Citylap Legal
Privacy Policy
Technical Assemblage LLC ("Company," "we," "us," or "our") provides the Citylap mobile application and related services (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect information when you use the Service.
By using the Service, you agree to the practices described in this Privacy Policy.
Privacy at a Glance
- Citylap stores and shares only city-level location information, not your precise GPS location.
- Your precise coordinates are used locally on your device to determine your city, then discarded.
- Shared location content is end-to-end encrypted.
- Citylap does not possess the private keys needed to decrypt your shared location content.
- Contact discovery compares hashed phone numbers, not your full address book in plaintext.
1. Scope
This Privacy Policy applies to information collected through the Citylap mobile application, our website(s), and related services.
2. Information We Collect
A. Information You Provide
We may collect information you provide directly, including:
- Account information such as email address, phone number, password, and profile details
- Information you provide when you contact us for support or otherwise communicate with us
- Information you provide when creating, updating, or managing location-sharing settings and connections with other users
B. Location Information
If you grant permission, Citylap uses your device's location to determine what city you are in and provide the Service's location-sharing features. Citylap stores and shares only city-level location information.
Your device may briefly process precise GPS coordinates locally to determine your city. Once that city determination is made, those precise coordinates are discarded and are not stored by the Service or shared with other users.
Depending on your settings and device permissions, city-level location information may include:
- Your current city
- Background city updates when your city changes
- Future or planned city entries you create
- Approximate map coordinates representing a city, not your precise device location
Location content that you choose to share through the Service is end-to-end encrypted before storage and sharing. Only authorized recipients with the necessary private keys can decrypt that shared location content. We do not possess those private keys, so we cannot read the content of your encrypted shared location payloads.
C. Contacts Information
If you choose to enable contact discovery, Citylap reads contact phone numbers stored on your device, normalizes and hashes them on-device, and compares only those hashes to identify possible matches. We do not upload your full address book in plaintext, and Citylap does not send messages or place calls to your contacts as part of contact discovery.
D. Phone Verification Information
If you choose to verify your phone number, we use your phone number to send and verify SMS verification codes, including through providers such as Twilio.
After successful verification, Citylap stores a cryptographic hash of your normalized phone number and a verification timestamp in the application database for account security, duplicate prevention, and privacy-preserving contact discovery. We do not store your plaintext phone number in the application database for contact discovery.
E. Device, Diagnostics, and Usage Information
We may collect:
- Device type, operating system, app version, identifiers, language, and time zone
- Crash data, diagnostics, performance information, and log data
- Information about your use of the Service, including feature usage and notification interactions
F. Communications Information
We may collect information related to messages we send to you, such as:
- Email delivery and engagement data for account, support, transactional, and service-related emails
- SMS-related information used for account verification and security, including phone verification status and message delivery information
3. How We Use Information
We use information to:
- Create, authenticate, secure, and manage your account
- Send and verify SMS verification codes through providers such as Twilio
- Store and use hashed phone numbers for duplicate prevention and privacy-preserving contact discovery
- Determine your city from on-device location processing and store/share only city-level location information
- Provide location-sharing, contact discovery, notifications, and related social features
- Send transactional, security, onboarding, service, and support emails
- Provide support and respond to questions or requests
- Maintain safety, prevent abuse, investigate misconduct, and enforce our Terms
- Monitor, troubleshoot, analyze, and improve the Service
- Comply with legal obligations
4. How Location Sharing Works
The Service is designed to allow you to share city-level location information with people you choose, subject to your settings. You are responsible for reviewing your permissions, sharing settings, and connection choices.
When you share location content through the Service, that shared location content is encrypted before storage and sharing. Only authorized recipients with the necessary private keys can decrypt it. We do not possess those private keys and cannot read the content of your encrypted shared location payloads.
We do not use the content of encrypted shared location payloads for advertising, profiling, or analytics because we cannot decrypt those payloads.
We and our service providers may still process limited metadata needed to operate, secure, and support the Service, such as account identifiers, sharing relationships, device information, message delivery events, encrypted record identifiers, timestamps, and diagnostics.
5. How We Disclose Information
We may disclose information:
- To other users, as directed by your sharing choices and the Service's functionality
- To vendors and service providers that help us operate the Service, such as hosting, authentication, database, customer support, email, SMS, notification, analytics, and diagnostics providers
- If required by law, regulation, subpoena, court order, or legal process
- To protect rights, safety, security, and prevent fraud, abuse, stalking, harassment, or other misuse
- In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets
- With your consent or at your direction
We do not sell, rent, or broker your location data.
We do not sell, rent, broker, or use the content of your encrypted shared location payloads for advertising, profiling, or analytics.
We do not sell your personal information for money. If applicable law defines certain disclosures for analytics, diagnostics, or similar purposes as a "sale" or "sharing," your rights will depend on your jurisdiction and our actual practices at the time.
6. Service Providers
We may use third-party service providers to operate the Service. For example:
- Twilio or similar providers for SMS verification and related communications
- Email delivery providers for account and service emails
- Cloud, database, authentication, notification, analytics, fraud prevention, and diagnostics providers
These providers may process personal information on our behalf subject to contractual and operational safeguards.
7. Data Retention
We retain information for as long as reasonably necessary to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, and maintain safety and security.
Retention periods may vary depending on:
- The type of information
- Your account settings and actions
- Whether information has been deleted or de-identified
- Legal, regulatory, tax, accounting, fraud-prevention, or security requirements
8. Your Choices
Depending on your device, account settings, and jurisdiction, you may be able to:
- Access, update, or delete account information
- Control location permissions through device settings
- Control contacts permissions through device settings
- Manage notification preferences
- Request account deletion
- Exercise rights provided by applicable privacy law
If you disable certain permissions or delete certain information, some features may not function properly.
9. Security
We use reasonable administrative, technical, and organizational safeguards designed to protect information. Shared location content in the Service is end-to-end encrypted, and we do not possess the private keys needed to decrypt that shared location content.
However, no method of transmission, storage, or processing is completely secure, and we cannot guarantee absolute security.
10. Children
The Service is not intended for children under 18, and we do not knowingly collect personal information from children under 18. If we learn that we have collected such information, we may delete it.
11. International Users
If you use the Service from outside the United States, you understand that your information may be processed and stored in the United States and other countries where our service providers operate.
12. Your Privacy Rights
Depending on where you live, you may have certain rights regarding your personal information, such as the right to access, correct, delete, or obtain a copy of certain information, or to appeal our decision regarding a privacy request. To exercise any available rights, contact us at info@technicalassemblage.com.
13. Third-Party Services
The Service may rely on third-party platforms and services, including app stores, SMS providers, email providers, cloud providers, notification providers, and diagnostics providers. Their collection and use of data is governed by their own terms and privacy policies.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will update the Effective Date and may provide additional notice where required by law.
15. Contact Us
Technical Assemblage LLC
502 W 7th St Ste 100
Erie, PA 16502
info@technicalassemblage.com