Privacy Policy

Effective Date: April 4, 2026

Your Privacy Matters: iBuddy Technologies Inc. is committed to protecting your privacy. We collect only what is necessary to operate a safe, secure companionship, support, and errands marketplace. You control your notification preferences, marketing opt-ins, and can request data deletion at any time. We do NOT sell your personal information. Contact us at privacy@ibuddytechnologies.com with any questions.

Table of Contents

  1. Introduction and Scope
  2. Information We Collect
  3. How We Use Your Information
  4. Third-Party Service Providers
  5. Information Sharing and Disclosure
  6. Data Retention
  7. Data Security
  8. Your Privacy Rights
  9. State-Specific Privacy Rights
  10. Biometric Data Disclosures (BIPA)
  11. Health Information
  12. Children's Privacy
  13. Data Breach Notification
  14. Do Not Track and Global Privacy Control
  15. International Users
  16. Changes to This Privacy Policy
  17. Contact Information

1. Introduction and Scope

iBuddy Technologies Inc. ("iBuddy," "we," "us," or "our") operates the Buddy mobile application ("App") and the website at www.ibuddytechnologies.com ("Website"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App or Website.

Buddy is an AI-powered marketplace connecting Clients with verified, independent Buddies (Companions) across three service lanes: Companionship (social connection and activities), Support (certified sober companions and recovery coaches), and Errands (everyday tasks and assistance). This policy applies to all users of the App and Website within the United States, including Clients, Companions, and any other individuals who interact with our services.

By creating an account or using the App or Website, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the App or Website.

2. Information We Collect

2.1 Information You Provide Directly

Account Registration

  • Phone number
  • Full name
  • Email address
  • Password (stored securely using industry-standard hashing)

Profile Information

  • Display name, profile photos, bio, and interests
  • Care level preferences

Companion-Specific Data

  • Sober date (Support lane only)
  • Service lane selections and buddy type registrations
  • Professional certifications across five categories (Peer Support Specialist, Recovery Coach, Certified Addiction Counselor, Licensed Addiction Counselor, Sober Companion/Coach), plus base certifications (Narcan, CPR/AED/First Aid)
  • Hourly rates per service lane
  • Availability schedule
  • Video introduction

Government Identification

  • Driver license or passport. Document numbers are securely hashed; original numbers are not stored in plaintext.
  • Social Security Number (companions only, provided directly to Checkr for background check processing — not stored by iBuddy)

Insurance Documentation

  • Optional proof of liability insurance for companions

Emergency Contacts

  • Contact names, phone numbers, and relationships

Reviews and Ratings

  • Star ratings and written session reviews

In-App Communications

  • Chat messages between clients and companions, AI companion chat conversations, voice recordings from bidirectional voice conversations (processed in real time for transcription and not permanently stored after processing), and support tickets

Language and Voice Preferences

  • Preferred language (English or Spanish)
  • Preferred AI voice selection (from available male and female voice presets)

Consent Preferences

  • Push notification opt-in/out
  • Email notification preferences
  • SMS marketing consent
  • Session reminder settings

2.2 Information Collected Automatically

Device Information

  • Device model, brand, and operating system version
  • Unique device identifiers and vendor ID
  • Device fingerprint (a persistent identifier combining platform, OS version, device brand/model, and vendor ID, used for ban evasion detection)
  • App installation ID
  • Push notification tokens

Location Data

  • Real-time GPS coordinates during active companion sessions
  • SOS emergency location data
  • Location accuracy measurements
  • Timestamps associated with location data

Usage Data

  • App interaction events
  • Session booking history
  • Feature usage patterns
  • Screen navigation

Network Information

  • IP address

2.3 Biometric Data

  • Facial Images: Profile photos used for identity verification and restricted after onboarding to help prevent impersonation and fraud, pre-session verification selfies, en-route video verification recordings, and at-the-door verification photos
  • Facial Recognition Scores: Similarity comparison scores generated during photo-to-photo and video-to-video identity verification
  • Verification Thresholds: Minimum AI-generated match scores are required for each verification type, with elevated thresholds for on-demand requests
  • Ban Evasion Detection: Facial data may be compared against a database of previously banned users to prevent fraudulent account creation

Important: Biometric templates generated during facial verification are transient and are NOT permanently stored by our third-party verification providers.

2.4 Information from Third Parties

  • Background Check Results: Criminal record checks and identity verification results from our background check provider
  • Payment Information: Transaction status, payment method metadata (last four digits, card brand), and customer identifiers from our payment processor. We NEVER receive or store full credit card numbers, CVVs, or complete card details.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Operate and maintain the Buddy marketplace platform
  • Match clients with suitable, verified companions across three service lanes (Companionship, Support, Errands) using AI-powered and rating-based matching algorithms
  • Verify companion identity through our safety and verification framework
  • Process payments, pre-authorized holds, refunds, and companion payouts through our secure payment processor
  • Conduct criminal background checks through our licensed provider during companion onboarding
  • Track real-time GPS location during active sessions for safety monitoring
  • Respond to SOS emergencies including 911 integration, emergency contact SMS alerts, and additional safety monitoring features
  • Detect and prevent ban evasion through multiple identification and verification methods
  • Apply rating-based companion gating and matching policies
  • Send transactional notifications for bookings, payments, verifications, and safety alerts
  • Send marketing communications only with explicit opt-in consent
  • Power AI companion chat and voice features using language model providers for text-based conversation, native text-to-speech for voice responses, and speech-to-text transcription for voice conversations
  • Track application errors, crashes, and performance metrics through our error monitoring provider (with personally identifiable information scrubbed)
  • Comply with applicable laws, legal processes, and regulatory requirements

4. Third-Party Service Providers

We share information with third-party service providers who process data on our behalf. These providers fall into the following categories:

Payment Processing and Payouts

We use Stripe, Inc. to process all payments, subscriptions, companion payouts, and pre-authorized holds. Stripe is PCI-DSS compliant. We never receive or store your full card details. https://stripe.com/privacy

Background Checks and Identity Verification

We use Checkr, Inc. to conduct criminal background checks and identity verification during companion onboarding. Social Security Numbers and personal data are submitted directly to Checkr and are not stored by iBuddy. https://checkr.com/privacy-policy

Cloud Infrastructure and Database Services

We use cloud-hosted database and authentication services to securely store your data, manage user accounts, handle file storage, and run serverless functions.

Facial Recognition and Biometric Verification

We use third-party facial recognition providers to perform photo-to-photo and video-to-video identity comparisons as part of our eight-layer safety verification system. Biometric templates are transient and are NOT permanently stored by these providers.

Communications (Voice, SMS, Email, and Push Notifications)

We use third-party providers to deliver voice calls via masked proxy numbers, SMS notifications, transactional and marketing emails, and push notifications to your mobile device.

AI and Machine Learning Services

We use AI language model providers to power our AI companion chat and voice features, including text-based conversation, text-to-speech responses, and speech-to-text transcription.

Error Tracking and Performance Monitoring

We use a third-party error tracking service to monitor application crashes and performance. Personally identifiable information (email addresses, phone numbers) is scrubbed before transmission.

Mapping and Location Services

We use mapping providers to render maps, provide navigation directions, and display session locations in both the mobile app and our administrative tools.

Administrative Infrastructure

We use hosting providers for our internal administrative portal, which is used by our Trust and Safety team to manage companion applications, safety incidents, and platform operations.

Website Analytics and Marketing

Our Website (www.ibuddytechnologies.com) uses the following categories of third-party services:

  • Analytics providers to track page views, visitor counts, traffic sources, and site performance. These services may use cookies and similar tracking technologies.
  • Tag management services to manage marketing and analytics scripts on our Website.
  • Email marketing services to manage our newsletter and waitlist signups. When you subscribe via our Website, your email address is shared with our email marketing provider.
  • Hosting and content delivery providers to serve our Website globally with optimal performance.

Cookies and Similar Technologies

Our Website uses cookies and similar technologies for:

  • Essential cookies — required for site functionality
  • Analytics cookies — to understand how visitors use our Website
  • Marketing cookies — to manage newsletter signups and ad tracking (only when enabled via our tag management service)

You can control cookie preferences through your browser settings. Disabling cookies may affect Website functionality.

We require third-party providers to process data only as needed to provide their services to us and in accordance with applicable law and our agreements with them. A complete list of specific service providers (subprocessors) is maintained internally and is available upon request for compliance or audit purposes.

5. Information Sharing and Disclosure

We may share your information in the following circumstances:

  • With companions or clients you connect with through the platform (limited to necessary booking details such as name, photo, and session information)
  • With the categories of third-party service providers described in Section 4 for their stated purposes
  • With emergency services (911) when an SOS alert is triggered
  • With your designated emergency contacts during an SOS event (GPS coordinates and safety status)
  • With our Trust and Safety team during safety incident investigations
  • With law enforcement agencies when required by law, subpoena, court order, or governmental regulation
  • In connection with legal proceedings to protect our rights
  • In connection with a merger, acquisition, or sale of assets (with prior notice to affected users)
  • With your explicit consent

We do NOT sell your personal information to any third party.

We do NOT share your personal information for cross-context behavioral advertising.

6. Data Retention

We retain your information for the following periods:

| Data Type | Retention Period | |-----------|-----------------| | Active account data | While account is active | | Biometric verification images | 90 days from capture, then purged | | Profile photos | Account duration + 90 days after deletion | | Verification documents (gov. ID, certs) | 7 years for legal compliance | | Background check records | 7 years or as required by law | | Transaction/payment records | 7 years for tax/accounting | | Safety incident reports | Indefinitely | | Deleted account data | Anonymized within 90 days | | Email bounce/complaint data | Indefinitely | | Error/crash data | 90 days | | Ban evasion records | Indefinitely (permanent bans); cleared after temp ban expires |

7. Data Security

We implement appropriate technical and organizational measures to protect your information:

  • All data is encrypted at rest and in transit using industry-standard protocols
  • Personally identifiable information is scrubbed from error tracking and crash reports before transmission
  • Government identification document numbers are securely hashed using industry-standard one-way encryption; original numbers are never stored in plaintext
  • We never receive, store, or have access to full credit card numbers — all payment processing occurs through our PCI-compliant payment processor
  • Access to personal data is restricted to authorized personnel on a need-to-know basis
  • We maintain audit logs of data access and administrative actions
  • Our safety and verification framework provides continuous identity assurance throughout companion sessions

8. Your Privacy Rights

All users have the following rights regardless of state of residence:

  • Right to Access: Request a copy of the personal information we hold about you
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Delete: Request deletion of your account and associated data (subject to legal retention requirements outlined in Section 6)
  • Right to Data Portability: Request your data in a structured, machine-readable format
  • Right to Opt Out of Marketing: Unsubscribe from marketing emails via the link in any marketing email, or reply STOP to any marketing SMS
  • Right to Withdraw Consent: Withdraw consent for optional data collection at any time through your App settings
  • Right to Suppression List Removal: Request removal from our email suppression list

To exercise any of these rights, contact us at privacy@ibuddytechnologies.com. We will respond within 45 days.

9. State-Specific Privacy Rights

9.1 California (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act.

Categories of Personal Information We Collect (per Cal. Civ. Code 1798.140):

  • Category A (Identifiers): Name, email, phone number, device identifiers
  • Category B (Personal Information): Financial records via Stripe, government ID
  • Category D (Commercial Information): Booking history, transaction records, subscription status
  • Category E (Biometric Information): Facial recognition data, verification photos and videos
  • Category F (Internet Activity): App usage data, error logs, interaction history
  • Category G (Geolocation): GPS coordinates during active sessions and SOS events
  • Category I (Professional Information): Companion certifications, sobriety date, professional experience
  • Category K (Inferences): AI companion chat context, rating-based matching preferences

Your California Rights:

  • Right to know what personal information is collected, used, shared, and sold
  • Right to delete your personal information
  • Right to correct inaccurate personal information
  • Right to opt out of the sale or sharing of personal information (we do not sell or share for targeted advertising)
  • Right to limit the use of sensitive personal information
  • Right to non-discrimination for exercising your rights
  • Right to designate an authorized agent to submit requests on your behalf

Sensitive Personal Information:

We collect the following categories of sensitive personal information: precise geolocation (during sessions), biometric data (facial recognition), and health-related information (recovery status, sober date). You have the right to limit the use and disclosure of sensitive personal information to what is necessary to perform our services.

Verification:

To verify your identity when exercising CCPA rights, we may require you to confirm your account email address, verify via OTP code, or provide other identifying information consistent with your account.

Shine the Light:

We do not share personal information with third parties for their direct marketing purposes.

9.2 Virginia (VCDPA)

Virginia residents have the right to: confirm whether we process your personal data; access your data; correct inaccuracies; delete your data; obtain a portable copy; and opt out of targeted advertising, sale of personal data, and profiling. We do not engage in targeted advertising or sell personal data. You may appeal a denial of your request by contacting privacy@ibuddytechnologies.com.

9.3 Colorado (CPA)

Colorado residents have rights similar to Virginia residents, including the right to opt out via a universal opt-out mechanism. We honor Global Privacy Control (GPC) signals as a valid opt-out request.

9.4 Connecticut (CTDPA)

Connecticut residents have the same core rights as Virginia residents, including the right to access, correct, delete, obtain a portable copy of data, and opt out of the sale of personal data, targeted advertising, and profiling.

9.5 Additional State Privacy Laws

The following states provide similar consumer privacy rights. Residents of these states may exercise their rights by contacting privacy@ibuddytechnologies.com:

  • Utah (UCPA): Right to know, delete, and data portability. 45-day response period.
  • Texas (TDPSA): Right to access, correct, delete, and opt out. 45-day response period.
  • Oregon (OCPA): Right to know, correct, delete, and data portability. 45-day response period.
  • Montana (MTDPA): Right to access, correct, delete, data portability, and opt out. 45-day response period.
  • Delaware (DPDPA): Broad consumer privacy rights including access, correct, delete, and opt out. 45-day response period.
  • Iowa (ICDPA): Right to confirm, access, delete, and opt out. 90-day response period.
  • Tennessee (TIPA): Right to access, correct, delete, data portability, and opt out. 45-day response period.
  • Indiana (INDPA): Right to confirm, access, delete, correct, and opt out. 45-day response period.

10. Biometric Data Disclosures (BIPA — Illinois)

If you are an Illinois resident, the following disclosures are made pursuant to the Illinois Biometric Information Privacy Act (740 ILCS 14):

  • What We Collect: Facial geometry data derived from photographs and video recordings for identity verification purposes
  • Purpose: To verify companion identity before, during, and after companion sessions through our eight-layer safety verification system, and to detect and prevent ban evasion
  • Retention: Biometric verification images are retained for 90 days from the date of capture, after which they are automatically and permanently destroyed
  • Consent: We obtain your informed written consent through an in-app biometric consent flow before collecting any biometric data
  • No Sale or Trade: We do NOT sell, lease, trade, or otherwise profit from your biometric data
  • Right to Request Deletion: You may request deletion of your biometric data at any time by contacting privacy@ibuddytechnologies.com. Note that deletion of biometric data may result in the suspension of companion accounts, as facial verification is required for active companion status.

11. Health Information

Important: Buddy is NOT a HIPAA-covered entity. However, we recognize the sensitive nature of recovery-related information and implement protections consistent with HIPAA standards.

  • Recovery status, sober date, and mood-related data are treated as sensitive personal information
  • Health-related information is encrypted at rest and in transit
  • We do not share health or recovery information with third parties without your explicit consent, except as required by law or in emergency situations
  • Companions are independent contractors and are NOT licensed healthcare providers

12. Children's Privacy

Buddy is intended for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under the age of 18. If we discover that we have inadvertently collected personal information from a person under 18, we will promptly delete that information. If you believe a minor has provided us with personal information, please contact us at privacy@ibuddytechnologies.com.

13. Data Breach Notification

In the event of a data breach affecting your personal information:

  • We will conduct an internal investigation to determine the scope and nature of the breach
  • We will notify affected individuals in accordance with applicable state law notification timelines (generally within 30 to 60 days of discovery)
  • Notifications will include: the nature of the breach, types of information involved, steps we are taking, and recommended protective actions
  • We will notify the appropriate state Attorney General when the number of affected residents exceeds the applicable state threshold
  • We will provide ongoing updates as our investigation progresses

14. Do Not Track and Global Privacy Control

  • We currently do not respond to Do Not Track (DNT) browser signals, as no uniform standard for DNT has been adopted
  • We DO honor Global Privacy Control (GPC) signals as a valid opt-out request where required by applicable state law (including California and Colorado)

15. International Users

Buddy is designed exclusively for use within the United States. All data is processed and stored on servers located in the United States. By using the App, you consent to the transfer and processing of your information in the United States.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes:

  • We will notify you via in-app notification and email to the address associated with your account
  • The updated "Effective Date" at the top of this policy will reflect the date of the most recent revision
  • Your continued use of the App after the effective date constitutes your acceptance of the updated policy
  • Prior versions of this policy are available upon request

17. Contact Information

If you have questions about this Privacy Policy or wish to exercise your privacy rights:

Privacy Inquiries privacy@ibuddytechnologies.com

General Support support@ibuddytechnologies.com

Phone +1 (866) 690-8444

Mailing Address Available upon request via privacy@ibuddytechnologies.com

(c) 2026 iBuddy Technologies Inc. All rights reserved.