Privacy Policy
Effective Date: January 24, 2026
uDown ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").
By using the Service, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree, please do not use the Service.
1. Information We Collect
1.1 Information You Provide Directly
- Phone Number: Required to create your account and verify your identity via SMS one-time passwords (OTP).
- Profile Information: Your name, username, and optional profile photo.
- Contacts: With your explicit permission, we access your device contacts to (1) identify which of your contacts already use uDown, and (2) send SMS invitations on your behalf to contacts you select when inviting them to activities.
- Activity Data: Information about activities you create, including titles, dates, times, locations, descriptions, and participant lists.
- Messages: Content you send in activity-specific chats.
- Communications: When you contact us for support, we collect the information you provide.
1.2 Information Collected Automatically
- Device Information: Device type, model, operating system version, unique device identifiers, and push notification tokens.
- Usage Data: How you interact with the Service, including features used, actions taken, and timestamps.
- Log Data: IP address, browser type, access times, pages viewed, and referring URLs.
- Location Information: We collect location data only when you explicitly add a location to an activity. We do not continuously track your location in the background.
1.3 Information from Third Parties
- We may receive information about you from other users (e.g., when they invite you to an activity).
- If you log in through a third-party service in the future, we may receive profile information from that service.
2. How We Use Your Information
We use the information we collect to:
- Provide the Service: Create and manage your account, facilitate activity planning, and enable communication between users.
- Send SMS Messages:
- Account verification (OTP codes)
- Activity invitations to contacts you invite (including non-app users)
- Activity reminders (e.g., 24 hours before scheduled activities)
- Important updates (e.g., time changes, cancellations)
- Send Push Notifications: Alert you about new invitations, RSVPs, messages, and reminders.
- Improve the Service: Analyze usage patterns, troubleshoot issues, and develop new features.
- Communicate with You: Respond to your inquiries, provide customer support, and send service-related announcements.
- Ensure Safety and Security: Detect, prevent, and address fraud, abuse, and security issues.
- Comply with Legal Obligations: Respond to legal requests and prevent harm.
3. Information Sharing and Disclosure
We do not sell, trade, or rent your personal information to third parties.
We may share your information only in the following circumstances:
3.1 With Other Users
- Your profile information (name, username, photo) is visible to users you interact with.
- Activity details are shared with invited participants.
- Chat messages are visible to activity participants.
3.2 Service Providers
We use trusted third-party services to operate the Service:
| Service | Purpose | Data Shared |
|---|---|---|
| Twilio | SMS delivery | Phone numbers, message content |
| Apple Push Notification service (APNs) | Push notifications | Device tokens, notification content |
| Cloudflare R2 | Profile image storage | Profile photos |
| Hetzner | Server hosting | All data (stored securely) |
| Sentry | Error tracking and monitoring | Error logs, device info (no personal content) |
These providers are contractually obligated to protect your information and use it only for the services they provide to us.
3.3 Legal Requirements
We may disclose your information if required to do so by law or in response to valid legal requests, including:
- Court orders, subpoenas, or legal process
- Government or regulatory agency requests
- To protect our rights, property, or safety
- To protect the rights, property, or safety of our users or others
- To detect, prevent, or address fraud, security, or technical issues
3.4 Business Transfers
If uDown is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
3.5 With Your Consent
We may share your information for other purposes with your explicit consent.
4. SMS Communications
We use Twilio to send SMS messages. By using the Service, you expressly consent to receive SMS messages for:
- One-time passwords (OTP) for account verification and login
- Activity invitations to contacts you invite (sent on your behalf)
- Activity reminders for upcoming activities
- Important updates such as time changes or cancellations
Message frequency varies based on your activity. Standard message and data rates may apply.
Opt-Out
- Reply STOP to any promotional message to opt out
- Essential account verification messages cannot be disabled while your account is active
- You can disable activity-related SMS by adjusting your notification settings in the app
Your Responsibility
When you invite contacts to activities, you represent that:
- You have the right to provide their phone numbers
- They would reasonably expect to receive such invitations from you
- You will not use the Service to send spam or unwanted messages
5. Push Notifications
With your permission, we send push notifications about:
- New activity invitations
- RSVP updates from invited friends
- New messages in activity chats
- Activity reminders
- Important service announcements
You can disable push notifications at any time in your device settings or within the app.
6. Data Storage and Security
6.1 Storage Location
Your data is stored on secure servers:
- Primary servers: Hetzner, located in the United States
- Profile images: Cloudflare R2, with global distribution
6.2 Security Measures
We implement appropriate technical and organizational measures to protect your information, including:
- Encryption in transit (TLS/SSL)
- Encryption at rest for sensitive data
- Secure password hashing
- Access controls and authentication
- Regular security assessments
- Monitoring for suspicious activity
6.3 No Guarantee
While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
7. Data Retention
- Account Data: We retain your account information for as long as your account is active.
- Activity Data: Activity information is retained while relevant to participants. Completed activities are archived but remain accessible in your history.
- Chat Messages: Messages are retained as part of activity history.
- Deleted Accounts: When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal purposes.
8. Your Rights and Choices
You have the right to:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request correction of inaccurate or incomplete information.
- Deletion: Request deletion of your account and personal data.
- Data Portability: Request your data in a portable format.
- Opt-Out: Opt out of promotional communications.
- Withdraw Consent: Withdraw consent for optional data processing (e.g., contacts access).
To exercise these rights, please contact us at [email protected]. We will respond to your request within 30 days.
9. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: You can request information about the categories and specific pieces of personal information we have collected, the sources of that information, our business purposes for collecting it, and the categories of third parties with whom we share it.
- Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
- Right to Opt-Out of Sale: We do not sell your personal information. If this changes, we will provide a "Do Not Sell My Personal Information" link.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
To exercise your CCPA rights, contact us at [email protected]. We may need to verify your identity before processing your request.
California "Shine the Light" Law: California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.
10. Data Breach Notification
In the event of a data breach that affects your personal information, we will:
- Notify affected users via email and/or in-app notification within 72 hours of becoming aware of the breach
- Notify relevant regulatory authorities as required by applicable law
- Provide information about the nature of the breach, the types of data affected, and steps we are taking to address it
- Offer guidance on steps you can take to protect yourself
11. International Data Transfers
If you are located outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where our servers are located and our central database is operated.
By using the Service, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence.
12. Children's Privacy
The Service is not intended for users under 13 years of age.
We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected]. If we learn that we have collected personal information from a child under 13, we will promptly delete that information.
For users between 13 and 18 years old, we recommend parental guidance when using the Service.
13. Do Not Track
Some browsers have a "Do Not Track" feature that signals to websites that you do not want your online activity tracked. The Service does not currently respond to Do Not Track signals. However, we do not track your activity across third-party websites.
14. Third-Party Links and Services
The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you use.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Post the updated policy on our website and in the app
- Update the "Effective Date" at the top
- Notify you via email or in-app notification for significant changes
Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy. If you do not agree to the changes, please stop using the Service and delete your account.
16. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
uDown
Email: [email protected]
We will respond to your inquiry within 30 days.
By using uDown, you acknowledge that you have read, understood, and agree to this Privacy Policy.