Privacy Policy

Positive YOUnity Privacy Policy

Effective Date: 19 May 2025 | Last Updated: 19 May 2025

U.S.–Only Service. We currently market and provide the Services only to residents of the United States. If you access the Services from outside the U.S., you do so at your own initiative and are responsible for compliance with local law.

If you need this Policy in an alternative format (large-print PDF or screen-reader-optimized HTML), email support@positiveyounity.org.

0 NOTICE AT COLLECTION

Required disclosure Where to find it
Categories of personal information we collect § 3
Purposes for each category § 5
Retention periods § 11
Sale / Share / Targeted advertising We sell and share personal information for cross-context behavioral advertising and engage in targeted advertising; you may opt out (see § 8 – § 10).
Your privacy rights & how to exercise them § 9 – § 10

1 Scope

This Policy covers personal information collected online through the Positive YOUnity mobile application (the “App”) and our website/support portal at https://positiveyounity.org (collectively, the “Services”). It does not cover offline activities or third-party sites and services that do not link to this Policy.

2 Key Definitions

Term Meaning
Personal Information (PI) Information that identifies, relates to, describes, or can reasonably be linked to a particular consumer or household.
Sensitive Personal Information (SPI) Government-ID numbers, precise geolocation, consumer health data, financial-account or crypto-wallet numbers, and similar data.
Sale / Share Disclosure of PI to a third party for monetary or other valuable consideration or for cross-context behavioral advertising.
Targeted Advertising Display of ads to a consumer based on PI obtained from that consumer’s activities across non-affiliated apps or sites.
Universal Opt-Out Mechanism (UOOM) Browser or device signal indicating a user’s preference to opt out of sales/shares and targeted advertising (e.g., Global Privacy Control). We honor all recognized signals.

3 Categories of Personal Information We Collect

Category Examples
Identifiers Name, username, email address, IP address, device ID, IDFA/AAID.
Commercial Data Crypto-wallet address & on-chain transaction hash; future Stripe transaction IDs.
Internet / Network Activity Page views, click-stream data, referrer URLs, in-app events.
User-Generated Content Posts, comments, profile and cover images, videos.
Age Range & General Location Self-reported age band (18-24, 25-34, etc.), state & county, coarse latitude/longitude (≥ 3-digit ZIP).
Device Information Device type, OS and browser version, mobile-network info.
Account Credentials Email + salted-hash password (never stored in plaintext).
Sensitive PI Crypto-wallet address (financial account identifier); precise location if you allow it; any consumer health data you post.
Inferences Engagement scores, ad-interest segments, or other profiling attributes.

4 Sources of Personal Information

  • Directly from you – information you provide during sign-up, in posts, or via support requests.

  • Automatically from your device – collected through SDKs such as Google Analytics for Firebase, AdMob, ironSource, and Tapjoy.

  • Service providers & advertising partners – crash reporting, anti-fraud, install attribution.

5 How We Use Personal Information

Purpose Examples
Provide & Maintain Account creation, authentication, community features.
Personalize Content & Ads Build interest segments; deliver targeted ads via AdMob, Tapjoy, ironSource.
Measure & Improve Analytics, A/B testing, debugging, fraud prevention.
Communicate Support responses, transactional emails, service announcements.
Comply with Law Legal obligations and enforcement of our Terms of Service.

6 Disclosure of Personal Information

Recipient Purpose & Safeguards
Advertising Partners (Google AdMob, ironSource, Tapjoy) Serve personalized ads, measure ad performance. The revenue-share arrangement constitutes a sale/share.
Service Providers (DreamHost, Firebase, Google Analytics, SendGrid) Hosting, analytics, email delivery, crash reporting. Contracts incorporate state-specific controller/processor clauses.
Payment Processor – Stripe Checkout (inactive) Stripe collects card data directly; we receive only tokenized IDs.
Crypto-Wallet Providers Process blockchain transactions you initiate.
Legal authorities / business transferees When required by law or in connection with a merger, acquisition, or asset sale.

We sell and share PI for cross-context behavioral advertising; see opt-out options in § 8 – § 10.

7 Cookies & Similar Technologies

  1. Website Cookies – first-party session and preference cookies plus third-party analytics cookies. Disable cookies in your browser to limit them (some features may break).

  2. Mobile Identifiers – SDKs store IDFA/AAID, subject to iOS App Tracking Transparency and Android ad settings.

  3. Global Privacy Control / UOOM – If your browser or device sends an opt-out signal, we treat it as a request to opt out of all sales/shares and targeted advertising for that device.

8 Advertising, Tracking & Opt-Out Methods

Platform How to Opt Out of Personalized Ads
iOS Deny tracking in the App Tracking Transparency prompt or later via Settings ▷ Privacy & Security ▷ Tracking.
Android Reset or limit the Advertising ID under Settings ▷ Privacy ▷ Ads.
Any Browser/Device Send a Global Privacy Control or other recognized UOOM signal; we honor it automatically.
Email Request Email support@positiveyounity.org with subject line “Opt Out” and include the email address associated with your account.

Your preference takes effect within 15 minutes and persists for at least one year unless you clear cookies or reinstall the App.

9 Your Privacy Rights

We extend the same core rights to all U.S. residents, covering California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nevada, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, Virginia, and any other state with a comprehensive privacy law that becomes effective after 19 May 2025.

Right What it Means
Know / Access Receive the categories and specific pieces of PI we hold.
Delete Ask us to delete PI we collected from you (statutory exceptions apply).
Correct Ask us to rectify inaccurate PI.
Opt Out of Sale / Share / Targeted Ads Stop disclosures of PI for monetary value or cross-context behavioral ads.
Limit SPI We use SPI only to provide the Services; if that changes, we will offer a “Limit the Use of My Sensitive PI” option.
Automated Decision-Making Opt out of profiling that has legal or similarly significant effects.
Non-Discrimination We will not deny services or charge different prices because you exercise a right.
Appeal If we deny your request, you may appeal within 30 days.
“Shine the Light” & Nevada Do-Not-Sell California and Nevada residents may request a list of third parties to whom we disclosed PI for marketing.

10 How to Exercise Your Rights

Email only. Send your request to support@positiveyounity.org with a subject line that identifies the type of request (e.g., “Access Request,” “Delete Request,” “Opt Out,” “Appeal”).

We acknowledge requests within 10 days and complete them within 45 days (90 days if reasonably necessary). Verification involves matching your email plus a one-time code sent to that same address; additional confirmation may be required for sensitive requests. We maintain a hashed suppression list (not usable for marketing) so we can honor future opt-outs without retaining full contact data.

11 Data Retention

| Data Category | Retention Rule | Rationale |
|—|—|
| Account profile | Life of account + 3 years | Chargebacks, legal claims |
| User-Generated Content | Until user deletes + 30 days | Backup roll-off |
| Support tickets | 2 years after close | Troubleshooting history |
| Server & security logs | 30 days | Intrusion detection |
| Payment records (Stripe) | 7 years | Tax & accounting |
| Firebase Analytics events | 14 months | Trend analysis |
| AdMob ad-delivery logs | ≤ 24 months | Advertising measurement |
| Crashlytics crash traces | 90 days | App stability |

We delete or anonymize PI in production systems within 30 days of account deletion and instruct processors to do the same. Processor contracts prohibit retaining raw data longer than the periods above.

12 Security

  • Encryption in transit (TLS 1.2+) and at rest (encrypted volumes and S3 object storage).

  • Salted & hashed credentials (WordPress wp_hash_password).

  • Role-based access controls and multi-factor authentication for all admin accounts.

  • Annual third-party penetration testing and a public vulnerability-disclosure program.

  • Incident Response – notify affected users and regulators within 72 hours of breach confirmation (or sooner if required by law).

No system is 100 % secure; we cannot guarantee absolute security.

13 Children’s Privacy

The Services are intended for users 18 years and older. The sign-up flow includes an age gate and device-level parental controls. We do not knowingly collect PI from anyone under 18; if we learn that we have done so, we will delete the data without undue delay.

14 Third-Party Links

Our Services may link to third-party sites (e.g., YouTube). Their privacy practices govern any PI you provide there.

15 International Users

The Services are hosted in, and governed by the laws of, the United States. We geo-block non-U.S. app-store listings and disclaim availability elsewhere. If you nevertheless access the Services from another jurisdiction, you consent to U.S. processing. We do not intentionally target EU or UK residents; if that changes, we will appoint an Article 27 representative and publish an EU addendum.

16 Changes to This Policy

We may update this Policy from time to time. Material changes will be highlighted in-app or by email at least 30 days before they take effect. The “Last Updated” date reflects the latest revision.

17 Contact Us

Positive YOUnity LLC
State of Incorporation: Florida, USA
Email: support@positiveyounity.org
Website: https://positiveyounity.org

© 2025 Positive YOUnity LLC. All rights reserved.

Scroll to Top