Download on theApp Store Get it onGoogle Play

Privacy Policy

Last Updated: January 2026 · Effective Date: January 2026 · Version 3.0

1. Introduction

This Privacy Policy ("Policy") describes how Peopls Inc., a Delaware Public Benefit Corporation ("Peopls," "we," "us," or "our"), collects, uses, shares, and protects your personal information when you use our mobile application and related services (collectively, the "Service").

Our public benefit mission includes facilitating community-based mutual aid while protecting user privacy. We are committed to transparency about our data practices and giving you control over your personal information.

By using the Service, you consent to the collection, use, and disclosure of your information as described in this Policy. If you do not agree, please do not use the Service.

This Policy is incorporated into and subject to our Terms of Service.

2. Peopls Is a Public Platform

IMPORTANT: Some parts of Peopls are public and can be viewed by anyone, even if they don't have an account.

What Is Public:

  • Campaign pages (title, description, goal, photos, videos, location)
  • Campaign creator's name and profile photo
  • Gratitude posts and updates
  • Supporter names (unless you choose to support anonymously)
  • Vote counts and Campaign progress
  • Public profiles of users

What Is NOT Public:

  • Your email address
  • Your phone number
  • Your payment information
  • Your identity verification documents
  • Private messages
  • Your precise account balance

Search Engine Visibility:

Campaign content may be indexed by search engines like Google and may appear in search results. Please consider carefully what personal details you include in publicly visible content.

Anonymous Support:

If you choose to support a Campaign anonymously, your name will not appear publicly on the Campaign page. However, your name and support information will still be visible to the Campaign creator for communication and tax purposes.

By using Peopls and posting content to public-facing portions of the Service, you are directing us to share that information publicly.

3. Definitions

  • "Personal Information" means information that identifies, relates to, or could reasonably be linked to you or your household.
  • "Sensitive Personal Information" means Personal Information that reveals government IDs, financial account information, biometric data, or precise geolocation.
  • "Processing" means any operation performed on Personal Information, including collection, storage, use, disclosure, or deletion.
  • "Service Provider" means a third party that processes Personal Information on our behalf.
  • "Campaign" means a fundraising request created through the Service.
  • "User Content" means any content you submit to the Service.

4. Information We Collect

4.1 Information You Provide Directly

Account Registration:

  • Full name (first and last)
  • Email address
  • Password (stored in hashed form)
  • Phone number (optional)

Profile Information:

  • Profile photo/avatar
  • Biography (minimum 100 characters for Campaign creators)
  • City, state, and country
  • Occupation (optional)

Identity Verification Data:

  • Government-issued identification documents (driver's license, passport, state ID)
  • Selfie photographs for facial verification
  • Date of birth
  • Address information

Financial Information (processed by Stripe):

  • Bank account details for payouts
  • Payment card information
  • Billing address

Note: We do not store complete payment card numbers on our servers.

Campaign Content:

  • Campaign title and description
  • Fundraising goal amount
  • Photos and videos
  • Category selection
  • Location data for the Campaign

Gratitude Post Content:

  • Thank-you videos and images
  • Text descriptions

Communications:

  • Messages sent through the Service
  • Customer support inquiries
  • Feedback and survey responses

4.2 Information Collected Automatically

Device Information:

  • Device type and model
  • Operating system and version
  • Unique device identifiers (IDFA, Android ID)
  • Mobile network information
  • Screen resolution and device settings

Usage Data:

  • Features accessed and actions taken
  • Time spent on different screens
  • Campaign viewing history
  • Voting and engagement patterns
  • Search queries within the app
  • Error logs and crash reports

Location Information:

  • IP address-based approximate location
  • Precise GPS location (only with your explicit permission)
  • Location data associated with Campaigns you create

Log Data:

  • Access times and dates
  • App version
  • Referring/exit pages
  • Clickstream data

4.3 Information from Third Parties

Social Login Providers:

If you sign in using Google or Apple:

  • Name and email from your social account
  • Profile photo (if publicly available)
  • Unique identifier from the provider

Payment Processors:

  • Transaction confirmation and status
  • Fraud risk assessments

Identity Verification Services:

  • Verification results (verified/not verified)
  • Document authenticity assessments

We do not receive your social media passwords or access your social accounts beyond what is needed for authentication.

5. How We Use Your Information

5.1 To Provide and Operate the Service

  • Create and manage your account
  • Process Fund Contributions and payouts
  • Enable Campaign creation and discovery
  • Facilitate Power Votes and Boosts
  • Display your profile to other users

5.2 To Verify Identity and Prevent Fraud

  • Verify your identity for Campaign creation and payouts
  • Detect and prevent fraudulent activities
  • Comply with anti-money laundering (AML) requirements
  • Investigate suspicious activities

5.3 To Communicate With You

  • Send transactional notifications (votes received, payout status)
  • Respond to your inquiries and support requests
  • Send important service announcements
  • Send promotional content (with your consent)

5.4 To Improve and Personalize the Service

  • Analyze usage patterns and trends
  • Develop new features and services
  • Personalize your experience and recommendations
  • Conduct research and analytics

5.5 To Ensure Safety and Security

  • Monitor for violations of our Terms
  • Protect users from harassment and abuse
  • Maintain platform integrity
  • Secure our systems and data

5.6 To Comply With Legal Obligations

  • Respond to legal requests and court orders
  • Report as required by tax laws (1099-K forms)
  • Comply with regulatory requirements
  • Enforce our Terms of Service

5.7 Artificial Intelligence and Machine Learning

We may use AI and machine learning technologies to:

  • Moderate Campaign content for policy compliance
  • Detect potentially fraudulent Campaigns or activities
  • Improve content recommendations and discovery
  • Analyze patterns to enhance fraud prevention
  • Provide automated customer support assistance

Important AI Disclosures:

  • We do NOT use your data to train general-purpose AI models for commercial products unrelated to our Service
  • AI-assisted decisions (such as Campaign moderation) may be reviewed by human moderators
  • You may request human review of automated decisions that significantly affect you
  • We do not use AI for automated decision-making that produces legal effects without human oversight

AI in Customer Support:

We may offer chatbot or AI-assisted support features. Your interactions with these features may be recorded and used to improve our support services. When providing information to chatbots, avoid sharing sensitive data like passwords or complete financial information.

6. Legal Bases for Processing

We process your Personal Information based on the following legal grounds:

Contract Performance:

Processing necessary to provide the Service you requested, including account creation, Campaign management, and payment processing.

Legitimate Interests:

Processing for our legitimate business interests, including fraud prevention, security, analytics, and service improvement, balanced against your privacy rights.

Consent:

Processing based on your explicit consent, such as marketing communications, precise location access, and optional data sharing. You may withdraw consent at any time.

Legal Obligation:

Processing required to comply with applicable laws, including tax reporting, anti-money laundering regulations, and responding to legal requests.

Vital Interests:

Processing necessary to protect someone's life or physical safety in emergency situations.

7. Information Sharing and Disclosure

7.1 With Other Users

  • Campaign creators: Supporters who use Power Votes can see Campaign details
  • Supporters: Campaign creators can see the names of users who supported them (unless anonymous)
  • Public profiles: Your name, avatar, and public statistics are visible to other users

7.1.1 Anonymous Support Limitation

If you choose to support a Campaign anonymously:

  • Your name will NOT appear publicly on the Campaign page or activity feed
  • However, your name and contact information WILL still be visible to the Campaign creator
  • This enables Campaign creators to send thank-you messages and comply with tax requirements
  • Peopls may also access this information for fraud prevention and legal compliance
  • "Anonymous" only means not publicly displayed, not hidden from the Campaign creator

7.2 With Service Providers

We share information with trusted third parties who assist us:

  • Stripe: Payment processing and fraud prevention
  • Cloud providers: Data storage and hosting
  • Analytics providers: Usage analysis (anonymized where possible)
  • Identity verification services: Document and biometric verification
  • Email/push notification services: Communication delivery

All Service Providers are contractually obligated to protect your information.

7.3 For Legal Reasons

We may disclose information:

  • To comply with laws, regulations, or legal processes
  • To respond to lawful requests from government authorities
  • To protect our rights, property, or safety
  • To protect users or the public from harm
  • To detect, prevent, or address fraud or security issues

7.4 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred. We will notify you of any change in ownership or use of your Personal Information.

7.5 With Your Consent

We may share information for other purposes with your explicit consent.

WE DO NOT SELL YOUR PERSONAL INFORMATION.

We do not share your Personal Information with third parties for their direct marketing purposes without your consent.

8. Third-Party Services

The Service integrates with third-party services. Their privacy practices are governed by their own policies:

Payment Processing - Stripe:

Authentication - Google Sign-In:

Authentication - Apple Sign-In:

Push Notifications - Expo:

Cloud Infrastructure:

  • Data stored on secure, SOC 2 compliant infrastructure

We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies.

9. Data Security

We implement comprehensive security measures to protect your information:

Technical Safeguards:

  • TLS/SSL encryption for all data in transit
  • AES-256 encryption for sensitive data at rest
  • Secure password hashing (bcrypt)
  • Regular security assessments and penetration testing
  • Intrusion detection and monitoring systems
  • Secure API authentication (JWT tokens)

Organizational Safeguards:

  • Access controls based on role and necessity
  • Employee security training and awareness
  • Background checks for personnel with data access
  • Incident response procedures
  • Regular security policy reviews

Payment Security:

  • PCI-DSS Level 1 compliant payment processing
  • No storage of complete card numbers
  • Tokenization of payment information

Identity Verification Security:

  • Encrypted transmission of verification documents
  • Limited retention of verification images
  • Secure deletion after verification completion

Data Breach Notification:

In the event of a data breach that affects your Personal Information, we will notify affected users and relevant regulators as required by applicable law (including, where relevant, within the timeframes set by GDPR, state breach notification laws, or other applicable regulations).

SECURITY DISCLAIMER:

While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security of your information. You are responsible for maintaining the security of your account credentials.

10. Data Retention

We retain your information only as long as necessary for the purposes described in this Policy:

Account Information:

  • Active accounts: Retained while account is active
  • Deleted accounts: Removed within 90 days of deletion request
  • Some data may be retained longer if required by law

Transaction Records:

  • Financial transaction data: 7 years (tax and legal requirements)
  • Voting and engagement history: Duration of account plus 1 year

Identity Verification:

  • Verification documents: Deleted within 30 days after successful verification
  • Verification status: Retained while account is active
  • Failed verification attempts: 90 days

Usage and Analytics Data:

  • Detailed usage logs: 12 months
  • Aggregated analytics: May be retained indefinitely (anonymized)

Campaign Content:

  • Active Campaigns: Retained while active
  • Completed/deleted Campaigns: 1 year after completion
  • Associated media files: Deleted with Campaign

Communications:

  • Support tickets: 3 years
  • Marketing consent records: Duration of consent plus 3 years

Legal Holds:

Information may be retained longer if subject to legal proceedings, investigations, or regulatory requirements.

11. Your Privacy Rights

Depending on your location, you may have the following rights:

Right to Know/Access:

Request information about the categories and specific pieces of Personal Information we have collected about you.

Right to Correct:

Request correction of inaccurate Personal Information. You can update most information directly in your account settings.

Right to Delete:

Request deletion of your Personal Information, subject to certain exceptions (legal obligations, fraud prevention, etc.).

Right to Portability:

Request your Personal Information in a structured, commonly used, machine-readable format.

Right to Opt-Out:

  • Opt out of promotional communications
  • Disable push notifications
  • Withdraw consent for optional data collection

Right to Non-Discrimination:

We will not discriminate against you for exercising your privacy rights.

How to Exercise Your Rights:

  • Email: info@peopls.app
  • In-app: Settings → Privacy → Data Requests
  • Response time: Within 45 days (may be extended by 45 days for complex requests)

We may need to verify your identity before processing requests. We will not fulfill requests that would compromise the privacy of others or conflict with legal obligations.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Categories of Personal Information Collected:

  • Identifiers (name, email, phone, IP address)
  • Financial information (payment details via Stripe)
  • Biometric information (facial verification data)
  • Geolocation data
  • Internet activity (usage data, browsing history within app)
  • Professional information (occupation)
  • Inferences drawn from the above

Your California Rights:

  • Right to know what Personal Information is collected
  • Right to know if Personal Information is sold or disclosed
  • Right to opt-out of sale (we do not sell your information)
  • Right to delete Personal Information
  • Right to correct inaccurate Personal Information
  • Right to limit use of Sensitive Personal Information
  • Right to non-discrimination

Contact for California Requests:

info@peopls.app

Subject line: "California Privacy Request"

13. Children's Privacy

The Service is not intended for children under 18 years of age. We do not knowingly collect Personal Information from children under 18.

If you are a parent or guardian and believe your child under 18 has provided Personal Information to us:

  • Contact us immediately at info@peopls.app
  • We will take steps to delete the information
  • We will terminate the child's account

If we discover we have collected information from a child under 18, we will promptly delete such information and terminate the associated account.

COPPA Compliance:

We comply with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect information from children under 13 under any circumstances.

14. Biometric Data

For identity verification purposes, we may collect biometric data:

What We Collect:

  • Facial geometry data extracted from selfie photographs
  • This data is used solely to verify your identity matches your government ID

How It's Used:

  • One-time comparison against your submitted ID document
  • Fraud prevention and identity verification
  • Not used for any other purpose

Retention:

  • Facial verification data is processed in real-time
  • Source images (selfies) are deleted within 30 days of successful verification
  • We do not create or store biometric templates for ongoing identification

Your Rights:

  • You may request information about biometric data processing
  • You may request deletion of biometric data

For Illinois residents (BIPA): We obtain consent before collecting biometric identifiers and follow applicable retention and destruction requirements.

15. Location Data

We collect location data in the following ways:

IP-Based Location:

  • Approximate location (city/region level)
  • Collected automatically
  • Used for fraud prevention and analytics

Precise GPS Location (Optional):

  • Only collected with your explicit permission
  • Used when creating Campaigns to show location
  • Can be disabled at any time in device settings

We do not track your location in the background or when you are not actively using location-based features.

16. Push Notifications

We send push notifications with your consent for transactional notifications (votes received, payout status, security alerts), engagement notifications (Campaign updates), and optional promotional notifications. You can manage preferences in Settings → Notifications.

17. Do Not Track

As a mobile application, we do not respond to DNT browser signals. You can control tracking through device privacy settings and opting out of analytics where available. We do not engage in cross-site tracking or targeted advertising based on your activity on other websites or apps.

18. International Data Transfers

Your information may be transferred to and processed in the United States and other countries where our Service Providers operate. We implement appropriate safeguards (e.g., Standard Contractual Clauses). European users have GDPR rights including access, rectification, erasure, restriction, portability, and objection.

19. SMS and Text Message Communications

If you provide your phone number, you may receive SMS for verification, 2FA, Campaign updates, and optionally marketing. Reply STOP to unsubscribe from marketing. Security-related messages cannot be opted out while maintaining an active account. Standard message and data rates may apply.

20. Links to Third-Party Websites and Services

The Service may contain links to third-party websites or services. We are not responsible for their privacy practices. Review their policies before providing information.

21. Regional Privacy Disclosures

GDPR (EEA, UK, Switzerland): You have rights of access, rectification, erasure, restriction, portability, objection, and the right to lodge a complaint with a supervisory authority.

Nevada/Colorado/Virginia/Other US States: Residents may have additional rights under state law. Contact info@peopls.app for state-specific requests.

22. Volunteered Information

Information you submit through forums, surveys, support, or feedback may be used to improve our Service. By submitting suggestions or feedback, you grant us a non-exclusive, royalty-free license to use such information. Public comments may be used for promotional or platform improvement purposes.

23. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated by email and in-app notice at least 30 days before the effective date. Your continued use after changes constitutes acceptance. You may request previous versions by contacting info@peopls.app.

24. Contact Us

Privacy Inquiries / Data Protection Officer / Data Protection Requests / General Support / Security / Legal:

Email: info@peopls.app

Mailing Address:

Peopls Inc.

Attn: Privacy Team

16192 Coastal Highway

Lewes, DE 19958

United States

Response Time:

  • General privacy inquiries: Within 10 business days
  • Data access/deletion requests: Within 45 days (as required by law)
  • GDPR requests: Within 30 days

Complaints: You may lodge a complaint with a data protection authority in your jurisdiction (e.g., ICO for UK, local DPA for EU, California Attorney General for California residents).