Privacy Policy

1. Overview & Data Controller

This Privacy Policy applies to the Wowmet mobile application and all related services operated by Digital Fosters Inc. ("we", "us", "our"), registered in Ontario, Canada. For privacy inquiries, contact us at: Contact@digitalfosters.com.

We are the Data Controller for personal information collected through the Service. In regions where we act as a Data Processor on behalf of partners, this will be clearly disclosed.

2. Data We Collect

2.1 Account Information

• Required: First name, date of birth (for age verification), email address or phone number, and a profile photo.
• Optional: Display name, brief bio, activity preferences, and social links.
• We do not require your legal surname. Display names may be pseudonymous.

2.2 Scheduled Intent Data

• When you post availability, we collect: the selected date and time, the specified location (latitude/longitude or named place), and your availability description.
• This data is published to users within your geographic radius for the duration of your availability window.
• Intent posts expire from public view 24 hours after the posted availability time ends.

2.3 Location Data

Wowmet uses location data only in the following circumstances:

• When you explicitly post an availability pin (foreground use only).
• When you are actively using the discovery map feature.

2.4 Usage Data

We collect standard app usage analytics including feature interactions, session duration, and crash reports. This data is aggregated and anonymized wherever possible. We use this data solely to improve the Service.

2.5 Communications

In-app messages between users are stored only for the duration necessary to deliver them and are permanently deleted after 90 days unless flagged for moderation review.

3. Data Minimization & Retention

3.1 Ephemeral Intent Data

Scheduled Intent posts are designed to be temporary by nature:

• 24-hour active window: Posts remain visible to nearby users for up to 24 hours after the availability window closes.
• 180-day permanent deletion: All intent post data (including location coordinates, description, and metadata) is permanently and irreversibly deleted from our servers within 180 days of the original post date.
• Users may delete their own posts at any time, triggering immediate removal from public view and deletion within 30 days.

3.2 Account Data Retention

If you delete your account, we will permanently delete all associated personal data within 30 days, except for data we are required to retain for legal compliance purposes (e.g., records of safety violations, which may be retained for up to 7 years as required by law).

3.3 What We Don't Collect

• We do not collect government ID numbers (except where required for age verification in specific jurisdictions).
• We do not collect payment card numbers (handled exclusively by certified payment processors).
• We do not collect contacts, call logs, or SMS data from your device.
• We do not build behavioral advertising profiles or sell data to advertisers.

4. How We Use Your Data

We use your personal data for the following purposes:

• Service Delivery: To operate the availability posting and discovery features.
• Safety & Moderation: To detect and prevent violations of our Terms and Community Guidelines.
• Service Improvement: To analyze usage patterns and improve features (using anonymized/aggregated data).
• Communications: To send you important service notifications, safety alerts, and (with your consent) promotional content.
• Legal Compliance: To comply with applicable laws and respond to lawful requests from authorities.

We do not use your personal data to make automated decisions that significantly affect you without human oversight.

5. Data Sharing

5.1 With Other Users

Your public profile information (display name, profile photo, activity preferences) and active Scheduled Intent posts are visible to other users within your geographic proximity when you choose to go live on the map.

5.2 With Service Providers

We share data with carefully vetted third-party service providers who assist with platform operations (cloud hosting, payment processing, analytics, customer support). All providers are contractually bound to use your data only as directed by us and in accordance with applicable privacy law.

5.3 We Never Sell Your Data

Digital Fosters Inc. does not sell, rent, or lease your personal data to any third party for commercial purposes.

5.4 Legal Disclosures

We may disclose your data if required by law, court order, or government authority, or where we have a good-faith belief that disclosure is necessary to protect the rights, safety, or property of Wowmet, its users, or the public.

6. Regional Privacy Rights

6.1 India — Digital Personal Data Protection Act (DPDPA) 2023

If you are a resident of India, the following rights apply to you under the DPDPA:

• Right to Information: You have the right to know what personal data we hold about you and how it is processed.
• Right to Correction: You have the right to correct inaccurate or incomplete personal data.
• Right to Erasure: You have the right to request deletion of your personal data, subject to legal retention obligations.
• Right to Grievance Redressal: You may raise grievances with our Data Protection Officer at Contact@digitalfosters.com.
• We do not process the personal data of children (under 18) without verifiable parental consent, and we do not engage in behavioral tracking of children.

6.2 European Union & United Kingdom — GDPR / UK GDPR

If you are located in the EU or UK, you have the following rights under the GDPR (EU) 2016/679 and UK GDPR:

• Right of Access (Art. 15): Request a copy of your personal data.
• Right to Rectification (Art. 16): Correct inaccurate data.
• Right to Erasure (Art. 17): "Right to be forgotten" — request deletion of your data.
• Right to Restriction (Art. 18): Restrict the processing of your data.
• Right to Portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to Object (Art. 21): Object to processing based on legitimate interests.
• Right to lodge a complaint with your local Data Protection Authority (DPA).

Our lawful basis for processing under GDPR is: (a) contract performance, (b) legitimate interests, and (c) your explicit consent where required. We process EU/UK personal data under the Standard Contractual Clauses (SCCs) for any transfers to Canada.

6.3 United States — California Consumer Privacy Act (CCPA / CPRA)

If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, and disclose.
• Right to Delete: Request deletion of your personal information.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: Wowmet does not sell or share personal information for cross-context behavioral advertising. However, you may submit an opt-out request at any time.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
• Right to Limit Use of Sensitive Personal Information.

To submit a verifiable consumer request, contact us at Contact@digitalfosters.com. We will respond within 45 days.

6.4 Canada — PIPEDA / Bill C-27

If you are a resident of Canada (outside Quebec), your personal data is protected under the Personal Information Protection and Electronic Documents Act (PIPEDA) and, upon enactment, the Consumer Privacy Protection Act (CPPA) under Bill C-27. You have the right to access, correct, and challenge the use of your personal information. Contact our Privacy Officer at Contact@digitalfosters.com to exercise your rights.

Quebec residents are additionally protected under Law 25 (Act respecting the protection of personal information in the private sector). We comply with all Law 25 requirements including privacy impact assessments for new technologies.

7. Biometric Data

7.1 Liveness Detection (Identity Verification)

Wowmet may use liveness detection technology to verify that profile photos are of real, live humans (not static photos, illustrations, or AI-generated images). This process generates a one-time "liveness token" — a mathematical confirmation of authenticity — which is stored temporarily for verification purposes only.

7.2 No Permanent Biometric Storage

We comply with the Illinois Biometric Information Privacy Act (BIPA), Texas Capture or Use of Biometric Identifier Act (CUBI), and Washington My Health MY Data Act where applicable.

8. Cookies & Tracking Technologies

The Wowmet mobile app uses minimal local storage for session management and app preferences. We do not use third-party advertising trackers or cross-site tracking cookies. Any analytics SDKs we use are configured for privacy-preserving, aggregated data collection only.

9. Security

We use industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, regular security audits, and access controls limiting who can view personal data. Despite these measures, no system is 100% secure. We encourage you to use a strong, unique password and enable two-factor authentication.

10. Contact & Complaints

For any privacy-related questions, to exercise your rights, or to submit a complaint, contact our Privacy Officer:

• Email: Contact@digitalfosters.com
• Mailing Address: Digital Fosters Inc., Privacy Officer, Toronto, Ontario, Canada

We aim to respond to all privacy requests within 30 days. EU/UK residents may also lodge a complaint with their national Data Protection Authority.