 Location Sharing

- Your approximate location is visible to users in your community

- You can choose to share more precise addresses (meetup or home addresses) with specific users on a per-transaction basis

- Precise addresses are only shared after you explicitly choose to share them

- Address information is "snapshotted" at the time of sharing and stored separately from your profile

### 3.4 Information from Third Parties

#### 3.4.1 Authentication Providers

When you authenticate using third-party services (Google, Apple), we receive:

- Profile information (name, email, profile picture) as permitted by the provider

- Unique identifier from the provider

- Authentication tokens

You should review the privacy policies of these authentication providers to understand what information they share with us.

#### 3.4.2 Analytics and Service Providers

We may receive aggregated, anonymized information from third-party analytics providers about how users interact with the Service.

### 3.5 Information You Are Not Required to Provide

We do NOT collect:

- Age or date of birth

- Gender or gender identity

- Race or ethnicity

- Financial information (unless you make purchases, in which case payment is processed by third parties)

- Biometric information

- Health information

- Social security numbers or government identifiers

## 4. How We Use Your Information

We use the information we collect for the following purposes:

### 4.1 Service Provision and Operation

- Create and manage your account

- Process and facilitate transactions between users

- Enable communication between users (messaging)

- Display listings and user profiles

- Match users based on geographic communities

- Calculate and display reputation metrics (ratings, transaction counts)

- Send transactional notifications (claim updates, messages, etc.)

- Provide customer support

### 4.2 Service Improvement

- Analyze usage patterns and trends (using aggregated, anonymized data)

- Identify and fix technical issues

- Test new features and improvements

- Conduct research and development

- Improve user experience and interface design

### 4.3 Safety and Security

- Detect and prevent fraud, abuse, and illegal activity

- Enforce our Terms and Conditions

- Moderate content using automated and manual review

- Monitor for prohibited content and behavior

- Protect the rights, property, and safety of the Company, users, and the public

- Comply with legal obligations and law enforcement requests

### 4.4 Content Moderation

We use AI-powered content moderation systems to:

- Analyze listings for prohibited or inappropriate content

- Detect potentially fraudulent or misleading listings

- Suggest appropriate categories for listings

- Monitor messages for safety and compliance

Note: AI systems are not perfect. We do not guarantee that all prohibited content will be detected, nor do we guarantee that legitimate content will never be incorrectly flagged.

### 4.5 Communication

- Send service-related announcements and updates

- Respond to your inquiries and support requests

- Send push notifications (mobile) and email notifications about your activity

- Send administrative messages about your account or the Service

You may opt out of non-essential communications, but some transactional communications are necessary for Service operation.

### 4.6 Analytics and Performance

- Measure and analyze Service usage and performance

- Understand user demographics and behavior (in aggregate)

- Conduct A/B testing and experiments

- Generate statistical and analytical reports

### 4.7 Legal Compliance

- Comply with applicable laws and regulations

- Respond to legal requests (subpoenas, court orders, legal processes)

- Protect our legal rights and interests

- Enforce our agreements and policies

## 5. How We Share Your Information

### 5.1 With Other Users

By design, the Service facilitates sharing information with other users:

#### 5.1.1 Publicly Visible Information

The following information is visible to other users in your community:

- Your display name and profile photo

- Your bio/description (if provided)

- Your listings (titles, descriptions, photos, approximate location)

- Your reputation metrics (ratings, transaction counts, member since date)

- Reviews and ratings you receive

#### 5.1.2 Information Shared Upon Claim Confirmation

When a giver confirms your claim (or you confirm a claim as a giver), the following information is shared between the two users:

- Contact information you've chosen to share (address, phone number)

- Real-time messaging capabilities

- Transaction status and updates

IMPORTANT: Once information is shared with another user, we cannot control how they use, store, or further share that information. Be cautious about what you share.

### 5.2 With Service Providers

We share information with third-party service providers who perform services on our behalf, including:

- Cloud infrastructure providers (server hosting, data storage)

- Authentication services (Google, Apple OAuth)

- Email delivery services (transactional and notification emails)

- Push notification services (mobile notifications)

- AI/machine learning services (content moderation, image analysis)

- Analytics providers (usage analytics, performance monitoring)

- Customer support tools

### 5.3 For Legal Reasons

We may disclose your information:

- To comply with legal obligations (subpoenas, court orders, legal processes)

- To law enforcement when we believe disclosure is necessary to investigate, prevent, or take action regarding illegal activities, fraud, or threats to safety

- To enforce our Terms and Conditions and other agreements

- To protect the rights, property, or safety of the Company, our users, or others

- As required by law or in response to valid legal requests

We may notify you of legal requests unless prohibited by law.

### 5.4 In Business Transfers

### 5.5 With Your Consent

We may share your information for purposes not described in this Privacy Policy with your explicit consent.

### 5.6 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for any purpose, including:

- Research and analysis

- Marketing and promotional purposes

- Public reports on Service usage and trends

## 6. Cookies and Tracking Technologies

### 6.1 Web App

We use cookies and similar tracking technologies on the Web App to:

- Authenticate users and maintain sessions

- Remember preferences and settings

- Analyze usage patterns (via analytics services)

- Improve performance and user experience

- Detect and prevent fraud

#### Types of Cookies:

- Essential Cookies: Required for authentication and core Service functionality. Cannot be disabled without preventing Service use.

- Analytics Cookies: Track usage patterns to help us improve the Service. May be disabled via browser settings.

- Preference Cookies: Remember your settings and preferences.

#### Managing Cookies:

### 6.2 Mobile App

The Mobile App uses similar tracking technologies:

- Session tokens for authentication

- Local storage for preferences and offline functionality

- Device identifiers for analytics and performance monitoring

- Push notification tokens (if you enable notifications)

You can control some tracking through your device settings (e.g., disable analytics, manage app permissions).

### 6.3 Third-Party Tracking

## 7. Data Storage and Security

### 7.1 Where Data is Stored

### 7.2 How Long We Retain Data

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention periods:

- Account information: Retained while your account is active

- Listings: Retained while your account is active (completed/cancelled listings may be archived)

- Messages: Retained while your account is active (deleted after account deletion, subject to legal requirements)

- Transaction history: Retained for a minimum of 3 years for dispute resolution, legal compliance, and fraud prevention

- Deleted accounts: Some information may be retained for legal, security, or operational purposes even after account deletion

You may request deletion of your data as described in Section 10.

### 7.3 Security Measures

We implement industry-standard security measures to protect your information, including:

- Encryption in transit (HTTPS/TLS)

- Encryption at rest for sensitive data

- Access controls limiting employee and contractor access to personal information

- Authentication and authorization systems

- Regular security assessments and monitoring

- Row-Level Security (RLS) policies in our database to restrict data access

### 7.4 Security Limitations

IMPORTANT: Despite our efforts:

- NO SECURITY SYSTEM IS IMPENETRABLE

- We cannot guarantee absolute security against hacking, data breaches, or unauthorized access

- Vulnerabilities may exist in third-party systems we rely on

- Users may be targeted through phishing, social engineering, or other attacks outside our control

WE ARE NOT LIABLE FOR SECURITY INCIDENTS BEYOND OUR REASONABLE CONTROL, INCLUDING:

- Breaches resulting from user negligence (weak passwords, sharing credentials)

- Breaches of third-party service providers

- Attacks using unknown vulnerabilities

- Force majeure events

### 7.5 Data Breaches

In the event of a data breach that affects your personal information:

- We will investigate and take steps to mitigate the impact

- We will notify affected users as required by applicable law

- We will cooperate with law enforcement and regulatory authorities

However, our liability for data breaches is limited as described in our Terms and Conditions.

## 8. Your Privacy Choices and Controls

### 8.1 Account Settings

You can control certain privacy settings through your account:

- Profile visibility: Choose what information appears in your profile

- Address sharing: Control when and with whom you share addresses

- Notification preferences: Manage email and push notifications

- Location permissions: Grant or deny location access (mobile)

### 8.2 Communication Preferences

You can opt out of:

- Marketing emails (if any)

- Push notifications (via device settings or app settings)

- Non-essential communications

You cannot opt out of essential transactional communications required for Service operation (e.g., claim updates, security alerts).

### 8.3 Cookie Management

- Web: Use browser settings to block or delete cookies

- Mobile: Use device settings to manage app tracking and permissions

### 8.4 Location Permissions

- Mobile: Grant or revoke location permissions through device settings

- Web: Control browser geolocation permissions

Note that denying location permissions may limit Service functionality.

### 8.5 Third-Party Account Connections

You may disconnect third-party authentication accounts (Google, Apple) through your account settings, though this may affect your ability to log in if it's your only authentication method.

## 9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18.

If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

If you believe we have collected information from a child under 18, please contact us immediately at privacy@sharefree.com.

## 10. Your Privacy Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information.

### 10.1 Access and Portability

You have the right to:

- Access your personal information held by us

- Request a copy of your data in a structured, commonly used format (data portability)

You can access most of your information through your account settings. For additional access requests, contact us at privacy@sharefree.com.

### 10.2 Correction and Updates

You have the right to:

- Correct inaccurate information

- Update outdated information

You can update most information through your account settings.

### 10.3 Deletion and Erasure

You have the right to request deletion of your personal information ("right to be forgotten"), subject to certain exceptions.

How to delete your account:

1. Access account settings in the Web App or Mobile App

2. Select "Delete Account"

3. Follow the prompts to confirm deletion

Important limitations:

- Some information may be retained for legal, security, or operational purposes (e.g., transaction records, legal compliance, fraud prevention)

- Information shared with other users (messages, reviews) may remain visible to those users even after your account is deleted

- Aggregated, anonymized data may be retained indefinitely

- Cached or archived copies may persist for a reasonable period

### 10.4 Restriction of Processing

In certain circumstances, you may request that we restrict processing of your personal information. This may limit Service functionality.

### 10.5 Objection to Processing

You may object to certain processing of your personal information, such as:

- Direct marketing (you can opt out via account settings)

- Automated decision-making (contact us to request human review)

### 10.6 Withdrawal of Consent

Where processing is based on your consent, you may withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.

### 10.7 Exercising Your Rights

To exercise any of these rights, contact us at privacy@sharefree.com with:

- Your name and email address associated with your account

- A description of the request

- Verification of your identity (we may request additional information to confirm your identity)

Response time: We will respond to verifiable requests within a reasonable timeframe as required by applicable law (typically 30-45 days).

Limitations: We may deny requests that:

- Are manifestly unfounded or excessive

- Would compromise the privacy of others

- Are prohibited by law

- Would compromise security or fraud prevention measures

- Require disproportionate technical effort

### 10.8 Complaints

If you believe we have not handled your personal information properly, you have the right to lodge a complaint with a data protection authority in your jurisdiction.

## 11. International Data Transfers

The Service is operated from and hosted in To be determined. If you are located outside To be determined, your information will be transferred to and processed in To be determined.

By using the Service, you consent to the transfer of your information to jurisdictions that may not provide the same level of data protection as your home jurisdiction.

We take steps to ensure that your information receives an adequate level of protection wherever it is processed, including through:

- Contractual commitments with service providers

- Compliance with applicable data protection frameworks

- Implementation of appropriate technical and organizational measures

## 12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

### 12.1 Right to Know

You have the right to request information about:

- Categories of personal information collected

- Categories of sources from which information is collected

- Business or commercial purposes for collection

- Categories of third parties with whom information is shared

- Specific pieces of personal information collected about you

### 12.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions (legal obligations, fraud prevention, etc.).

### 12.3 Right to Opt-Out

You have the right to opt out of:

- Sale of personal information: We do not sell personal information

- Sharing for cross-context behavioral advertising: We do not share information for this purpose

- Automated decision-making: Contact us to request human review

### 12.4 Right to Correct

You have the right to request correction of inaccurate personal information.

### 12.5 Right to Limit Use of Sensitive Personal Information

We do not use sensitive personal information for purposes other than Service provision.

### 12.6 Non-Discrimination

We will not discriminate against you for exercising your CCPA/CPRA rights.

### 12.7 Authorized Agents

You may designate an authorized agent to make requests on your behalf. We may require verification of the agent's authority.

### 12.8 Contact for California Residents

To exercise your CCPA/CPRA rights, contact us at privacy@sharefree.com or To be determined.

## 13. European Economic Area (EEA) and UK Privacy Rights (GDPR)

If you are located in the EEA or UK, you have rights under the General Data Protection Regulation (GDPR):

### 13.1 Legal Basis for Processing

We process your personal information based on:

- Contractual necessity: To provide the Service and fulfill our Terms and Conditions

- Legitimate interests: To improve the Service, prevent fraud, and ensure security

- Consent: Where you have provided explicit consent (e.g., location tracking, marketing communications)

- Legal obligations: To comply with applicable laws

### 13.2 GDPR Rights

You have the right to:

- Access your personal data

- Rectify inaccurate data

- Erase your data ("right to be forgotten")

- Restrict processing

- Object to processing

- Data portability

- Withdraw consent

- Lodge a complaint with a supervisory authority

### 13.3 Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer at dpo@sharefree.com.

### 13.4 International Transfers

Transfers of personal data outside the EEA/UK are protected by:

- Standard Contractual Clauses (SCCs)

- Adequacy decisions

- Other appropriate safeguards

## 14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in:

- Our practices

- Legal requirements

- Service features

- Technology

### 14.1 Notice of Changes

When we make changes, we will:

- Update the "Last Updated" date at the top of this Privacy Policy

- Post the revised Privacy Policy on the Service

- Notify you via email or in-app notification for material changes (at our discretion)

### 14.2 Effective Date

Changes are effective:

- Immediately upon posting for non-material changes

- Upon notice for material changes

### 14.3 Your Acceptance

### 14.4 Your Responsibility

It is your responsibility to review this Privacy Policy periodically.

## 15. Third-Party Services and Links

The Service integrates with and links to third-party services that have their own privacy policies:

### 15.1 Third-Party Services We Use

- Supabase: Cloud database, authentication, and storage (Privacy Policy: https://supabase.com/privacy)

- Google OAuth: Authentication (Privacy Policy: https://policies.google.com/privacy)

- Apple Sign-In: Authentication (Privacy Policy: https://www.apple.com/legal/privacy/)

- Resend: Email delivery (Privacy Policy: https://resend.com/legal/privacy)

- AI/ML Services: Content moderation and image analysis

### 15.2 Third-Party Links

### 15.3 No Control Over Third Parties

We do not control the privacy practices of third-party services and are not liable for their acts or omissions.

## 16. Push Notifications (Mobile App)

### 16.1 Push Notification Consent

When you install the Mobile App, you may be asked to allow push notifications. You can:

- Grant permission to receive push notifications about claims, messages, and updates

- Deny permission to disable all push notifications

### 16.2 Managing Push Notifications

You can manage push notification settings:

- In-app: Through the app settings menu

- Device-level: Through your device's notification settings

### 16.3 Push Notification Tokens

## 17. Analytics and Performance Monitoring

We use analytics and performance monitoring tools to understand how users interact with the Service and to identify technical issues.

### 17.1 Analytics Data Collected

- Page views and screen views

- User flows and navigation patterns

- Feature usage

- Session duration

- Device and browser information

- Performance metrics (load times, errors, crashes)

### 17.2 Analytics Providers

We may use third-party analytics providers, which may collect and process data according to their own privacy policies.

### 17.3 Opting Out of Analytics

You may opt out of analytics tracking:

- Web: Through browser settings or opt-out tools provided by analytics services

- Mobile: Through device settings (e.g., "Limit Ad Tracking" on iOS, "Opt out of Ads Personalization" on Android)

## 18. Do Not Track Signals

Some browsers support "Do Not Track" (DNT) signals. At this time, the Service does not respond to DNT signals. We will update this Privacy Policy if we implement DNT support in the future.

## 19. Data Security Best Practices for Users

While we implement security measures, YOU ARE RESPONSIBLE FOR PROTECTING YOUR INFORMATION. We recommend:

- Use strong, unique passwords for your account

- Enable two-factor authentication if available

- Do not share your account credentials with others

- Be cautious about what information you share with other users

- Use meetup addresses rather than home addresses when possible

- Log out of your account on shared or public devices

- Keep your device software updated to protect against security vulnerabilities

- Be wary of phishing attempts and only log in through official channels

## 20. Automated Decision-Making

We may use automated systems (including AI) for:

- Content moderation: Detecting prohibited or inappropriate content

- Fraud detection: Identifying suspicious activity

- Category suggestions: Recommending listing categories

- Spam filtering: Detecting spam or abusive messages

## 21. User-Generated Content and Public Information

Remember that any information you choose to share in public areas of the Service (listings, reviews, profile) may be:

- Viewed by other users

- Indexed by search engines

- Copied, saved, or shared by other users outside the platform

WE ARE NOT RESPONSIBLE FOR HOW OTHER USERS USE INFORMATION YOU MAKE PUBLIC. Think carefully before sharing personal information.

## 22. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Privacy Email: privacy@sharefree.com

Legal Email: legal@sharefree.com

Data Protection Officer (GDPR): dpo@sharefree.com

California Privacy Rights: privacy@sharefree.com or To be determined

Mailing Address:

To be determined

We will respond to inquiries within a reasonable timeframe as required by applicable law.

---

## 23. Summary of Key Points (Plain Language)

This section provides a plain-language summary of key points. The full Privacy Policy above governs in case of any conflict.

What information do we collect?

- Information you provide (name, email, profile details, listings, messages)

- Information collected automatically (device info, usage data, IP address)

- Approximate location data (rounded to ~100m for privacy)

How do we use your information?

- To provide and improve the Service

- To facilitate transactions between users

- For safety, security, and content moderation

- To send notifications and communications

- To comply with legal obligations

Who do we share your information with?

- Other users (profile info, listings, addresses when you choose to share)

- Service providers who help us operate the Service

- Law enforcement when required or to protect safety

- In business transfers (mergers, acquisitions)

How do we protect your information?

- Industry-standard security measures (encryption, access controls)

- But no system is 100% secure—you use the Service at your own risk

What are your rights?

- Access, correct, and delete your information

- Control what you share with other users

- Opt out of non-essential communications

- Lodge complaints with data protection authorities

How long do we keep your data?

- While your account is active

- Some data retained after deletion for legal/security purposes

How can you contact us?

- Email us at privacy@sharefree.com for privacy questions

Your responsibility:

- Protect your account credentials

- Only share information you're comfortable sharing

- Verify the legitimacy of transactions

- Be cautious about sharing addresses and contact information

---

By using the Service, you acknowledge that you have read, understood, and agree to this Privacy Policy.