Welcome to RoastRecap, operated by BarthVentures LLC ("Company," "we," "us," or "our"). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about our policy, or our practices with regards to your personal information, please contact us at support@roastrecap.com.

When you visit our mobile application ("App"), use our website (roastrecap.com), and use our services, you trust us with your personal information. We take your privacy very seriously. In this privacy policy ("Privacy Policy"), we describe how we collect, use, store, share, and protect your personal information in connection with the RoastRecap services (collectively, the "Services").

We seek to explain to you in the clearest way possible what information we collect, how we use it, and what rights you have in relation to it. We hope you take some time to read through this Privacy Policy carefully, as it is important. If there are any terms in this Privacy Policy that you do not agree with, please discontinue use of our Services immediately.

This Privacy Policy applies to all information collected through our Services and any related services, sales, marketing, or events.

PLEASE READ THIS PRIVACY POLICY CAREFULLY AS IT WILL HELP YOU UNDERSTAND WHAT WE DO WITH THE INFORMATION WE COLLECT.

We do not condone, support, or facilitate any form of cyberbullying. Any content found to be promoting violence, discrimination based on race, gender, religion, or sexual orientation, or severe harassment will be removed immediately.

VIOLATION CONSEQUENCES:

Users found violating this policy will face immediate and permanent account suspension. We reserve the right to ban any user without prior warning if their conduct is deemed harmful to the community.

LAW ENFORCEMENT COOPERATION:

We cooperate fully with law enforcement authorities. If we identify content that constitutes a credible threat to physical safety, involves the exploitation of minors, or violates criminal law, we will proactively report such activities to the appropriate authorities and provide all necessary user data (including IP addresses, device IDs, chat logs, and metadata) to assist in their investigations.

For detailed information on content moderation, reporting, and appeals, see Article 13A of our Terms of Service.

We collect personal information that you voluntarily provide to us when you register for an account, use the Services, participate in activities on the Services, or otherwise contact us.

3.1. PUBLIC INFORMATION

We collect personal information that you voluntarily provide when registering for the App, including:

• Full name (optional, depending on registration method)
• Username/handle (required)
• Email address (if registering via email)
• Phone number (if registering via phone authentication)

3.2. CREDENTIALS

We collect passwords, password hints, and similar security information used for authentication and account access. Passwords are hashed and encrypted using industry-standard methods and are never stored in plain text.

3.3. SOCIAL LOGIN

We provide you with the option to register using third-party social media account details, including:

• Apple Sign-In: We receive your Apple ID token, email address (if you choose to share it), and full name (on first sign-in only).
• Google Sign-In (if available): We receive your Google account email address and profile information.

When you use social login, we collect only the information that the third-party service authorizes us to access. You can review and control what information is shared through the privacy settings of your Apple ID or Google account.

3.4. DETAILED DATA COLLECTION INVENTORY

In addition to the information described above, we collect the following categories of data:

(a) DEVICE IDENTIFIERS

• Advertising Identifier (IDFA): Collected through Apple's App Tracking Transparency (ATT) framework for ad personalization and attribution (only if you grant permission).
• Device model, operating system version (iOS version).
• App version and build number.
• Unique device identifiers for App Check security validation.

(b) PUSH NOTIFICATION TOKENS

• Firebase Cloud Messaging (FCM) tokens
• Apple Push Notification Service (APNs) tokens

These are used solely to send you notifications about in-app activity (new roasts, comments, group invites, daily challenges).

(c) ANALYTICS DATA

We collect analytics data to understand how users interact with the Services, including:

• Login events (method: email, phone, Apple Sign-In)
• Roast generation events (roast mode, score, isAnonymous, hasImage)
• Group creation and join events
• Recap viewing events
• Ad viewing events (ad type, credit reward)
• In-app purchase events (product ID, transaction ID, success/failure)
• Daily challenge completion events
• Account deletion events

All analytics data is collected through Firebase Analytics and is anonymized or pseudonymized where possible.

(d) PAYMENT INFORMATION

When you make in-app purchases, we collect:

• Product ID (e.g., "com.roastrecap.credits.anon.1")
• Transaction ID (unique identifier for the purchase)
• JWS Token (JSON Web Signature from Apple's StoreKit 2, used for receipt verification)
• Purchase timestamp

We do NOT collect or store your credit card number, billing address, or other financial account details. All payment processing is handled securely by Apple (via the App Store) or Google (via Google Play). We receive only a verification token to confirm the purchase.

(e) USER-GENERATED CONTENT

We collect content that you create, upload, or submit to the Services, including:

• Roast text and descriptions
• Photos uploaded for roasting events (compressed to max 1024px, max 500KB, stored in Firebase Storage)
• Comments and reactions on roasts
• Custom avatar images (compressed and stored in Firebase Storage)
• Group names and descriptions
• Messages sent to support or feedback

3.5. THIRD-PARTY SERVICES AND DATA SHARING

Your data is shared with the following third-party service providers to operate the Services:

(a) FIREBASE (Google LLC)

• Firebase Authentication: User credentials and authentication tokens
• Firestore Database: User profiles, groups, events, roasts, comments, reactions
• Firebase Storage: Custom avatars and media files
• Firebase Cloud Functions: Backend logic and data processing
• Firebase Analytics: Usage statistics and event tracking
• Firebase Crashlytics: Error and crash reporting
• Firebase App Check: Security and fraud prevention

Privacy Policy: https://policies.google.com/privacy

(b) GOOGLE GEMINI API (Google LLC)

• AI-generated roast content processing
• Receives: User-submitted text, media, and metadata for roast generation
• Used for: Generating AI roasts based on user inputs

Privacy Policy: https://policies.google.com/privacy

(c) GOOGLE ADMOB (Google LLC)

• Mobile advertising platform
• Receives: Device identifiers (IDFA if authorized), ad interaction data, device info
• Used for: Displaying ads and rewarding users with in-app currency

Privacy Policy: https://policies.google.com/privacy
Opt-Out: iOS Settings > Privacy > Tracking > RoastRecap (toggle OFF)

All third-party services are carefully vetted and required to maintain appropriate data protection standards. We have Data Processing Agreements (DPAs) with all processors handling personal data.

We use the information we collect or receive:

4.1. SERVICE PROVISION

To facilitate account creation and authentication, manage user accounts, and deliver the core Services, including:

• Authenticating your identity
• Generating AI roasts based on your inputs
• Storing and displaying user-generated content
• Facilitating group interactions and social features
• Processing in-app purchases
• Awarding virtual goods (Soft Credits, Anon Credits, cosmetics)
• Tracking daily challenge progress and awarding rewards

4.2. COMMUNICATIONS

To send you marketing, promotional, or administrative communications, including:

• Transactional emails (account creation, password reset, purchase confirmations)
• Push notifications (new roasts, comments, group activity, daily challenges)
• Promotional emails about new features or special offers (you may opt out at any time)
• Service announcements and updates
• Responses to your support requests

You can control notification preferences in Settings > Notifications.

4.3. SECURITY AND LEGAL

To protect our Services, enforce our Terms of Service, and respond to legal requests:

• Detecting and preventing fraud, abuse, and security threats
• Monitoring for prohibited content and enforcing content moderation policies
• Complying with legal obligations (subpoenas, court orders, regulatory requests)
• Investigating and responding to user reports
• Defending our legal rights in disputes

4.4. DATA PROCESSING

Your submitted content (text and images) is processed solely for the purpose of generating roasts and providing the Services. We do not use your content to train AI models.

Content submitted to the Google Gemini API is processed according to Google's privacy policies and terms. In our current setup, submitted API data is not used to train Google's foundation models.

We only share information with your consent, to comply with laws, to provide you with services, to protect your rights, or to fulfill business obligations.

We may process or share your data based on the following legal basis:

(a) CONSENT:

You have given us specific consent to use your personal information for a stated purpose (e.g., personalized ads).

(b) LEGITIMATE INTERESTS:

We have legitimate interests in operating and improving the Services, preventing fraud, and ensuring security, provided such interests do not override your fundamental rights and freedoms.

(c) PERFORMANCE OF A CONTRACT:

We need to process your data to fulfill our contractual obligations to provide the Services.

(d) LEGAL OBLIGATIONS:

We are required by law to process your data (e.g., responding to lawful government requests, complying with data breach notification requirements).

RoastRecap is based in the United States, and our service providers (Firebase, Google Cloud, AI provider) operate globally. If you access the Services from outside the United States, your personal information will be transferred to, stored, and processed in:

• United States (primary Firebase data centers)
• European Union (Firebase EU multi-region storage, if configured)
• Other countries where our third-party providers operate

5A.1. STANDARD CONTRACTUAL CLAUSES (SCCs)

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure that your data is protected when transferred outside the EEA/UK/Switzerland.

We have entered into SCCs with:

• Google LLC (Firebase, Google Cloud, Google Gemini, AdMob)

Copies of our SCCs are available upon request by contacting gdpr@roastrecap.com.

5A.2. ADEQUACY DECISIONS

Where applicable, we rely on European Commission adequacy decisions that recognize certain countries as providing an adequate level of data protection.

5A.3. YOUR CONSENT

By using the Services, you consent to the transfer of your personal information to the United States and other countries as described in this Privacy Policy.

If you do not consent to international data transfers, you should not use the Services.

RoastRecap is intended only for individuals who are at least 18 years of age.

By using the Services, you represent that you are at least 18 years of age.

If we learn that personal information from a user under 18 has been collected, we will deactivate the account and delete associated personal data in accordance with applicable law and retention obligations.

If you become aware of an account created by a person under 18, contact legal@roastrecap.com so we can review and enforce this policy.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have certain rights under the General Data Protection Regulation (GDPR) and UK GDPR.

YOUR RIGHTS INCLUDE:

(a) RIGHT OF ACCESS (GDPR ARTICLE 15)

You have the right to request confirmation of whether we process your personal data and to obtain a copy of your personal data.

(b) RIGHT TO RECTIFICATION (GDPR ARTICLE 16)

You have the right to request correction of inaccurate or incomplete personal data. You can update most information directly in the app Settings.

(c) RIGHT TO ERASURE / "RIGHT TO BE FORGOTTEN" (GDPR ARTICLE 17)

You have the right to request deletion of your personal data under certain conditions.

(d) RIGHT TO DATA PORTABILITY (GDPR ARTICLE 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format (JSON or CSV) and to transmit it to another service provider.

HOW TO EXERCISE YOUR RIGHTS:

To exercise any of the above rights, please submit a request to:

Include in your request:

• Your full name and username
• The right you wish to exercise (access, deletion, portability, etc.)
• Proof of identity (to prevent unauthorized access to your data)

We will respond to your request within 30 days as required by GDPR Article 12. If we need additional time (up to 60 days for complex requests), we will notify you of the extension and the reasons.

If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

YOUR RIGHTS INCLUDE:

(a) RIGHT TO KNOW

You have the right to request that we disclose:

• Categories of personal information we have collected about you
• Categories of sources from which the personal information is collected
• Our business or commercial purpose for collecting or selling personal information
• Categories of third parties with whom we share personal information
• Specific pieces of personal information we have collected about you

(b) RIGHT TO DELETE

You have the right to request deletion of your personal information, subject to certain exceptions.

(c) RIGHT TO OPT-OUT OF SALE

HOW TO EXERCISE YOUR RIGHTS:

To exercise your CCPA rights, submit a request to:

We will respond within 45 days as required by CCPA.

You have the right to delete your RoastRecap account and associated personal data at any time.

11.1. HOW TO DELETE YOUR ACCOUNT

IN-APP DELETION (RECOMMENDED):

1. Open RoastRecap app
2. Navigate to Settings > Account Settings > Delete Account
3. Confirm deletion by entering your password or authenticating via Face ID/Touch ID
4. Confirm deletion one final time (this action is irreversible)

EMAIL REQUEST:

If you cannot access the app, email us at:

• support@roastrecap.com (general requests)
• gdpr@roastrecap.com (GDPR/EU users)
• privacy@roastrecap.com (CCPA/California users)

Include in your email:

• Subject: "Account Deletion Request"
• Your username and email address associated with the account
• Proof of identity (to prevent unauthorized deletions)

We process account deletion requests in accordance with applicable law and retention obligations. We do not guarantee a specific operational response or completion timeline unless required by law.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We are committed to resolving privacy concerns promptly and transparently. If you are not satisfied with our response, you may escalate to:

• Your local data protection authority (GDPR users)
• California Attorney General (California residents)
• Federal Trade Commission (FTC) - https://reportfraud.ftc.gov