Privacy Policy
PopOnBy is a community-first organization built to help community members feel like they belong to their town, whether you are a local, an organizer, or a small business owner. This Privacy Policy describes what Personal Data we collect when you use the PopOnBy app or visit poponby.org, how we use it, and the choices you have. We have tried to write it the way a neighbor would explain it, plainly and honestly.
In this policy, "Personal Data" means any information that identifies you or relates to you as an individual.
If anything here is unclear, email us at hello@poponby.org.
1. Who we are
PopOnBy is operated by Zazz Creations LLC ("PopOnBy," "we," "us," or "our"), a Florida limited liability company. We provide a mobile app and a website that connect locals, organizers, and small businesses around the events, deals, and notices happening in their town. For purposes of applicable privacy law, PopOnBy acts as a data controller with respect to Personal Data collected through our Services.
2. What we collect
We collect only what we need to run the app. This is the full list.
Personal Data you give us directly:
- Phone number. Required to create an account. We use it to verify you are a real person (via a one-time code) and, if you opt in, to send you the Sunday Brief. We never store your phone number in plain text. We keep a one-way hash (used to recognize returning users) and an encrypted version (AES-256-GCM), with the encryption key stored separately from the database.
- Home address and approximate location (latitude/longitude). Required so we can show you what is happening near your home. You can enter your address manually, or grant location permission on first use so we can auto-detect your town.
- Display name (optional). Shown on community posts if you choose to set one.
- Household and content preferences. Things like the type of company you usually have (solo, partner, family), how far from home you want to see things, what kinds of content interest you, and which businesses or categories you want to see more or less of.
- Optional information about children in your household. You may share the age ranges of children in your home (for example, "0 to 2" or "3 to 5") so we can show you family-friendly events. This is entirely optional. We never collect data directly from children, never create accounts for minors, and never share this information with anyone.
- Optional faith preference. If you opt in to faith-based content, we collect a religion or spirituality preference solely to personalize what appears in your feed. This is sensitive Personal Data and we treat it accordingly. It is held in isolated storage with the strictest access controls, used only by our content-matching engine, never returned in our APIs, and never shared with anyone. You can change or remove this preference at any time.
- SMS marketing consent record. If you opt in to receive the Sunday Brief, we record the date and time of your consent, the version of the consent language you agreed to, and your IP address and browser at that moment, as a legal record that you opted in.
Personal Data generated by using the app:
- Pinned and claimed content. When you pin a note or claim a deal, we record what you pinned or claimed.
- Referrals. If you were referred by another user, we record the connection (the referrer's phone number is stored hashed, never in plain text).
- Notifications and message logs. A record of notifications and Sunday Brief texts we send you, including delivery status.
- Social activity. If you connect with friends or report content, we record those actions.
Cookies and tracking technologies:
We do not set any tracking, advertising, or analytics cookies. The PopOnBy app and website use limited browser storage (localStorage and sessionStorage) only to remember app state, such as whether you have seen the welcome screen, your selected city, and note drafts. We do not use cookies for tracking, targeted advertising, or cross-site identification.
Personal Data we do not collect:
We checked our own code so we can say this honestly: we do not use Google Analytics, Facebook Pixel, Segment, PostHog, Mixpanel, Amplitude, Sentry, Hotjar, FullStory, or any other analytics, error-reporting, fingerprinting, or advertising tracker. We do not set tracking cookies. We do not sell your Personal Data to anyone, ever.
3. How we use Personal Data
- Verify your phone number and let you log in
- Show you events, deals, and notices near your home
- Personalize what appears in your feed based on your preferences
- Deliver the Sunday Brief if you opted in
- Detect and prevent fraud and abuse
- Improve the app
That is the full list. We do not use your Personal Data for advertising and do not share it with anyone for advertising purposes.
4. Who we share Personal Data with
We share Personal Data only with the small set of service providers and sub-processors that help us run the app. Each of them is contractually required to use your Personal Data only to provide services to us, not for their own purposes.
- Supabase (service provider). Our backend infrastructure provider. Hosts our database and runs our server functions.
- Twilio (service provider). When we send you a verification code or the Sunday Brief, Twilio delivers the message. Twilio receives your phone number solely to deliver messages we send and is contractually prohibited from using it for any other purpose.
- Cloudflare (service provider). Hosts poponby.org. Cloudflare receives standard web request information (such as IP address) from visitors to our marketing site, but does not receive data about app users.
We do not share your phone number or opt-in information with third parties for marketing purposes.
Your Personal Data is stored and processed in the United States.
5. How long we keep it
We retain your Personal Data as long as your account is active. You can deactivate at any time, which hides your information from the app.
To request full deletion of your Personal Data, email hello@poponby.org and we will permanently delete your records within 30 days, except where retention is required by law (for example, financial or fraud-prevention records).
6. Your choices and rights
- Stop receiving the Sunday Brief. Reply STOP to any Sunday Brief text, or turn off the Sunday Brief toggle in your account settings.
- Change your preferences. Display name, kid age ranges, faith preference, and content preferences can all be edited or removed in your account settings.
- Deactivate your account. From your account settings, at any time.
- Request full deletion. Email hello@poponby.org.
- Request a portable copy of your data. Email hello@poponby.org and we will provide your Personal Data in a structured, commonly used, machine-readable format within 30 days.
7. Jurisdiction-specific rights
California residents (CCPA and CPRA).
If you reside in California, you have the right to: (a) know the categories of Personal Data we collect and how we use them; (b) request the specific pieces of Personal Data we have collected about you; (c) request deletion of your Personal Data; and (d) opt out of the "sale" or "sharing" of your Personal Data. We do not sell or share your Personal Data, and we have not done so in the preceding 12 months. To exercise any of these rights, email hello@poponby.org.
EU and UK residents (GDPR).
If you reside in the European Union, European Economic Area, or United Kingdom, you have rights under the General Data Protection Regulation (GDPR) including: the right to access, correct, delete, restrict, and port your Personal Data; the right to object to processing; the right to withdraw consent at any time; and the right to lodge a complaint with your local supervisory authority. PopOnBy acts as a data controller with respect to this Personal Data. To exercise any of these rights, email hello@poponby.org.
Do Not Track.
Some browsers send "Do Not Track" (DNT) signals to websites. We currently do not respond to DNT signals because there is no consistent industry standard for how to interpret them.
8. Security
Phone numbers are stored only as a SHA-256 hash and an AES-256-GCM encrypted ciphertext, with the encryption key held outside the database. All data is transmitted over HTTPS. Sensitive preferences (such as faith content) are held in tables with the strictest access controls. Access to Personal Data within our team is limited to what is necessary to operate the app.
No system is ever perfectly secure. If we become aware of a breach affecting your Personal Data, we will notify you as required by law.
9. Children
PopOnBy is not directed at children under 13 and we do not knowingly collect Personal Data from children. The optional age-range information you may share about children in your household is provided by you, the adult account holder, and is used only to personalize what we show you. If you believe a child has provided information to us directly, email hello@poponby.org and we will delete it.
10. External links
The PopOnBy app and website may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any Personal Data to them.
11. International data transfers
PopOnBy is based in the United States and stores and processes all Personal Data in the United States. If you access our Services from outside the United States, you understand that your Personal Data will be transferred to and processed in the United States, which may have data protection laws different from those in your jurisdiction.
12. Changes to this policy
If we make material changes to this policy, we will update the effective date at the top and notify you within the app or by email or text before the changes take effect.
13. Contact
Questions, requests, or concerns:
Email: hello@poponby.org
Mail: Zazz Creations LLC, 1317 Edgewater Drive #2567, Orlando, FL 32804