Introduction
Vouch App Ltd ("Vouch", "we", "us", or "our") operates the Vouch mobile application (the "App") and the website at vouchapp.ca (the "Website"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our services.
By using the App or Website, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.
Information We Collect
1. Information You Provide
| Data Type | Purpose | Required |
|---|---|---|
| Email address | Account creation, authentication, password recovery | Yes |
| Display name | Shown to other users during Vouch sessions | Yes |
| Profile photo | Personalisation of your profile | No |
| Brand submissions | Adding new brands to the platform | No |
2. Information Collected Automatically
- Device identifiers: Used for Bluetooth Low Energy (BLE) peer discovery during Vouch sessions
- Transaction records: Points earned, brands recommended, session history
- Consent records: Timestamps and types of consent you grant (GDPR compliance)
- Usage patterns: Feature interactions within the App (aggregated, non-identifying)
3. Information We Do NOT Collect
- Location data (GPS, cell tower, or Wi-Fi based)
- Contact lists or phone book data
- Browsing history outside the App
- Financial or payment information
- Biometric data
How We Use Your Information
We use your personal information to:
- Provide the service: Enable peer-to-peer brand recommendations via Bluetooth
- Manage your account: Authentication, profile display, wallet/points tracking
- Process rewards: Track points earned from Vouch sessions and brand interactions
- Verify brands: Review and approve user-submitted brand recommendations
- Prevent abuse: Rate limiting, cooldown enforcement, and fraud detection
- Communicate: In-app notifications about session results, brand approvals, and account updates
- Improve the service: Aggregated analytics to improve features and user experience
How Vouch Sessions Work (Bluetooth)
Vouch uses Bluetooth Low Energy (BLE) to connect two users who are physically nearby. During a session:
- Your display name is shared with the other participant via BLE
- No location data is collected or transmitted
- Session data (brand recommended, points earned) is stored securely in our cloud infrastructure
- BLE advertising stops immediately when you leave the session screen
The proximity requirement (Bluetooth range) is a core privacy feature: recommendations only happen face-to-face between people who are physically together.
Data Storage and Security
Your data is stored using Google Firebase infrastructure, which provides:
- Encryption at rest and in transit (TLS 1.2+)
- SOC 1, SOC 2, and ISO 27001 certified data centres
- Data residency in North America
- Firestore security rules restricting access to authorised users only
- Server-side validation of all business logic (no client-side trust)
Wallet balances, transaction processing, and rate limiting are all enforced server-side via Cloud Functions. Client applications cannot directly modify protected data.
Data Sharing
We do not sell your personal information. We share data only in these limited circumstances:
- With session participants: Your display name is shared via BLE during active Vouch sessions
- Service providers: Firebase (Google) for infrastructure; MailerLite for waitlist communications
- Legal requirements: When required by law, court order, or to protect our legal rights
- Business transfer: In connection with a merger, acquisition, or sale of assets (with notice)
Your Rights
Depending on your jurisdiction, you may have the following rights:
All Users
- Access: Request a copy of your personal data
- Deletion: Delete your account and all associated data via the App or our account deletion page
- Correction: Update your profile information within the App
- Withdraw consent: Revoke previously granted consent at any time
EU/UK Users (GDPR)
- Data portability: Receive your data in a structured, machine-readable format
- Restriction: Request restriction of processing in certain circumstances
- Objection: Object to processing based on legitimate interests
- Lodge a complaint: File a complaint with your local supervisory authority
Canadian Users (PIPEDA)
- Knowledge and consent: We obtain meaningful consent for data collection
- Limiting use: Data is used only for the purposes identified at collection
- Complaint: File a complaint with the Office of the Privacy Commissioner of Canada
California Users (CCPA/CPRA)
- Right to know: Categories and specific pieces of personal information collected
- Right to delete: Request deletion of personal information
- Non-discrimination: Equal service regardless of exercising privacy rights
- No sale: We do not sell personal information
Data Retention
| Data Type | Retention Period |
|---|---|
| Account profile | Until account deletion |
| Transaction history | Until account deletion |
| Consent records | 7 years after account deletion (legal requirement) |
| Audit logs | 2 years (fraud prevention) |
| Waitlist email | Until unsubscribe or product launch |
Account Deletion
You can delete your account at any time through:
- The App: Settings > Delete Account
- Our website: Account Deletion Page
- Email: support@vouch.app
When you delete your account, we permanently remove your profile, wallet balance, transaction history, unlocked brands, vouch history, and profile photo. Consent records are retained for legal compliance as noted above.
Children's Privacy
Vouch is not intended for users under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at support@vouch.app and we will delete it promptly.
International Transfers
Your data is processed and stored in North America (Google Cloud/Firebase infrastructure). If you access Vouch from outside Canada, your information will be transferred to and processed in Canada, which may have different data protection laws than your country. By using Vouch, you consent to this transfer.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the App or by updating the "Last updated" date above. Continued use of the service after changes constitutes acceptance of the revised policy.
Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:
Vouch App Ltd
65 Scadding Ave., Unit 101
Toronto, Ontario M5A 4L1
Canada
Email: support@vouch.app