Privacy Policy

Olson Creations LLC, DBA "LETS GO OUT" ("LetsGo," "we," "us," or "our") is committed to protecting your privacy and the security of your personal information. This Privacy Policy explains in detail how we collect, use, disclose, store, and safeguard your information when you use our website, mobile applications, APIs, and all related services (collectively, the "Services").

By creating an account or using the Services, you consent to the data practices described in this Privacy Policy. If you do not agree with any part of this Privacy Policy, please do not create an account or use the Services. This Privacy Policy is incorporated by reference into our Terms of Service.

We collect information in three ways: information you provide directly, information collected automatically, and information from third-party sources.

2.1 Information You Provide Directly

Account Registration:

• Full name (first name, last name)
• Email address
• Password (encrypted, never stored in plaintext)
• Phone number (optional)
• ZIP code (used for location-based discovery)

Profile Information:

• Username (optional, publicly visible)
• Profile photo / avatar
• Bio (optional)
• Location preferences

Financial and Tax Information:

• Payout method preference (Venmo, PayPal, or bank transfer)
• Payout account identifier (account handle, email, or account number)
• Social Security Number (SSN) or Taxpayer Identification Number (TIN) — collected only if you reach the $600 IRS reporting threshold per calendar year
• W-9 form information (when required for tax compliance)

Receipt Data:

• Photographs of receipts
• Transaction amounts (subtotal)
• Transaction dates
• Associated business identification
• Submission metadata (timestamp, device information)

User-Generated Content:

• Photos and videos submitted to the Experiences feed
• Captions, tags, and descriptions
• Comments on other users' content
• Ratings and reviews (star ratings, "Would Go Again" indicators, private notes)

Social and Contact Data:

• Friend requests and friend list
• Device contacts — only when you explicitly grant permission via your device's native Contact Picker interface (names, email addresses, phone numbers). We do NOT access your contacts automatically or in the background
• Email addresses entered manually for invitation purposes
• Referral codes shared with invitees

Game and Interaction Data:

• Game session data (5v3v1, Group Vote, Date Night Generator)
• Voting selections and preferences
• Game outcomes and history

Communications:

• Messages sent through our in-app messaging/support system
• Support ticket content
• Emails and other correspondence with LetsGo

Business Account Information (for Partners):

• Legal business name and public-facing business name
• Business type and category
• Physical address, phone number, and customer-facing email
• Operating hours and age restrictions
• Verification documents (business license, EIN certificate, or utility bill)
• Business logo and promotional images
• Bank account information (bank name, routing number, account number, account type) or credit/debit card information for billing
• Billing address
• Authorized representative information (name, role/title, contact details)
• Payout tier configuration
• Digital signature and legal acknowledgment records
• Marketing and advertising permissions

2.2 Information Collected Automatically

• Device Information: Device type, operating system, browser type and version, screen resolution, unique device identifiers, and mobile carrier
• Usage Data: Pages visited, features used, buttons clicked, search queries, filter selections, swipe interactions, time spent on pages, and navigation patterns
• Location Data: Approximate location derived from your IP address and the ZIP code you provide during registration. We do NOT use GPS or precise geolocation tracking
• Activity Data: Last active timestamp (updated periodically when you use the app, used to derive online/away/offline status visible to your friends)
• Log Data: IP address, access timestamps, referring URLs, error logs, and server response times
• Session Data: Authentication tokens stored in your browser's local storage (key: "letsgo-auth") to maintain your login session
• Push Subscription Data: If you enable push notifications, we store your browser push subscription endpoint, encryption keys (p256dh and auth), and user agent string

2.3 Information from Third-Party Sources

• OAuth Providers: If you sign in using a third-party provider (e.g., Google), we may receive your name, email address, and profile photo from that provider, subject to your authorization and their privacy policy
• Participating Businesses: Businesses may provide information relevant to receipt verification, dispute resolution, or fraud investigation

We use the information we collect for the following purposes:

3.1 Providing and Operating the Services:

• Create, maintain, and manage your account
• Process receipt submissions and calculate Payouts
• Facilitate progressive cash-back rewards and visit tracking
• Display business listings and personalize discovery recommendations based on your location, preferences, and interaction history
• Facilitate social features (friend connections, contact matching, invitations)
• Operate interactive games and group activities
• Process Payout cashout requests and deliver payments
• Display User-Generated Content on the Experiences feed

3.2 Verification and Fraud Prevention:

• Verify receipt authenticity through manual and automated systems
• Detect, investigate, and prevent fraudulent, unauthorized, or suspicious activity
• Monitor account activity patterns for anomalies
• Verify business identities and documentation
• Enforce our Terms of Service

3.3 Legal and Tax Compliance:

• Comply with IRS reporting requirements (Form 1099)
• Respond to subpoenas, court orders, and legal process
• Maintain records as required by applicable tax and financial regulations
• Cooperate with law enforcement investigations when legally required

3.4 Communications:

• Send transactional notifications (receipt status, Payout processing, tier changes, account security)
• Send invitation emails on your behalf (only when you initiate contact imports or manual invitations)
• Respond to your support inquiries and feedback
• Send marketing and promotional communications (with your consent, where required by law)

3.5 Improvement and Analytics:

• Analyze usage patterns, trends, and aggregated statistics to improve the Services
• Test new features and optimize user experience
• Monitor Platform performance and diagnose technical issues
• Generate aggregated, anonymized business analytics for Participating Businesses (Premium feature)

We do NOT sell your personal information. We do not sell, rent, or trade your personal data to third parties for their marketing purposes. We may share your information only in the following limited circumstances:

4.1 With Participating Businesses: We share limited information with businesses to facilitate the rewards program. Specifically: (a) your receipt submission data (amount, date, approval status) for their business only; (b) your aggregate visit count at their business; and (c) your first name and profile photo (if you submit User Content associated with their business). Businesses do NOT receive your full profile, financial information, tax information, data from other businesses, friend list, or contact information.

4.2 With Your Friends: If you connect with other users as friends, they may see: your name, username, profile photo, online status (online/away/offline), and your activity within shared games. Friends do NOT see your financial information, receipt details, Payout amounts, or contact list.

4.3 Service Providers: We share information with third-party service providers who perform services on our behalf. These providers include:

• Supabase: Cloud database hosting, user authentication, and file storage (your data is stored on Supabase's infrastructure with encryption at rest and in transit)
• Resend: Transactional and invitation email delivery (receives recipient email addresses and email content)
• Twilio: SMS / text message delivery for friend invitations, account notifications, and transactional alerts (receives recipient mobile phone numbers and message content; bound by Twilio's data processing terms and applicable carrier requirements)
• Google Maps Platform: Address autocomplete and geolocation for business onboarding (receives address queries during business registration; does NOT track individual user locations)
• Payment Processors: Payout delivery and business billing (receives necessary financial information to process payments)
• Vercel: Web application hosting and content delivery

All service providers are contractually obligated to use your information only for the specific purposes we direct and to maintain appropriate security measures. We require service providers to comply with applicable data protection laws.

4.4 Tax Authorities: We are legally required to report Payout information to the Internal Revenue Service (IRS) and applicable state tax authorities when you meet the $600 annual reporting threshold. Information shared includes your legal name, address, SSN/TIN, and total Payout amounts.

4.5 Legal Compliance and Safety: We may disclose your information if we believe, in good faith, that disclosure is: (a) required by applicable law, regulation, legal process, or governmental request (including subpoenas and court orders); (b) necessary to protect the rights, property, or safety of LetsGo, our users, or the public; (c) necessary to investigate or prevent fraud, security breaches, or other harmful activity; (d) necessary to enforce our Terms of Service; or (e) required to cooperate with law enforcement investigations.

4.6 Business Transfers: In the event of a merger, acquisition, bankruptcy, dissolution, reorganization, asset sale, or similar corporate transaction, your information may be transferred to the successor entity as part of that transaction. We will notify you via email and/or prominent notice on the Platform of any change in ownership or use of your personal information.

4.7 Aggregated and De-Identified Data: We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you. For example, we may share aggregate statistics about Platform usage, visit trends, or geographic activity patterns with Participating Businesses or for marketing purposes.

4.8 With Your Consent: We may share your information for other purposes with your explicit, informed consent.

5.1 How Contact Data Is Collected. The Platform offers a "Find Your Friends" feature that allows you to check if people you know are already on LetsGo. This feature uses the Contact Picker API — a browser-level interface that shows your device's native contact selection dialog. You choose which specific contacts to share. We NEVER access your full address book automatically or in the background. On devices where the Contact Picker API is not available (e.g., iOS Safari), we offer manual email entry and share-link alternatives instead.

5.2 How Contact Data Is Used. Imported contact information (names, email addresses, phone numbers) is used solely to: (a) match email addresses against existing LetsGo user accounts so you can send friend requests; and (b) send invitation emails to non-users, only when you explicitly request it. Contact data is NOT used for any other purpose, including advertising, profiling, or marketing by LetsGo or any third party.

5.3 Invitation Emails. When you invite contacts, LetsGo sends a single invitation email on your behalf. The email identifies you by name as the sender. Recipients are not added to any mailing list and will not receive further emails unless they create their own account. Invitations are rate-limited (maximum 100 per day) to prevent abuse.

5.4 Contact Data Storage. Contact invitation records (inviter ID, contact name, contact email, and invitation status) are stored in our database to: prevent duplicate invitations to the same person; enforce daily rate limits; and track invitation acceptance. We do NOT store your full contact list — only the contacts you explicitly selected for matching or invitation.

5.5 SMS / Text Messaging Program. LetsGo offers SMS messaging as an optional channel for friend invitations and account-related notifications. The categories of SMS messages we may send include: (a) friend invitations that you, the user, explicitly initiate by selecting a contact and tapping "invite"; (b) receipt approval, rejection, and Payout status notifications; (c) account security alerts (such as login or password reset notifications); and (d) other transactional notifications related to your account. We do NOT send unsolicited promotional or marketing text messages.

5.6 SMS Consent and Opt-In. SMS consent is collected at the point you provide your mobile phone number and affirmatively choose to receive text messages from LetsGo, or at the point you initiate an SMS-based action (such as inviting a friend by text). By providing your mobile phone number and consenting, you agree to receive SMS messages from LetsGo at the number you provided, sent via an automatic telephone dialing system. Consent to receive SMS messages is not a condition of using the Services or making any purchase.

5.7 Mobile Information Sharing — No Third-Party Sharing for Marketing. Mobile phone numbers and SMS opt-in consent are not shared with third parties or affiliates for marketing or promotional purposes. Mobile information is shared only with Twilio (our SMS delivery provider) and applicable mobile carriers solely as necessary to deliver the messages you have requested or that are required for the operation of your account. No mobile opt-in data is sold, rented, leased, or otherwise transferred to any third party for that party's own marketing or promotional use.

5.8 Opt-Out, Help, Frequency, and Carrier Charges. You may opt out of SMS messages from LetsGo at any time by replying STOP to any text message you receive from us. Once you reply STOP, you will receive a confirmation message and will not receive further SMS messages unless you re-enroll. For help, reply HELP or contact us at support@useletsgo.com. Message frequency varies based on your activity (for example, the number of friend invitations you initiate or receipts you submit). Message and data rates may apply depending on your mobile carrier and plan. LetsGo is not responsible for any charges from your wireless carrier. Supported carriers include all major U.S. carriers; carriers are not liable for delayed or undelivered messages.

We implement commercially reasonable technical, administrative, and organizational security measures designed to protect your information from unauthorized access, use, alteration, disclosure, or destruction. These measures include:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL (HTTPS)
• Encryption at Rest: Sensitive data stored in our databases is encrypted at rest
• Access Controls: Role-based access controls limit who within our organization can access personal data
• Authentication Security: Passwords are hashed using industry-standard algorithms; authentication tokens are securely generated and managed
• Row-Level Security: Database-level security policies ensure users can only access their own data
• Regular Security Reviews: We conduct periodic reviews of our security practices and infrastructure
• Service Role Separation: Server-side operations use isolated service credentials with elevated privileges; client-side operations use restricted credentials that enforce access policies

However, no method of electronic transmission or storage is 100% secure. While we strive to use commercially reasonable means to protect your personal information, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials and for any activity under your account. If you believe your account has been compromised, contact us immediately at security@useletsgo.com.

We retain your personal information for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy. Specific retention periods include:

• Account Data: Retained as long as your account is active. Upon account deletion request, account data is deleted or anonymized within thirty (30) days, except for data we are required to retain by law
• Receipt Data and Payout Records: Retained for a minimum of seven (7) years from the date of the transaction to comply with IRS recordkeeping requirements and applicable tax laws, even if you delete your account
• Tax Information (SSN/TIN, W-9): Retained for a minimum of seven (7) years after the last tax year for which the information was used for reporting
• Business Verification Documents: Retained for the duration of the Business Account plus three (3) years after account closure
• User-Generated Content: Retained as long as the content is published on the Platform. You may request removal, subject to the license granted in the Terms of Service
• Contact Invitation Records: Retained for one (1) year from the date of invitation, then automatically purged
• Fraud Investigation Records: Retained indefinitely to support ongoing fraud prevention and law enforcement cooperation
• Server Logs: Retained for ninety (90) days for debugging and security purposes
• Activity Data: Online status data (last_seen_at) is retained for ninety (90) days

When data is no longer needed for the purposes described above and is not subject to legal retention requirements, it is securely deleted or anonymized.

8.1 Access and Correction. You can access and update most of your personal information directly through your profile settings in the app. If you need to access or correct information that is not editable through the app, contact us at privacy@useletsgo.com.

8.2 Account Deletion. You may request the deletion of your account by contacting us at support@useletsgo.com. Upon receiving your request, we will: delete or anonymize your account data within thirty (30) days; retain receipt, Payout, and tax records as required by law (minimum 7 years); delete your User-Generated Content from the Platform (though cached copies may persist temporarily); and remove your data from active databases (backup copies may be retained per our backup retention schedule). Please note that account deletion is permanent and cannot be reversed.

8.3 Data Portability. You may request a copy of your personal data in a commonly used, machine-readable format by contacting us at privacy@useletsgo.com. We will provide the data within thirty (30) days of your request.

8.4 Marketing Communications. You may opt out of marketing and promotional emails at any time by: clicking the "unsubscribe" link at the bottom of any marketing email; adjusting your email notification preferences in the app; or contacting us at privacy@useletsgo.com. Opting out of marketing communications does NOT affect transactional communications (receipt notifications, Payout alerts, security notices), which are required for the operation of the Services.

8.5 Push Notifications. You can disable push notifications at any time through: your device's system settings; your browser's notification settings; or the in-app notification preferences panel.

8.6 Cookies and Local Storage. You can control cookies and local storage through your browser settings. Note that clearing local storage will log you out of the app (our session is stored under the "letsgo-auth" key). Disabling cookies or local storage may impair the functionality of the Services.

8.7 Contact Data. Contact data imported via the Contact Picker is processed at the time of import and stored only as invitation records. You can request deletion of your invitation records by contacting privacy@useletsgo.com.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, the business or commercial purposes for collection, and the categories of third parties with whom we share it
• Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions (including legal retention requirements for tax records)
• Right to Correct: You have the right to request correction of inaccurate personal information
• Right to Opt Out of Sale or Sharing: We do NOT sell or share your personal information for cross-context behavioral advertising. Therefore, there is no need to opt out of such practices
• Right to Limit Use of Sensitive Personal Information: We only use sensitive personal information (such as SSN) for the specific purposes described in this Privacy Policy (tax compliance). We do not use it for profiling or advertising
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights. You will not receive different pricing, service quality, or access to features based on exercising these rights

How to Exercise Your Rights: To submit a CCPA/CPRA request, email us at privacy@useletsgo.com with the subject line "CCPA Request." We will verify your identity before processing your request. You may also designate an authorized agent to submit requests on your behalf. We will respond to verified requests within forty-five (45) days, with the possibility of a forty-five (45) day extension if reasonably necessary (we will notify you of any extension).

Categories of Personal Information Collected (last 12 months):

• Identifiers (name, email, phone, username, IP address)
• Financial information (bank account details, payment methods, Payout records)
• Commercial information (receipt data, transaction history, subscription status)
• Internet/electronic activity (usage data, device info, log data)
• Geolocation data (approximate, from IP address and ZIP code)
• Audio/visual information (photos, videos submitted as User Content)
• Professional/employment information (for business account representatives)
• Sensitive personal information (SSN/TIN, for tax compliance only)
• Inferences (derived data such as payout tier eligibility and visit patterns)

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with comprehensive privacy laws may have similar rights to those described in Section 9, including the right to access, correct, delete, and port personal data, and the right to opt out of targeted advertising (which we do not engage in). To exercise these rights, contact us at privacy@useletsgo.com. We will verify your identity and respond within the timeframe required by your state's law.

If you are not satisfied with our response to your privacy request, you may have the right to appeal our decision. To submit an appeal, email us at privacy@useletsgo.com with the subject line "Privacy Appeal."

The Services are not directed to and are not intended for individuals under the age of eighteen (18). We do not knowingly collect, use, or disclose personal information from anyone under 18 years of age. If we learn or have reason to believe that we have collected information from a child under 18, we will promptly take steps to delete that information and terminate the associated account.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at privacy@useletsgo.com so that we can take appropriate action.

LetsGo does NOT collect, store, or process biometric data (such as fingerprints, facial recognition data, voiceprints, or retinal scans). Receipt verification is performed through image analysis of receipt documents, not biometric identification of individuals.

Some web browsers transmit "Do Not Track" (DNT) signals to websites. Because there is no universally accepted standard for how to respond to DNT signals, we do not currently respond to DNT signals. However, we do not engage in cross-site tracking or targeted advertising based on your browsing activity across other websites.

The Services are operated from and hosted in the United States. If you access the Services from outside the United States, you understand and agree that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country. By using the Services, you consent to such transfer, storage, and processing.

The Platform may contain links to third-party websites, applications, or services that are not operated or controlled by LetsGo. This Privacy Policy does not apply to those third-party services. We are not responsible for the privacy practices, content, or security of any third-party website or service. We encourage you to review the privacy policies of any third-party service you access through or in connection with the Platform.

Specifically, our Services integrate with the following third-party providers, each with their own privacy policies: Supabase (database and authentication), Resend (email delivery), Google (maps and address services), and payment processors (for Payout delivery and business billing).

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will: (a) post the updated Privacy Policy on the Platform with a new effective date; (b) send you an email notification (for material changes that significantly affect how we use your data); and/or (c) display a prominent notice within the app.

Your continued use of the Services after the effective date of an updated Privacy Policy constitutes your acceptance of the updated practices. If you do not agree with a material change, you should stop using the Services and request account deletion.

If you have questions, concerns, or complaints about this Privacy Policy, our data practices, or your personal information, please contact us at:

Olson Creations LLC, DBA "LETS GO OUT"
Email: privacy@useletsgo.com
General Support: support@useletsgo.com
Security Issues: security@useletsgo.com
Legal Inquiries: legal@useletsgo.com
Omaha, Nebraska, United States

We will respond to privacy inquiries within thirty (30) days. For CCPA/CPRA and state privacy law requests, we will respond within the timeframe required by applicable law.