Privacy Policy

Vibe Connect — by Sigma Pi Labs Inc.

1. INTRODUCTION AND SCOPE

1.1 Who We Are

Sigma Pi Labs Inc. is the data controller responsible for your personal information collected through the Vibe Connect mobile application. We are committed to protecting your privacy and handling your data in an open and transparent manner.

1.2 Scope of This Policy

This Privacy Policy applies to all personal information collected through:

• The Vibe Connect mobile application (iOS and Android);
• Our backend services and servers;
• Our communications with you (email, push notifications, in-app messages);
• Any third-party services integrated with the App.

This Policy does not apply to information collected by third-party websites or services linked to or from the App, which are governed by their own privacy policies.

1.3 Agreement to This Policy

By creating an account and using the App, you expressly consent to the collection, use, disclosure, and processing of your personal information as described in this Privacy Policy. If you are providing information on behalf of another person, you represent that you have their consent to do so.

2. INFORMATION WE COLLECT

We collect information in several ways: directly from you, automatically through your use of the App, and from third-party sources.

2.1 Information You Provide Directly

2.1.1 Account Registration Data

Data Type	Details	Purpose
Email address	Provided at registration or via Apple/Google Sign-In	Account creation, authentication, communication
Password	For email/password registration (hashed, never stored in plaintext)	Account security
Display name	User-chosen name displayed to other Users	Identification within the App
Date of birth / Age	Provided during onboarding	Age verification (18+ requirement), matching
Gender	Male, Female, or Other	Matching preferences
Authentication provider	Email, Apple, or Google	Login and session management

2.1.2 Profile Data

Data Type	Details	Purpose
Bio / About me	Free-text personal description	Profile display, AI profile review
Interests	Selected from 20+ categories (Gaming, Music, Sports, Travel, etc.)	Matching algorithm compatibility scoring
Personality type	Soft, Fun, Harsh, or Sporty (determined via quiz)	Personality-based matching
Tolerance level	Minimal, Moderate, or High	Emotional compatibility matching
Happiness index	Self-reported "happy days" metric	Well-being-based matching
Companion role preference	Boyfriend, Girlfriend, Brother, Sister, Friend, Best Friend, Mentor, Confidant, Listener, Mother, Father	Role-based matching
Avatar	Selected from predefined avatar options	Profile display
Gender preference for matching	Preferred gender(s) of matches	Filtering match candidates

2.1.3 Communication Data

Data Type	Details	Purpose
Chat messages	Text messages sent to matched Users	Message delivery, safety monitoring
Reports	User reports including report reason and optional description	Safety, content moderation, enforcement
Unmatch reasons	Optional reason provided when unmatching	Service improvement, safety
Support communications	Emails or messages sent to our support team	Customer support

2.1.4 Wellness and Journal Data

Data Type	Details	Purpose
Mood scores	Numeric mood rating (0-10 scale)	Mood tracking, visualization, wellness tips
Wellness diary entries	Free-text journal entries about daily wellness	Personal journaling, self-reflection
Memory Book entries	Personal journal entries (text or voice-dictated)	Personal journaling
Mood history	Historical mood data (7-day, monthly)	Mood trends and visualization
Breathing exercise usage	Whether breathing exercises were completed	Wellness feature engagement

2.1.5 Payment and Subscription Data

Data Type	Details	Purpose
Subscription tier	Free or Premium	Feature access management
Purchase history	Subscription plan selected, start date, renewal date	Subscription management
Entitlement status	Active/expired/canceled	Feature gating

2.2 Information Collected Automatically

2.2.1 Device and Technical Data

Data Type	Details	Purpose
Device type and model	iPhone, Android device model	App optimization, debugging
Operating system and version	iOS/Android version	Compatibility, debugging
App version	Installed version of Vibe Connect	Version management, updates
Push notification token	Firebase Cloud Messaging (FCM) device token	Push notification delivery
Unique device identifiers	Generated internally for session management	Security, fraud prevention
Network information	Online/offline status, connection type	Service delivery, offline queueing
Timezone	Device timezone setting	Timestamp localization

2.2.2 Usage and Behavioral Data

Data Type	Details	Purpose
Online/offline status	Whether you are currently active in the App	Matching availability, display to connections
Last seen timestamp	When you were last active	Display to connections
Match history	Users you matched with, match duration, outcome	Matching algorithm improvement, safety
Connection history	Saved connections, save requests, accepted/declined	Connection management
Skip/block history	Users you skipped or blocked	Prevent re-matching, safety
Chat count	Number of completed chats	Matching algorithm (new user identification)
Message read receipts	Whether messages were read and when	Chat feature functionality
Feature usage patterns	Which features you use and how often	Service improvement, analytics
Notification interactions	Whether push notifications were opened, accepted, or declined	Notification optimization
Session data	Login times, session duration	Security, analytics

2.2.3 Location and Proximity Data

Data Type	Details	Purpose
Geolocation coordinates	GPS latitude/longitude (when location permission granted)	Vibe Zone map display, proximity-based matching
BLE proximity tokens	Bluetooth Low Energy proximity identifiers	Proximity detection between nearby Users
Location accuracy	Precision of location data	Map display accuracy

2.2.4 Voice and Audio Data

Data Type	Details	Purpose
Voice recordings (transient)	Audio captured during voice dictation	Voice-to-text transcription for Memory Book entries
Transcribed text	Text output from voice dictation	Stored as journal entry content
Language preference	Selected dictation language (28+ supported)	Transcription accuracy

2.3 Information from Third-Party Sources

2.3.1 Authentication Providers

If you sign in using Apple or Google, we receive the following from the respective provider:

• Apple Sign-In: Email address (or Apple's private relay email if you choose to hide your email), name (if provided), and a unique Apple user identifier. Apple may provide a "private relay" email address that forwards to your real email.
• Google Sign-In: Email address, name, profile picture URL (if available), and a unique Google user identifier.

We do not receive your Apple or Google account password.

2.3.2 Payment Providers

RevenueCat, Apple, and Google may share with us: subscription status, purchase dates, renewal dates, cancellation dates, entitlement information, and transaction identifiers. They do not share payment card or bank details with us.

2.4 Sensitive Information

We recognize that certain information we collect may be considered sensitive, including:

• Health and wellness data: Mood scores, wellness diary entries, and mental health-related journaling;
• Gender and sexual orientation indicators: Gender selection and matching preferences;
• Precise geolocation;
• Personality and psychological assessments: Personality quiz results, tolerance levels.

We treat this data with heightened care and implement additional safeguards as described in Section 8 (Data Security).

3. HOW WE USE YOUR INFORMATION

3.1 Primary Purposes

We use your personal information for the following primary purposes:

3.1.1 Service Delivery and Core Functionality

• Account management: Creating, maintaining, and authenticating your account;
• Matching: Running our matching algorithm to pair you with compatible Users based on personality, interests, tolerance, happiness index, role preferences, gender preferences, location proximity, and online status;
• Messaging: Facilitating real-time chat between matched Users, delivering messages, and providing read receipts and typing indicators;
• Connections: Managing save requests, saved connections, and connection lifecycle;
• Wellness features: Storing mood data, journal entries, generating mood visualizations, providing wellness tips, and facilitating breathing exercises;
• Memory Book: Storing and organizing your journal entries and voice-dictated notes;
• Vibe Zone: Displaying your location on maps, enabling proximity-based discovery;
• Subscriptions: Managing your subscription tier, verifying entitlements, and providing premium features;
• Notifications: Sending push notifications for match requests, messages, connection updates, wellness reminders, and system alerts.

3.1.2 AI-Powered Features

• Chat assistance: Providing AI-generated conversation starters and message suggestions based on conversation context;
• Profile review: Analyzing your profile information to provide AI-generated improvement suggestions;
• Bio improvement: Suggesting enhancements to your bio text;
• Tone analysis: Analyzing message tone and sentiment to provide communication suggestions;
• Wellness recommendations: Generating personalized wellness tips based on mood data.

3.1.3 Safety and Security

• Content moderation: Monitoring for violations of our Terms and Community Guidelines;
• Report investigation: Reviewing user reports of harassment, inappropriate content, underage users, and other violations;
• Strike and ban enforcement: Tracking violations and enforcing account restrictions;
• Fraud prevention: Detecting and preventing fraudulent accounts, spam, and malicious activity;
• Account security: Protecting against unauthorized access and suspicious activity.

3.1.4 Service Improvement

• Algorithm improvement: Analyzing match outcomes to improve matching quality;
• Feature development: Understanding usage patterns to inform product decisions;
• Bug fixing: Diagnosing and resolving technical issues;
• Performance optimization: Improving App speed, reliability, and user experience.

3.1.5 Communications

• Service communications: Account verification, security alerts, service updates, policy changes;
• Promotional communications: Feature announcements, campaigns, and marketing (with opt-out available);
• Wellness campaigns: Daily wellness check-in reminders;
• Customer support: Responding to your inquiries and requests.

3.2 Legal Bases for Processing (GDPR / International Users)

Where applicable (e.g., for users in the European Economic Area, United Kingdom, or other jurisdictions requiring a legal basis), we process your data based on:

• Consent: Where you have given explicit consent (e.g., location data, push notifications, promotional communications). You may withdraw consent at any time;
• Contract performance: Processing necessary to fulfill our contract with you (the Terms and Conditions), including account management, matching, messaging, and subscription services;
• Legitimate interests: Processing necessary for our legitimate interests, including service improvement, fraud prevention, and safety, provided these interests are not overridden by your rights;
• Legal obligation: Processing necessary to comply with applicable law, regulation, legal process, or governmental request;
• Vital interests: In rare cases, processing necessary to protect someone's life or physical safety.

4. HOW WE SHARE YOUR INFORMATION

4.1 With Other Users

Certain information is shared with other Users as part of the App's core functionality:

• Profile information: Display name, bio, avatar, interests, personality type, companion role, and gender are visible to matched Users and potential matches;
• Online status: Your online/offline status and last seen time may be visible to your connections;
• Chat messages: Messages are visible to the recipient User;
• Read receipts: Whether you have read a message may be visible to the sender;
• Typing indicators: Whether you are currently typing may be visible to the other User in an active chat;
• Location (Vibe Zone): If you use Vibe Zone features, your approximate location may be visible on the map to other Users;
• Proximity: BLE proximity tokens may be shared with nearby Users.

4.2 With Third-Party Service Providers

We share information with third-party service providers who assist us in operating the App. These providers are contractually obligated to use your information only for the purposes for which it was shared and to maintain appropriate security measures. See Section 5 for a complete list of providers.

4.3 For Legal and Safety Reasons

We may disclose your information when we believe in good faith that disclosure is necessary to:

• Comply with applicable law, regulation, legal process, or enforceable governmental request;
• Enforce our Terms and Conditions, including investigation of potential violations;
• Detect, prevent, or address fraud, security, or technical issues;
• Protect against harm to the rights, property, or safety of the Company, our Users, or the public as required or permitted by law;
• Respond to lawful requests from law enforcement or government agencies;
• Protect the personal safety of Users or the public.

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, dissolution, sale of all or a portion of our assets, or similar corporate event, your personal information may be transferred to the acquiring entity. We will notify you of any such change in ownership or control of your personal information via the App or email.

4.5 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for any purpose, including research, analytics, business intelligence, and marketing. This data is not considered personal information under this Privacy Policy.

4.6 With Your Consent

We may share your information for purposes not described in this Privacy Policy with your explicit consent.

4.7 What We Do NOT Do

• We do NOT sell your personal information to third parties for their marketing purposes;
• We do NOT share your personal information with data brokers;
• We do NOT use your wellness, mood, or journal data for advertising targeting;
• We do NOT provide your private messages to advertisers;
• We do NOT sell or rent your email address, phone number, or other contact information to third parties.

5. THIRD-PARTY SERVICE PROVIDERS

The following third-party service providers process your data on our behalf or in connection with the App's functionality:

5.1 Infrastructure and Backend

Provider	Purpose	Data Processed	Location
Supabase, Inc.	Database hosting, user authentication, real-time messaging infrastructure, Edge Functions (serverless compute)	All account data, profile data, messages, wellness data, journal entries, match history, authentication tokens	United States (AWS infrastructure)
Google Cloud Platform (GCP)	Cloud Run backend services (matchmaker, notification delivery, proximity services)	Match queue data, notification routing, FCM tokens, proximity tokens, matching algorithm processing	United States
Redis (via GCP)	Session management, match queue, real-time pub/sub, temporary data caching	Match queue entries, skip/block lists, session data (TTL-based, auto-expiring)	United States

5.2 Authentication

Provider	Purpose	Data Processed
Apple Inc.	Apple Sign-In authentication	Apple user ID, email (or private relay email), name
Google LLC	Google Sign-In authentication	Google user ID, email, name, profile photo URL

5.3 Push Notifications

Provider	Purpose	Data Processed
Firebase / Google (FCM)	Push notification delivery to iOS and Android devices	FCM device tokens, notification content (titles, bodies, metadata), device platform
Apple Push Notification service (APNs)	iOS push delivery (via FCM)	Device tokens, notification payloads

5.4 Payments and Subscriptions

Provider	Purpose	Data Processed
RevenueCat, Inc.	Subscription management, entitlement verification, purchase validation	App user ID, subscription tier, purchase dates, renewal status, entitlement data, platform (iOS/Android)
Apple (App Store)	Payment processing for iOS purchases	Payment card information (held by Apple, not shared with us), transaction data
Google (Play Store)	Payment processing for Android purchases	Payment card information (held by Google, not shared with us), transaction data

5.5 Mapping and Location

Provider	Purpose	Data Processed
Mapbox, Inc.	Map display, location visualization in Vibe Zone	Geolocation coordinates, map interaction data, device type

5.6 AI and Machine Learning

Provider	Purpose	Data Processed
Third-Party LLM/AI Providers (accessed via API)	AI chat assistance, message suggestions, profile review, bio improvement, tone analysis, wellness recommendations	Contextual data necessary for AI processing: conversation snippets, profile text, mood data, message content. Data is sent via API calls and is subject to the provider's data processing terms.

5.7 Speech Recognition (On-Device)

Provider	Purpose	Data Processed
Apple Speech Recognition (iOS)	On-device voice-to-text transcription	Audio input processed locally on device (not sent to our servers)
Google Speech Services (Android)	Voice-to-text transcription	Audio input (may be processed on-device or via Google's servers depending on device settings)

6. DATA RETENTION

6.1 Retention Periods

Data Category	Retention Period	Rationale
Account and profile data	Duration of account + 30 days after deletion	Service delivery, account recovery window
Chat messages	Duration of active connection; deleted when connection ends or account is deleted	Messaging functionality
Wellness and mood data	Duration of account + 30 days after deletion	Wellness tracking continuity
Memory Book entries	Duration of account + 30 days after deletion	Journal feature continuity
Match history	Duration of account + 90 days after deletion	Safety, abuse prevention
User reports	Minimum 2 years, or as required by law	Safety, legal compliance, pattern detection
Subscription/payment records	Duration of account + 7 years	Financial record-keeping, tax compliance
Push notification tokens	Duration of account; refreshed automatically	Notification delivery
Location data	Not persistently stored; used in real-time for Vibe Zone display	Ephemeral use only
Redis queue/session data	Auto-expires (5-minute TTL for queue, 60-second heartbeat)	Ephemeral use only
Server logs	90 days	Debugging, security monitoring
Backup copies	Up to 30 days after primary deletion	Disaster recovery

6.2 Extended Retention

We may retain certain data beyond the periods above when:

• Required by applicable law, regulation, or legal process;
• Necessary to resolve ongoing disputes or enforce our agreements;
• Needed for fraud prevention or safety purposes (e.g., data related to banned accounts);
• Data has been anonymized and can no longer be linked to an identifiable individual.

6.3 Deletion Process

When your account is deleted or data retention periods expire, we will delete or anonymize your data from our active systems. Data in backups will be overwritten through the normal backup rotation cycle (up to 30 days). Some residual data may persist in encrypted backup archives until overwritten.

7. YOUR RIGHTS AND CHOICES

7.1 Universal Rights

Regardless of your location, you have the following rights:

• Access: You may request a copy of the personal information we hold about you;
• Correction: You may update or correct inaccurate personal information through your profile settings or by contacting us;
• Deletion: You may delete your account and request deletion of your personal data;
• Opt-out of marketing: You may opt out of promotional push notifications and marketing communications at any time;
• Notification control: You may manage push notification preferences through your device settings;
• Location control: You may enable or disable location services through your device settings;
• Microphone control: You may enable or disable microphone access through your device settings;
• Bluetooth control: You may enable or disable Bluetooth access through your device settings.

7.2 Rights for European Economic Area (EEA), United Kingdom (UK), and Switzerland Residents

If you are located in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) or equivalent legislation:

• Right to access: Obtain confirmation of whether we process your personal data and access to that data;
• Right to rectification: Request correction of inaccurate or incomplete personal data;
• Right to erasure ("right to be forgotten"): Request deletion of your personal data, subject to legal exceptions;
• Right to restriction of processing: Request limitation of how we process your data in certain circumstances;
• Right to data portability: Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller;
• Right to object: Object to processing based on legitimate interests, including profiling;
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing;
• Right to lodge a complaint: File a complaint with your local data protection supervisory authority;
• Rights related to automated decision-making: Right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you.

7.3 Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to know: Request disclosure of the categories and specific pieces of personal information we have collected, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share;
• Right to delete: Request deletion of your personal information, subject to legal exceptions;
• Right to correct: Request correction of inaccurate personal information;
• Right to opt out of sale/sharing: We do NOT sell your personal information. We do NOT share your personal information for cross-context behavioral advertising;
• Right to limit use of sensitive personal information: You may request that we limit the use of sensitive personal information to what is necessary for providing the App;
• Right to non-discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

California "Shine the Light" Law

California Civil Code Section 1798.83 permits California residents to request information regarding the disclosure of personal information to third parties for their direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

CCPA Categories of Personal Information Collected

CCPA Category	Examples Collected	Sold?	Shared for Advertising?
Identifiers	Email, display name, device IDs, FCM tokens	No	No
Personal information (Cal. Civ. Code § 1798.80)	Name, age/DOB, gender	No	No
Protected classifications	Gender, age	No	No
Commercial information	Subscription history, purchase records	No	No
Internet/electronic activity	App usage data, feature interactions, session data	No	No
Geolocation data	GPS coordinates (when permitted)	No	No
Audio/electronic information	Voice dictation (transient, on-device)	No	No
Inferences	Personality type, compatibility scores, mood trends	No	No
Sensitive personal information	Precise geolocation, health-related data (mood/wellness), account credentials	No	No

7.4 Rights for Other Jurisdictions

If you reside in a jurisdiction with applicable data protection laws (including but not limited to Brazil's LGPD, Canada's PIPEDA, Australia's Privacy Act, India's DPDP Act, or other national or regional privacy laws), you may have similar rights to access, correct, delete, or restrict processing of your personal data. We will honor such rights in accordance with applicable law.

7.5 How to Exercise Your Rights

To exercise any of your rights, you may:

• In-App: Use your profile settings to update, correct, or delete your information;
• Email: Send a request to privacy@sigmapilabs.com;
• Account deletion: Use the account deletion feature in the App's settings.

We will respond to verifiable requests within 30 days (or as required by applicable law, e.g., 45 days under CCPA with possible extension). We may request verification of your identity before fulfilling requests to protect your data from unauthorized access.

7.6 Authorized Agents

You may designate an authorized agent to submit requests on your behalf. We may require proof of authorization and identity verification before processing such requests.

8. DATA SECURITY

8.1 Security Measures

We implement commercially reasonable administrative, technical, and physical security measures to protect your personal information, including:

• Encryption in transit: All data transmitted between the App and our servers is encrypted using TLS/SSL (HTTPS);
• Encryption at rest: Sensitive data stored on our servers is encrypted at rest;
• Password security: Passwords are cryptographically hashed and never stored in plaintext;
• Authentication security: OAuth 2.0-based authentication via Apple and Google; session tokens with automatic expiration and refresh;
• Secure local storage: Sensitive data on your device is stored using platform-native secure storage (iOS Keychain / Android Keystore);
• Access controls: Role-based access controls limit employee access to personal data on a need-to-know basis;
• Row-Level Security (RLS): Database-level security policies ensure Users can only access their own data;
• PII minimization: Sensitive personal identifiers are stripped from local caches and only essential fields are retained;
• Infrastructure security: Our backend services run on Google Cloud Platform and Supabase, which maintain SOC 2 Type II, ISO 27001, and other security certifications;
• Token management: Push notification tokens, session tokens, and proximity tokens are managed with automatic rotation and expiration;
• Incident response: We maintain procedures for detecting, responding to, and recovering from security incidents.

8.2 No Absolute Guarantee

Despite our efforts, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of your data. You acknowledge and accept the inherent risks of providing information electronically. In the event of a data breach affecting your personal information, we will notify you and applicable authorities as required by law.

8.3 Your Security Responsibilities

You are responsible for:

• Maintaining the confidentiality of your account credentials;
• Using a strong, unique password for your account;
• Keeping your device's operating system and the App updated;
• Logging out of your account on shared or public devices;
• Notifying us immediately if you suspect unauthorized access to your account.

9. INTERNATIONAL DATA TRANSFERS

9.1 Transfer of Data

Your personal information may be transferred to, processed in, and stored in the United States and other countries where our service providers operate. These countries may have data protection laws that differ from those in your country of residence.

9.2 Safeguards for International Transfers

When we transfer personal data internationally, we implement appropriate safeguards, which may include:

• Standard Contractual Clauses (SCCs) approved by the European Commission;
• Contractual data protection obligations with service providers;
• Reliance on adequacy decisions where available;
• Your explicit consent to the transfer.

9.3 EU-U.S. Data Privacy Framework

Where applicable, we rely on the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework for transfers of personal data from the EEA, UK, and Switzerland to the United States.

10. CHILDREN'S PRIVACY

10.1 Age Restriction

The App is intended for Users who are at least eighteen (18) years of age. We do not knowingly collect, solicit, or maintain personal information from anyone under the age of 18. We do not knowingly allow individuals under 18 to create accounts or use the App.

10.2 COPPA Compliance

In compliance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under the age of 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information as quickly as possible.

10.3 Parental Notice

If you are a parent or guardian and believe that your child under 18 has provided personal information to us or created an account, please contact us immediately at privacy@sigmapilabs.com. We will investigate and delete the account and associated data promptly.

10.4 Reporting Underage Users

Users can report suspected underage users through the App's reporting system. Reports of underage users are investigated and addressed as a priority.

11. COOKIES AND TRACKING TECHNOLOGIES

11.1 Mobile App Context

As a mobile application, Vibe Connect does not use traditional web browser cookies. However, we may use similar technologies including:

• Local storage: Encrypted local storage on your device for session management, offline caching, and preferences;
• Device identifiers: Internally generated identifiers for session management and security;
• Analytics events: In-app event tracking for usage analytics and service improvement.

11.2 Do Not Track

We currently do not respond to "Do Not Track" (DNT) signals, as there is no universally accepted standard for how DNT should be interpreted in mobile applications. However, you can control data collection through the privacy settings described in this Policy.

11.3 App Tracking Transparency (iOS)

For iOS users, we comply with Apple's App Tracking Transparency (ATT) framework. We will request your permission before tracking your activity across other companies' apps and websites. You may change your tracking preference at any time in your device's Privacy settings.

12. AUTOMATED DECISION-MAKING AND PROFILING

12.1 Matching Algorithm

The App uses automated algorithms to match Users based on profile data, preferences, and behavioral signals. This constitutes automated decision-making and profiling. You acknowledge that:

• The matching algorithm processes your profile data, interests, personality type, tolerance level, happiness index, gender preferences, role preferences, location, and online status to generate match recommendations;
• Match compatibility scores are calculated automatically based on multiple weighted factors;
• The algorithm may prioritize certain factors over others based on the matching mode selected (e.g., "Talk to Anyone" mode uses different criteria than personality-based matching);
• New users may be treated differently in matching (e.g., different matching thresholds).

12.2 Content Moderation

We may use automated systems to scan content for potential violations of our Terms, including but not limited to detection of harassment, spam, and inappropriate content. Content flagged by automated systems may be reviewed by human moderators.

12.3 Strike System

Our strike system uses automated counting of verified reports to determine enforcement actions (e.g., 3 strikes results in account ban). This automated process may significantly affect your ability to use the App.

12.4 Your Rights Regarding Automated Decisions

Where required by applicable law (e.g., GDPR Article 22), you have the right to:

• Request human review of automated decisions that significantly affect you;
• Express your point of view regarding such decisions;
• Contest automated decisions.

To exercise these rights, contact us at privacy@sigmapilabs.com.

13. WELLNESS AND HEALTH DATA — SPECIAL PROTECTIONS

13.1 Categories of Wellness Data

The App collects the following wellness-related data:

• Mood scores (numeric, 0-10 scale);
• Wellness diary free-text entries;
• Memory Book journal entries;
• Breathing exercise completion records;
• Mood history and trends (7-day, monthly);
• Wellness tip interactions.

13.2 How Wellness Data Is Used

• Personal use: Displayed to you for self-reflection, mood tracking, and trend visualization;
• Matching (limited): The happiness index (an aggregate metric) may factor into matching compatibility. Individual mood scores and journal entries are NOT shared with other Users or used in matching;
• AI wellness tips: Mood scores may be used to generate personalized wellness recommendations via AI;
• Daily wellness campaigns: We may send wellness check-in reminders via push notification.

13.3 How Wellness Data Is Protected

• Wellness data is never shared with other Users;
• Wellness data is never sold to third parties;
• Wellness data is never used for advertising;
• Wellness data is never shared with insurance companies, employers, or health organizations;
• Access to wellness data within our systems is restricted to essential personnel only;
• Wellness data is encrypted at rest and in transit;
• Upon account deletion, wellness data is deleted according to our retention schedule.

13.4 Not HIPAA-Covered

Sigma Pi Labs Inc. is not a covered entity or business associate under the Health Insurance Portability and Accountability Act (HIPAA). The App is not a medical device and is not subject to HIPAA regulations. However, we voluntarily apply heightened privacy and security standards to your wellness data.

14. PUSH NOTIFICATION DATA

14.1 Notification Infrastructure

Push notifications are delivered through Firebase Cloud Messaging (FCM) for both iOS and Android. To deliver notifications, we collect and store:

• Your device's FCM registration token;
• Device platform (iOS or Android);
• Notification delivery status and timestamps;
• Notification type and metadata.

14.2 Notification Audit Trail

All push notifications sent to you are recorded in an audit log (the user_notifications table) for service quality, debugging, and abuse prevention purposes. This log includes the notification type, title, body, delivery timestamp, and associated metadata.

14.3 Notification Content

Push notification content may include:

• Match request alerts with accept/decline actions;
• New message previews (which may include portions of message text);
• Connection status updates;
• Wellness check-in reminders;
• Campaign and promotional content;
• System and security alerts.

Be aware that push notifications are visible on your device's lock screen and notification center, which may be viewable by others with physical access to your device.

14.4 Managing Notifications

You can manage notifications by:

• Disabling all push notifications via device settings;
• Configuring notification categories (where supported by your device);
• Opting out of promotional/campaign notifications within the App's settings.

15. PROXIMITY AND BLUETOOTH DATA

15.1 BLE Proximity Features

The App may use Bluetooth Low Energy (BLE) technology to detect proximity between Users and facilitate nearby connections. This feature:

• Requires Bluetooth permission on your device;
• Generates proximity tokens that are shared with nearby Users;
• Proximity tokens are rotated and revoked when connections end;
• Does not persistently track your location via Bluetooth.

15.2 Proximity Data Minimization

Proximity tokens are ephemeral identifiers designed to facilitate specific connection interactions. They are not used for tracking, advertising, or any purpose beyond the intended proximity feature. Tokens are distributed via silent push notifications and are revoked when connections end or users block each other.

16. DATA BREACH NOTIFICATION

16.1 Our Commitment

In the event of a data breach that affects your personal information, we will:

• Investigate the breach promptly and take steps to contain and remediate it;
• Notify affected Users without undue delay (and within 72 hours where required by GDPR);
• Notify applicable regulatory authorities as required by law;
• Provide information about the nature of the breach, the data affected, and steps you can take to protect yourself;
• Document the breach and our response for compliance purposes.

16.2 Notification Methods

Breach notifications may be sent via email, push notification, in-app notice, or posted on our website, depending on the nature and severity of the breach.

17. CHANGES TO THIS PRIVACY POLICY

17.1 Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this Policy;
• Notify you through the App via push notification or in-app notice;
• For material changes that affect the processing of sensitive data, we may request renewed consent.

17.2 Your Continued Use

Your continued use of the App after any changes to this Privacy Policy constitutes your acceptance of the updated Policy. If you do not agree with the changes, you should stop using the App and delete your account.

17.3 Prior Versions

Prior versions of this Privacy Policy may be available upon request by contacting us at privacy@sigmapilabs.com.

18. CALIFORNIA PRIVACY RIGHTS — ADDITIONAL DISCLOSURES

18.1 Financial Incentives

We do not offer financial incentives (e.g., price or service differences) in exchange for the retention or sale of personal information.

18.2 Metrics (Annual Disclosure)

As required by the CCPA, we will publish annual metrics regarding consumer requests received, including the number of requests to know, delete, and opt-out, and our median response time. These metrics will be available upon request.

18.3 Verification Process

When you submit a CCPA request, we will verify your identity by matching information you provide with the information we have on file. For account holders, we will verify through your authenticated account. For non-account holders, we may require additional proof of identity.

19. VIRGINIA, COLORADO, CONNECTICUT, UTAH, AND OTHER STATE PRIVACY RIGHTS

If you are a resident of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), or other states with comprehensive privacy laws, you may have rights including:

• Right to confirm whether we are processing your personal data;
• Right to access your personal data;
• Right to correct inaccuracies in your personal data;
• Right to delete your personal data;
• Right to obtain a portable copy of your personal data;
• Right to opt out of targeted advertising (we do not engage in targeted advertising);
• Right to opt out of the sale of personal data (we do not sell personal data);
• Right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects;
• Right to appeal a denial of your privacy request.

To exercise these rights or appeal a decision, contact us at privacy@sigmapilabs.com.

20. CONTACT INFORMATION

20.1 Data Controller

Sigma Pi Labs Inc.
Role: Data Controller

20.2 Privacy Inquiries

For any questions, concerns, complaints, or requests regarding this Privacy Policy or our data practices, please contact us at:

Privacy: privacy@sigmapilabs.com
General: support@sigmapilabs.com
Legal: legal@sigmapilabs.com

20.3 EU Representative

If you are located in the EEA and wish to contact a representative regarding data protection matters, please email privacy@sigmapilabs.com and we will direct your inquiry appropriately.

20.4 Supervisory Authority

If you are located in the EEA or UK and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local supervisory authority. A list of EEA supervisory authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

By using the Vibe Connect App, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy in its entirety.