1. Introduction

Welcome to Ryvve ("we," "our," "us," or the "Company"). Ryvve is operated by Ryvve LLC, a Colorado limited liability company. We are committed to protecting your privacy and being transparent about how we collect, use, and share your personal information.

This Privacy Policy explains our practices regarding the collection, use, and disclosure of your information when you use the Ryvve mobile application (iOS and Android), website, and related services (collectively, the "Platform"). By using the Platform, you agree to the collection and use of information in accordance with this policy.

Data Controller: Ryvve LLC Email: privacy@ryvve.com Location: Colorado, United States

2. Information We Collect

We collect information in several ways: directly from you, automatically when you use the Platform, and from third-party services.

2.1 Information You Provide Directly

Account Information

Full name
Email address
Phone number (optional)
Profile photo
Username
Biography/description
Social media links

Vehicle Information

Make, model, and year
Vehicle specifications (engine, transmission, drivetrain)
Modifications and aftermarket parts
Vehicle photos
Vehicle nickname or description

Event Information

Event title, description, and category
Event location (address and coordinates)
Date, time, and duration
Event photos and media
Attendance and participation details
Event rules and requirements

Club Information

Club name and description
Club logo and photos
Membership details
Club rules and guidelines

User-Generated Content

Posts, comments, and reactions
Photos and videos you upload
Reviews and ratings

Communications

Messages sent through the Platform's chat feature
Support requests and feedback
Survey responses

2.2 Information Collected Automatically

Device Information

Device type and model
Operating system and version
Unique device identifiers (Device ID, Advertising ID)
Mobile network information
App version

Technical Information

IP address
Browser type and version (web)
Access times and dates
Referring URLs
Pages/screens viewed
Crash reports and error logs

Location Data

IMPORTANT: We collect location data in the following circumstances:

Foreground Location (While App is Open):

When viewing the map to find nearby events
When searching for events by location
When creating events (to set event location)
When viewing event directions

Background Location (Drive Recording Feature):

When you actively start a "Drive" or "Cruise" recording session, we collect continuous location data including:

Route Tracking: Complete GPS coordinates (polyline) of your entire route, including all waypoints
Speed Data: Your current speed at regular intervals, maximum speed reached during the drive, and average speed for the drive
Start/End Points: Precise coordinates where you began and ended the drive
Elevation Data: Altitude information along your route
Distance: Total distance traveled
Duration: Total time elapsed

This background location tracking ONLY occurs when you explicitly start a drive recording session. We do not track your location in the background at any other time.

Usage and Behavioral Data

Features you use and how often
Buttons clicked and screens viewed
Search queries
Time spent on various screens
Interaction patterns
Session duration and frequency

2.3 Information from Third-Party Services

If you connect third-party accounts (such as Google or Apple for sign-in), we may receive:

Basic profile information (name, email, profile photo)
Authentication tokens
Any information you authorize the third-party service to share

3. Third-Party Services and Data Sharing

We use several third-party services to operate the Platform. Each service receives certain data as described below:

3.1 Analytics and Performance

| Service | Data Shared | Purpose | |---------|-------------|---------| | PostHog | User ID, device info, all in-app events and interactions, session recordings, feature usage, screen views, button clicks, search queries | Product analytics, user behavior analysis, feature optimization, A/B testing | | Firebase Analytics | User ID, events, user properties, device info, demographics | App usage analytics, conversion tracking | | Firebase Crashlytics | Device info, app state, stack traces, user ID (for crash correlation) | Crash reporting, stability monitoring |

3.2 Core Infrastructure

| Service | Data Shared | Purpose | |---------|-------------|---------| | Firebase Authentication | Email, name, phone, authentication tokens | User sign-in and account management | | Firebase Firestore | All user data, events, clubs, vehicles, messages | Primary database | | Firebase Storage | Photos, videos, and media files | Media storage | | Firebase Cloud Messaging | Device tokens, notification preferences | Push notifications | | Supabase | Selected user and event data | Secondary database and backend services |

3.3 Search and Discovery

| Service | Data Shared | Purpose | |---------|-------------|---------| | Algolia | User profiles (name, username, photo), events (title, location, details), clubs (name, description) | Search indexing and discovery |

3.4 Maps and Location

| Service | Data Shared | Purpose | |---------|-------------|---------| | Google Maps Platform | Location coordinates, addresses, geocoding requests | Map display, directions, location search |

3.5 Links to Third-Party Privacy Policies

4. How We Use Your Information

4.1 Core Platform Functionality

Creating and managing your account
Displaying your profile and vehicles to other users
Facilitating event creation, discovery, and participation
Managing club memberships and interactions
Enabling messaging and communication between users
Providing search functionality across the Platform
Displaying maps and location-based features
Recording and displaying your drive/cruise data

4.2 Platform Improvement and Analytics

Understanding how users interact with features
Identifying and fixing bugs and technical issues
Developing new features and improvements
Conducting A/B tests to optimize user experience
Analyzing aggregate usage patterns and trends
Monitoring Platform performance and stability

4.3 Communications

Sending push notifications about events, messages, and activity
Delivering email updates (event reminders, account notifications)
Responding to support requests and feedback
Sending marketing communications (with your consent)

4.4 Safety and Security

Detecting and preventing fraud, abuse, and violations
Enforcing our Terms of Service
Protecting the rights and safety of our users
Complying with legal obligations

5. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Specific retention periods:

| Data Type | Retention Period | |-----------|------------------| | Account Data | Until account deletion + 30 days | | Vehicle Data | Until you delete the vehicle or your account | | Event Data | Indefinitely (events become historical records) | | Drive/Cruise Data | Until you delete the drive or your account | | Messages | Until deleted by sender/recipient or account deletion | | Analytics Data | Per third-party service defaults (typically 14-26 months) | | Crash Reports | 90 days | | Backup Data | 30 days after deletion |

After account deletion, we may retain certain anonymized or aggregated data that cannot be used to identify you.

6. Your Privacy Rights

6.1 Rights for All Users

Regardless of where you live, you have the right to:

Access your personal information
Correct inaccurate or incomplete data
Delete your account and associated data
Export your data in a portable format
Opt-out of marketing communications
Control location tracking permissions via device settings
Manage notification preferences

To exercise these rights, contact us at privacy@ryvve.com or use the in-app settings.

6.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know

You have the right to request disclosure of:

Categories of personal information collected
Specific pieces of personal information collected
Categories of sources from which information is collected
Business purposes for collecting information
Categories of third parties with whom information is shared

Right to Delete

You may request deletion of your personal information, subject to certain exceptions (such as legal compliance requirements).

Right to Correct

You may request correction of inaccurate personal information.

Right to Opt-Out of Sale/Sharing

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

Right to Limit Use of Sensitive Personal Information

The following categories of sensitive personal information we collect:

Precise geolocation (during active drive recording)

You may request that we limit the use of sensitive personal information to purposes necessary for providing the services.

Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

Categories of Personal Information Collected (Last 12 Months)

| Category | Examples | Collected | |----------|----------|-----------| | Identifiers | Name, email, phone, username, device IDs | Yes | | Personal Records | Vehicle information, profile details | Yes | | Characteristics | Age (derived from birthdate if provided) | Limited | | Commercial Information | Event registrations, purchases | Yes | | Biometric Information | None | No | | Internet/Network Activity | Usage data, browsing history within app | Yes | | Geolocation Data | Precise location during drive recording | Yes | | Sensory Data | Photos, videos uploaded | Yes | | Professional/Employment | None | No | | Education Information | None | No | | Inferences | Preferences based on usage | Yes | | Sensitive Personal Information | Precise geolocation | Yes |

To submit a CCPA request, email privacy@ryvve.com with "CCPA Request" in the subject line. We will verify your identity before processing your request.

6.3 European Union and United Kingdom Residents (GDPR/UK GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing

We process your personal data based on the following legal grounds:

| Processing Activity | Legal Basis | |---------------------|-------------| | Account creation and management | Performance of contract | | Core Platform features | Performance of contract | | Drive recording (when you initiate) | Consent | | Analytics and improvement | Legitimate interests | | Marketing communications | Consent | | Safety and fraud prevention | Legitimate interests | | Legal compliance | Legal obligation |

Your GDPR Rights

Right of Access: Obtain confirmation and copies of your personal data
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure ("Right to be Forgotten"): Request deletion of your data
Right to Restriction: Request we limit processing of your data
Right to Data Portability: Receive your data in a structured, machine-readable format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time for consent-based processing
Right to Lodge a Complaint: File a complaint with your local data protection authority

International Data Transfers

Your data is transferred to and processed in the United States. We ensure appropriate safeguards for such transfers, including:

Standard Contractual Clauses (SCCs) with our service providers
Reliance on adequacy decisions where applicable
Implementation of supplementary technical and organizational measures

To exercise your GDPR rights, contact our designated representative at privacy@ryvve.com.

6.4 Other U.S. State Privacy Laws

Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws have similar rights to access, delete, correct, and opt-out. Contact privacy@ryvve.com to exercise these rights.

7. Children's Privacy

The Platform is intended for users 18 years of age and older.

We do not knowingly collect personal information from anyone under 13 years of age. If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us at privacy@ryvve.com immediately. We will take steps to delete such information.

If we become aware that we have collected personal information from a child under 13, we will delete that information as quickly as possible.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL
Encryption at Rest: Sensitive data is encrypted in our databases
Access Controls: Role-based access controls limit who can access user data
Firebase Security Rules: Database-level security rules restrict unauthorized access
Regular Security Reviews: We periodically review our security practices
Employee Training: Team members are trained on data protection practices

Important Notice Regarding Messages: Messages sent through the Platform's chat feature are stored on our servers and are not end-to-end encrypted. While we protect messages with standard security measures, you should not share highly sensitive information (such as passwords, financial details, or confidential personal information) through the chat feature.

9. Third-Party Links and Services

The Platform may contain links to third-party websites, services, or content. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through the Platform.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Update the "Last Updated" date at the top of this policy
Notify you through the Platform (via in-app notification)
For significant changes, send you an email notification

Your continued use of the Platform after changes become effective constitutes your acceptance of the revised policy. If you do not agree to the changes, you should stop using the Platform and delete your account.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Ryvve LLC Email: privacy@ryvve.com General Inquiries: support@ryvve.com

For CCPA requests, include "CCPA Request" in the subject line. For GDPR requests, include "GDPR Request" in the subject line.

We aim to respond to all requests within 30 days.

12. Definitions

"Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.
"Platform" means the Ryvve mobile application (iOS and Android), website, and all related services.
"Processing" means any operation performed on personal data, including collection, storage, use, disclosure, and deletion.
"Sensitive Personal Information" includes precise geolocation data, as defined under applicable privacy laws.
"Drive" or "Cruise" refers to the feature that allows users to record their driving routes, including GPS coordinates, speed, and other telemetry data.