Privacy Policy

This Policy applies to the thump! mobile application, related communications, and related services that link to this Policy. By accessing, downloading, installing, or using the Service, you acknowledge the practices described in this Policy. This Policy does not apply to any third-party application, website, venue, integration, or service that has its own privacy practices, even if you access them through, or in connection with, the Service.

Capitalized terms not defined in this Policy have the meanings given to them in the Terms of Service.

We and our service providers may collect the categories of information described below, depending on how you use the Service and the permissions you grant. Specific data elements collected vary by user, feature, device, and jurisdiction.

a. Account, Profile, and Onboarding Information

For example: mobile phone number; name, username, or display name; email address; profile photo and other media; date of birth or age range; gender; home location; sports interests (primary and secondary), skill level, competitive-level preferences, position preferences, bio, prompt answers, language, and account settings; and verification information where applicable.

b. Authentication and Verification

For example: SMS one-time passcodes, email one-time passcodes, federated identity tokens or identifiers from third-party sign-in providers (such as Google or Apple), session identifiers, login attempts, security events, and related metadata necessary to verify and protect your account.

c. Event and Participation Information

For example: Events you have joined, hosted, saved, requested to join, been waitlisted for, or interacted with; upcoming and past matches; attendance confirmations, no-shows, late cancellations, early cancellations; waitlist position and notice preferences; lobby approvals and denials; access codes you generate or use; participation history; and transactional records relating to Events.

d. Ratings, Trust, and Community Signals

For example: peer ratings (such as approve/disapprove swipes) submitted by you or about you within applicable rating windows; reports, blocks, and moderation signals; reliability indicators; attendance patterns; behavioral or reliability scores (including the score the Service may refer to as “BPM”), tier labels, and visual indicators; rater-pool size, confidence weighting, and provisional dampening inputs; and other internal trust and safety signals. Some of these signals may be inferred, derived, weighted, dampened, or generated by algorithms, heuristics, or other internal systems.

e. Communications

For example: forum posts, in-app messages, attendance nudges, support inquiries, survey responses, feedback, and other communications with us or, where applicable, with other users through Service features.

f. Device, Usage, and Technical Information

For example: device identifiers; mobile operating system and version; app version; IP address; language and locale settings; crash data; diagnostic and log data; in-app interactions and usage analytics; and approximate or precise location data where you have granted permission.

g. Permissions and Sensitive Access

For example: location, camera, photos and media library, microphone, contacts (if ever used), and push notifications. Permission-based information is collected only when you grant the relevant permission or actively use the related feature, and you can usually manage permissions through your device or operating system settings.

h. Payment, Transaction, and Payout Information

If you make or receive payments through the Service, payment instrument details (including full card numbers) are collected and processed by third-party payment processors (such as Stripe, Inc.) and not by us. We may receive and retain limited transaction details, such as transaction status, amount, currency, timestamps, fee breakdowns, charge and refund identifiers, dispute and chargeback metadata, host payout status and identifiers, in-app credit balances and ledger entries, and attendance-confirmation outcomes used in payment reconciliation. We do not store full payment-card data.

We may obtain information:

• directly from you, including when you create an account, complete your profile, or use Service features;
• automatically from your device and from your use of the Service;
• from other users, including hosts, participants, raters, reporters, inviters, or referrers;
• from vendors, analytics providers, payment processors, communications providers, authentication tools, app stores, advertising partners, and other business partners, in each case where applicable.

We and our service providers may use information for purposes such as:

• creating, maintaining, securing, and supporting accounts;
• authenticating users and protecting account integrity;
• enabling event discovery, joining, hosting, waitlists, lobbies, RSVPs, and community interactions;
• personalizing content, recommendations, and relevance;
• calculating, generating, supporting, and adjusting ratings, trust, safety, reliability, matching, and participation signals, including through automated processing;
• delivering communications and notifications related to the Service;
• providing customer support and responding to inquiries;
• analytics, debugging, quality assurance, performance monitoring, and product improvement;
• detecting, investigating, preventing, and addressing fraud, abuse, harassment, safety risks, prohibited conduct, security incidents, and policy or legal violations;
• compliance with law, legal process, regulatory obligations, and lawful requests by public authorities;
• protecting the rights, safety, and property of the Company, users, and others;
• marketing, promotional, and informational communications, where permitted by law;
• corporate transactions, including evaluation, due diligence, restructuring, financing, merger, sale, acquisition, or transfer of assets.

We process information where we have a legitimate business purpose, where you have provided consent (where required), where processing is necessary to perform a contract with you, where processing is necessary to comply with a legal obligation, or on another lawful basis available under applicable law. The lawful basis we rely on may vary depending on the purpose, the information at issue, and your jurisdiction.

We may share information in the following circumstances:

• Service providers and vendors that support the Service, such as cloud hosting and infrastructure, databases, analytics, SMS and voice messaging, email delivery, push notifications, federated authentication providers, security and fraud-prevention tools, customer support, content moderation, identity and age verification, mapping and geocoding, and payment processing (including third-party payment processors such as Stripe, Inc., who handle payment-card data and dispute mechanics under their own terms);
• Other users, as part of the social and event-participation functionality of the Service, such as profile information, hosted or joined events, attendance, ratings displays, and other visible profile or activity elements, depending on feature design and your settings;
• Hosts and participants, as needed to facilitate events, RSVPs, lobbies, waitlists, and related interactions;
• Affiliated entities within our corporate group, in each case for purposes consistent with this Policy;
• Corporate transactions, including in connection with evaluation, due diligence, financing, merger, acquisition, reorganization, bankruptcy, sale of all or part of our business, or similar transactions, in which information may be transferred or disclosed as part of the transaction;
• Legal and safety, to comply with applicable law, legal process, lawful requests, government inquiries, court orders, or subpoenas, or to enforce our terms, protect our rights, property, and safety, the rights, property, and safety of users, or the integrity of the Service;
• With your consent or at your direction, including when you choose to share information through Service features.

We do not sell personal information in the conventional sense of money exchanged for personal information. If our practices change, we will update this Policy and provide any notice or choice required by law.

The Service is, by design, a community and event-participation platform. As a result, certain information you provide or generate may be visible to other users, hosts, or participants. For example, your display name, profile photo, sports interests, skill level, hosted or joined events, ratings or reputation-related information, and similar profile and activity elements may be visible depending on feature design and your settings.

You should only provide or share information you are comfortable making available through the Service. We cannot guarantee that information you make available to other users will remain private or be used in a manner consistent with your expectations.

Location information, where permitted, may be used to surface nearby games and events, support relevance and personalization, assist with safety and fraud prevention, and enable other Service functionality. Camera, microphone, photo, and media permissions, where granted, may be used for profile photos, content uploads, customer support, verification, and other optional features.

You can usually manage device-level permissions, including location, camera, microphone, photos/media, contacts, and push notifications, through your operating-system settings. Some features of the Service may not function properly, or at all, if relevant permissions are not granted.

We retain information for as long as we determine is reasonably necessary for the purposes described in this Policy, including providing and operating the Service, maintaining accounts, calculating and supporting trust and safety signals, resolving disputes, enforcing our agreements, complying with legal and regulatory obligations, supporting backup, audit, and recordkeeping, and other legitimate business purposes.

Retention periods may vary by data type, context, jurisdiction, applicable legal obligation, and whether the relevant account is active, suspended, or under investigation. We may retain deidentified, aggregated, archived, backup, audit-log, or legally required information for longer periods.

You are responsible for safeguarding your account credentials and for promptly notifying us of any suspected unauthorized access to your account.

• Account information. You can review and update certain profile and account information through the Service.
• Device permissions. You can manage device-level permissions, including location, camera, microphone, photos/media, contacts, and push notifications, through your operating-system settings.
• Notifications. You can adjust push notification preferences through device or in-app settings, where available. Certain transactional, security, legal, and operational notifications are necessary to the Service and cannot be disabled without ceasing use of the Service.
• Marketing. Where required by law, you may opt out of marketing communications by using opt-out tools provided in the relevant message or by contacting us.
• Account deletion. You may request deletion of your account by contacting us at contact@thumpapp.com or through any in-app account-deletion option that may be made available.
• Verification. We may need to verify your identity before responding to a request and may deny or limit requests as permitted by law.
• Retained information. Even after a deletion request, we may retain certain information for legal, security, fraud-prevention, backup, dispute-resolution, audit, or compliance reasons, or in deidentified or aggregated form.

Residents of certain U.S. states may have additional rights with respect to their personal information, subject to applicable law. These may include the right to know or access categories and specific pieces of personal information collected, the right to request correction or deletion, the right to obtain information about disclosures, and, where required, the right to appeal a denial of a request.

Where authorized agents are permitted by applicable law to submit requests on your behalf, we may require verification of authority and identity. We will not discriminate against you for exercising your privacy rights, except as permitted by law, including in connection with any incentive or loyalty programs we may later choose to offer.

We do not have actual knowledge that we sell or share, in the conventional sense, personal information of consumers under the relevant statutory thresholds, including minors. If our practices change, we will update this Policy and provide any notice or choice required by law.

The Service is intended for adults aged eighteen (18) and older and is not directed to or designed for children. We do not knowingly collect personal information from anyone under the age of eighteen (18). If we learn that we have collected personal information from a person under eighteen (18) in violation of applicable law, we will delete the information and take other appropriate action, including deactivation of the associated account. A parent or legal guardian who believes a minor has provided personal information to us may contact us using the details in Section 17.

The Service may interact with or rely on third-party services, including, for example, app stores, payment processors, mapping and location providers, analytics providers, customer support tools, communications providers, advertising partners, linked websites, and third-party venues. These third parties have their own terms and privacy practices, which apply to information they collect or process. We are not responsible for, and this Policy does not cover, the privacy practices of any third party.

Information may be processed and stored in the United States and in other jurisdictions where we or our service providers operate. Privacy and data-protection laws may differ from those in your jurisdiction. By using the Service, you understand that information may be transferred to, processed in, and stored in such jurisdictions.

We may update this Policy from time to time. The updated Policy will become effective when posted within the Service or otherwise communicated. The “Last Updated” date above indicates when this Policy was most recently revised. Your continued use of the Service after any change constitutes acknowledgment of the updated Policy and, to the extent permitted by law, acceptance of the revised practices.

For questions, requests, or notices regarding this Policy or our privacy practices, contact:

• Legal Entity: Thump LLC
• Mailing Address: 30 N Gould St Ste N, Sheridan, WY 82801
• Privacy Inquiries: contact@thumpapp.com
• Support: contact@thumpapp.com