1. Introduction

Welcome to Meet Around. We help people connect in real life through a live, map-based view of nearby Talks, posts, and meetups. This Privacy Policy explains how Noerix OÜ ("Meet Around," "we," "us," or "our") collects, uses, and protects your information when you use our mobile apps, website (www.meet-around.com), and related services (together, the "Platform").

By using Meet Around, you agree to the practices described in this Policy. If you do not agree, please stop using the Platform.

We comply with the EU General Data Protection Regulation (GDPR), the Estonian Personal Data Protection Act, the California Consumer Privacy Act (CCPA/CPRA) for California residents, and equivalent state-level laws in other US jurisdictions including Virginia, Colorado, Connecticut, and Utah. We design every feature to minimize the data we ask for and to give you clear control over what we already hold.

2. Who We Are

The Platform is operated by:
Noerix OÜ
Telliskivi 57, 10412 Tallinn
Registered in Estonia — Äriregister registry code 17491545
D-U-N-S Number: 988009756
Email: privacy@meet-around.com
Website: www.meet-around.com

For privacy-related inquiries, contact our Privacy Office at privacy@meet-around.com or, for legally formal requests, dpo@meet-around.com. As a small enterprise (fewer than 250 employees) whose core activities do not include large-scale systematic monitoring or large-scale processing of special categories of personal data, Noerix OÜ is not currently required to appoint a Data Protection Officer under GDPR Article 37. We will appoint one if our processing activities expand to require it.

3. What This Policy Covers

This Privacy Policy applies to all personal information collected when you use the Meet Around iOS app, Android app, or website.

It does not apply to third parties we do not control, such as:

• Apple App Store and Google Play Store, when they handle account, billing, or payment data on Apple's and Google's own behalf
• External websites and links that may appear inside the Platform
• Services that operate independently from Meet Around

When you use those third-party services, their own privacy policies apply.

4. Information We Collect

We collect only the information necessary to provide our service, keep the Platform safe, and meet our legal obligations. The categories below are exhaustive; if a feature requires data not listed here, we will update this Policy and notify you before that feature ships.

4.1 Information you provide directly

• Name or nickname
• Email address (used for sign-in and account recovery)
• Date of birth (used to verify minimum age)
• Profile photo
• Optional bio text and interests
• Phone number — optional. You can add a phone number to your profile but you are not required to. If you do, we store it so we can offer account-verification and two-factor-authentication features when those launch. The number is never displayed to other users and is never used for marketing.
• Posts ("Talks") you create, including any text, photos, voice notes, or media you attach
• Messages you send through the in-app chat
• Reports you submit about other users or content

4.2 Information from your device permissions

The app requests the following operating-system permissions. You can grant, deny, or revoke each permission at any time in your device settings. Denying a permission disables the related feature but does not block the rest of the app.

• Camera — used (a) when you take a profile picture, (b) when you attach a photo to a Talk or chat message, and (c) during identity verification (selfie capture). The camera is never accessed in the background and we never record video.
• Photo library / Media access — used when you choose an existing photo from your gallery to attach to a profile, post, or chat. On Android 13+ and iOS 14+ we use the system photo picker so you grant access only to the specific photos you select; we never access the rest of your library.
• Location (Approximate and Precise) — used (a) to show you Talks happening near your current position on the live map, (b) to attach a pin to a Talk you post, and (c) to compute approximate distances between you and other Talks. Location is only read while the app is open and you have actively granted location permission. We do not run a background location service. We do not build a history of your movements. Privacy-protecting design: when other users view your Talks, the location is shown obfuscated — they can see roughly where the Talk is happening (e.g., neighborhood or city), but never your exact coordinates. Your real-time location is never broadcast to other users.
• Notifications — used to deliver real-time alerts about nearby Talks, new messages, replies, and account activity. You can disable specific notification categories in Settings or all notifications in your device settings.

4.3 Identity verification photos

If you choose to verify your identity to earn the Verified badge, we will ask you to:

1. Take a short selfie (used for liveness detection — confirming a real face is present in the camera frame)
2. Briefly show a government-issued ID document to the camera

These images are uploaded to our servers over an encrypted connection, used only to verify your identity, are not visible to other users, and are deleted within 30 days of successful verification. If verification fails or you cancel before completing it, the captured images are deleted immediately. We do not extract or store text, OCR, or biometric templates from your ID document.

4.4 Information collected automatically

When you use the Platform, we collect limited technical information such as:

• Device type, model, and operating-system version
• App version and build number
• Coarse IP address (used for spam/fraud prevention and approximate region)
• Crash logs and performance metrics
• In-app interaction analytics: screens visited, features used, taps on Talks (used to compute the post-analytics screen creators see for their own posts)

We do not use any cross-app advertising identifier (Apple's IDFA or Google's Advertising ID) and we do not track you across other companies' apps or websites.

4.5 Payment information

If we offer paid features in the future, all payments will be processed by Apple or Google and we will never receive or store your credit card or banking details. Today, the Platform is fully free to use.

5. Third-Party SDKs and What Each One Does With Your Data

To operate the Platform we rely on a small number of third-party software development kits (SDKs) and cloud services. Each is listed below with the data it receives, what it is used for, and a link to that vendor's own privacy policy.

SDK / Service	Data it receives	Purpose	Vendor privacy policy
Firebase Authentication (Google LLC)	Email, OAuth identity tokens (when you use Google Sign-In), Firebase user ID	Account creation and sign-in	firebase.google.com/support/privacy
Firebase Cloud Messaging (FCM) (Google LLC)	FCM device token, notification payloads	Delivering push notifications about messages and nearby Talks	firebase.google.com/support/privacy
Firebase Storage (Google LLC)	Profile pictures, Talk photos, identity-verification photos	Encrypted storage of media	firebase.google.com/support/privacy
Google Sign-In (Google LLC)	Email, basic Google profile info, OAuth token	Optional one-tap sign-in	policies.google.com/privacy
Sign in with Apple (Apple Inc.) — iOS only, when offered	Email (or Apple-relayed email), Apple user identifier	Optional one-tap sign-in on iOS	apple.com/legal/privacy
Mapbox SDK (Mapbox, Inc.)	Approximate device location, IP address, map tile requests, anonymous Mapbox session ID, app version, OS version	Rendering the live map and clustering pins. Mapbox processes this telemetry as a sub-processor on our behalf and may not use it for advertising.	mapbox.com/legal/privacy
Google ML Kit — Face Detection (Google LLC)	Camera frames during identity-verification selfie capture only	On-device face detection (not face recognition): confirms that a face is present and visible during the verification selfie. Runs entirely on your device. No images, no biometric templates, and no derived data are transmitted to Google or to us by ML Kit; we receive only a yes/no signal that a face was detected.	developers.google.com/ml-kit/terms
Google Analytics for Firebase (Google LLC)	Anonymized event data: screens, taps, feature usage	App-quality and product analytics; never used for advertising	firebase.google.com/support/privacy
Noerix OÜ backend API (operated by us)	Everything in Section 4 above, transmitted over HTTPS	Storing your account, posts, messages, reports, and acceptance of our legal documents	This Policy

6. How We Use Your Information

We use your information to:

• Create and maintain your account
• Show you Talks, events, and people near you on the live map
• Deliver chat messages, replies, and notifications in real time
• Respond to your customer-support requests
• Detect and prevent spam, fraud, abuse, and other policy violations
• Moderate content and enforce our Community Guidelines
• Verify the identity of users who choose to be verified
• Improve app stability, design, and performance
• Send occasional product updates if you have opted in

7. Legal Basis for Processing (EU/UK)

If you are in the EU, EEA, or UK, we rely on the following legal bases under the GDPR:

• Performance of a contract — to deliver the core functionality you requested (showing Talks, sending messages, storing your profile)
• Legitimate interests — to keep the Platform safe, prevent abuse, and improve the service, where these interests are not overridden by your rights
• Legal obligation — when retention or disclosure is required by law (e.g. responding to a valid court order)
• Consent — for optional features like marketing communications, identity verification, and certain location-based features. Consent can be withdrawn at any time

8. How We Share Information

We do not sell or rent your personal information. We share it only when necessary to operate the Platform or when required by law.

We may share limited information with:

• Service providers (sub-processors) who run the SDKs and infrastructure listed in Section 5, under contracts that bind them to GDPR Article 28 (data-processor) standards
• Authorities or regulators if we are legally compelled to do so, or when necessary to protect the rights, property, or safety of users or the public
• Other users, when you choose to make information public (your nickname, profile picture, posts, public location pin on a Talk you create — never your live location)
• Buyers, in a corporate transaction, if Noerix OÜ is involved in a merger, acquisition, or asset sale. You will be notified and given the opportunity to object or close your account before any transfer.

9. How Long We Keep Information

We retain personal information only for as long as needed for the purposes in this Policy.

• Account data — for the lifetime of your account.
• Posts and messages — until you delete them or close your account.
• Identity verification photos — up to 30 days after verification, then deleted.
• Crash and analytics logs — up to 14 months, in pseudonymized form.
• Legal-document acceptance records — for the lifetime of your account plus 6 years (Estonian limitations period).
• Records required by tax or accounting law (if you ever make a paid purchase) — up to 7 years.

When you tap Settings → Profile → Delete Account, your account enters a 90-day grace period. During this window you are signed out of every device and your profile, Talks, and comments are hidden from other users — your data is retained in our database but treated as if it does not exist by every read endpoint of the app, so no one but you can see it. You can cancel deletion any time within the 90 days by signing back in with the same credentials, and your account is fully restored. If you do not sign in within 90 days, your account and the categories of data above are permanently deleted or fully anonymized automatically, except for records we are legally required to keep. Encrypted backups are purged on a rolling basis and contain no recoverable copy of your data within ~90 days after permanent deletion. To bypass the grace period and have your data deleted immediately and irreversibly, email privacy@meet-around.com with the subject "Account deletion request" and the words "delete immediately" in the body. See www.meet-around.com/Home/AccountDeletion for the full timeline.

10. Security

We use encryption in transit (HTTPS/TLS 1.2+), encryption at rest for stored media, role-based access controls inside the company, audit logging on production data access, and regular security reviews. No online service is 100% secure; if you suspect your account has been compromised, change your password immediately and contact meet-support@meet-around.com.

10.1 Data-Breach Notification

If a personal-data breach occurs that is likely to result in a risk to your rights and freedoms, we will, in line with GDPR Articles 33 and 34: (a) notify the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) within 72 hours of becoming aware of the breach, and (b) notify affected users without undue delay by email and, where appropriate, by in-app notice and a public statement. The notice will describe in plain language the nature of the breach, the likely consequences, the measures we have taken or propose to take, and a contact point for further information. Where US state breach-notification statutes apply (e.g., California Civil Code §1798.82), we comply with the more protective standard.

11. International Data Transfers

Noerix OÜ is established in Estonia (EU). Most of your data is processed within the European Union. Some sub-processors (notably Google for Firebase, Mapbox, and Apple) may process data in the United States or other jurisdictions. When data leaves the EU/EEA, we rely on transfer safeguards approved under GDPR Article 46, including the European Commission's Standard Contractual Clauses and, where applicable, the EU-U.S. Data Privacy Framework.

11.1 United Kingdom Representative

For users in the United Kingdom, processing of UK personal data is subject to the UK GDPR and Data Protection Act 2018. Where Article 27 of the UK GDPR requires a non-UK controller to designate a UK representative, we will appoint one and publish their contact details on this page before targeting our service to UK residents. In the meantime, UK users can exercise the rights described in Section 16 by emailing privacy@meet-around.com and may complain to the UK Information Commissioner's Office at ico.org.uk.

12. Children's Privacy

Meet Around is intended for users aged 16 and older. Where local law sets a different age of digital consent, we comply with that law. We do not knowingly collect personal data from anyone below the minimum age. We require date-of-birth confirmation at sign-up and reject registrations below the threshold. If we learn that an account belongs to a user below the minimum age, we will delete it. Parents or guardians who believe their child has registered may contact privacy@meet-around.com for immediate removal.

13. Identity Verification (optional feature)

The Verified badge is opt-in. The verification flow:

1. Captures a brief selfie for on-device liveness detection (Section 5: ML Kit Face Detection — runs on your device, no images sent to ML Kit)
2. Captures a short look at your government-issued ID document
3. Uploads both images to Noerix OÜ servers over HTTPS
4. A trained moderator reviews the pair within 24 hours; on success the badge is granted
5. Both images are deleted within 30 days regardless of outcome

Verification photos are never shown to other users. We do not run automated face-recognition matching on these images, we do not generate biometric templates, and we do not share them with any third party other than the storage sub-processor (Firebase Storage) where they are encrypted at rest.

14. Automated Decisions and Artificial Intelligence

We use automated systems for:

• Spam, abuse, and policy-violation detection (content moderation)
• The "Do Something Big" trip-planning feature, which generates itineraries based on your stated preferences and approximate location
• Liveness check during identity verification (face detection, not recognition)

None of these systems make decisions that have legal or similarly significant effects on you. Account suspensions for policy violations are reviewed by a human moderator before they take effect, and you can appeal by emailing meet-support@meet-around.com.

15. Cookies and Similar Technologies

The mobile app does not use cookies. The website (www.meet-around.com) uses only essential cookies for session management and security. We do not use advertising or cross-site tracking cookies. The Mapbox SDK may store small amounts of data on your device for map-tile caching — this is purely operational and not used for advertising.

16. Your Rights — GDPR (EU/UK/EEA)

You have the right to:

• Access the information we hold about you
• Correct inaccurate or outdated information
• Have your data deleted ("right to be forgotten")
• Restrict how we process your data
• Object to processing based on legitimate interest
• Receive a copy of your data in a portable format
• Withdraw consent at any time, where processing is based on consent
• Lodge a complaint with a supervisory authority

To exercise any of these rights, email privacy@meet-around.com. We respond within 30 days. You may also complain to the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) at www.aki.ee, or to the data-protection authority of your country of residence.

17. Your Rights — United States Residents

This Section applies to residents of US states with comprehensive consumer-privacy statutes, including (without limitation) California (CCPA / CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Delaware (DPDPA), New Jersey (NJDPA), New Hampshire (NHPA), Iowa (ICDPA), Montana (MCDPA), and Tennessee (TIPA). If your state of residence has a similar law not listed above, the rights below are extended to you to the extent that law requires.

You have the right to:

• Know what personal information we collect, use, share, and retain about you
• Access a copy of your personal information
• Correct inaccurate personal information
• Request deletion of your personal information
• Opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising — we do not sell or share your personal information for advertising, so there is nothing to opt out of
• Limit the use of sensitive personal information — applicable categories we hold are precise location and identity-verification photos; we already restrict their use to the purposes in Sections 4 and 13
• Be free from discrimination for exercising any of these rights

To exercise these rights, email privacy@meet-around.com with the subject "US Privacy Request." We do not require you to create an account to make a request. We may need to verify your identity by email confirmation; we will not request more information than necessary. Authorized agents may submit requests on your behalf with written authorization.

We do not knowingly process the personal information of California residents under 16 for sale or sharing. We do not knowingly profile any user in furtherance of decisions that produce legal or similarly significant effects.

18. Mobile-Platform Disclosures

Apple App Store — App Privacy ("Privacy Nutrition Label")

In compliance with Apple's App Store requirements, we publish a Privacy Nutrition Label in our App Store listing summarizing the data types in this Policy. We do not engage in cross-app or cross-website tracking, so we do not show Apple's App Tracking Transparency prompt. If we ever introduce a feature that does require tracking, you will see Apple's standard ATT prompt and may decline; the rest of the app will continue to work. Optional Sign in with Apple uses Apple's privacy-relay email feature when you choose it.

Google Play — Data Safety

In compliance with Google Play's Data Safety requirements, we publish a Data Safety form in our Play Store listing. The form mirrors the data categories in Section 4 and the third-party SDKs in Section 5. We do not collect Google's Advertising ID. All data is encrypted in transit, and Google Play users can request data deletion through Settings → Profile → Delete Account or by emailing privacy@meet-around.com.

19. Your Choices and Controls

You can manage your privacy directly inside the app:

• Turn notifications on or off, by category, in Settings
• Revoke individual permissions (camera, location, photos) in your operating-system Settings; the related features will pause but the rest of the app will continue to work
• Block any user (Profile → ⋮ → Block); blocked users no longer see your profile or Talks
• Report any user, post, or message (⋮ → Report); we review reports within 24 hours
• Download or delete your account data via Settings → Account → Privacy

20. Changes to This Policy

We may update this Privacy Policy as features, laws, or sub-processors change. We will notify you in the app, by email, and on our website at least 30 days before any change that materially affects your rights or the categories of data we collect. The current and prior versions are accessible at www.meet-around.com/Home/Privacy and an archive of all prior versions is available on request to privacy@meet-around.com. Continued use of the Platform after a change takes effect means you accept the revised Policy.

21. Contact Us

If you have any questions or complaints about this Policy or our handling of your data:

Noerix OÜ — Privacy Office
Telliskivi 57, 10412 Tallinn
Estonia
General privacy: privacy@meet-around.com
Formal data-protection requests: dpo@meet-around.com
Customer support: meet-support@meet-around.com
Legal: legal@meet-around.com
Website: www.meet-around.com

We take privacy seriously and respond to every request as quickly as we can.