Privacy Policy

Last updated: July 13, 2026

1. What we collect

We collect information you provide when creating an account: name, email address, date of birth, city, biography, and profile photo. We collect your date of birth to confirm you meet our minimum age requirement (13 years old), to apply age-appropriate features and restrictions, and to exclude users under 18 from certain data sharing with business event hosts.

Scoop is available to users who are 13 years old or older. Users under 18 receive additional protections described in this policy. If we discover that a user is under 13, we will disable and delete the account.

We also collect: content you create or post on the platform (reviews, comments, event records); activity data (events attended, connections made, social accounts verified); and technical data (IP address, device type, browser type, usage logs) for security, fraud prevention, and analytics.

When you verify social accounts (such as Google, LinkedIn, or Twitch), we receive from those platforms a confirmation that the account belongs to you via secure OAuth. We store the verification status and associated platform username. We do not store your passwords or retain access to those accounts.

Device contacts (optional): If you choose to sync your address book, the app reads contact names, phone numbers, and email addresses from your device and sends them to our servers over an encrypted connection solely to find which of your contacts already have Scoop accounts. This sync is entirely optional — you can deny permission, use limited contact access on iOS, or skip contact sync during onboarding. Uploaded contact data is processed in real time for matching and is not stored in our database or retained after the request completes. We do not sell contact data or share it with third parties for their own purposes.

2. How we use your information

We use the information we collect to: operate and improve the platform; compute and display Trust Scores; show you relevant content, events, and connections; send you notifications you have opted into; respond to your requests; detect and prevent fraud and abuse; enforce our Terms of Service and Code of Conduct; and comply with legal obligations.

We do not sell your personal information to third parties.

3. Reviews written about you

Reviews and posts written about you by other users may be visible to other users on Scoop depending on the posting user’s visibility settings and our moderation rules, and contribute to your Trust Score. You may flag reviews that violate our policies through the in-app reporting system. Our moderation team reviews flagged content and may remove it if it violates our Code of Conduct.

4. Authentication

We use Auth0, a third-party identity platform, to manage authentication. Auth0 confirms that you own your accounts — it does not give us ongoing access to those accounts. When you sign in with Google, Apple, or another provider, we receive your name, email address, and profile picture from that provider for the purpose of creating and maintaining your Scoop account, subject to that provider’s privacy policy. We never post on your behalf or read your private messages on any connected platform.

5. Social account verification

When you verify linked social accounts (Google, Facebook, LinkedIn, Snapchat, Twitch), we receive confirmation from each platform via secure OAuth that the account is genuinely yours. We store the verification status and associated platform username for display on your profile and Trust Score computation. We do not store your passwords, session tokens, or any credentials for those platforms. We do not access private content on those platforms. We retain linked social account verification data for as long as your Scoop account is active.

6. Data sharing

We share data with service providers and sub-processors only as necessary to operate the platform. Current categories of sub-processors include: database hosting and infrastructure providers; authentication services (Auth0); email delivery services; analytics services; and AI content moderation services (see Section 6a). We require all sub-processors to maintain appropriate data protection standards.

We also share aggregated, de-identified demographic information with business event hosts as described in Section 10. This is the only circumstance in which information about you is shared with other users or businesses for their own use.

We will disclose personal information when required by a valid legal process (court order, subpoena, or other legal obligation), or when we believe disclosure is necessary to protect the safety of any person or to prevent fraud or abuse of our platform.

6a. AI-powered content moderation

We use Anthropic’s Claude AI as a sub-processor to review the content of posts before they are published. When you write a review or post on Scoop, the text of that post — including any names, descriptions of people, or other personal information you include — is sent to Anthropic’s API for automated content review. Anthropic analyzes the content to detect potential policy violations (such as mature content, harassment, doxxing, or credible threats) and returns a classification result to us. We use this classification to determine whether to allow the post, flag it for human review, or prompt you to revise it.

Important: The text you submit in a post may describe other people — including individuals who are not Scoop users and who have not consented to their information being processed by an AI service. By posting on Scoop, you acknowledge that the content of your post will be reviewed by an automated AI system for content moderation purposes.

Anthropic processes post content solely for content classification purposes as our data processor and does not use the content to train its models. Post content transmitted to Anthropic for moderation is subject to Anthropic’s data processing agreement with us and is not retained by Anthropic beyond what is needed to return the classification result.

7. Your privacy rights

Depending on where you live, you may have the following rights with respect to your personal information:

  • Right to know / access: You can request a copy of the personal information we hold about you and information about how we use it.
  • Right to delete: You can request deletion of your personal information. See Section 8 and our data deletion page for details.
  • Right to correct: You can request correction of inaccurate personal information we hold about you.
  • Right to opt out of sale / sharing: We do not sell personal information. If you believe any data sharing described in this policy constitutes a “sale” or “sharing” under applicable law, you may contact us to exercise your opt-out right.
  • Right to limit use of sensitive personal information: California residents may request that we limit our use of sensitive personal information (as defined by CPRA) to what is necessary to perform the service.
  • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.
  • Global Privacy Control (GPC): We are reviewing our technical implementation to honor GPC signals as required under applicable law.
  • Right to appeal: If we deny your privacy rights request, you may appeal by replying to our denial notice within 60 days. We will review and respond to appeals within 60 days, or within the time required by applicable law.

To exercise any of these rights, contact us at [email protected]. We will respond within the timeframe required by applicable law (generally 45 days, with a possible 45-day extension if needed).

8. Data deletion

You can delete your account and all associated data at any time from Settings → Account → Delete Account in the app, or by emailing [email protected] with the subject “Delete My Account.” Account deletion removes your profile, posts, and associated personal data within 30 days. See our data deletion page for full details on what is deleted, what may be retained, and our processing timeline.

Content you have posted that other users have already seen, such as reviews or messages, may remain visible in their activity history temporarily until deletion processing is complete. We may retain moderation records, including flags, violation logs, and enforcement actions, as required for platform integrity, abuse prevention, and legal compliance. Backup copies are purged on a rolling 30-day schedule.

9. Cookies and tracking

We use cookies and similar technologies for authentication session management and platform analytics. We do not use third-party advertising cookies or tracking pixels for behavioral advertising. You can configure your browser to refuse cookies; however, some platform features that depend on authentication sessions may not function correctly without them.

Our public website uses Umami, a cookieless analytics service, to count anonymous page visits (including approximate geography and referrer). Umami does not set cookies, does not collect personal identifiers, and does not perform cross-site tracking or advertising.

10. Demographic information shared with business event hosts

When you attend an event hosted by a Scoop business account, we may provide the host with aggregated attendee statistics that do not identify you personally. These statistics may include counts by age range, gender, city, and linked social platform presence. Hosts do not receive your name, email address, or any individual attendee profile information.

We apply a minimum group size threshold: if fewer than 5 users in a demographic category attended the event, that category’s data is withheld entirely. This suppression is applied across demographic dimensions to reduce re-identification risk.

Users under 18 are always excluded from this sharing, regardless of privacy settings. Business hosts may not export or access individual-level data and receive only the aggregated counts described above.

By default, users 18 and older are included in demographic sharing when they attend events. You can opt out at any time in Settings → Privacy → Demographic Data Sharing. This setting takes effect immediately for future events.

11. Age restrictions and children’s privacy

Scoop is for users 13 years old and older. Users under 18 receive additional protections described in this section and throughout this policy. If we discover or are informed that a user is under 13, we will disable and delete their account promptly. To report an account belonging to a user under 13, contact [email protected].

We collect date of birth during registration solely to verify that you meet this minimum age requirement and to apply age-appropriate features. We do not knowingly collect personal information from children under 13.

Users between the ages of 13 and 17 are subject to additional protections: they are excluded from demographic sharing with business event hosts regardless of their privacy settings (Section 10 does not apply to users under 18); and they may not participate in certain platform features that are restricted to adult users.

12. Changes to this policy

We will notify you of material changes to this Privacy Policy by posting the updated policy on this page with a revised “Last updated” date and by sending an in-app notification. For changes that materially affect how we collect, use, or share your personal information — such as changes to demographic sharing practices, the addition of new sub-processors, or changes to your rights — we will provide notice at least 30 days before the change takes effect and, where required by applicable law, obtain your affirmative consent or provide a meaningful opportunity to opt out before the change applies to your information.

13. Data retention

We retain personal information only as long as necessary to provide the service, comply with legal obligations, resolve disputes, and enforce our agreements.

  • Account data: Retained while your account is active and deleted or anonymized within 30 days after account deletion, except where retention is required by law.
  • Posted content: Deleted with your account where practicable, except for copies retained in moderation, dispute, abuse-prevention, or legal records.
  • Technical and log data: Retained as needed for security, fraud prevention, and troubleshooting.
  • Moderation and enforcement records: Retained as required for platform integrity and compliance.
  • Aggregated analytics: May be retained indefinitely because it does not identify you individually.
  • Backup copies: Overwritten on a rolling 30-day schedule.

14. Security

We implement reasonable technical and organizational measures to protect your personal information against unauthorized access, loss, or misuse. These measures include encryption of data in transit (TLS), access controls, and regular security reviews. No system is completely secure, and we cannot guarantee the absolute security of your information.

15. Contact

For privacy-related questions, to exercise your rights, or to report a concern, contact us at [email protected].

If we deny your privacy rights request, you may appeal by emailing [email protected] or replying to our denial notice within 60 days.

If applicable, our EU/UK representative and Data Protection Officer contact information will be provided here once finalized.