Privacy Policy

Last updated: June 10, 2026

This Privacy Policy explains how Company Issued (“Company Issued,” “we,” “us,” or “our”) collects, uses, shares, and protects information about you when you use 419TOL and our related websites, mobile applications, and services (collectively, the “Services”). 419TOL is one of the city-based local discovery platforms operated by Company Issued, alongside 313 Detroit (313DET) and 513 Cincinnati (513CIN).

By using the Services, you agree to the collection and use of information in accordance with this Policy. If you do not agree, please do not use the Services.

1. Who We Are

The Services are operated by Company Issued [insert legal entity name], located at [insert business mailing address]. For privacy questions, contact us at privacy@companyissued.com. For users in the EEA, the UK, or other regions with applicable data protection laws, Company Issued is the data controller of your personal information.

2. Information We Collect

2.1 Information you provide

• Account information — name, email, password (hashed), and optionally a username/@handle, profile photo, and city preference.
• Profile and content — events you publish, photos you upload, comments, reviews, RSVPs, check-ins, saved items, and messages.
• Organizer/business information — business name, contact and verification details, and listing content when you claim or manage a page.
• Payment information — processed by Stripe. We do not store your full card number; we receive limited details (last four digits, brand, billing ZIP, subscription status).
• Communications — information you provide when you contact us or fill out a form.

2.2 Information we collect automatically

• Device and technical information — device type, OS, identifiers, app version, language, network info, browser type, and IP address.
• Usage information — pages and events viewed, searches, taps, features used, and crash/diagnostic data.
• Location information — with your permission, precise or approximate location to surface nearby events and enable check-ins. Controllable in device settings.
• Cookies and similar technologies — for authentication, preferences, security, and analytics (see Section 8).

2.3 Information from third parties

• Sign-in providers — basic profile information if you sign in with Apple or Google.
• Public and partner sources — event, venue, and organization information that is public or supplied by partners and organizers.

2.4 Check-ins and attendance data

When you check in to a venue or event, we record that check-in — the place, the date and time, and any rating you add — and keep a history of these check-ins (your “attendance history”). We use this data to power your personalized recommendations and picks, award passport points and badges, and, in aggregated and/or de-identified form, understand attendance trends and improve the Services.

Your attendance history is private to you. It is shown only on your own profile and is not visible to other users. In any public or social feature (such as leaderboards), you are identified only by your @handle — never by your real name. We do not sell your attendance history, and we do not share it with advertisers or partners in a form that identifies you personally. You can delete your check-in history by deleting your account (see Section 6.2).

3. How We Use Your Information

• provide, operate, maintain, and improve the Services;
• create and manage your account and authenticate you;
• power the local discovery feed and personalize content and recommendations;
• use your check-in and attendance history to generate personalized recommendations, picks, points, and badges (see Section 2.4);
• enable publishing, claims, RSVPs, check-ins, photo uploads, and sharing;
• process subscriptions and payments and manage organizer/business features;
• send push notifications, alerts, and service-related communications;
• respond to inquiries and provide support;
• moderate content to keep the feed trustworthy and safe;
• detect and prevent fraud, abuse, and security incidents;
• comply with legal obligations and enforce our Terms.

Where required (EEA/UK), we rely on performance of a contract, legitimate interests, your consent (e.g. precise location, push notifications), and legal obligations. You may withdraw consent at any time.

4. How We Share Your Information

We do not sell your personal information for money. We share information as follows:

• Publicly, at your direction — content you make public is visible to others; in public and social features we identify you by your @handle rather than your real name.
• Service providers — hosting and database/auth (Supabase), payments (Stripe), analytics, crash reporting, push, and email, acting on our behalf.
• Partners and embeds — publicly listed event/venue data via our versioned partner API; never your account credentials or private data.
• Legal and safety — to comply with law, enforce our Terms, or protect rights and safety.
• Business transfers — as part of a merger, acquisition, or sale of assets, subject to this Policy.
• With your consent — for other purposes you authorize.

5. Payments

Subscriptions and paid features are processed by Stripe. Tickets are sold on organizers’ or third-party sites — we link out and do not process those payments. Those services have their own terms and privacy policies.

6. Your Choices and Rights

6.1 Account information

You can review and update your account and profile at any time in the app or website.

6.2 Account & data deletion

You can delete your account in the app (Settings → Account → Delete Account), which removes your profile and associated personal information from active systems, subject to the retention exceptions in Section 9. You may also request deletion by emailing privacy@companyissued.com.

6.3 Permissions

You control device permissions — location, camera, photos, and notifications — in your device settings. Turning one off may limit related features.

6.4 Push notifications and marketing

Opt out of push in device settings and unsubscribe from marketing emails via the link in those emails. We may still send service-related messages.

6.5 Tracking and advertising choices

On Apple devices we request permission through App Tracking Transparency before tracking you across other companies’ apps or websites, if we do so. Manage cookies in your browser.

6.6 Regional rights

Depending on where you live, you may have rights to access, correct, delete, port, or restrict processing, to object, and to withdraw consent. California residents (CCPA/CPRA) and EEA/UK residents (GDPR) have additional rights, including the right to lodge a complaint with a supervisory authority. Contact privacy@companyissued.com. We will not discriminate against you for exercising your rights.

7. Children’s Privacy

The Services are not directed to children under 13 (or the minimum age in your jurisdiction), and we do not knowingly collect their personal information. Contact us to report any such data and we will delete it.

8. Cookies and Analytics

We use strictly necessary cookies (login, security, preferences) and analytics technologies to understand usage and improve the Services. Control cookies in your browser; blocking some may affect functionality. Our apps use similar SDKs for analytics, crash reporting, and notifications.

9. Data Retention

We retain personal information while your account is active and as needed to provide the Services, then as necessary to comply with legal obligations, resolve disputes, prevent fraud, and enforce our agreements. We delete or de-identify data when it is no longer needed.

10. Security

We use administrative, technical, and physical safeguards, including encryption in transit, hashed passwords, access controls, and an architecture in which only our API touches the database. No method is 100% secure; keep your credentials confidential.

11. International Data Transfers

We are based in the United States and process information there and where our service providers operate. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for transfers.

12. Third-Party Links and Services

The Services link to third-party sites (ticketing, organizer, and venue sites). We are not responsible for their privacy practices; review their policies.

13. Changes to This Policy

We may update this Policy. Material changes will be posted with a new “Last updated” date and, where appropriate, additional notice. Continued use after the update constitutes acceptance.

14. Contact Us

Company Issued — [insert legal entity name], [insert business mailing address]. Email: privacy@companyissued.com.