PRIVACY POLICY (DRAFT)

Version: 1.0

Last Updated: November 1, 2025

Scope: This Privacy Policy describes how GOL Ventures, Inc. collects, uses, shares, and protects information when you use our websites and mobile apps in the United States. It also outlines rights under GDPR and CCPA/CPRA where applicable.

1. Information We Collect

1.1 Directly from You. Account details (name, username, email, age affirmation), profile info (photos, bios), messages (Safety Group chats), check‑ins, reviews, stories, preferences, payout information (e.g., PayPal email), tax forms (W‑9/W‑8BEN).

1.2 Automatically. Device identifiers, IP address, app version, crash logs, cookies, usage analytics, coarse and precise location (when you opt in), time stamps, and interaction events.

1.3 Payment. Payments are processed by Stripe/PayPal; we receive limited transaction metadata (amount, status) but not full card numbers.

1.4 From Partners. Venue/promo data, safety ratings, event details, and confirmations; moderators’ decisions.

2. How We Use Information

• Provide and operate the Services (discovery, safety groups, messaging).
  
• Process purchases (Coins, subscriptions, tickets) and payouts.
  
• Show venue details, ratings, heat maps, and curated recommendations.
  
• Safety features: share your location with your consent inside Safety Groups.
  
• Monitor, detect, and prevent fraud, abuse, and policy violations.
  
• Personalize content, send notifications, and provide customer support.
  
• Analyze usage to improve performance; create aggregated/anonymous analytics.
  
• Comply with legal obligations (tax, KYC/AML, law enforcement requests).
  

3. Legal Bases (GDPR)

We rely on consent (e.g., location, marketing), contract (providing the Services), legitimate interests (security, analytics), and legal obligations (tax, compliance). You can withdraw consent at any time via settings.

4. Sharing of Information

• Processors: cloud hosting, analytics, messaging, push (e.g., OneSignal), payment processors (Stripe/PayPal), customer support tools.
  
• Venues/Promoters: to fulfill bookings, ticketing, or orders you request.
  
• Safety Group Members: when you choose to share your location or messages.
  
• Law Enforcement/Legal: when required by law or to protect safety, rights, or property.
  
• Business Transfers: in a merger, acquisition, or asset sale.
  
  We do not sell personal information as commonly defined by CCPA; we may engage in sharing for cross‑context behavioral advertising—opt‑out rights apply.
  

5. Cookies & Tracking

We use cookies/SDKs for authentication, session management, analytics, and personalization. You can adjust settings in your browser/device. Some features may not function without certain cookies or permissions.

6. Location Services (IMPORTANT)

We collect and share location only when you opt in. Location is used for venue discovery, heat maps, and Safety Groups. You can disable location at any time in device settings; some features may stop working. We may store approximate historical location events with retention limits.

7. Data Retention

• Account and transaction records: typically 7 years (tax/compliance).
  
• Safety messages and stories: retained per feature lifecycle (e.g., 24–48 hours for stories) unless required for investigations.
  
• Logs/analytics: retained for reasonable periods for security and improvement.
  
  We may anonymize data for longer‑term analytics.
  

8. Security

We use administrative, technical, and physical safeguards, including TLS, encryption at rest (where supported), bcrypt for passwords, access controls, and audits. No method of transmission or storage is 100% secure.

9. Your Rights

GDPR (EU/UK): access, rectify, erase, restrict, object, portability, withdraw consent, and lodge a complaint with a supervisory authority.

CCPA/CPRA (California): know, delete, correct, opt out of sale/share, limit use of sensitive data, and non‑discrimination.

Requests: privacy@gol-ventures.com with sufficient information to verify your identity. We may decline requests as permitted by law.

10. Children

The Services are for 18+. We do not knowingly collect personal information from children under 13 (or under 16 where applicable). Report concerns to privacy@gol-ventures.com.

11. International Transfers

Data may be processed in the United States and other countries. We use appropriate safeguards for cross‑border transfers where required (e.g., SCCs).

12. Do‑Not‑Track; Marketing

We do not respond to browser “Do‑Not‑Track” signals. You can manage marketing preferences in settings or by using unsubscribe links.

13. Changes to this Policy

We may update this Policy. Material changes will be noticed via the Services or email. Continued use indicates acceptance.

14. Contact Us

Privacy: privacy@gol-ventures.com

Security: security@gol-ventures.com

Support: support@gol-ventures.com

Address: 16192 Coastal Highway | Lewis, DE 19958