Privacy Policy

1. Introduction

E&EL Global Inc. ("we," "our," or "us") operates the nYtevibe platform ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information:

• Name and contact information (email, phone number)
• Account credentials and profile information
• Payment information (processed securely through third-party providers)
• Location data (with your consent)
• Communication preferences

2.2 Usage Information

We automatically collect certain information about your use of the Service:

• Device information and IP address
• Browser type and version
• Pages visited and time spent on the Service
• Search queries and booking history
• App usage patterns and preferences

2.3 Behavioral and Engagement Data

We collect behavioral data to improve user experience:

• Venue view tracking and browsing patterns
• Booking history and preferences
• Click tracking and interaction patterns
• Session duration and app usage patterns
• User engagement scores and metrics
• Venue follow/unfollow actions
• Review and rating history
• Credibility score calculations
• Booking reliability metrics (completion rate, no-show rate, cancellation patterns)
• Venue loyalty metrics
• Device information and browser fingerprints

2.4 Machine Learning and Predictive Data

For platform improvement and personalization, we collect and analyze:

• Customer credibility predictions
• Booking behavior pattern analysis
• Preference learning algorithms
• Personalized venue recommendations
• Wait time predictions
• Fraud detection patterns
• ML model training data (anonymized)

2.5 Business Account Data (Venue Owners)

If you are a venue owner, we collect additional business information:

• Business registration information
• Business verification documents
• Tax identification numbers
• Bank account information (for payouts)
• Business hours and operational data
• Venue performance analytics
• Subscription and billing information

2.6 Location Data Collection

Types of Location Data:

• IP Address Location: General geographic location from IP addresses
• Precise Location: GPS coordinates (if enabled by user)
• City/State/Country: Geographic region for recommendations
• Venue Proximity Data: Distance from venues for proximity notifications
• Location History: Historical location data (if enabled)
• Check-in Location: Exact location when checking in at venues
• Geofencing Data: Entry/exit from predefined geographic areas

Location Data Uses:

• Venue proximity notifications
• Location-based venue recommendations
• Wait time estimation based on location
• Security and fraud prevention
• Analytics and user behavior insights

Location Data Controls:

• Users can disable precise location sharing
• Location history retention is configurable (default: 30 days)
• Proximity notifications can be disabled
• Geofencing can be disabled
• IP location tracking can be disabled

2.7 Community Vibe Data

When you contribute vibe reports ("Vibe-Ins") to the community, we collect:

• Vibe Status Reports: Your assessment of a venue's atmosphere (Chill, Steady, or Busy) and energy level (1-10 scale)
• Scout Clips: Short video clips (5-10 seconds) or photos captured in-app at venue locations. These are user-generated content shared with the community
• Geofence Verification: GPS coordinates at the time of submission to verify you are physically present at the venue (within 150 meters)
• Wait Time Estimates: Your estimated door wait time at the venue
• Music Genre Tags: The genre of music playing at the venue

2.8 Social and Friendship Data

When you use social features, we collect:

• Friend Connections: Bidirectional mutual friendships (both parties must accept)
• Live Presence: When you are at a venue, your friends may see your location on the map (unless Ghost Mode is enabled)
• Vibe Check Requests: Peer-to-peer requests sent between friends asking for live venue updates
• Vouches and Flags: Your verification votes on other users' vibe reports

Social Data Controls:

• Ghost Mode: Instantly hide your location from all friends while still contributing anonymously to venue vibe scores
• Precise vs. Neighborhood: Choose whether friends see your exact location or just your general neighborhood
• Anonymous Check-ins: Contribute to venue scores without showing your name
• Block individual users at any time
• Unfriend and remove all shared data between users

2.9 Credibility and Reputation Data

To maintain platform integrity, we calculate and store:

• Credibility Score: A percentage (0-100%) based on how often your vibe reports match the community consensus
• Vibe Rank: A level-based ranking (Rookie, Scout, Elite Scout, Legend) based on your activity and accuracy
• Vouch History: Records of community verifications of your reports
• Accurate/Conflicting Report Counts: Tallies of how often your reports aligned with or differed from the consensus

2.10 Media and Content Data

User-generated content we store:

• Scout Clips: Video clips and photos uploaded during vibe check-ins, stored on Cloudflare R2 CDN
• Profile Photos: Avatar images uploaded by users
• Thumbnails: Auto-generated preview images from video clips

Media Retention:

• Active vibe clips: Publicly visible for 60 minutes from upload
• Archived clips: Retained in your personal Vibe Log for 7 days
• Profile photos: Retained until replaced or account deleted
• Users may delete their entire media history at any time via the "Wipe My Live History" option in Settings

3. SMS Communications and OTP/2FA Data Collection

When you provide your phone number for SMS communications, we collect and process:

• Phone number for verification and communication purposes
• Consent records for SMS communications
• Message delivery status and engagement data
• Opt-out preferences and communication history
• OTP verification attempts and success/failure logs
• 2FA authentication events and security logs

3.1 OTP/2FA Specific Data Collection

For Two-Factor Authentication (2FA) purposes, we collect additional security-related data:

• OTP code generation timestamps
• Verification attempt timestamps and results
• Device and IP address information for security verification
• Failed verification attempt logs (for security monitoring)
• Account security event logs

3.2 OTP Security and Retention

OTP codes and related security data are handled with the highest level of security:

• OTP codes are single-use and expire in 10 minutes
• Security logs are retained for fraud prevention and account security
• Failed verification attempts are monitored for suspicious activity
• All OTP-related data is encrypted and securely stored

4. How We Use Your Information

We use the collected information for the following purposes:

• Provide and maintain the Service
• Process bookings and reservations
• Send verification codes and notifications
• Communicate with you about the Service
• Improve and personalize your experience
• Analyze usage patterns and trends
• Comply with legal obligations
• Prevent fraud and ensure security
• Display real-time venue activity on the community map ("Live Pulse")
• Calculate and display vibe scores, energy levels, and crowd status for venues
• Verify user proximity to venues for geofence-validated check-ins
• Show friend locations on the social map (with consent and Ghost Mode controls)
• Calculate credibility scores to ensure community data accuracy
• Facilitate peer-to-peer vibe check requests between friends
• Award Vibe Points and calculate Scout rankings based on contributions
• Detect and filter inaccurate or misleading vibe reports
• Generate heat maps of nightlife activity across the city

5. Information Sharing and Disclosure

We may share your information in the following circumstances:

5.1 Third-Party Service Providers

We share information with third-party service providers who assist us in operating the Service:

Payment Processing:

• Stripe, Inc. - Payment processing, subscription billing, payment data storage
• Payment information is encrypted and processed securely by Stripe
• We do not store complete credit card numbers on our servers

SMS Communications:

• Infobip - SMS delivery, OTP verification, two-factor authentication
• Phone numbers are shared with Infobip for message delivery
• Message delivery status and engagement data is tracked

Real-Time Communications:

• Laravel Reverb (Pusher Protocol) - WebSocket connections for real-time venue updates, friend location broadcasts, and live check-in status
• User connection data, channel subscriptions, and real-time event payloads are processed through our WebSocket infrastructure

Push Notifications:

• Firebase Cloud Messaging (Google) - Push notification delivery to iOS and Android devices
• Device tokens (FCM tokens) are collected and stored to deliver notifications
• Notification content, delivery status, and device platform data are processed by Google's Firebase infrastructure

Authentication Providers:

• Google Sign-In (Google OAuth 2.0) - Social authentication; we receive your name, email, and profile picture from Google when you sign in with Google
• Apple Sign-In - Social authentication; we receive your name and email (or relay email) from Apple when you sign in with Apple ID
• We do not receive or store your Google or Apple password

Cloud Storage:

• Cloudflare R2 (S3-compatible) - Primary storage for user media (vibe videos, photos, profile avatars, venue documents)
• Amazon Web Services (AWS) S3 - Backup and alternative cloud storage
• User-uploaded content is stored in encrypted cloud storage with CDN distribution

Error Monitoring:

• Sentry - Application error tracking and performance monitoring
• Error reports may include request context, user agent, IP address, and anonymized user identifiers
• Sentry data is used solely for debugging and improving platform stability

Analytics:

• Internal Analytics - User behavior tracking, engagement metrics, and usage patterns stored in our database
• Data may be anonymized or aggregated for platform insights
• We do not share analytics data with third-party advertising networks

Geographic Services:

• Google Maps API - Venue mapping, geocoding, and proximity features
• IP Geolocation Services - Approximate location detection from IP addresses
• Location data for venue mapping, check-in verification, and proximity-based recommendations

5.2 Legal Requirements

We may disclose information if required by law or to protect our rights, property, or safety, or that of our users or the public.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet or electronic storage is 100% secure.

7. Data Retention

7.1 Retention Periods by Data Type

Account Data:

• Active accounts: Retained indefinitely
• Deleted accounts: 30-day grace period, then permanent deletion
• User can configure retention: indefinite, 1 year, 2 years, 5 years

Booking Data:

• Default retention: 2 years (730 days)
• Configurable by user: 1 year, 2 years, 5 years
• Anonymous booking statistics: Retained for analytics (indefinite)

Location Data:

• Default retention: 30 days
• Configurable by user: 3 months, 6 months, 1 year
• Precise location: 30 days default
• IP location: Real-time only (not stored)
• Real-time presence (Redis): Automatically expires after 20 minutes of inactivity
• Friend location sharing: Only visible to mutual friends; purged instantly when Ghost Mode is enabled

Community Vibe Data:

• Vibe reports: Automatically expire after 60 minutes (live map)
• Archived vibe history: Retained for 7 days in personal Vibe Log
• Scout clips (video/photo): Stored on CDN, removed with vibe report expiry
• Credibility scores: Recalculated nightly, retained while account is active
• Users may wipe all vibe history at any time via Settings

Analytics Data:

• Default retention: 1 year (365 days)
• Configurable by user: 6 months, 1 year, 2 years
• Anonymized analytics: Retained for platform improvements (indefinite)

Communication Data:

• Default retention: 1 year (365 days)
• Configurable by user: 6 months, 1 year, 2 years
• SMS opt-in records: Retained per legal requirements (7 years)

Business Data:

• Default retention: 3 years (1095 days)
• Required by law: Tax and business records (7 years)
• Subscription data: Retained for billing history

OTP/Security Data:

• OTP codes: Expired after 10 minutes, deleted after 24 hours
• Security logs: Retained 90 days for fraud prevention
• Failed login attempts: Retained 30 days

7.2 Automatic Deletion

• Users can enable automatic data deletion
• Automatic deletion respects legal requirements
• Some data (tax records, business documents) must be retained by law

8. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your personal information
• Portability: Request a copy of your data in a portable format
• Opt-out: Unsubscribe from marketing communications
• SMS Opt-out: Reply "STOP" to any SMS message

8.1 Comprehensive Privacy Controls

We provide 80+ granular privacy settings across 8 categories:

Profile Visibility (12 settings):

• Control who can see your profile information
• Manage searchability (email, phone, name)
• Control visibility of booking history, reviews, follows, achievements

Location Privacy (9 settings):

• Enable/disable location sharing
• Control precise vs. approximate location
• Manage proximity notifications
• Control location history and geofencing

Analytics Privacy (11 settings):

• Control behavioral tracking
• Manage engagement analytics
• Control session and click tracking
• Enable/disable preference learning
• Control third-party analytics and advertising

Communication Privacy (11 settings):

• Control email, SMS, and push notifications
• Manage marketing communications
• Control booking reminders and venue updates
• Set quiet hours for notifications
• Configure digest mode (daily/hourly summaries)

Booking Privacy (10 settings):

• Control visibility of booking history
• Manage booking preferences sharing
• Control party size and special requests visibility
• Manage booking analytics and insights

Business Privacy (10 settings):

• Control business profile visibility
• Manage venue ownership display
• Control business contact information visibility
• Manage business analytics sharing

Data Retention (10 settings):

• Configure retention periods for different data types
• Enable automatic data deletion
• Control data export and portability
• Manage right to be forgotten requests

Third-Party Privacy (10 settings):

• Control social media integration
• Manage payment processor data sharing
• Control analytics services and advertising networks
• Manage marketing partner data sharing

8.2 Accessing Privacy Settings

• Privacy settings available through user dashboard
• API endpoints for programmatic access: GET /api/user/privacy-settings
• Bulk category updates supported
• Default settings respect privacy by design

8.3 Privacy Setting Changes

• Changes take effect immediately
• Users can export privacy settings configuration
• Privacy settings can be reset to defaults

8.4 Right to Data Portability

• Users can export all their data in machine-readable format (JSON/CSV)
• Export includes: Profile information, booking history, reviews and ratings, privacy settings configuration, communication preferences, analytics data (if enabled)
• Export API endpoint: GET /api/user/privacy-settings/export
• Export processing: Typically within 7 days

8.5 Right to Deletion (Right to be Forgotten)

• Users can request complete account deletion
• Deletion process:
  1. Immediate: Account marked for deletion
  2. 30-day grace period: Data recoverable
  3. Permanent deletion: After 30 days, data permanently removed
• Data that cannot be deleted (legal requirements):
  • Transaction records (7 years required by law)
  • Business verification documents (if user is venue owner)
  • Aggregated, anonymized analytics (no personal identifiers)
• Deletion API endpoint: POST /api/user/privacy-settings/reset

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our Service. You can control cookie settings through your browser preferences.

10. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites.

11. Children's Privacy

11.1 Age Restrictions

• Our Service is not intended for children under 13 years of age
• We do not knowingly collect personal information from children under 13
• If we discover a child under 13 has provided information, we will delete it immediately
• Nightlife Features: Features related to nightlife venues (bars, clubs, lounges) are intended for users 21 years of age or older. Users under 21 may access venue discovery features but may not be permitted entry to age-restricted venues

11.2 Users 13-18 Years Old

• Users between 13 and 18 years old may use the Service with parental consent
• We recommend parental supervision for users under 18
• Parents or guardians can request deletion of minor's account
• Venue owners must be 18 years or older to create business accounts
• Users under 18 cannot submit vibe reports or scout clips at age-restricted venues

11.3 Parental Rights

• Parents can review their child's personal information
• Parents can request deletion of their child's account
• Parents can revoke consent and have information deleted
• Contact: privacy@nytevibe.com with subject "COPPA Request"

12. International Data Transfers

12.1 Data Storage Locations

• Primary servers: United States
• Cloud storage (AWS S3): United States (may use international edge locations)
• Cloudflare R2: United States and international edge locations
• Analytics database (PostgreSQL): United States
• SMS service (Infobip): International (multiple regions)

12.2 Transfer Safeguards

• Standard Contractual Clauses (SCCs) for international transfers
• Data Processing Agreements (DPAs) with all third-party providers
• GDPR-compliant transfer mechanisms for EU data
• Adequate safeguards for cross-border transfers

12.3 EU/UK Residents

• Additional rights under GDPR apply
• EU Representative: E&EL Global Inc., Delaware office
• Contact: privacy@nytevibe.com

13. Marketing Communications and Advertising

13.1 Marketing Opt-In/Opt-Out

• Marketing emails: Opt-in required, opt-out available anytime
• Promotional SMS: Opt-in required, reply "STOP" to opt-out
• Push notifications: Configurable in app settings
• Users can control marketing frequency (normal, reduced, minimal)

13.2 Advertising and Third-Party Tracking

• We do not currently use third-party advertising networks
• We do not sell user data to advertisers
• Behavioral tracking for internal analytics only
• Users can disable advertising tracking in privacy settings

13.3 Referral Program Data

• Referral codes and commission data are collected
• Referral program participation is optional
• Referral data shared only with referral program participants

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For material changes, we will provide at least 30 days notice.

15. Compliance with Laws

This Privacy Policy is designed to comply with applicable privacy laws, including but not limited to:

• General Data Protection Regulation (GDPR): European Union data protection regulation
• California Consumer Privacy Act (CCPA): California data protection law
• Children's Online Privacy Protection Act (COPPA): Protection for children under 13
• Telephone Consumer Protection Act (TCPA): SMS consent and opt-out requirements
• CAN-SPAM Act: Email marketing regulations

16. nYtevibe Loyalty Program Data

This section describes the data we collect, use, retain, and share specifically in connection with the nYtevibe Loyalty Program. It supplements (and does not replace) the other sections of this Privacy Policy. The Loyalty Program is described in Section 26 of our Terms and Conditions.

16.1 Loyalty Data We Collect

When you participate in the Loyalty Program, we collect and process:

• Per-venue visit counts: The number of qualifying visits (geofence-verified check-in plus vibe post, with a 24-hour same-venue cooldown) you have logged at each venue.
• Tier state: Your current and historical tier status at each venue (Newcomer, Regular, Insider, Founder, Hall of Fame).
• Spot ranking: Which of your venues currently occupy your top 3 by lifetime visit count, and prior Spot history.
• Cross-venue achievements: Platform-wide statuses (Connector, Triple Insider, City Royalty, Hall of Fame) and the timestamps at which they were earned, paused, or revoked.
• Voucher events: Each voucher issued to you, its perk type, issuing venue, issue date, expiry date, redemption status, redemption timestamp, and the staff member who scanned it (where applicable). The voucher's cryptographic signature is retained for fraud detection.
• Activity timestamps: The date and time of each qualifying visit, used to enforce the 24-hour cooldown and the 90-day inactivity window.
• Squad participation: When you participate in a Squad Bonus, we record the co-presence of you and the participating friends at the venue (timestamp and venue ID) solely to verify Squad Bonus eligibility.

16.2 How We Use Loyalty Data

• To progress your tier status and award perks
• To issue, deliver, and validate vouchers in your account
• To detect and prevent fraud, abuse, and circumvention of program rules (Section 26.7 of the Terms)
• To generate aggregated, non-identifying analytics about venue loyalty for venues, prospective venues, and internal product and business reporting
• To produce venue-specific dashboards for participating paid-tier venues (described in §16.3 below)
• To send you notifications about your loyalty progress, perks issued to your account, vouchers about to expire, and program changes

16.3 Loyalty Data Sharing with Venues

The Loyalty Program is designed to be useful to venues, but we limit identifying disclosures based on the venue's participation tier and your privacy choices.

Free-tier venues receive an anonymized aggregate snapshot only, including:

• Total count of users at each tier at that venue (e.g., "12 Regulars, 4 Insiders, 1 Founder")
• Total qualifying visits at the venue over a given period
• Aggregate visit-frequency distribution

Free-tier venues do not receive your name, username, profile photo, email, phone number, or any other identifier — they see only counts.

Paid-tier venues (Growth, Pro, and Enterprise subscribers) receive an enriched dashboard that may include the following identifying information only for users who have achieved Regular tier or higher at that specific venue:

• Display name and profile photo
• Tier at that venue and date achieved
• Lifetime visit count at that venue
• Date of last qualifying visit at that venue
• Vouchers issued to you for that venue and their redemption status

This enriched disclosure is limited to your activity at the paying venue only. A paid venue does not see your activity at other venues, your Spot rankings elsewhere, or any cross-venue data.

16.4 Cross-Venue Achievements

Achievements such as Connector, Triple Insider, City Royalty, and Hall of Fame are stored as part of your nYtevibe profile. Whether and how these are visible to other users is controlled by your existing profile-visibility settings (see Section 8.1 of this Privacy Policy). Achievements are not directly disclosed to venues; only the per-venue tier states that comprise them are.

16.5 Retention of Loyalty Data

• Visit counts, tier states, and achievements: Retained for the life of your nYtevibe account. They are deleted within 30 days of your account deletion request, subject to the same exceptions described in Section 8.5.
• Voucher records: Retained for 24 months after issue (whether redeemed, expired, or invalidated) for fraud-prevention, dispute-resolution, and accounting purposes.
• Squad Bonus co-presence records: Retained for 90 days after the Squad event, then deleted unless flagged for fraud review.
• Aggregated, non-identifying analytics: Retained indefinitely for program improvement and business reporting; these contain no personal identifiers.

16.6 Your Choices and Controls

• Opt out of the Loyalty Program: You may opt out of the Loyalty Program at any time in your account settings. Opting out stops new visits from being counted and prevents new vouchers from being issued to you. Existing tier status and unexpired vouchers are preserved unless you also request deletion.
• Use anonymous-mode visibility: Set check-in and/or vibe visibility to "Anonymous" to keep your identity hidden from venues and other users while still earning loyalty credit.
• Delete loyalty data: Account deletion (Section 8.5) removes your loyalty visit counts, tier states, achievements, and personal voucher records, subject to the retention exceptions noted above.
• Export loyalty data: Loyalty data is included in the data export described in Section 8.4.
• Dispute a record: If you believe a visit, voucher, or tier state is incorrect, contact privacy@nytevibe.com and we will investigate.

16.7 Legal Bases for Processing (EU/UK Residents)

Where the GDPR applies, we process Loyalty Program data under the following legal bases:

• Contract: Processing required to provide the Loyalty Program services you have signed up for (tier progression, voucher delivery).
• Legitimate interests: Fraud prevention, program-integrity audits, and aggregated business analytics. Our interests are balanced against your rights and freedoms; you may object at any time by contacting privacy@nytevibe.com.
• Consent: Where required by local law (e.g., for non-essential analytics cookies tied to loyalty), processing is based on the consent you have provided through your privacy settings, which you may withdraw at any time.