Privacy Policy

Last updated: May 12, 2026 · California operator · U.S. state ID barcode verification

This Privacy Policy describes how IRL (“we,” “us,” or “our”) collects, uses, and shares information when you use the IRL mobile application and our website irlapp.org (together, the “Service”). IRL is operated from California, United States. By using the Service, you agree to this policy.

Verification eligibility today depends on U.S. state-issued credentials our barcode flow supports (typically a driver's license or state non-driver ID with a machine-readable barcode the app can ingest). That is an implementation limit—not a statement about immigration status. If you cannot complete that verification path, discoverability features gated behind it will remain unavailable until we expand supported documents. Venue experiences we describe are aimed at participating locations in the United States as the product ships now.

Privacy requests: admin@irlapp.org.

At a glance (plain English)

If you skim one block, skim this—everything below spells it out formally.

What we collect: signup credentials; profile fields and photos you choose; camera captures for supported U.S. state ID barcode verification plus optional profile shots; photo-library access only when you pick an image; device location while you are actively using the app so venue-based discovery can work; in-app interaction data; local notifications if you allow them; and routine technical data (IPs, timestamps, device/app version, auth tokens, crash strings you send)—not separate ad-tracking SDKs today.
Why: to run mutual-consent, venue-based discovery centered on participating U.S. venues as deployed; gate discoverability behind supported U.S. state-ID barcode checks; enforce community rules via reporting/moderation; operate and secure the Service.
What we don't do with it: we don't sell personal information to data brokers; we don't use government-ID captures for advertising or unrelated profiling; location isn't for background surveillance outside active product use (see Location).
Your rights (U.S.): control discoverability and iOS permissions; request access or deletion via Delete account or email admin@irlapp.org; California and other state consumers get statutory timelines once we verify you.

1. Categories of information we collect

We strive to collect only what we need for the product. In practice today that aligns with:

Information you voluntarily provide

Whatever account details signup asks for (for example phone number or email), plus profile fields or photos you choose to enter—prompts, interests, wording, uploads, etc. Until you explicitly share more inside the mutual-consent flows described in-app, richer profile content is handled according to the rules shown in the app.

Camera (identity verification & photos)

Consistent with the permission text in the app, we use the camera solely for age and identity verification, optional profile imagery you initiate, and related onboarding—including scanning machine-readable barcodes on U.S. state-issued driver's licenses or state IDs formats we support alongside any selfie or document captures the flow requests. Verification data helps confirm you meet eligibility before discoverability (Terms).

Verification captures are not used for advertising, are not repurposed into unrelated behavioral profiles for third-party marketing, and are accessed under technical and policy constraints. We retain them only as long as needed for fraud prevention, dispute handling, audits, or legal obligations—typically on the order of months, not indefinitely—unless a longer period is legally required or an active investigation reasonably needs them. Stored verification materials follow access controls communicated during onboarding updates.

Photo library

If you opt in, we access your photo library only so you can choose a profile picture (or related images)—not more than ordinary system pickers accomplish.

Location

Location is essential to core Service functionality, not an optional enhancement: without it, venue-based discovery generally cannot operate. With your permission, we collect device location when you're actively using IRL (“while using the app,” per Apple disclosure) so we can determine proximity to venues you interact with and power same-venue discovery flows described in-product.

Location data is used strictly to enable venue-based functionality and is not used for background tracking or continuous surveillance outside active use. We send the coordinates—or venue-correlated pings—needed for those features over encrypted connections to operate matching and safety safeguards (such as aligning discoverability with presence rules). Turning off discovery, leaving venues, denying permission, or closing the app stops routine collection proportionally to ordinary client behavior—not continuous location monitoring unrelated to Service features.

Notifications (on your phone)

If you approve iOS notifications, today's shipped experience primarily schedules local notifications on your device (for example cues when there's mutual interest). Granting notification permission lets the OS show banners or sounds—we are not stating that we remotely collect unrelated marketing lists solely from notification settings.

In-app interaction records

Ordinary service data tied to buttons and states you activate—discovery toggles, waves or similar gestures, coordination presets the app exposes, mutual matches—so servers can reconcile what happened and keep basic safety/evidence hooks.

Networking / basic technical identifiers

Whenever your device connects to our U.S.-hosted APIs, standard network logs capture items such as Internet protocol addresses, timestamps, device model identifiers, OS and app versions, authentication tokens tied to sessions, payloads you knowingly transmit, crash or error strings the client sends voluntarily, plus similar operational metadata necessary to troubleshoot accounts. Outside that operational layer we do not currently embed separate mobile advertising/analytics SDKs; if we add any we will revise this disclosure.

2. What we don't do

We don't import address books without transparent permission flows, record unrelated audio/video beyond what camera/mic OS prompts allow, sell dossiers into unrelated ad exchanges, or hide ID-verification limitations. Because onboarding currently ingests supported U.S. state-issued barcode formats, passports or foreign credentials our pipeline cannot read won't unlock the same verification today—expansion requires an explicit product and policy update.

3. How we use information

Operate signup, authenticate sessions, verify age and identity through ID tooling (never resold for unrelated advertising profiling) so eligible accounts unlock discoverability.
Offer venue-bound discovery—you choose whether to appear discoverable, and anonymity rules before mutual consent are as shown in-app.
Honor in-product controls including blocks or reports submitted through the flows we ship.
Derive concise profile summaries or prompts that appear on cards from information you volunteered, consistent with screens inside the app.
Maintain security, diagnose reliability issues, cooperate with lawful U.S. process.
Use aggregated or de-identified insights to improve reliability when practical.

4. Sharing

Other members: only the profile elements and timing rules the app exposes before versus after mutual interest.
Vendors assisting us domestically: hosting, transactional email/SMS gateways, verification providers—restricted by confidentiality.
Legal necessity: comply with subpoenas or emergencies.

5. Selling personal information

We don't sell personal information in the colloquial “data broker checkout” sense described by some state statutes. Reach out if statutory definitions require more granular mapping.

6. Retention & security

Retention anchors on necessity and law—not infinite archives for its own sake. Illustrative horizons (approximate—specific matters like legal holds may extend them):

Active accounts: profile and operational data retained while your account stays open and briefly thereafter to unwind payments, disputes, or abuse investigations if any.
Deletion requests: after we verify and complete a deletion, we aim to remove or de-identify personal content in production systems within about thirty (30) days; some references can persist transiently until routine jobs finish.
Encrypted rolling backups: deleted rows may linger in snapshots our cloud vendor rotates until overwrite—ordinarily up to roughly ninety (90) days in ordinary operations before aged backups expire, after which restores become impractical absent extraordinary archive copies.
Verification / safety records: ID-related artifacts and investigative logs may remain longer when statute, litigation, credential fraud, or law-enforcement timelines require—even so, horizons remain oriented around necessity with compartmentalized access.
Aggregate or de-identified analytics: may endure without identifying you where re-linking is intentionally impractical.

Technical safeguards lessen breach risk; they cannot erase all internet insecurity—protect device passcodes and biometrics proactively.

7. Your choices, deletion, & U.S. state requests

Toggle discoverability inside the Service, revoke iOS permissions in Settings (doing so may pause dependent features), start account deletion from Delete account, or email admin@irlapp.org for access/export requests after verifying ownership where required. Residents of Colorado, Virginia, California, and other states with privacy laws receive responses within timelines those statutes describe once we confirm your identity.

8. Children

IRL targets adults—not children under eighteen (18). If you believe we collected personal information from someone under eighteen, notify admin@irlapp.org immediately so we can delete it promptly where required by law.

9. Changes

Revisions publish here dated accordingly; materially restrictive collection shifts additionally announced by email/in-product notices when statutes demand.

10. Contact

admin@irlapp.org