Invitrr — Privacy Policy

Summary

Plain Language Summary: Invitrr collects data about you, how you use the app, and information about your device and location. We use this data to operate and improve our products, personalize your experience, display content and advertising, share with partners, train our algorithms, and run our business. We do not sell your name, email, or other directly identifying information to advertisers. You have certain legal rights over your data depending on where you live. This full policy explains everything in detail — please read it carefully.

1. Definitions

As used throughout this Privacy Policy, the following terms have the meanings set forth below:

"Aggregate Information" means data that has been combined and summarized from multiple users in a manner that does not identify any individual user, such as statistics about usage patterns across our platform.
"De-Identified Information" means information from which all reasonable means of identifying any specific individual have been removed or obscured, such that re-identification is not reasonably practicable.
"Device Information" means information automatically collected from the device or browser you use to access the Service, including but not limited to hardware model, operating system, unique device identifiers, mobile network information, and Internet Protocol address.
"Invitrr," "we," "us," or "our" means Nohmit Incorporated, a corporation incorporated under the laws of the Province of Ontario, Canada, with its registered office in Ottawa, Ontario, together with its successors, assigns, subsidiaries, affiliates, officers, directors, employees, and agents.
"Personal Information" means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to a particular individual or household.
"Processing" means any operation or set of operations performed on Personal Information, whether by automated means or otherwise, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, restriction, erasure, or destruction.
"Service" means the Invitrr mobile application for iOS, any future applications, our website at invitrr.com, and all related content, features, products, and services operated by Invitrr.
"Usage Data" means information collected automatically about how you interact with the Service, including but not limited to the features you use, the content you view, your interaction patterns, session duration, frequency of use, and behavioral signals.
"User Content" means any information, data, text, photographs, images, video, audio, or other material you submit to or through the Service.

2. Who We Are and How to Contact Us

Nohmit Incorporated (operating as "Invitrr") is the data controller for Personal Information collected through the Service. We are incorporated under the laws of Ontario, Canada, with our registered office located in Ottawa, Ontario, Canada.

For all privacy-related inquiries, requests to exercise your rights, questions about this policy, or concerns about our data practices, you may contact us by email at privacy@invitrr.com. For general support inquiries, contact support@invitrr.com. For legal matters, contact legal@invitrr.com. For safety concerns, contact safety@invitrr.com.

We endeavor to respond to all privacy-related inquiries within the timeframe required by applicable law. We reserve the right to request reasonable identifying information before processing any request.

3. Scope of This Policy and Acceptance

This Privacy Policy applies to all individuals who access or use the Service, regardless of their location, including without limitation users of our mobile application, visitors to our website, hosts of events on our platform, and any person who otherwise interacts with Invitrr in connection with the Service (collectively, "Users").

By downloading, installing, accessing, or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and consent to the collection, use, disclosure, and Processing of your Personal Information as described herein. If you do not agree to this Privacy Policy, you must not access or use the Service.

This Privacy Policy is incorporated by reference into and forms a part of our Terms of Service. Capitalized terms not defined herein have the meanings ascribed to them in our Terms of Service.

This Privacy Policy does not apply to third-party websites, applications, or services that may be linked to or from the Service. We encourage you to review the privacy policies of any third-party services you choose to access.

Users in certain jurisdictions — including the European Economic Area ("EEA"), the United Kingdom ("UK"), Canada, and the State of California — may have additional rights as described in Section 13 of this Privacy Policy. Those provisions supplement and do not replace the general provisions of this policy.

4. Information We Collect

We collect a broad range of information in connection with the Service. The categories of information we collect are described below. This list is illustrative and not exhaustive. We reserve the right to collect any additional categories of information consistent with our legitimate business purposes and applicable law.

4.1 Information You Provide Directly

We collect information that you voluntarily provide to us when you create an account, use the Service, contact us, or otherwise interact with us. This includes:

Account registration information: including your full name, email address, date of birth (used to verify that you are at least 18 years of age), and, optionally, your mobile telephone number
Profile information: including photographs, biography, city of residence, personal interests, vibe preferences, event type preferences, and role preference (host, attendee, or both), as well as any other information you choose to include in your public or private profile
Identity verification data: including selfie photographs and any other verification materials you submit through the Service, which are processed through automated facial analysis technology operated by third-party providers on our behalf
Event data: including events you create as a host, event descriptions, photographs, venue information, capacity information, dress codes, and any other details you provide in connection with events you list on the Service
Communications with us: including the content of messages, feedback, support requests, bug reports, appeals, and other communications you send to us through any channel, together with associated metadata
Safety feature data: including emergency contact information, Bailout activation history, and any other data you voluntarily input into safety-related features of the Service
Survey and research responses: including any information you provide if you participate in surveys, focus groups, or research activities we conduct
Any other information you choose to provide in the course of using the Service, whether or not specifically solicited by us

4.2 Information We Collect Automatically

When you access or use the Service, we and our third-party partners automatically collect certain technical and behavioral information. This automatic collection occurs through a variety of technologies including software development kits ("SDKs"), cookies, pixel tags, log files, and similar tracking mechanisms. The information we collect automatically includes, without limitation:

Device and technical information: hardware model and manufacturer, operating system and version, app version and build number, mobile network carrier, unique device identifiers (including Identifier for Advertising ("IDFA"), Identifier for Vendor ("IDFV"), and other persistent and non-persistent device identifiers), browser type and version, screen resolution, device language settings, and time zone
Network and connectivity information: Internet Protocol ("IP") address, connection type (Wi-Fi, cellular), approximate geographic location derived from IP address, and mobile network information
Location information: with your permission, we may collect your precise or approximate geographic location through GPS, Wi-Fi signals, cell tower data, or other technologies while the app is in use; we may derive your approximate location from your IP address even without explicit location permission
Usage and behavioral information: pages and screens viewed, features accessed, content viewed and for how long (dwell time), events browsed, events liked, events passed, events requested, event join requests sent, received, accepted, and declined, messages sent (metadata only, not content, unless flagged for safety review), search queries entered, filters applied, notification interactions, and all other actions you take within the Service
Inferred interests and preferences: data we derive from your usage patterns, behavioral signals, interaction history, and other information we collect, which we use to infer your interests, preferences, and likely affinities
Performance and diagnostic information: crash reports, error logs, application performance metrics, load times, and other technical diagnostic information that helps us identify and resolve issues with the Service
A/B test and experiment data: information about which versions of features, interfaces, or content you were shown and how you interacted with them, in connection with our ongoing testing and optimization efforts
Communication and engagement data: whether and when you open push notifications, emails, or in-app messages we send you, and how you interact with them
Log data: server logs that record information about your requests, including date and time, type of request, and response

4.3 Information We Receive from Third Parties

We may receive information about you from third parties, including without limitation:

Authentication providers: if you choose to create an account or log in using Apple Sign In or Google Sign In, we receive certain information from those providers, including your name, email address, and a unique provider-specific identifier, subject to their privacy policies and your privacy settings with those providers
Third-party analytics and advertising partners: we work with third-party analytics providers and, from time to time, advertising partners who may provide us with information about your interests and activities derived from other platforms and services, which we may combine with information we have collected about you
Safety and fraud prevention providers: we may receive information from third-party providers who help us detect fraud, abuse, and safety risks on the platform
Other users: other users of the Service may provide information about you, for example by submitting a report, rating, or review involving you
Publicly available sources: we may collect information about you from publicly available sources where relevant to our safety, fraud prevention, or operational purposes

4.4 Information Derived from Other Information

We may derive new information about you by analyzing and combining the information we collect as described above. This derived information may include inferences about your interests, preferences, behavioral patterns, likely responses to particular content or events, and other characteristics. Derived information is used for the same purposes as the underlying information from which it was derived and may be used to improve and develop our products and services, including machine learning systems.

5. How We Use Your Information

We use the information we collect for a wide range of purposes that are consistent with operating, maintaining, improving, and growing our business. The purposes for which we may use your information include, without limitation, the following:

5.1 Providing and Operating the Service

Creating, maintaining, authenticating, and securing your account
Enabling event discovery, creation, hosting, attendance requests, and confirmation
Facilitating in-app messaging and other communications between users
Delivering push notifications, transactional emails, and in-app alerts that you have requested or that are necessary for the operation of the Service
Processing subscription purchases and managing subscription entitlements through the Apple App Store
Operating safety features, including Bailout and emergency contact functionality
Verifying user identity and enforcing age and eligibility requirements
Providing customer support and responding to your inquiries

5.2 Personalizing and Improving Your Experience

Ranking, curating, and personalizing your event discovery feed using our proprietary recommendation algorithm, which takes into account your profile, behavioral signals, interaction history, inferred preferences, and other factors
Surfacing events, users, and content that we determine are likely to be relevant and of interest to you, based on your activity and our analysis thereof
Adapting the timing, frequency, and content of notifications we send you based on your behavioral patterns, engagement history, inferred active windows, and preferences
Remembering your settings, preferences, and filters across sessions to provide a consistent experience
Tailoring the features and content displayed to you based on your profile and usage history

5.3 Research, Development, and Machine Learning

Analyzing usage patterns and behavioral data to understand how the Service is used and to identify opportunities for improvement
Conducting research and analysis to develop new features, products, and services
Testing and measuring the effectiveness of existing and new features, content, and experiences
Training, evaluating, developing, and improving our machine learning models, recommendation algorithms, natural language processing systems, computer vision systems, safety and moderation systems, and any other artificial intelligence or automated decision-making systems that are used in connection with the Service or any current or future product or service offered by Invitrr or its affiliates or successors
Using aggregated, de-identified, and derived data to develop insights, analytics, and intelligence that inform our product roadmap and business strategy
Benchmarking the performance of our algorithms and systems against internal and external standards

5.4 Advertising, Marketing, and Commercial Purposes

Displaying promotional content, sponsored event listings, partner promotions, and advertising within the Service, which we may introduce at any time in our sole discretion; any advertising we display may be targeted based on your profile, behavioral data, inferred interests, location, and other information we hold about you
Measuring the reach, engagement, and effectiveness of promotional and advertising content displayed within the Service
Communicating with you about new features, products, services, and promotional offers from Invitrr, subject to applicable opt-out rights
Generating business intelligence, analytics, and reporting for our internal use and for presentation to investors, partners, and other stakeholders
Supporting any partnerships, collaborations, or joint marketing arrangements that we may enter into from time to time

5.5 Safety, Security, Legal Compliance, and Business Operations

Detecting, investigating, preventing, and responding to fraud, abuse, harassment, spam, policy violations, and other harmful or unauthorized activities
Enforcing our Terms of Service, Community Guidelines, Host Policy, and all other applicable policies
Complying with applicable laws, regulations, legal processes, and governmental requests
Cooperating with law enforcement agencies, regulatory authorities, courts, and other governmental bodies as required by law or as we deem necessary in our discretion
Protecting the rights, property, safety, and interests of Invitrr, our users, and the general public
Establishing, exercising, and defending legal claims
Auditing our operations, systems, and processes for internal compliance purposes
Any other purpose that is consistent with our legitimate business interests and not prohibited by applicable law

5A. Legal Bases for Processing (EEA and UK Users)

For users located in the European Economic Area ("EEA") or the United Kingdom ("UK"), the General Data Protection Regulation ("GDPR") and applicable UK data protection law require us to identify the legal basis on which we rely when Processing your Personal Information. The table below sets out our processing activities and the corresponding legal bases we rely upon. Where we rely on legitimate interests, we have carried out a balancing test and determined that our legitimate interests are not overridden by your interests, rights, or freedoms, having regard to the safeguards we have put in place.

Account Creation and Management

Processing activity: Creating and managing your user account, authenticating your identity, and maintaining account security
Legal basis: Performance of a contract — processing is necessary to perform our Terms of Service and provide the Service you have requested

Event Discovery and Feed Personalization

Processing activity: Ranking, curating, and personalizing your event discovery feed using behavioral signals, interaction history, and inferred preferences
Legal basis: Legitimate interests — we have a legitimate interest in providing a personalized experience that increases the relevance and value of the Service to you; this processing is core to the Service and is reasonably expected by users

Push Notifications and Transactional Communications

Processing activity: Sending push notifications, in-app alerts, OTP codes, and account-related transactional emails
Legal basis: Performance of a contract (for transactional messages necessary to deliver the Service); legitimate interests (for engagement-based notifications)

Identity Verification

Processing activity: Processing selfie photographs through automated facial analysis technology to verify that your profile photograph matches your submitted identity
Legal basis: Legitimate interests — we have a legitimate interest in maintaining the safety, integrity, and trustworthiness of the platform by reducing impersonation and fraud

Safety Features

Processing activity: Operating the Bailout feature, processing emergency contact information, and maintaining safety-related logs
Legal basis: Vital interests and legitimate interests — processing is necessary to protect the vital interests of users and to operate a safe platform

Machine Learning and Product Development

Processing activity: Using Usage Data, behavioral signals, and derived information to train and improve machine learning models, recommendation algorithms, safety systems, and other AI systems used in current or future Invitrr products
Legal basis: Legitimate interests — we have a legitimate interest in improving our products and developing new services; users of a recommendation-driven platform reasonably expect that their usage data informs the quality of recommendations they receive

Analytics and Service Improvement

Processing activity: Analyzing aggregate usage patterns, conducting A/B tests, measuring feature effectiveness, and generating internal business analytics
Legal basis: Legitimate interests — we have a legitimate interest in understanding how the Service is used and in continuously improving it

Fraud Prevention and Security

Processing activity: Detecting, investigating, and preventing fraud, abuse, spam, impersonation, and other harmful or unauthorized activities
Legal basis: Legitimate interests and compliance with legal obligations — we have a compelling legitimate interest in maintaining platform security; some processing is also required by law

Advertising and Commercial Promotion

Processing activity: Displaying targeted promotional content and advertising within the Service (if and when introduced); measuring advertising effectiveness
Legal basis: Consent — where required by applicable law, we will seek your consent before Processing your data for targeted advertising purposes; where consent is not required, we rely on legitimate interests

Sharing Aggregated and De-Identified Data

Processing activity: Sharing Aggregate Information and De-Identified Information with third parties including business partners, advertisers, and research institutions
Legal basis: Legitimate interests — Aggregate and De-Identified Information does not constitute Personal Information under the GDPR and is not subject to GDPR processing restrictions; to the extent any residual personal data element exists, we rely on legitimate interests

Legal Compliance and Dispute Resolution

Processing activity: Complying with applicable laws, responding to legal process, cooperating with regulatory authorities, and establishing, exercising, or defending legal claims
Legal basis: Compliance with legal obligations; legitimate interests (for legal claim defense)

Business Transfers

Processing activity: Transferring Personal Information to an acquiring entity in connection with a merger, acquisition, or other corporate transaction
Legal basis: Legitimate interests — we have a legitimate interest in being able to conduct corporate transactions; transfers are conducted with appropriate contractual safeguards

You have the right to object to processing based on legitimate interests at any time by contacting us at privacy@invitrr.com. We will cease such processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or unless the processing is necessary for the establishment, exercise, or defense of legal claims. Objecting to processing based on legitimate interests does not affect the lawfulness of processing conducted prior to your objection.

6. Disclosure and Sharing of Your Information

We may disclose or share your information as described below. Except as otherwise stated, we do not sell your directly identifying Personal Information (such as your name or email address) to third parties for their independent commercial purposes.

6.1 Aggregate and De-Identified Information

We may disclose, sell, license, transfer, or otherwise make available Aggregate Information and De-Identified Information to any third party for any purpose, without restriction and without compensation to you. This includes, without limitation, sharing anonymized behavioral trends, category popularity data, geographic event density information, platform engagement statistics, and other insights derived from user activity on the Service with advertising partners, analytics companies, research institutions, business partners, investors, and other third parties. Such information does not constitute Personal Information and is not subject to the restrictions that apply to Personal Information under this Privacy Policy.

6.2 Service Providers and Processors

We engage third-party companies and individuals to perform services on our behalf that support the operation, maintenance, improvement, and promotion of the Service (collectively, "Service Providers"). We share Personal Information with Service Providers only to the extent necessary for them to perform their functions. Our Service Providers are contractually required to maintain the confidentiality and security of Personal Information they access and are prohibited from using it for their own independent purposes. Our current Service Providers include, without limitation: Cloudflare, Inc. (content delivery and media storage); Railway (infrastructure hosting); Amazon Web Services, Inc. (identity verification via Rekognition); Resend (transactional email delivery); Twilio Inc. (SMS delivery); Apple Inc. (push notification infrastructure via APNs); OpenAI (content moderation); Upstash (caching and session management); and Redis Labs (data infrastructure). This list may be updated from time to time. We reserve the right to engage new Service Providers and to change our Service Providers at any time without prior notice to you.

6.3 Business Partners and Commercial Relationships

We may share non-personally identifying information, Aggregate Information, and De-Identified Information, as well as certain profile and behavioral information in pseudonymized form, with business partners, event organizers, venues, brands, and other third parties in connection with commercial relationships, partnerships, co-marketing arrangements, and other business activities. Such sharing is conducted in a manner that we deem appropriate and consistent with our business objectives and applicable law.

6.4 Advertising Partners

If and when we introduce advertising within the Service, we may share certain information with advertising technology companies and advertising networks to enable them to serve targeted advertisements to you within the Service. Such information may include Device Information, inferred interest categories, behavioral segments, location information, and similar data. We do not share your name or email address with advertising partners without your consent.

6.5 Business Transfers and Corporate Transactions

In the event of any merger, acquisition, consolidation, restructuring, financing, investment, sale of all or substantially all of our assets or equity, sale of a line of business, bankruptcy, insolvency proceeding, or any other corporate transaction or change of control (each, a "Business Transaction"), your Personal Information and other data held by us may be transferred to, accessed by, reviewed by, or acquired by the counterparty in such Business Transaction, including potential counterparties and their advisors during due diligence. You acknowledge and agree that: (a) any such transfer does not constitute a sale of your Personal Information; (b) the acquiring or successor entity may use and process your Personal Information in a manner that differs from this Privacy Policy; and (c) your continued use of the Service following any Business Transaction constitutes your acceptance of any updated privacy policy that may apply to you following such transaction. We will provide notice as required by applicable law in connection with any Business Transaction that results in a material change to the way your Personal Information is processed.

6.6 Legal and Regulatory Disclosure

We may disclose your Personal Information without notice or consent, to the extent permitted by applicable law, when we reasonably believe such disclosure is necessary or appropriate to: (a) comply with any applicable law, regulation, subpoena, court order, judicial proceeding, legal process, or governmental or regulatory request; (b) enforce or apply our Terms of Service, this Privacy Policy, or our other agreements; (c) detect, prevent, investigate, or respond to fraud, security vulnerabilities, technical issues, or other harmful, unauthorized, or illegal activity; (d) protect the rights, property, safety, or interests of Invitrr, our users, employees, or the public; or (e) respond to emergencies in which we believe disclosure is necessary to prevent serious harm. We are under no obligation to notify you of any such disclosure.

6.7 Public Profile Information

Certain information you include on your Invitrr profile is visible to other users of the Service. This public information includes, without limitation, your first name, profile photographs, biography, city, interests, event listings you create, and verified status. Exercise discretion in the information you choose to make publicly available. We are not responsible for how other users use information that you have made public through the Service.

6.8 With Your Consent

We may share your Personal Information with third parties in additional circumstances with your consent. Consent may be given explicitly or may be implied from your use of particular features or services.

7. Cookies, Tracking Technologies, and Interest-Based Advertising

We and our third-party partners use cookies, pixel tags, web beacons, software development kits ("SDKs"), and similar tracking technologies (collectively, "Tracking Technologies") to collect information about your use of the Service and your activity across other digital properties over time. Our use of Tracking Technologies is described in detail in our Cookie Policy, which forms part of this Privacy Policy and is incorporated herein by reference.

In summary, we use Tracking Technologies for purposes including, without limitation: authenticating your session; remembering your preferences and settings; understanding how you use the Service; measuring the effectiveness of features and promotional content; preventing fraud and abuse; enabling and optimizing advertising; and conducting analytics and research.

For users in the EEA and UK, we operate a consent management mechanism for non-essential cookies and Tracking Technologies as required by applicable law. You may withdraw or modify your cookie consent preferences at any time through the privacy settings within the app. Withdrawing consent to non-essential cookies does not affect the lawfulness of processing based on consent prior to withdrawal.

Your device operating system may offer certain controls over the use of Tracking Technologies, such as the ability to limit ad tracking or reset advertising identifiers. Disabling certain Tracking Technologies may limit the functionality of the Service or affect the relevance of content and experiences delivered to you. For full details on how to manage your cookie preferences, please review our Cookie Policy.

8. Advertising

Invitrr does not currently display third-party advertisements within the Service. We expressly reserve the right, in our sole discretion and at any time without prior notice, to introduce advertising features within the Service, including without limitation: display advertising; sponsored content; promoted event listings; native advertising; targeted advertising based on your profile, behavior, interests, and other information we hold about you; and any other form of commercial promotion. Any advertising we introduce may be targeted based on data we have collected about you.

Any update to this Privacy Policy to reflect the introduction of advertising will be posted within the Service. Your continued use of the Service following such update constitutes your acceptance of the updated policy. If you do not wish to receive targeted advertising, you may have limited ability to opt out through your device settings, though this will not eliminate all advertising from the Service.

We may use data derived from your use of the Service, including behavioral data, inferred interests, and demographic information, to measure and report on the performance of promotional content, regardless of whether we introduce third-party advertising.

9. Data Retention

We retain your Personal Information for as long as is reasonably necessary and proportionate to fulfill the purposes for which it was collected, as described in this Privacy Policy, to comply with our legal obligations (including where we are required to retain data to comply with applicable laws), to resolve disputes, to enforce our agreements, to protect our legal rights and interests, and to support our legitimate business operations.

The appropriate retention period for Personal Information depends on a number of factors, including the nature of the data, the purposes for which it is used, and our legal obligations. In general terms:

Account and profile information is retained while your account is active and for a commercially reasonable period thereafter
Identity verification selfie photographs are deleted from our production systems within fourteen (14) days of the verification decision, except where applicable law requires longer retention
Usage and behavioral data may be retained for periods necessary to operate and improve our Services, train our machine learning systems, and fulfill our legal obligations
Aggregate and De-Identified Information derived from your use of the Service may be retained indefinitely
Backup copies of data may persist for a commercially reasonable period after deletion from our active systems, before being overwritten or purged in the ordinary course of our backup rotation schedule
Data subject to a legal hold, litigation, regulatory inquiry, or law enforcement request may be retained beyond standard retention periods for as long as required

Following account deletion, we will endeavor to delete or anonymize your Personal Information from our active systems within thirty (30) days, subject to the exceptions described above. You acknowledge that due to backup and caching systems, data may not be immediately deleted from all systems simultaneously.

10. Security

We implement commercially reasonable administrative, technical, and physical safeguards designed to protect your Personal Information against unauthorized access, alteration, disclosure, or destruction. Our security measures include, without limitation, HTTPS/TLS encryption for data transmitted between your device and our servers, secure credential hashing, role-based access controls on production systems, and periodic security assessments.

You acknowledge that no security system is perfect or impenetrable, and we cannot guarantee the absolute security of your Personal Information. The security of your account also depends on the strength and confidentiality of your credentials. You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account. In the event of a security incident that triggers mandatory notification obligations under applicable law, we will notify affected users and relevant regulatory authorities as required.

11. Third-Party Services and Links

The Service may contain links to or integrations with third-party websites, applications, or services that are not operated or controlled by Invitrr, including without limitation authentication providers such as Apple and Google. This Privacy Policy does not apply to such third-party services. We have no control over, and assume no responsibility for, the privacy practices or content of any third-party services. We encourage you to review the privacy policies of any third-party services you choose to use or visit.

12. Children's Privacy and Age Assurance

The Service is intended exclusively for users who are 18 years of age or older. We do not knowingly collect, solicit, or retain Personal Information from individuals under the age of 18. If you are under 18, you are not permitted to use the Service and must not attempt to register an account or use any feature of the Service.

12.1 Age Verification at Registration

We require all users to provide their date of birth during the account registration process. We use this information to verify that users meet our minimum age requirement of 18 years. Users who indicate they are under 18 are prevented from completing registration. We may implement additional age assurance measures from time to time, including without limitation identity verification steps, document verification, or third-party age estimation technology.

12.2 Proactive Detection of Underage Users

We employ a combination of automated systems and human review processes designed to identify users who may be under the age of 18, including where a user has provided a false date of birth. These measures may include, without limitation:

Automated analysis of profile content, photographs, and behavioral signals that may indicate a user is under 18
Review of reports submitted by other users who believe a user may be underage
Monitoring for patterns of account creation and usage that are inconsistent with adult users
Periodic re-verification of account holder age where we have reasonable grounds to suspect a user may be underage

Where our systems or human reviewers identify a user who may be under the age of 18, we will take prompt action including, without limitation, suspending access to the account, requesting additional age verification, or permanently terminating the account and deleting associated Personal Information.

12.3 Deletion of Underage User Data

If we determine or become aware that we have collected Personal Information from a person under the age of 18, we will take reasonable steps to delete all such information from our systems as promptly as practicable. We will also terminate the associated account. We will not use any Personal Information collected from an underage user for any purpose other than to facilitate its deletion.

12.4 Reporting Underage Users

If you believe that a person under the age of 18 has created an account on the Service or has provided us with Personal Information, we ask that you report this to us immediately at safety@invitrr.com. Please include as much information as possible to assist us in identifying the account in question. We take all such reports seriously and will investigate promptly.

12.5 Parental and Guardian Notice

We encourage parents and guardians to monitor their children's use of online services and devices. If you are a parent or guardian and believe your child has circumvented our age requirements to access the Service, please contact us immediately at safety@invitrr.com and we will take appropriate action including deletion of the account and all associated data.

13. Your Rights and Choices

Depending on your jurisdiction of residence, you may have certain legal rights regarding your Personal Information. These rights are not absolute, are subject to limitations and exceptions under applicable law, and may be exercised only in the manner described below. We will honor rights required by applicable law but reserve the right to decline requests that are not legally required, that are manifestly unfounded or excessive, or that conflict with our other legal obligations.

13.1 Residents of the EEA and United Kingdom

Under the General Data Protection Regulation (GDPR) and applicable UK data protection law, you may have the following rights: (a) the right to access a copy of the Personal Information we hold about you; (b) the right to rectification of inaccurate Personal Information; (c) the right to erasure of your Personal Information, subject to our legitimate interests, legal obligations, and other applicable exceptions; (d) the right to restriction of Processing in certain circumstances; (e) the right to data portability in certain circumstances; (f) the right to object to Processing based on legitimate interests, including profiling; (g) the right to withdraw consent where Processing is based on consent, without affecting the lawfulness of Processing prior to withdrawal; and (h) the right to lodge a complaint with your national data protection supervisory authority. Our legal bases for Processing your Personal Information include performance of a contract, legitimate interests, compliance with legal obligations, and consent, as applicable.

13.2 California Residents

Under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), California residents have the right to: (a) know what categories of Personal Information we collect, use, disclose, and sell; (b) request deletion of Personal Information we have collected, subject to applicable exceptions; (c) correct inaccurate Personal Information; (d) opt out of the sale or sharing of Personal Information for cross-context behavioral advertising purposes (we do not sell directly identifying Personal Information); and (e) non-discrimination for exercising your rights. To exercise these rights, contact us at privacy@invitrr.com.

13.3 Canadian Residents

Under the Personal Information Protection and Electronic Documents Act (PIPEDA) and, for Quebec residents, the Act respecting the protection of personal information in the private sector as amended by Bill 64 (Law 25), Canadian residents may have the right to: access Personal Information held about them; request correction of inaccurate Personal Information; withdraw consent to certain Processing, subject to legal and contractual limitations; be informed about the use of automated decision-making that produces legal or significant effects; and receive their Personal Information in a portable format (Quebec residents). To exercise these rights, contact us at privacy@invitrr.com.

13.4 How to Exercise Your Rights

To exercise any rights you may have, submit a written request to privacy@invitrr.com. We will verify your identity before processing your request and may request additional information to confirm your identity. We will respond within the timeframe required by applicable law. We reserve the right to charge a reasonable administrative fee for excessive, repetitive, or manifestly unfounded requests to the extent permitted by law. Where we process your data based on legitimate interests, we may continue Processing even after you object if we have compelling legitimate grounds that override your interests, rights, and freedoms, or if Processing is necessary for the establishment, exercise, or defense of legal claims.

14. International Data Transfers

Invitrr is operated from Canada. By using the Service, you acknowledge and agree that your Personal Information may be transferred to, stored, processed, and accessed in countries and territories outside of your country of residence, including the United States of America and other countries where Invitrr or its Service Providers maintain infrastructure or operations. These countries may have data protection laws that are different from, and in some cases less protective than, the laws of your country of residence. By using the Service, you explicitly consent to such transfers.

Where required by applicable law, we implement appropriate safeguards for international transfers of Personal Information, which may include Standard Contractual Clauses approved by the European Commission, binding corporate rules, or other lawful transfer mechanisms.

15. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time and in our sole discretion. When we make changes, we will post the updated Privacy Policy on our website and update the "Last Updated" date at the top of this page. We may, but are not obligated to, notify you of material changes through additional means such as in-app notifications or email. Your continued use of the Service following the posting of any changes to this Privacy Policy constitutes your acceptance of and agreement to be bound by the updated policy. If you do not agree to the updated Privacy Policy, you must immediately discontinue use of the Service.

We encourage you to periodically review this Privacy Policy to stay informed about our data practices and any changes thereto.

16. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Privacy and data rights: privacy@invitrr.com
Safety and trust and safety: safety@invitrr.com
Legal matters: legal@invitrr.com
General support: support@invitrr.com
Mailing address: Nohmit Incorporated, Ottawa, Ontario, Canada

Your data,clearly explained.