AIM250America's Instant Messenger

AIM250 Privacy Policy

DRAFT — must be reviewed by a licensed attorney before publication. Generated as a starting point.

Effective date: [EFFECTIVE DATE]

This Privacy Policy explains how [COMPANY/LEGAL ENTITY] ("AIM250," "we," "us," or "our") collects, uses, shares, and protects information when you use the AIM250 mobile application ("AIM250," "America's Instant Messenger," or the "App"). AIM250 is a United States–only, 17+ social messaging app themed around America's 250th anniversary.

If you have questions about this Policy or your data, contact us at support@americasinstantmessenger.com or [PRIVACY CONTACT EMAIL], or by mail at [MAILING ADDRESS].

1. Quick Summary (Not a Substitute for the Full Policy)

We sign you in using your phone number and a one-time SMS code. There are no passwords.
We do not show ads, we do not sell your personal data, and we do not use third-party advertising trackers.
Your 1:1 buddy chats are end-to-end encrypted (E2EE). We store only encrypted ciphertext for those messages and cannot read them. Your private keys never leave your device.
Group and public surfaces are different. "Backyard Party," "Town Square," and "Outposts" are not end-to-end encrypted. They are server-readable and safety-monitored so we can moderate content and enforce our rules.
Your first and last name are private — visible only to mutual friends ("patriots") and never searchable.
We process your IP address transiently at sign-in to confirm you are in the U.S. and to detect VPN/proxy use. We do not use it for advertising.
You can delete your account and data from within the App (Settings → Account → Delete Account).

2. Who This Policy Applies To

AIM250 is intended only for users who are located in the United States and who are at least 17 years old. The App is not directed to, and is not intended for use by, children under 13, and is not directed to minors under 17. See Section 12 (Children's Privacy).

3. Information We Collect

3.1 Information you provide

| Data | Purpose | Notes | |---|---|---| | Phone number | Account creation, sign-in via SMS one-time code (OTP), account recovery, friend discovery | Held by our authentication provider (Supabase Auth). We also store a hashed form of the phone number (phone_hash) to support features like friend discovery without storing the raw number in our application database. | | Username | Public identity, friend search | Public and searchable. Choose a username you are comfortable making public. | | First and last name | Display to mutual friends | Private. Visible only to mutual friends ("patriots"). Never searchable and never shown to non-friends. | | Avatar photo (optional) | Profile image | Stored in a private storage bucket and served via expiring signed URLs. | | Presence status & away message | Show availability to friends | | | Message content & media you send | Deliver your messages | Handled differently depending on the surface — see Section 4. | | Reports you submit | Trust & safety, moderation | Includes the content and context you report. |

3.2 Information collected automatically

| Data | Purpose | Notes | |---|---|---| | IP address | U.S.-only eligibility enforcement and VPN/proxy detection at sign-in | Processed transiently at sign-in via a third-party geolocation service (vpnapi.io). Used for eligibility/anti-fraud only — not for advertising and not used to track your precise location. | | Device push token | Deliver push notifications | Provided by your device OS and delivered via Expo's push service. | | Encryption public keys | Enable end-to-end encryption of buddy chats and key exchange | Public keys are stored on our servers. Private keys never leave your device. | | Message/usage state | App functionality | Read/unread state, mute state, reactions, delivery state. | | Diagnostic/technical data | Operate and secure the App | Limited technical information necessary to run the service (e.g., timestamps, error/availability signals). |

We do not collect precise GPS location, contacts lists, advertising identifiers, or browsing activity across other apps and websites.

3.3 Media and metadata stripping

When you share a photo in a chat, the App strips EXIF/GPS metadata on your device before upload. Photos are stored in a private storage bucket and served only through signed (expiring) URLs. GIFs are searched and provided by GIPHY (see Section 7); selecting a GIF involves a request to GIPHY.

4. How Message Content Is Handled (Important)

AIM250 treats message content differently depending on where you send it. Please read this section carefully.

4.1 End-to-end encrypted 1:1 "buddy" chats

1:1 buddy chats are end-to-end encrypted using standard public-key cryptography (Curve25519 / NaCl).
The server stores only ciphertext (encrypted data). We cannot read the contents of your 1:1 buddy chats, and we cannot produce their plaintext.
Your private keys never leave your device.
Honest limitations:
E2EE buddy chat is not forward-secret at this time. This means a future compromise of a long-term key could affect the confidentiality of past messages.
There is currently no key backup. If you lose or replace your device, you will lose your buddy-chat message history, because the keys needed to decrypt it existed only on that device.
No method of transmission or storage is perfectly secure. We do not claim our encryption is unbreakable or perfect.

4.2 Server-readable, safety-monitored surfaces

The following surfaces are NOT end-to-end encrypted. They are server-readable and subject to moderation so we can keep the community safe and enforce our rules:

Backyard Party — friends-only group chat (which may optionally be posted anonymously within the group).
Town Square — friends-only feed.
Outposts — communities.

Content on these surfaces may be stored, scanned, reviewed by automated systems and/or human moderators, and acted upon (including removal) in connection with reports and our community guidelines. Do not treat these surfaces as private. "Optionally anonymous" posting in Backyard Party hides your identity from other group members where offered, but does not make the content end-to-end encrypted or invisible to us for safety purposes.

5. Why We Process Your Information (Purposes)

Provide the service: create your account, sign you in, deliver messages, show presence, deliver media and notifications.
Friend discovery: let users find each other by username or phone number (never by name).
Safety, security, and eligibility: confirm U.S.-only eligibility, detect VPN/proxy use, prevent fraud/abuse, operate reporting and moderation on monitored surfaces.
Maintain and improve the App: diagnose problems, ensure reliability and security.
Legal and compliance: comply with applicable law and enforce our Terms.

We do not process your data for advertising, ad targeting, or sale.

6. Legal Bases for Processing

Where a legal basis framework applies, we rely on one or more of the following:

Performance of a contract — to provide the App you have signed up for (e.g., delivering messages, account management).
Consent — e.g., for SMS one-time codes and push notifications (you can manage notifications in your device settings).
Legitimate interests — operating, securing, and improving the App; preventing fraud and abuse; moderating monitored surfaces; enforcing U.S.-only eligibility.
Legal obligation — to comply with applicable laws and lawful requests.

(Most AIM250 users are in the United States; we present legal bases here for transparency and for any user to whom such a framework applies.)

7. How We Share Information (Service Providers / Processors)

We do not sell your personal data and we do not share it for cross-context behavioral advertising. We share information only with service providers ("processors") who help us run AIM250, and only as needed to provide the service:

| Provider | Role | What it processes | |---|---|---| | Supabase | Database, authentication, file storage, and hosting | Account data, phone number (in Auth), phone_hash, profile data, public encryption keys, ciphertext of E2EE messages, content of monitored surfaces, avatars/media. | | Twilio | SMS delivery | Your phone number and the one-time codes, to send verification texts. | | GIPHY | GIF search and content | GIF search queries and related requests when you use the GIF picker. | | vpnapi.io | IP geolocation and VPN/proxy detection | Your IP address, transiently at sign-in, for U.S.-only eligibility and anti-evasion. | | Expo | Push notification delivery | Your device push token and notification payload metadata. |

We may also disclose information: (a) to comply with law or valid legal process; (b) to protect rights, safety, and security of users, the public, or AIM250; (c) to enforce our Terms; and (d) in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.

> Note on E2EE: Because we store only ciphertext for 1:1 buddy chats and cannot read them, we cannot provide their plaintext to any third party (including in response to legal requests). We can provide only non-content account information and the content of server-readable, monitored surfaces, as legally required.

8. Data Retention

We keep personal data only as long as needed for the purposes described in this Policy, unless a longer period is required or permitted by law.

Account data (phone, username, name, avatar, keys, presence): retained while your account is active.
Monitored-surface content (Backyard Party / Town Square / Outposts): retained to operate those surfaces and for a reasonable period to support safety, moderation, and abuse-prevention.
E2EE buddy-chat ciphertext: stored to deliver and sync messages; subject to delete-for-everyone and clear-thread actions. We cannot decrypt this content.
Transient IP processing for eligibility/VPN detection is not retained as an advertising profile; any logs are kept only as needed for security and abuse-prevention.
Reports and moderation records: retained as needed for safety and legal purposes.

When you delete your account (Section 10), we delete or de-identify your personal data as described there, subject to limited exceptions (e.g., legal holds, fraud/safety records, backups that cycle out over time).

9. Security

We use technical and organizational measures designed to protect your information, including:

End-to-end encryption for 1:1 buddy chats (private keys stay on your device).
Encryption in transit for communications with our services.
Private storage buckets and signed (expiring) URLs for media.
On-device EXIF/GPS stripping of photos before upload.
Hashing of phone numbers (phone_hash) in our application database.
Access controls and provider-level safeguards.

No system is perfectly secure, and we cannot guarantee absolute security. Please protect your device, as loss of your device may result in loss of E2EE buddy-chat history (no key backup currently exists).

10. Account & Data Deletion (In-App)

You can delete your account directly in the App: Settings → Account → Delete Account.

When you delete your account, we delete or de-identify the personal data associated with it, which includes:

Your profile (username, first/last name, avatar, presence/away message).
Your stored encryption public keys and device push token(s).
Your content on server-readable surfaces (Backyard Party, Town Square, Outposts), subject to the notes below.
Your E2EE buddy-chat ciphertext stored on our servers (which we cannot read in any case).
Your phone number record and phone_hash used for sign-in and discovery.

Important details and limits:

Deletion is generally permanent and irreversible. Because there is no key backup, deleted E2EE history cannot be recovered.
Content you shared into group/community contexts may persist in others' copies or in necessary backups, and we may retain limited records where required for legal, security, safety, fraud-prevention, or dispute-resolution purposes.
Routine backups may take additional time to cycle out.

You can also request deletion or ask questions by emailing support@americasinstantmessenger.com or [PRIVACY CONTACT EMAIL].

11. Your Privacy Rights and Choices

Depending on where you live, you may have rights to:

Access the personal data we hold about you.
Correct inaccurate data (you can edit much of your profile in-App).
Delete your account and data (in-App or by request).
Portability of certain data.
Opt out of sale/sharing/targeted advertising — note: we do not sell or share your data for advertising, and we do not engage in targeted advertising.
Non-discrimination for exercising your rights.

To exercise rights, use in-App controls or contact support@americasinstantmessenger.com / [PRIVACY CONTACT EMAIL]. We may need to verify your identity (typically by confirming control of the phone number on the account) before acting. You may use an authorized agent where the law allows.

Notifications & SMS: You control push notifications in your device settings. SMS is used only to deliver sign-in codes; standard message and data rates may apply.

12. Children's Privacy

AIM250 is intended for users 17 and older in the United States. The App is not directed to children under 13, and is not directed to minors under 17. We do not knowingly collect personal information from children under 13. Consistent with the U.S. Children's Online Privacy Protection Act (COPPA), if we learn that we have collected personal information from a child under 13, we will delete it. If you believe a child under 13 (or a minor under 17) is using AIM250, contact support@americasinstantmessenger.com / [PRIVACY CONTACT EMAIL] and we will take appropriate action.

13. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the CPRA, gives you specific rights. We honor these rights for California residents (and provide them to all users where practicable).

Categories of personal information we collect: identifiers (phone number, phone_hash, username, device push token, IP address), customer records (name), internet/network activity necessary to run the App, geolocation inferred only at the country level transiently from IP for eligibility, and user-generated content you provide (messages on monitored surfaces, media, reports). For E2EE buddy chats we hold only ciphertext we cannot read.
Purposes: as described in Section 5.
Sources: directly from you, your device, and our service providers.
Disclosures for a business purpose: to the service providers listed in Section 7.
"Do we sell or share?" No. We do not sell your personal information and we do not share it for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA. We also do not knowingly sell or share the personal information of consumers under 16.
Sensitive personal information: We do not use or disclose sensitive personal information for purposes that would require an opt-out under the CCPA/CPRA.

Your California rights: to know/access, delete, correct, and to limit/opt out (inapplicable here because we do not sell/share). To exercise them, use in-App controls or contact support@americasinstantmessenger.com / [PRIVACY CONTACT EMAIL]. We will not discriminate against you for exercising your rights.

Residents of other U.S. states with comprehensive privacy laws may have similar rights; we extend comparable choices where applicable.

14. International Users / U.S.-Only Notice

AIM250 is offered only in the United States and is intended for users located in the U.S. Our service providers and infrastructure may process data in the United States. If you access the App from outside the U.S., the App is not intended for you, and you should not use it. By using AIM250, you understand your information will be processed in the United States.

15. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the Effective date above and provide notice within the App or by other reasonable means. Your continued use of AIM250 after an update means you accept the revised Policy.

16. Contact Us

Support / privacy requests: support@americasinstantmessenger.com
Privacy contact: [PRIVACY CONTACT EMAIL]
Mailing address: [MAILING ADDRESS]
Company / legal entity: [COMPANY/LEGAL ENTITY]

Appendix A — Apple App Store Privacy "Nutrition Label" Disclosures (Reference)

These categories reflect how AIM250 collects/uses data for Apple's App Privacy questionnaire. None of this data is used for third-party advertising or tracking. "Linked to you" means associated with your identity/account.

| Apple data type | Collected? | Linked to you? | Used for tracking? | Purpose | |---|---|---|---|---| | Phone Number | Yes | Yes | No | App Functionality (auth, account, friend discovery) | | Name (first/last) | Yes | Yes | No | App Functionality (private; mutual friends only) | | User ID / Username | Yes | Yes | No | App Functionality | | Photos (avatar, chat media) | Yes | Yes | No | App Functionality (EXIF/GPS stripped on-device) | | Messages / User Content | Yes | Yes (monitored surfaces); E2EE buddy chats = ciphertext only | No | App Functionality; safety/moderation on monitored surfaces | | Coarse/Country Location (from IP) | Transient, not stored as profile | Used at sign-in for eligibility | No | App Functionality / Fraud prevention (U.S.-only, VPN detection) | | Device ID / Push Token | Yes | Yes | No | App Functionality (notifications) | | Other Data — encryption public keys | Yes | Yes | No | App Functionality (E2EE) | | Diagnostics | Yes (limited) | Possibly | No | App Functionality / Performance |

Data used to track you: None.
Data not collected: precise location, contacts, browsing history, search history (outside the App), purchases, advertising data.

Appendix B — Google Play Data Safety Disclosures (Reference)

Data collected/shared with third parties: Shared only with service providers/processors (Supabase, Twilio, GIPHY, vpnapi.io, Expo) to provide the service — see Section 7. We do not sell data or share for advertising.
Data types: Personal info (phone number, name, username); Photos/Media; Messages (in-app); App activity (in-app interactions); Device/Other IDs (push token); App info & performance (diagnostics); approximate (country-level) location derived transiently from IP.
Security practices: Data encrypted in transit; 1:1 buddy chats end-to-end encrypted; user can request data deletion and can delete account in-app.
Data deletion: Users can delete their account and associated data from within the App (Settings → Account → Delete Account) and via [PRIVACY CONTACT EMAIL].

(Appendices A and B are drafting aids for the store questionnaires and should be confirmed against the current Apple/Google forms at submission time.)

← Home · Privacy · Terms · support@americasinstantmessenger.com