WHEREYAT PRIVACY POLICY

Effective Date: April 18, 2026 Last Updated: April 18, 2026

1. INTRODUCTION

WhereYat! ("we," "our," or "us"), a product of Premier Products LLC, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application WhereYat! (the "App").

Please read this Privacy Policy carefully. By using our App, you agree to the collection and use of information in accordance with this policy.

2. INFORMATION WE COLLECT

2.1 Personal Information

We collect the following personal information:

• Phone Number: Used for account verification and contact identification

• Contact Name: Display name you choose within the app

• Location Data: Real-time GPS coordinates when location sharing is enabled

• Device Information: Battery level, device type, and operating system

2.2 Location Information

WhereYat!'s core functionality requires location data:

• Current Location Only: Your most recent GPS coordinates (latitude, longitude, timestamp)

• Previous Location (Temporary): The immediately preceding GPS reading is stored temporarily in device memory (maximum 2 minutes) solely for speed calculation purposes and is never transmitted to our servers

• Geofence Event Data: Records of when you or your family members enter or exit designated safe zones, including zone name, entry/exit time, and user ID

2.3 Account Security Information

• PIN Hash: A cryptographically hashed version of the PIN you create for account security. We never store your PIN in plain text.

• Failed PIN Attempts: Temporarily tracked per phone number to prevent unauthorized access

• Temporary Access Blocks: If five consecutive incorrect PIN attempts are made for a phone number, that phone number is temporarily blocked from sign-in for 24 hours. This record is automatically deleted after the block expires.

2.4 Photos

• Profile photos you add for yourself or your contacts are stored only on your device

• Photos are never uploaded to our servers, never shared with other users, and never transmitted over the internet

• Photos are removed when you delete the contact or uninstall the App

2.5 Technical Information

• Device Information: Device model, operating system version

• App Usage Data: Features used, crash reports, performance metrics

• Authentication Data: Firebase user identifiers and session tokens

• Push Notification Tokens: A unique identifier used to deliver notifications to your device

3. HOW WE USE YOUR INFORMATION

We use your information for the following purposes:

3.1 Core App Functionality

• Location Sharing: Display your current location to invited family members

• Contact Management: Manage your family circle and contact list

• Geofencing: Provide location-based notifications when entering/exiting safe zones

• Authentication: Verify your identity and secure your account

• Speed Calculation: Calculate movement speed using consecutive GPS readings

3.2 Notifications

We send push notifications to inform you of events within the App. Notifications may contain information such as contact names you or your family members have assigned and safe zone names you or your family members have created. By enabling notifications, you consent to this information being delivered to your device.

3.3 App Improvement

• Performance Monitoring: Improve app stability and performance

• Feature Development: Understand how features are used

• Customer Support: Respond to your questions and technical issues

3.4 Legal and Safety

• Compliance: Meet legal obligations and protect rights

• Safety: Prevent fraud, abuse, or unauthorized access

• Spam Prevention: Monitor invitation patterns to prevent abuse

4. INFORMATION SHARING AND DISCLOSURE

4.1 Family Members

• Location data is shared with ALL family members you have invited and who have accepted your invitation

• When location sharing is enabled, all connected family members can see your location

• Location sharing is an all-or-nothing setting: when enabled, all your family members see your location; when disabled, none do

• You cannot selectively share your location with only some family members

• All sharing is mutual and requires consent from both parties

4.2 Safe Zones Created by Others

A family member who is connected to you may create safe zones that trigger notifications when you enter or exit those zones. Records of these crossings are associated with your user account and are visible to the family member who created the zone. By connecting with a family member, you consent to this arrangement. These records are automatically deleted after 7 days.

4.3 Service Providers

We share information with trusted third-party service providers:

• Google Firebase: Authentication, database storage, cloud functions, and push notifications

• Mapbox: Map display and geocoding services

• RevenueCat: Subscription management, purchase validation, and subscription status tracking

• Apple App Store / Google Play Store: Subscription management and billing

Note: We do NOT use any third-party SMS services. Phone number verification is handled entirely through Firebase Authentication.

These providers are contractually obligated to protect your data and use it only for providing services to us.

We may update our list of service providers from time to time. If we add a new service provider that materially changes how your data is processed, we will notify you through an in-app notice or by updating this Privacy Policy.

4.4 Legal Requirements

We may disclose information when required by law:

• Legal Process: Subpoenas, court orders, or legal proceedings

• Safety: Protect rights, property, or safety of users

• Emergency: Life-threatening situations requiring immediate response

Important: We only retain your current location. We do not maintain a location history database, so historical location data is not available for legal requests.

4.5 Business Transfers

If WhereYat! is acquired or merged, user information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

4.6 What We Do Not Do

• No Selling: We never sell your personal information to third parties

• No Advertising: We do not share your data with advertisers

• No Public Sharing: Your location is never publicly visible

5. DATA SECURITY

5.1 Security Measures

We implement industry-standard security measures:

• Encryption in Transit: Data encrypted using HTTPS/TLS during transmission

• Encryption at Rest: Data encrypted in Google Firebase's secure infrastructure

• Authentication: Secure phone-based authentication via Firebase

• Access Controls: Limited access to personal data through Firebase Security Rules

• Firebase Security: Google's enterprise-grade security infrastructure

However, no method of transmission or storage is 100 percent secure. While we strive to protect your information, we cannot guarantee absolute security.

5.2 Data Retention

Active Location Data:

• Current Location: Overwritten with each new location update (approximately every 2 minutes while sharing is enabled)

• Geofence Events: Automatically deleted after 7 days

• Account Information: Retained while your account is active

Account Deletion:

• You may delete your account at any time from within the App, under Settings

• Upon account deletion, your personal data is removed from our active systems within 30 days

• Some data may be retained longer if required by law or for legitimate business purposes, such as fraud prevention or legal compliance

Spam Suspension Data:

• If your account is suspended for 30 days due to excessive declined invitations, your account data remains intact and the suspension automatically lifts after 30 days

Fraud Prevention Data:

• Phone Number Records for Trial Eligibility: We record phone numbers that have used a free trial to prevent repeated trial abuse

• Automatically deleted: Trial records are removed from our systems 12 months after creation

• Retained after account deletion: Trial records may be retained for up to 12 months solely for fraud prevention purposes

6. YOUR PRIVACY RIGHTS

6.1 Access and Control

You have the right to:

• View: Access your personal information in the app

• Update: Modify your profile and contact information

• Delete: Remove contacts or request account deletion

• Control Sharing: Enable or disable location sharing at any time

6.2 Location Privacy

• Enable or Disable: Turn location sharing on or off anytime (affects all family members equally)

• Geofence Management: Create, modify, or delete safe zone boundaries

• All-or-Nothing Sharing: When enabled, all connected family members see your location; when disabled, none do

6.3 Regional Rights

For California Residents (CCPA):

• Right to know what personal information is collected

• Right to delete personal information

• Right to opt out of sale of personal information (we do not sell data)

• Right to non-discrimination for exercising privacy rights

To exercise any of these rights, contact us at WhereYatdev@gmail.com.

7. AGE REQUIREMENTS

WhereYat is intended for users 13 years of age and older. We do not knowingly allow individuals under 13 to create their own WhereYat accounts.

A parent or legal guardian who holds a valid WhereYat account may add a minor in their care as a tracked contact within their Family Circle, provided the parent or guardian has legal authority to do so. Parents and guardians are responsible for:

• Ensuring they have legal authority to track the minor's location

• Explaining location sharing to the minor in an age-appropriate manner

• Supervising the minor's interaction with any device running the App

We do not knowingly collect personal information directly from children under 13. If we become aware that we have collected personal information directly from a child under 13 without verified parental consent, we will take steps to delete that information promptly. If you believe a child under 13 has provided information to us directly, please contact WhereYatdev@gmail.com.

8. GEOGRAPHIC SCOPE

WhereYat is offered from the United States and is intended for users in the United States. The App is not intentionally directed to residents of the European Union, the United Kingdom, or other jurisdictions outside the United States.

Your information is stored on Google Firebase servers in the United States. If you choose to access the App from outside the United States, you do so at your own initiative and consent to the transfer of your information to the United States for processing under U.S. law.

9. THIRD-PARTY SERVICES

9.1 Integrated Services

WhereYat integrates with:

• Google Firebase: Authentication, database storage, cloud messaging, and cloud functions

• Mapbox: Map display and location services

• RevenueCat: Subscription management and purchase validation

• Apple and Google: In-app purchases and subscription billing

9.2 Third-Party Privacy Policies

These services have their own privacy policies:

• Google Firebase Privacy Policy: firebase.google.com/support/privacy

• Mapbox Privacy Policy: mapbox.com/legal/privacy

• RevenueCat Privacy Policy: revenuecat.com/privacy

• Apple Privacy Policy: apple.com/legal/privacy

• Google Play Privacy Policy: policies.google.com/privacy

We are not responsible for the privacy practices of these third-party services.

10. DATA BREACH NOTIFICATION

In the event of a data breach that affects your personal information:

• We will notify affected users within 72 hours of becoming aware of the breach

• Notification will be sent through in-app notification and, where possible, SMS to your registered phone number

• We will provide information about the nature of the breach, data affected, and steps being taken

• We will report breaches to relevant authorities as required by law

11. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• In-App Notice: Notification within the WhereYat app

• App Store: Update notes in app store listings

Your continued use of the App after changes constitutes acceptance of the updated policy. We encourage you to review this Privacy Policy periodically.

12. GOVERNING LAW

This Privacy Policy and any disputes arising from or relating to it are governed by the laws of the State of Louisiana, without regard to conflict of law provisions. Dispute resolution is subject to the arbitration and class action waiver provisions of the WhereYat Terms of Service.

13. CONTACT INFORMATION

If you have questions about this Privacy Policy or our privacy practices, or if you wish to:

• Request access to your personal data

• Request correction of inaccurate data

• Request deletion of your account and data

• Exercise any of your privacy rights

• Report a privacy concern

Please contact us:

Premier Products LLC Attn: WhereYat Privacy Email: WhereYatdev@gmail.com

We will respond to your request within 30 days.

14. EFFECTIVE DATE

This Privacy Policy is effective as of April 18, 2026 and was last updated on April 18, 2026.

SUMMARY OF KEY PRIVACY PRACTICES

What We Collect: Phone number, current location, device info, geofence events (7 days), hashed PIN

What We Do Not Collect: Location history (we only keep your most recent location), browsing data, your contacts list, photos on our servers 

Who Sees Your Data: Only family members you explicitly invite

How Long We Keep It: Current location only (constantly updated), geofence events for 7 days, account data while your account is active

Your Control: Enable or disable sharing anytime, delete contacts, delete your account in-app

Our Promise: Never sell your data, never share with advertisers, industry-standard security