Crowded Ventures, LLC ("Company," "we," "us," or "our") operates the HolyCrowdsmobile application and related services (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Information You Provide

• Account Information: Email address, password, first and last name — for account creation and authentication

• Profile Information: Profile photo, bio, testimony, interests, seeking preferences, date of birth — for building your public profile

• Location Data: City/region name, coordinates (when you set your location) — for showing your general area and finding nearby events

• User Content: Messages, event listings, group descriptions, ratings, reviews — for providing core features

• Communications: Emails or messages you send to us, support requests, reports — for customer support and safety

1.2 Information Collected Automatically

• Device Information: Device type, operating system, app version, unique identifiers — for optimization and debugging

• Usage Data: Pages viewed, features used, timestamps — for improving the Service

• Log Data: IP address, browser type, crash reports — for security and error resolution

1.3 Information from Third Parties

We may receive information from authentication providers (e.g., Firebase Authentication by Google). We only receive information necessary for authentication and account management.

2. How We Use Your Information

• Provide the Service: Create and manage your account, display your profile, facilitate messaging, enable event and group features

• Safety and Security: Detect and prevent fraud, abuse, and violations; enforce our policies; protect users

• Improve the Service: Analyze usage patterns, diagnose technical issues, develop new features

• Communications: Send service-related notifications, respond to your inquiries

• Legal Compliance: Comply with applicable laws, regulations, and legal processes

We do NOT sell your personal information to third parties. We do NOT use your data for targeted advertising.

Lawful Basis for Processing (GDPR)

DataPurposeLegal BasisName, email, passwordAccount creation & authenticationContractProfile photo, bio, testimony, interestsPublic profile & community featuresConsentDate of birthAge verification (13+ requirement)Legal obligationLocation (city/coordinates)Nearby events & groupsConsentMessagesDirect & group messagingContractDevice info, usage data, IP addressSecurity, debugging, improvementLegitimate interestReports & support requestsSafety & enforcementLegitimate interest

3. How We Share Your Information

3.1 With Other Users — Your public profile information (name, photo, bio, testimony, interests, seeking preferences, general location) is visible to other authenticated users. Messages are visible to recipients.

3.2 With Service Providers — We share information with the following providers who perform services on our behalf:

• Google Firebase: Authentication, database (Firestore), and file storage — governed by Google Cloud Terms of Service and Google Privacy Policy

• OpenStreetMap (Nominatim): Reverse geocoding to convert coordinates to city/state names — governed by OpenStreetMap's privacy policy; only coordinates are sent, not your identity

• Apple: App distribution, push notifications, and crash reporting via App Store services

These providers are contractually bound to use your information only to provide their services and maintain appropriate security measures.

3.3 For Legal Reasons — We may disclose information to comply with legal obligations, protect our rights, prevent wrongdoing, protect user safety, or protect against legal liability.

3.4 Business Transfers — In a merger, acquisition, or asset sale, your information may be transferred. We will notify you of any change in ownership.

4. Data Storage and Security

4.1 Storage — Your data is stored using Google Firebase infrastructure with industry-standard security including encryption at rest and in transit. Data is primarily stored in the United States.

4.2 Security Measures — We implement reasonable safeguards including encrypted data transmission (TLS/SSL), Firestore security rules, input sanitization (XSS prevention), file upload restrictions, and authentication-based access controls.

No method of transmission or storage is 100% secure. While we use commercially acceptable means to protect your information, we cannot guarantee absolute security.

5. Data Retention

We retain your information for as long as your account is active. Upon account deletion:

• Your public profile (name, photo, bio, testimony, interests) is deleted immediately

• Your private data (email, phone, date of birth, location coordinates) is deleted immediately

• Your authentication record is deleted from Firebase Authentication

• Messages you sent may persist in recipients' chat histories, as they are part of the recipients' data. Your name on these messages will be replaced with "Deleted User"

• Anonymized or aggregated data (e.g., total user count, feature usage statistics) may be retained but cannot be linked back to you

• Certain data may be retained for up to 90 days as required by law, for fraud prevention, or to resolve disputes that arose before deletion

6. Your Rights and Choices

Access and Update — Access and update your profile information at any time through the Profile page.

Delete Your Account — Delete your account through the Settings page. This permanently removes your profile data.

Location Data — Location is only collected when you explicitly set it. You can remove it at any time.

Notifications — Manage push notification preferences through your device settings.

Data Portability — Request a copy of your data by contacting support@holycrowds.com. We will provide it within thirty (30) days.

7. California Residents (CCPA)

If you are a California resident, you have the right to: know what personal information is collected, used, shared, or sold; delete your personal information; opt out of the sale of your personal information (we do not sell personal information); non-discrimination for exercising your privacy rights. Contact support@holycrowds.com to exercise these rights.

8. European Residents (GDPR)

If you are in the European Economic Area, you have additional rights under GDPR including access, rectification, erasure, restriction of processing, data portability, and the right to object. Our legal basis for processing includes your consent, contractual necessity, and legitimate interests. Contact support@holycrowds.com to exercise these rights.

9. Cookies and Local Storage

The Service uses local storage and session storage technologies within the mobile application to maintain your authentication session and store your preferences (such as dark mode settings). We do not use traditional browser cookies for tracking. Third-party services integrated with the Service (such as Firebase) may use their own storage mechanisms as described in their respective privacy policies.

Do Not Track: Some browsers send "Do Not Track" (DNT) signals. Because there is no industry consensus on how to respond to DNT signals, the Service does not currently respond to DNT signals. This may change as standards evolve.

10. Data Breach Notification

In the event of a data breach that compromises your personal information, we will notify affected users via email and/or in-app notification within seventy-two (72) hours of becoming aware of the breach, or as otherwise required by applicable law. The notification will describe the nature of the breach, the types of information involved, and the steps we are taking to address the incident.

11. Children's Privacy

11.1 Age Requirement — The Service requires users to be at least 13 years old. We verify this by collecting date of birth at registration and denying access to users under 13.

11.2 COPPA Compliance — We do not knowingly collect personal information from children under 13. If we learn that a child under 13 has created an account, we will immediately delete the account and all associated data.

11.3 Users Aged 13–17 — Users between 13 and 17 may use the Service with the knowledge and consent of a parent or legal guardian. Parents may request access to, modification of, or deletion of their child's data by contacting support@holycrowds.com.

11.4 Reporting — If you believe a child under 13 has provided us with personal information, or if you have concerns about a minor's safety on the platform, contact us immediately at support@holycrowds.com or support@holycrowds.com.

12. Your Consent and How to Withdraw It

By creating an account and checking the agreement box during registration, you provide explicit consent to the collection and processing of your data as described in this Privacy Policy. You may withdraw your consent at any time by:

• Deleting your account through the Settings page (this withdraws all consent)

• Removing optional data such as your profile photo, bio, testimony, location, or interests through the Profile page

• Contacting us at support@holycrowds.com to request specific data deletion or processing restrictions

Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal. Withdrawing consent for data necessary to provide the Service (email, name) will require account deletion.

13. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our primary data infrastructure (Google Firebase) is hosted. By using the Service, you consent to such transfers. For EU/EEA residents, these transfers are conducted under Google's Standard Contractual Clauses (SCCs) as approved by the European Commission.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes (changes to data collection, sharing practices, or your rights), we will notify you via in-app notification and email at least thirty (30) days before the changes take effect. The "Last Updated" date will be revised. Continued use after the effective date constitutes acceptance. If you do not agree, you should delete your account before the effective date.

15. Contact Us

Crowded Ventures, LLC
Email: support@holycrowds.com
Website: holycrowds.com

For GDPR-related inquiries, you may also contact your local data protection authority.

© 2026 Crowded Ventures, LLC. All rights reserved.