Privacy Policy of Onemile

1) Who We Are

Onemile is a public, location-based social media platform operated by Onemile Inc. (“Onemile,” “Company,” “we,” “us,” or “our”). This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use our websites, mobile apps, and services (the “Service”). For most processing, Onemile Inc. is the data controller.

2) Scope & Relationship to the Terms

This Policy applies to your use of the Service and should be read with our Terms and Conditions. By using the Service, you acknowledge this Policy. If you do not agree, do not use the Service.

3) Information We Collect

• Account Data: name, email address, date of birth (to confirm 18+), username, profile data, settings, and communications with us.
• User Content & Public Location Data: photos, videos, captions, comments, likes, and precise location coordinates tied to the creation of each post (these are public by design).
• Device/Log Data: IP address, device identifiers, OS/browser, app version, language, time zone, crash logs, diagnostic and performance data, and approximate location derived from IP.
• Usage Data: features you use, interactions, views, follows, and anti-abuse signals.
• Payment & Commercial Data (business accounts): subscription tier, purchase history, tax and billing info processed by our payment processors (we do not store full payment card numbers).
• Cookies & Similar Technologies: cookies, SDKs, and similar tools for authentication, security, analytics, and (if enabled) marketing. See our Cookie Notice.
• Sources: you (including device settings and uploads), automatically from your device, and third parties (e.g., payment processors, fraud-prevention partners, and analytics providers).

4) How We Use Personal Data

• Operate the Service: create/manage accounts; host and display public posts and coordinates; provide support; process business subscriptions and payments.
• Safety, Security & Integrity: detect and prevent fraud, spam, and abuse; enforce our Terms and community standards; protect users and the public; ensure platform reliability.
• Improve & Personalize: analytics; diagnostics; quality and feature development; recommend content based on your activity.
• Communications: service messages, transactional emails, and—where permitted—marketing communications (you can opt out of marketing).
• Legal & Compliance: comply with law; respond to lawful requests; manage sanctions/export controls; maintain records.

5) Automated Decision-Making & Profiling

We use algorithms to rank/recommend content and to assist moderation/fraud detection. We do not engage in automated decision-making that produces legal effects or similarly significant effects about you without human involvement. Where required by law, we provide avenues to contest moderation outcomes via our complaints/appeals process (see Terms).

6) Our Legal Bases (EEA/UK)

Where the GDPR/UK GDPR applies, we process personal data under these bases:

• Contract: to provide the Service you request (e.g., public posting of content with coordinates; account and payments).
• Legitimate Interests: safety/security, analytics to improve the Service, preventing fraud/abuse, enforcing Terms. We balance these interests against your rights.
• Consent: where required for certain cookies/SDKs, and for collecting/attaching precise location to your posts. You can withdraw consent in your device or in-app controls (deleting a draft or not posting will withdraw consent for that post).
• Legal Obligations: tax, accounting, sanctions/export control, and responding to lawful requests.

7) How We Share Personal Data

• Public by Design: Your posts (photos/videos), usernames, and the exact creation coordinates are publicly available on the Service.
• Service Providers (“processors”): hosting, storage/CDN, analytics, security/fraud prevention, customer support tools, and payment processing—bound by contracts to use data only on our instructions.
• Legal & Safety: to competent authorities or third parties when required by law or necessary to protect users, our rights, or the public.
• Corporate Transactions: as part of a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards.

We do not sell personal information and we do not “share” it for cross-context behavioral advertising as defined by the California Privacy Rights Act (CPRA). If this changes, we will update this Policy and provide required opt-outs.

8) International Transfers

We are a U.S. company and may transfer personal data to the United States and other countries with different data-protection laws. Where the EEA/UK/Swiss laws apply, we rely on Standard Contractual Clauses (and UK/Swiss addenda, as applicable) and implement appropriate safeguards. You may request a copy of relevant transfer mechanisms by contacting us.

9) Data Retention

We retain personal data only as long as necessary for the purposes described or as required by law. We use the following guidelines (subject to longer retention where required):

• Account & Profile: for your account’s life and typically up to 2 years after deletion to address legal, fraud, and abuse issues.
• User Content: public while posted; residual copies may persist in backups/caches for up to 90 days and in other users’ reposts/downloads per their control.
• Logs & Diagnostics: typically 18 months.
• Backups: typically 30–90 days rolling.
• Billing Records (business): per tax/accounting laws (often 7 years).

10) Your Rights & Choices

Your options depend on your location and the laws that apply to you. You may contact us at support@onemile.app to exercise rights. We will verify your request and respond within applicable timelines.

• Access/Portability: obtain a copy of your personal data.
• Correction: update inaccurate data.
• Deletion: delete your account and eligible data (subject to lawful exceptions and residual copies in backups/reposts as noted).
• Restriction & Objection: where our processing is based on legitimate interests.
• Withdraw Consent: for cookies/SDKs and location-on-posts (by not posting or removing the post).
• Marketing Opt-Out: unsubscribe from marketing emails via the link in the message.

EEA/UK Specific

• You have the rights listed above under GDPR/UK GDPR. You also have the right to lodge a complaint with your local supervisory authority.
• If required by law, we will identify an EU/UK representative and update this Policy with contact details.

California (CPRA/CCPA) Specific

• Categories Collected: identifiers (e.g., email, device IDs), commercial information (subscriptions), internet/activity data, geolocation (precise coordinates with posts), inferences for personalization (non-sensitive), and limited financial/billing data via processors.
• Sensitive Personal Information: we collect precise geolocation when you choose to create a location-tagged post. We use it only to provide and secure the Service and do not use it to infer characteristics. Where an exception applies, the CPRA “right to limit” may not apply.
• Sales/Sharing: we do not sell personal information or share it for cross-context behavioral advertising.
• Non-Discrimination: we will not discriminate against you for exercising CPRA rights.
• You may use an authorized agent to submit requests, subject to verification.

11) Cookies & Similar Technologies

We use cookies/SDKs for authentication, security, performance, and analytics (e.g., Google Analytics). Where required, we obtain consent and provide preference controls. You can manage cookies via your browser or device settings. To opt out of Google Analytics, you may use the Google Analytics Opt-out add-on.

12) Security

We implement reasonable and appropriate safeguards, including encryption in transit, access controls, separation of environments, least-privilege access, vulnerability management, and incident response. No system is 100% secure; you also play a role by using strong credentials and keeping them confidential.

13) Children’s Privacy

The Service is for users 18 years and older. We do not knowingly collect personal data from individuals under 18. If we learn we have collected such data, we will delete it.

14) Deactivation, Deletion & Anonymization

• You can request account deletion at any time. We may place accounts into an inactive state for a limited period before permanent deletion. If you log in during this period, we will restore the account.
• After permanent deletion, we may retain or display “deleted account” labels where your prior activity remains visible (e.g., other users’ comment threads), and we may retain anonymized or aggregated data.

15) Third-Party Services & Links

The Service may link to third-party sites or include third-party SDKs (e.g., app stores, payment processors, analytics). Those parties’ terms and privacy policies govern their processing. We are not responsible for their practices.

16) Do Not Track & Global Privacy Controls

Some browsers transmit “Do Not Track” or Global Privacy Control (GPC) signals. Where required by law, we honor GPC signals for applicable opt-outs and will update our controls to reflect your choice.

17) International Users & Sanctions/Export Compliance

We may restrict access from certain locations (e.g., sanctioned countries, Russia, China) to comply with applicable laws. We may process limited location and network data to comply with sanctions and export-control screening.

18) Changes to This Policy

We may update this Policy from time to time. If changes are material, we will provide reasonable notice (e.g., via the Service or email). Your continued use after the effective date constitutes acceptance. If you do not agree, you must stop using the Service.

19) Contact Us

Questions or requests? Contact: support@onemile.app.

Note: This Policy describes our current practices for a public, coordinate-tagged social platform. Certain rights and disclosures apply only in specific jurisdictions and may prevail over conflicting terms to the extent required by law.