Privacy Policy

1. Introduction

DA 140 Solutions LLC ("we," "us," or "our") operates the Three Flags mobile application and website (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

2. Information We Collect

Information You Provide

• Account information (name, email address, phone number)
• Profile information (username, display name, profile photo)
• Reviews, ratings, stories, date posts, itineraries, and other content you submit
• Phone contacts (if you opt in to the Find Friends feature, to help you discover people you know on the Service)
• Business partner information (business name, contact details, website, event submissions)
• Business partner billing information (billing address, tax IDs, and a Stripe-managed reference to your payment method — see “Payment Information” below)
• Waitlist signup email (if you join our pre-launch waitlist)
• Communications with us (support requests, feedback)

Information Collected Automatically

• Device information (device type, operating system, unique device identifiers)
• Push notification tokens (to deliver notifications about follows, likes, comments, event updates, and new events happening near you)
• Location data (with your permission, to show nearby venues and events, and to notify you when a new event is approved within a short distance of your last-known location)
• Usage data (features used, pages visited, search queries, story votes, and interactions with events such as impressions, clicks, detail views, and shares)
• Account audit history (e.g., a log of changes to your profile photo), retained for abuse prevention and safety purposes
• Log data (IP address, access times, app crashes)
• Local storage data (authentication tokens, preferences)

Third-Party Services

• Apple Sign-In (authentication credentials)
• Google Sign-In (authentication credentials)
• Firebase (email verification, phone verification, analytics)
• Google Places API (venue and location data)
• Google Cloud Storage (media storage for uploaded photos)
• Google reCAPTCHA (bot protection, collects usage data per Google's privacy policy)
• Resend (transactional email delivery for account verification, event notifications, and password resets)
• Apple Push Notification Service (push notifications)
• Vercel Analytics (anonymous website usage analytics)
• Stripe (payment processing, subscription billing, and tax calculation for business partner accounts; Stripe collects and processes payment card details per Stripe's own privacy policy)

3. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service
• Create and manage your account
• Display relevant venues, events, and recommendations based on your location
• Process and display your reviews and content
• Process business partner event submissions
• Help you find friends who are already on the Service (if you opt in to contact discovery)
• Send service-related communications (account verification, event status updates, password resets, security alerts)
• Send push notifications about follows, likes, comments, and other activity
• Notify you when a newly approved event is happening near your last-known location (you can disable this at any time in app settings)
• Detect and prevent fraud, abuse, and security issues
• Comply with legal obligations

4. How We Share Your Information

We may share your information in the following circumstances:

• Public Content. Reviews, ratings, and profile information you make public are visible to other users of the Service.
• Service Providers. We share information with third-party service providers that help us operate the Service (cloud hosting, analytics, email delivery).
• Business Partner Event and Listing Data.Event details, venue information, descriptions, images, logos, and associated business names and branding that business partners submit to the Service ("Business Content") are commercial listing information intended for public distribution. We may share, syndicate, distribute, license, or otherwise make Business Content available to third parties — including partner applications and websites, event aggregators, search engines, social media platforms, and marketing or promotional channels — without further notice to or compensation for the submitting business. This category does not include the personal information of any individual (such as the contact name, email, phone number, or billing details associated with a business partner account), which is governed by the rest of this Privacy Policy.
• Legal Requirements. We may disclose information if required by law, regulation, legal process, or governmental request.
• Business Transfers. In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

We do not sell the personal information of individual users to third parties. As described above, Business Content submitted by business partners is treated as commercial listing data and may be shared with or distributed through third parties.

5. Contact Data

If you choose to use the Find Friends feature, we access your device's phone contacts to match phone numbers against existing users on the Service. Phone numbers are transmitted to our server over a secure HTTPS connection. On our server, each phone number is converted into a one-way hash using a server-side secret key, and only the hash is stored in our database. We do not retain the original phone numbers.

The stored hashes are used only to match your contacts against existing users and to notify you when one of your contacts later joins the Service. You can skip or revoke contact access at any time through your device settings, and you can delete your synced contact data from our servers at any time through the Find Friends section of the app.

6. Location Data

The Service uses your location to show nearby venues and events. Location access is requested through your device's permission system and can be revoked at any time through your device settings. We do not continuously track your location in the background. When the app does send a location update, it does so at most once per hour, and only when your device has moved at least approximately 500 meters since the last update, to minimize the amount of location data transmitted.

If you grant location permission, we also store your most recent approximate location on our servers so that we can notify you when a new event is approved within a short distance (approximately 1.5 miles) of that location. We keep only the most recent point, not a history, and we treat a location as stale (and exclude it from nearby-event notifications) once it has not been updated for 30 days. You can turn off nearby-event notifications at any time under Settings in the app, and revoking location permission at the operating-system level stops any further location data from being sent to us.

7. Payment Information (Business Partners)

When you subscribe to a paid business partner plan, payment is processed by Stripe, Inc. We do notstore or have access to your full payment card number, CVC, or expiration date. Stripe handles the collection and storage of that information directly, subject to Stripe's privacy policy and PCI compliance.

We retain a Stripe customer ID, subscription ID, and the high-level state of your subscription (status, current billing period, plan, trial end date) so we can apply the correct access rules in the Service. We also retain your billing address and any tax identification numbers you provide at checkout, since these are required to issue compliant invoices and to calculate sales tax via Stripe Tax.

Webhook events from Stripe (e.g., subscription created, payment succeeded or failed, trial ending) are delivered to our servers and stored as part of our billing audit trail. You can manage payment methods, view invoices, and cancel your subscription at any time through the Stripe-hosted billing portal linked from your dashboard.

8. Data Security

We implement reasonable technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

9. Data Retention and Account Deletion

We retain your personal information for as long as your account is active or as needed to provide the Service. You can delete your account at any time from within the app (Settings → Delete Account). When you delete your account, we promptly delete the personal information associated with it, including your profile, reviews, stories, itineraries, uploaded photos, synced contact hashes, device tokens, location, blocks, and social graph (followers and following).

Some information is retained even after account deletion:

• Ban records. If your account has been banned or restricted for violating our Terms, we retain a minimal record of the ban (account identifier, ban reason, and timestamp) indefinitely to prevent re-registration and to protect the safety of the community, even when other personal information has been deleted.
• Aggregated or anonymized analytics that no longer identify you personally.
• Transactional and billing records for business partner accounts, where we are required to retain them for tax, accounting, audit, or other legal-compliance purposes.
• Stripe customer records.Business partners' payment and subscription records are retained by Stripe under Stripe's own data-retention practices. To delete payment records held by Stripe, you may need to contact Stripe directly.
• Information required by law or to respond to legal process, fraud prevention, or security investigations.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your personal information
• Object to or restrict processing of your information
• Request a portable copy of your data (we will deliver an export by email within 30 days of your request)

To exercise any of these rights, please email us at support@threeflagsdating.com. We will respond within 30 days of your request.

11. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will take steps to delete that information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

13. Contact

If you have questions about this Privacy Policy, please contact us at:

DA 140 Solutions LLC
Email: support@threeflagsdating.com