Privacy Policy
Turntopia Privacy Policy
Last Updated: November 24, 2025
Effective Date: November 24, 2025
=================================================================
TABLE OF CONTENTS
=================================================================
1. Introduction and Scope
2. Information We Collect
3. Legal Basis for Processing (GDPR)
4. How We Use Your Information
5. Automated Decision-Making and Profiling
6. Information Sharing and Third-Party Processors
7. Data Security and Retention
8. International Data Transfers
9. SMS/Text Messaging Terms and Conditions
10. Your Privacy Rights and How to Exercise Them
11. Region-Specific Privacy Rights
- European Union (GDPR)
- United States (CPRA and Multi-State)
- International (Brazil, Canada, UK, Australia, Others)
12. Children's Privacy (COPPA)
13. Sensitive Personal Information
14. Cookies and Tracking Technologies
15. Changes to This Policy
16. Contact Us and Data Protection Officer
17. Supervisory Authorities and Complaints
=================================================================
1. INTRODUCTION AND SCOPE
Turntopia LLC ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use your Turntopia Account and our family of services, including:
• Unmap: Event discovery and social networking application
• Blocktopia: Future blockchain-based services
• Other Turntopia services and applications
When you create a Turntopia Account, you gain access to all current and future Turntopia services using a single unified login. This Privacy Policy applies to all services and applications provided by Turntopia LLC.
Throughout this policy, "our services" refers to all Turntopia applications and platforms.
This policy applies to all users worldwide and complies with: EU General Data Protection Regulation (GDPR), California Consumer Privacy Act as amended by CPRA, other U.S. state privacy laws, Brazil's LGPD, Canada's PIPEDA, UK GDPR, Australia's Privacy Act, and other applicable privacy laws.
=================================================================
2. INFORMATION WE COLLECT
Personal Information
Account Authentication (Choose One):
• Phone Number: Optional for account authentication via SMS across all Turntopia services. If you choose phone authentication, by providing your phone number and tapping "Continue" during signup, you expressly consent to receive SMS authentication codes. See SMS/Text Messaging Terms and Conditions section below for complete details including opt-out instructions (STOP), help (HELP), and message frequency.
• Email Address: Optional for account authentication. You may choose to authenticate using email instead of phone number to avoid SMS charges.
Note: You must provide either a phone number OR email address for account creation. You are not required to provide both.
SMS-Related Information (Only if you choose phone authentication):
• One-Time Passwords (OTP): Sent via SMS for secure login verification
• SMS Provider: Messages sent through Twilio (third-party service)
• Retention: Phone number stored securely and associated with your account
• Message Rates: Standard SMS rates may apply from your carrier
User Profile Information:
• Birthdate: Required for age verification (must be 13 or older to use any Turntopia service)
• Age Display: Optional for users 18+; never shown for users under 18
• Display Name: Optional public profile name
• Profile Photo: Optional avatar image
• Bio: Optional user description
• Social Media Usernames: Optional (Instagram, Facebook, TikTok, Snapchat, YouTube, Spotify, SoundCloud, Apple Music)
Location Data
• Event Locations: Latitude and longitude coordinates for events you create
• Current Location: Only collected when you explicitly choose to use "Current Location" feature
• Location Data Retention: Location data is stored only as long as the associated event exists. Deleting an event immediately removes its location data.
Event Data
• Event titles, descriptions, dates, times, and locations
• Event images you upload
• Engagement data (likes, saves, RSVPs)
Authentication Data
• Passwords are hashed using bcrypt and never stored in plaintext
• Session tokens stored securely on your device
• Email verification status
Technical and Usage Data
• Device information: Device type, operating system, app version
• Log data: IP address, access times, pages viewed, crashes
• Usage analytics: Features used, session duration, interaction patterns (anonymized)
• Cookies and similar technologies (see Section 14)
=================================================================
3. LEGAL BASIS FOR PROCESSING (GDPR ARTICLE 6)
For users in the European Union, EEA, UK, and Switzerland, we process your personal information based on the following legal grounds:
**Performance of Contract:**
• Account creation and authentication (phone/email)
• Event services (creation, discovery, management)
• Social features (profiles, following, engagement)
• Reason: Necessary to provide services you've requested
**Consent:**
• SMS authentication messages (you can withdraw anytime)
• Marketing communications (if/when offered)
• Optional location services
• Reason: You have explicitly agreed
**Legitimate Interests:**
• Security and fraud prevention
• Service improvement and analytics
• Customer support
• Bug detection and fixing
• Reason: Necessary for our business operations while respecting your rights
**Legal Obligation:**
• Age verification (COPPA compliance)
• Data breach notifications
• Responding to legal requests
• Reason: Required by law
You have the right to object to processing based on legitimate interests. See Section 10 for how to exercise your rights.
=================================================================
4. HOW WE USE YOUR INFORMATION
• Account Management: To create and manage your Turntopia Account across all services
Legal Basis: Contract
• Authentication: If you choose phone authentication, we send one-time passwords (OTP) via SMS for secure account verification. If you choose email authentication, we send verification links via email. For phone authentication: Message frequency varies based on login activity (typically 1 message per request). Standard message and data rates may apply. For complete SMS terms including opt-out instructions (reply STOP), help (reply HELP), and carrier information, see SMS/Text Messaging Terms and Conditions section below.
Legal Basis: Contract, Consent (for SMS)
• Age Verification: To ensure compliance with COPPA (Children's Online Privacy Protection Act) by verifying users are at least 13 years old
Legal Basis: Legal Obligation
• Safety & Privacy: To protect minors by automatically hiding their age from other users and enabling enhanced privacy settings
Legal Basis: Legal Obligation, Legitimate Interests
• Security: To protect your account with two-factor authentication, detect fraud, prevent abuse
Legal Basis: Contract, Legitimate Interests
• Event Services: To enable event creation, discovery, and management
Legal Basis: Contract
• Social Features: To display profiles, enable following, and show engagement counts
Legal Basis: Contract
• Communication: To send authentication emails and password reset links
Legal Basis: Contract
• Location Services: To display events on maps and enable location-based discovery
Legal Basis: Consent, Contract
• Analytics and Improvements: To understand usage patterns, improve features, fix bugs (anonymized data)
Legal Basis: Legitimate Interests
• Legal Compliance: To comply with legal obligations, respond to lawful requests
Legal Basis: Legal Obligation
=================================================================
5. AUTOMATED DECISION-MAKING AND PROFILING
We use automated systems and algorithms to enhance your experience:
**Event Feed Ranking:**
• What: Algorithm ranks events in your feed based on relevance
• How: Uses your location, event preferences, past interactions, and popularity metrics
• Impact: Determines which events appear first in your feed
• Opt-out: Limited - you can disable location-based ranking in Settings
**Event Recommendations:**
• What: System suggests events you might like
• How: Analyzes your activity, followed users, saved events, and similar user preferences
• Impact: Personalized "For You" suggestions
• Opt-out: Yes - disable in Settings → Recommendations (reduces personalization)
**Spam and Abuse Detection:**
• What: Automated systems flag suspicious content and behavior
• How: Pattern analysis, keyword detection, behavior modeling
• Impact: Content may be hidden or accounts suspended pending review
• Human Review: You can request manual review of any automated decision
**Content Moderation:**
• What: Automated filtering of inappropriate content
• How: Image recognition, text analysis
• Impact: Content may be removed or flagged for human review
• Appeal: You can appeal any automated moderation decision
**Right to Human Review:**
Under GDPR Article 22, you have the right not to be subject to decisions based solely on automated processing that significantly affects you. You can request human review of any automated decision by contacting admin@turntopia.net.
**Right to Explanation:**
You can request an explanation of how an automated decision was made and challenge it.
**AI and Machine Learning:**
We use machine learning models for the above purposes. These models are trained on anonymized usage patterns and do not use sensitive personal information. We do not use AI for: employment decisions, credit/lending, insurance, housing, or other high-stakes decisions.
=================================================================
6. INFORMATION SHARING AND THIRD-PARTY PROCESSORS
We Do NOT Share:
• Your email address or phone number with other users
• Your personal information with advertisers or data brokers
• Your data for sale or rental to any third party
Third-Party Service Providers (Data Processors):
We share your information with trusted service providers who process data on our behalf:
**Twilio Inc.**
• Role: SMS delivery service (phone authentication codes only)
• Data Shared: Phone number (only if you choose phone authentication)
• Location: United States
• Privacy Policy: https://www.twilio.com/legal/privacy
• Safeguards: Standard Contractual Clauses (SCCs), Data Processing Agreement
• Retention: Deleted after message delivery (24-48 hours)
**Supabase Inc.**
• Role: Database hosting and infrastructure
• Data Shared: All account and service data
• Location: United States (configurable by region)
• Privacy Policy: https://supabase.com/privacy
• Safeguards: SOC 2 Type II certified, SCCs for international transfers, Data Processing Agreement
• Security: Encryption at rest and in transit, Row Level Security
**Google LLC (Google Places API)**
• Role: Address autocomplete for event creation
• Data Shared: Address queries only (one-way, no user identification)
• Location: United States
• Privacy Policy: https://policies.google.com/privacy
• Safeguards: Google Cloud Data Processing Terms
• Note: We do not send your location or personal information to Google
**Mapbox Inc.**
• Role: Map display and rendering
• Data Shared: Map tile requests only (no personal data or precise location)
• Location: United States
• Privacy Policy: https://www.mapbox.com/legal/privacy
• Safeguards: Anonymized requests, no user tracking
**Analytics Providers (If Applicable):**
• We may use anonymized analytics services (e.g., Mixpanel, Google Analytics)
• Data is aggregated and anonymized - no personally identifiable information shared
• You can opt-out via device settings or browser extensions
Legal Disclosure:
We may disclose your information if required by law:
• Court orders, subpoenas, or legal process
• Government requests for national security or law enforcement
• To protect our rights, property, or safety
• To prevent fraud or illegal activity
• With your consent
In such cases, we will:
• Notify you unless legally prohibited
• Challenge overly broad or inappropriate requests
• Minimize data disclosed to what's legally required
• Publish transparency reports (when available)
Business Transfers:
If Turntopia is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.
=================================================================
7. DATA SECURITY AND RETENTION
Data Security Measures
Infrastructure:
• Database: Supabase (PostgreSQL) with encryption at rest (AES-256)
• File Storage: Supabase Storage with secure access policies and encryption
• Network: All data encrypted in transit (HTTPS/TLS 1.3)
• Location: Data stored in secure data centers with physical and digital protections
Security Measures:
• Row Level Security (RLS): Database-level access control policies ensure users can only access their own data
• Encryption: All data encrypted in transit (HTTPS) and at rest (AES-256)
• Authentication: Secure password hashing with bcrypt (10+ rounds)
• Session Management: Automatic token refresh, secure session handling, automatic logout after inactivity
• Input Sanitization: All user inputs sanitized to prevent XSS, SQL injection, and other attacks
• Rate Limiting: Protection against brute force and DDoS attacks
• Regular Security Audits: Third-party penetration testing and vulnerability assessments
• Access Controls: Limited employee access, multi-factor authentication for admin access
• Monitoring: Real-time security monitoring and anomaly detection
Data Retention Policy
We retain your personal information only as long as necessary for the purposes outlined in this policy or as required by law:
**Account Data:**
• Active accounts: Retained while account is active
• Deleted accounts: Permanently deleted within 90 days of deletion request
• Includes: Email/phone, profile information, preferences, settings
**Event Data:**
• Active events: Retained until event is deleted by creator
• Past events: Retained for 1 year after event date, then automatically deleted
• Deleted events: Permanently deleted within 30 days
• Includes: Titles, descriptions, images, location data
**Location Data:**
• Event locations: Deleted immediately when event is deleted
• Current location: Never stored - used only for real-time distance calculations
• Maximum retention: 1 year (with associated event)
**Engagement Data:**
• Likes, saves, RSVPs: Deleted within 90 days of account deletion
• Follow relationships: Deleted immediately upon unfollowing or account deletion
**Authentication Data:**
• Passwords: Hashed, never stored in plaintext, deleted with account
• Session tokens: Deleted after logout or 30 days of inactivity
• OTP codes: Deleted within 24 hours after generation
**Log Files and Analytics:**
• Server logs: Retained for 90 days for security and debugging
• Anonymized analytics: Retained indefinitely (cannot be linked back to individuals)
• Error reports: Retained for 1 year for quality improvement
**Backup Data:**
• Backup retention: 30 days rolling backups
• Deleted data in backups: Purged when backup expires (max 30 days)
**Inactive Accounts:**
• Accounts with no login activity for 2 years: Notified via email, then deleted after 30-day grace period
• Exception: Accounts with active events are not considered inactive
**Legal Hold:**
• Data subject to legal proceedings, investigations, or disputes: Retained until matter is resolved
• You will be notified if your data is subject to a legal hold
**Early Deletion:**
You can request early deletion of your data at any time by deleting your account or contacting admin@turntopia.net. We will comply within 30 days (GDPR) or 45 days (CCPA) unless legally required to retain certain information.
=================================================================
8. INTERNATIONAL DATA TRANSFERS
Global Operations:
Turntopia operates globally and may transfer your personal information to countries outside your residence, including the United States where our primary infrastructure (Supabase, Twilio) is located.
Safeguards for International Transfers:
**For EU/EEA/UK/Swiss Users:**
We ensure adequate protection for your data through:
1. **Standard Contractual Clauses (SCCs):**
• We use European Commission-approved Standard Contractual Clauses for transfers to countries without adequacy decisions
• SCCs are contractual commitments ensuring your data receives equivalent GDPR protection
• Available upon request: admin@turntopia.net
2. **Data Processing Agreements (DPAs):**
• All processors (Supabase, Twilio, etc.) have signed DPAs committing to GDPR compliance
• DPAs include mandatory data security and confidentiality obligations
3. **Adequacy Decisions:**
• Where applicable, we rely on European Commission adequacy decisions (e.g., for certain countries)
4. **Additional Safeguards:**
• Encryption in transit and at rest
• Access controls limiting who can access EU data
• Regular audits of processor compliance
• Binding commitments from processors not to access data for government surveillance
**For California and Other U.S. State Residents:**
Your data may be transferred outside California/your state but remains subject to CPRA/state privacy law protections. Processors are contractually bound to maintain equivalent protections.
**For Other Jurisdictions:**
We implement appropriate safeguards consistent with local law requirements (e.g., Brazil LGPD, Canada PIPEDA).
**Government Access:**
We do not voluntarily provide user data to any government for surveillance. If legally compelled:
• We will notify you unless prohibited by law
• We will challenge overbroad or inappropriate requests
• We will limit disclosure to what's legally required
• We maintain transparency reports (when available)
**Your Rights:**
You can:
• Request information about specific international transfers of your data
• Object to transfers in certain circumstances
• Request a copy of the SCCs or other transfer safeguards
Contact admin@turntopia.net for EU-specific transfer inquiries.
=================================================================
9. SMS/TEXT MESSAGING TERMS AND CONDITIONS
Note: These SMS terms only apply if you choose to use phone number authentication. You are not required to provide a phone number - you may choose email authentication instead to avoid SMS charges.
How You Consent to SMS Messages
If you choose phone authentication, by providing your phone number during Turntopia Account registration and tapping "Continue" on the signup screen, you expressly consent to receive SMS text messages containing one-time password (OTP) authentication codes for account verification across all Turntopia services (including Unmap, Blocktopia, and future applications).
This consent matches the exact language shown in the signup flow: "By continuing, you consent to SMS for one-time passwords (OTP) to verify your account."
Message Frequency
Message frequency varies based on your account activity. Typically, you will receive 1 SMS message per login attempt or account verification request. Messages are transactional (authentication) only, not promotional.
Message and Data Rates
Standard message and data rates may apply depending on your mobile carrier plan. Turntopia does not charge for SMS messages, but your carrier may charge per message or include messages in your plan. Please contact your mobile carrier for details about your specific plan rates.
How to Opt-Out (STOP)
You can opt-out of receiving SMS messages at any time by replying STOP to any message you receive from us. After opting out, you will receive one final confirmation message stating you have successfully opted out.
Important: Opting out of SMS will prevent you from using phone authentication to log in. However, you can switch to email authentication in your account settings to continue accessing your Turntopia Account and services without receiving SMS messages.
How to Resubscribe (START)
If you previously opted out and wish to resubscribe to SMS messages, reply START to any previous message from us. You will receive a confirmation message and can then log into your account normally.
How to Get Help (HELP)
For help or support with SMS messages, reply HELP to any message you receive from us. You will receive information about how to contact support.
You can also contact us directly at:
• Email: admin@turntopia.net
• SMS Support: admin@turntopia.net
• In-App: Profile → Settings → Privacy
SMS Privacy and Data Protection
Your phone number is used exclusively for account authentication and security purposes across all Turntopia services. We do not:
• Sell or rent your phone number to third parties
• Use your phone number for marketing or promotional messages
• Share your phone number with advertisers or data brokers
Your phone number is shared only with Twilio (our SMS service provider) for the sole purpose of delivering authentication codes. Twilio is prohibited from using your phone number for any other purpose.
Carrier Liability Disclaimer
Mobile carriers are not liable for delayed or undelivered messages. Message delivery is subject to your carrier's network availability, coverage area, and terms of service. If you do not receive expected messages, please:
• Check your phone has cellular service
• Ensure SMS is enabled on your account
• Contact your carrier to verify SMS is not blocked
• Try logging in again to request a new code
Supported Carriers
Our SMS authentication service is compatible with all major U.S. mobile carriers including AT&T, Verizon, T-Mobile, Sprint, US Cellular, Cricket Wireless, MetroPCS, and most prepaid carriers. International carrier support varies by region.
Compliance
SMS services comply with: TCPA (Telephone Consumer Protection Act), CTIA Messaging Principles, and carrier guidelines.
=================================================================
10. YOUR PRIVACY RIGHTS AND HOW TO EXERCISE THEM
You have the following rights regarding your personal information:
**Right to Access:**
• You can view all your data through the app: Profile → Settings → Privacy
• You can request a complete copy of all data we hold about you
• How to exercise: Email admin@turntopia.net with subject "Data Access Request"
• Response time: 30 days (GDPR), 45 days (CCPA)
• Format: Machine-readable format (JSON, CSV)
**Right to Deletion ("Right to be Forgotten"):**
• Delete individual events: Tap event → Delete (removes all associated data including location)
• Delete entire account: Settings → Account → Delete Account (removes ALL data across services)
• Request deletion via email: admin@turntopia.net with subject "Delete My Account"
• Response time: Completed within 30 days (GDPR), 45 days (CCPA)
• Note: Some data may be retained for legal obligations (e.g., financial records for tax purposes)
**Right to Correction:**
• Update profile information: Settings → Profile → Edit
• Correct inaccurate data: Email admin@turntopia.net with corrections
• Response time: Corrections made within 30 days
**Right to Portability:**
• Request your data in a portable, machine-readable format
• How to exercise: Email admin@turntopia.net with subject "Data Portability Request"
• Format: JSON file with all your personal information
• Response time: 30 days (GDPR), 45 days (CCPA)
**Right to Object:**
• Object to processing based on legitimate interests
• Opt-out of personalized recommendations: Settings → Privacy → Disable Recommendations
• Opt-out of location tracking: Don't use "Current Location" feature
• Opt-out of SMS: Reply STOP or switch to email authentication
• How to exercise: Email admin@turntopia.net with your objection and reason
**Right to Restrict Processing:**
• You can ask us to temporarily stop processing your data
• How to exercise: Email admin@turntopia.net with subject "Restrict Processing"
• Use cases: Challenging accuracy, pending objection resolution
**Right to Withdraw Consent:**
• For processing based on consent, you can withdraw anytime
• SMS consent: Reply STOP
• Location consent: Disable in Settings
• Effect: We will stop that processing, but won't affect past processing
**Right Not to Be Discriminated Against:**
• We will not discriminate against you for exercising privacy rights
• Equal service, pricing, and quality regardless of rights exercise
**Identity Verification:**
To protect your privacy, we may request verification before fulfilling requests:
• Login to your account for verification, OR
• Provide identifying information (email, phone number used for account)
• Additional verification may be required for sensitive requests
**Authorized Agents:**
You may designate an authorized agent to make requests on your behalf:
• Agent must provide signed authorization from you
• We may still require verification from you directly
**Appeals Process:**
If unsatisfied with our response:
1. Reply to our response explaining why you're unsatisfied
2. We will review and respond within 30 days
3. If still unsatisfied, you may lodge a complaint with your supervisory authority (see Section 17)
**Response Timeframe:**
• Initial response: Within 30 days (GDPR) or 45 days (CCPA)
• Extensions: We may extend by 30 days for complex requests (we'll notify you)
• Free of charge: First request is free; we may charge reasonable fee for excessive/repetitive requests
**Contact for Privacy Rights:**
• Email: admin@turntopia.net
• Mail: Turntopia LLC, Attn: Privacy Rights, 5101 Santa Monica Blvd Ste 8 1546, Los Angeles, CA 90029
• In-App: Profile → Settings → Privacy → Exercise My Rights
=================================================================
11. REGION-SPECIFIC PRIVACY RIGHTS
EUROPEAN UNION, EEA, UNITED KINGDOM, SWITZERLAND (GDPR)
In addition to the rights in Section 10, EU/EEA/UK/Swiss residents have:
**Right to Lodge a Complaint with Supervisory Authority:**
You have the right to lodge a complaint with your national data protection authority if you believe we have violated GDPR. See Section 17 for contact information.
**Data Protection Officer (DPO):**
Contact our Data Protection Officer for EU-specific inquiries:
• Email: admin@turntopia.net
• Mail: Data Protection Officer, Turntopia LLC, 5101 Santa Monica Blvd Ste 8 1546, Los Angeles, CA 90029
**EU Representative:**
[If required under GDPR Article 27 when we have sufficient EU operations, we will designate an EU representative and list contact here]
**Specific GDPR Rights:**
• Right to human review of automated decisions (see Section 5)
• Right to detailed explanation of data processing
• Right to challenge automated content moderation
• Right to access Standard Contractual Clauses (request via admin@turntopia.net)
**GDPR Legal Bases:**
See Section 3 for detailed legal basis for each processing activity.
**Supervisory Authority:**
See Section 17 for full list of EU supervisory authorities.
---
UNITED STATES - CALIFORNIA (CPRA)
California Consumer Privacy Act as amended by California Privacy Rights Act (2023):
**Additional California Rights:**
**Right to Correct Inaccurate Information:**
• You can request correction of inaccurate personal information
• How to exercise: Email admin@turntopia.net with subject "Correct My Information"
• Response time: 45 days
**Right to Limit Use of Sensitive Personal Information:**
• Sensitive info includes: precise geolocation, biometric data (profile photos)
• We only use sensitive info for disclosed purposes (event location, profile display)
• You can limit use: Disable location services, don't upload profile photo
• How to exercise: Email admin@turntopia.net with subject "Limit Sensitive Data Use"
**Right to Opt-Out of Sale or Sharing:**
• We do NOT sell your personal information
• We do NOT share your personal information for cross-context behavioral advertising
• If this changes, we will provide a "Do Not Sell or Share My Personal Information" link
**Right to Opt-Out of Automated Decision-Making:**
• You can opt-out of automated decisions that produce legal or similarly significant effects
• Our automated systems (event ranking, recommendations) do not produce such effects
• You can limit personalization: Settings → Privacy → Disable Recommendations
**Categories of Personal Information Collected:**
(Last 12 months)
• Identifiers: Email, phone (optional), display name (optional)
• Demographics: Birthdate (age verification only)
• Geolocation: Event locations (when you create events), current location (when you use "Current Location")
• Visual information: Profile photos (optional), event images (when you upload)
• Internet activity: Usage data, log files, analytics
• Inferences: Event preferences based on your activity
**Business Purposes for Collection:**
See Section 4 for detailed purposes.
**Sources of Personal Information:**
• Directly from you (account creation, profile, events)
• Automatically (usage data, logs)
• From your device (location when permitted)
**Third Parties We Share With:**
See Section 6 for complete list of service providers.
**Retention Periods:**
See Section 7 for detailed retention timelines.
**Shine the Light:**
California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing. We do not disclose personal information to third parties for their direct marketing purposes.
**How to Exercise California Rights:**
• Email: admin@turntopia.net
• Phone: [If toll-free number available]
• Mail: Turntopia LLC, Attn: California Privacy Rights, 5101 Santa Monica Blvd Ste 8 1546, Los Angeles, CA 90029
• Online Form: [If available] https://turntopia.net/privacy-request
**Authorized Agents:**
California residents may use authorized agents to make requests. Agent must provide:
• Signed authorization from you
• Proof of agent's authority
We may still require direct verification from you.
**Response Timeframe:**
• 45 days (may extend additional 45 days for complex requests)
• Free of charge (first two requests per year)
**Non-Discrimination:**
We will not discriminate against you for exercising CPRA rights.
---
UNITED STATES - MULTI-STATE PRIVACY RIGHTS
The following states have comprehensive privacy laws similar to CPRA:
**Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Iowa, Montana, Oregon, Texas, Delaware:**
Residents of these states have rights including:
• Access your personal data
• Correct inaccuracies
• Delete your personal data
• Obtain a copy (portability)
• Opt-out of: sale of personal data, targeted advertising, profiling for significant decisions
**We do NOT:**
• Sell personal data
• Use personal data for targeted advertising
• Use profiling for decisions with legal or similarly significant effects
**How to Exercise Multi-State Rights:**
• Email: admin@turntopia.net with your state in subject line
• Example: "Virginia Privacy Rights Request"
• Response time: 45 days (state-dependent)
**Appeals:**
If we decline your request, you may appeal:
• Reply to our response with "Appeal" in subject
• We will review and respond within 60 days
• You may also contact your state attorney general
**State-Specific Contacts:**
• Virginia: admin@turntopia.net (Subject: Virginia Rights)
• Colorado: admin@turntopia.net (Subject: Colorado Rights)
• Connecticut: admin@turntopia.net (Subject: Connecticut Rights)
• Other states: admin@turntopia.net (Subject: [Your State] Rights)
---
BRAZIL (LGPD - Lei Geral de Proteção de Dados)
Brazilian residents have rights under LGPD including:
• Confirmation of data processing
• Access to your data
• Correction of incomplete, inaccurate, or outdated data
• Anonymization, blocking, or deletion
• Portability to another service provider
• Information about public and private entities with which we share data
• Information about possibility of denying consent and consequences
• Revocation of consent
**Legal Bases for Processing (LGPD):**
Similar to Section 3 (GDPR) - consent, contract, legal obligation, legitimate interest
**Data Protection Officer (Brazil):**
• Email: admin@turntopia.net
• We may designate a Brazil-based representative as required by LGPD
**How to Exercise LGPD Rights:**
• Email: admin@turntopia.net
• Subject: "LGPD Data Subject Request"
• Response time: 15 days
**ANPD Complaints:**
You may file complaints with Brazil's National Data Protection Authority (ANPD):
• Website: https://www.gov.br/anpd/
---
CANADA (PIPEDA)
Canadian residents have rights under Personal Information Protection and Electronic Documents Act:
• Know what personal information we hold
• Access your personal information
• Challenge accuracy and completeness
• Understand how information is used and disclosed
• Withdraw consent (subject to legal/contractual restrictions)
**How to Exercise PIPEDA Rights:**
• Email: admin@turntopia.net
• Subject: "PIPEDA Request"
• Response time: 30 days
**Privacy Commissioner Complaints:**
If unsatisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada:
• Website: https://www.priv.gc.ca/
• Phone: 1-800-282-1376
---
UNITED KINGDOM (UK GDPR)
UK residents have the same rights as EU residents (see GDPR section above).
**UK-Specific Contacts:**
• Email: admin@turntopia.net
• Subject: "UK Privacy Rights"
**UK Representative:**
[If required under UK GDPR Article 27, we will designate a UK representative and list contact here]
**Information Commissioner's Office (ICO):**
You can lodge complaints with the ICO:
• Website: https://ico.org.uk/
• Phone: 0303 123 1113
---
AUSTRALIA (Privacy Act 1988)
Australian residents have rights including:
• Access your personal information
• Correct inaccurate or out-of-date information
• Understand how we collect, use, and disclose information
• Complain about privacy breaches
**How to Exercise Australian Privacy Rights:**
• Email: admin@turntopia.net
• Subject: "Australian Privacy Request"
• Response time: 30 days
**Office of the Australian Information Commissioner (OAIC):**
You can lodge complaints with the OAIC:
• Website: https://www.oaic.gov.au/
• Phone: 1300 363 992
---
OTHER JURISDICTIONS
**Japan (APPI - Act on the Protection of Personal Information):**
• Residents have rights to access, correct, and delete personal data
• Email: admin@turntopia.net (Subject: "Japan Privacy Rights")
**South Korea (PIPA - Personal Information Protection Act):**
• Residents have rights to access, correct, delete, and suspend processing
• Email: admin@turntopia.net (Subject: "Korea Privacy Rights")
**Other Countries:**
If your country has privacy laws not listed here, you still have rights. Contact admin@turntopia.net with your country name in the subject line.
=================================================================
12. CHILDREN'S PRIVACY (COPPA COMPLIANCE)
Age Requirements:
Our services are not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13.
You must be at least 13 years old to create a Turntopia Account and use any Turntopia service.
Parental Notice
If you are a parent or legal guardian and believe your child under 13 has provided us with personal information, please contact us immediately at:
• Email: admin@turntopia.net
• Subject: "Child Privacy Concern"
We will promptly:
• Verify the request and your relationship to the child
• Delete all personal information associated with the child's account
• Terminate the account within 24-48 hours
• Confirm deletion in writing
What We Collect from Children Under 13 (None)
We do not knowingly collect:
• Names, addresses, or phone numbers from children under 13
• Email addresses or online contact information
• Social Security numbers or government IDs
• Photos, videos, or audio files
• Geolocation information
• Persistent identifiers (cookies, IP addresses) for behavioral advertising
• Any other personal information
Age Verification
During account creation, we require users to confirm they are at least 13 years old by entering their birthdate. If a birthdate indicates the user is under 13, account creation is blocked.
If we discover a user is under 13 (through report or our own detection), we will immediately:
• Suspend the account
• Delete all personal information and content
• Terminate the account permanently
• Notify the email address on file (if provided by parent)
Enhanced Protections for Minors (13-17)
For users aged 13-17, we provide enhanced protections:
• Default privacy settings: Profiles are private by default
• Location sharing: Disabled by default
• Age display: Never shown to other users
• Contact restrictions: Limited who can contact minors
• Parental access: Parents may request information about their child's account
Parental Rights for Users Under 18
If your child is under 18, you have the right to:
• Review personal information we have collected from your child
• Request deletion of your child's personal information
• Refuse further collection or use of your child's information
• Receive a description of types of information collected and how it's used
To exercise these rights:
• Email: admin@turntopia.net with subject "Parental Rights Request"
• Provide: Your relationship to the child, child's account information, proof of parental authority
• We will verify your identity and relationship before responding
Third-Party Services and Children
Our third-party service providers (Supabase, Twilio, etc.) are contractually prohibited from collecting information from children under 13 through our services.
School/Educational Use
Our services are not currently designed for use by schools or educational institutions. If you are a school and wish to use our services, please contact us to discuss appropriate protections and parental consent mechanisms.
International Children's Privacy
We comply with children's privacy laws in jurisdictions where we operate, including:
• EU/UK: GDPR Article 8 requirements (parental consent for users under 16 in some countries)
• California: AB 2273 Age-Appropriate Design Code
• Other jurisdictions' children's privacy laws as applicable
=================================================================
13. SENSITIVE PERSONAL INFORMATION
Definition:
Under GDPR, CPRA, and other privacy laws, certain categories of personal information are considered "sensitive" and require heightened protection.
What Sensitive Information We Do NOT Collect:
We do not knowingly collect or process the following sensitive personal information:
• Racial or ethnic origin
• Political opinions or affiliations
• Religious or philosophical beliefs
• Trade union membership
• Genetic data
• Health data, medical information, or disability status
• Sex life or sexual orientation information
• Biometric data for unique identification (beyond optional profile photos)
• Government-issued identifiers (Social Security numbers, passport numbers, driver's license numbers)
• Financial account information (credit cards, bank accounts)
• Precise geolocation for surveillance purposes
What We Do Collect That May Be Considered Sensitive:
• **Profile Photos (Optional):** May contain biometric information. You control whether to upload. Used only for profile display, not for biometric identification or surveillance.
• **Event Location Data:** Precise geolocation when you create events. Used only for event display on maps and discovery, not for tracking or surveillance. You control when to create events and can disable location features.
If Sensitive Data Is Inadvertently Collected:
If you believe we have inadvertently collected sensitive personal information about you:
• Contact us immediately: admin@turntopia.net
• Subject: "Sensitive Data Removal Request"
• We will investigate and delete the information within 48 hours
Your Rights Regarding Sensitive Information:
**California Residents (CPRA):**
• Right to limit use and disclosure of sensitive personal information
• Exercise: Email admin@turntopia.net with subject "Limit Sensitive Data Use"
**EU/UK Residents (GDPR):**
• Processing sensitive data generally requires explicit consent or other strong legal basis
• You can withdraw consent or object to processing
• Exercise: Email admin@turntopia.net
**Other Jurisdictions:**
• Check Section 11 for your region-specific rights
Third-Party Access:
We do not share any sensitive personal information with third parties except as necessary for service provision (e.g., profile photos stored by Supabase) under strict contractual protections.
=================================================================
14. COOKIES AND TRACKING TECHNOLOGIES
Mobile App
Our mobile application does not use cookies in the traditional sense. However, we may use similar technologies for:
**Essential Technologies (Cannot Be Disabled):**
• Session Management: Maintaining your login session securely
• Authentication: Verifying your identity
• Security: Preventing fraud and unauthorized access
• Core Functionality: Enabling basic app features
**Optional Technologies (Can Be Limited):**
• Analytics: Understanding app usage patterns (anonymized, aggregated data only)
• Performance Monitoring: Tracking crashes and performance issues to improve app quality
• Error Reporting: Collecting error logs to fix bugs
**You Can Control:**
• Limit analytics: Device settings → Privacy → Analytics (iOS) or Settings → Google → Usage & Diagnostics (Android)
• Opt-out of personalization: In-app Settings → Privacy → Disable Recommendations
Website (turntopia.net)
Our website may use cookies and similar tracking technologies:
**Essential Cookies (Cannot Be Disabled):**
• Required for basic website functionality
• Session management and security
• Load balancing and service delivery
• Authentication state
• Duration: Session-based (deleted when browser closes) or up to 1 year
**Analytics Cookies (Can Be Disabled):**
• Help us understand how visitors use our site
• Collect anonymous usage data (pages viewed, time spent, referral source)
• Examples: Google Analytics, Mixpanel (if used)
• Duration: Up to 2 years
• Opt-out: Browser settings, browser extensions, or opt-out links below
**Functional Cookies (Can Be Disabled):**
• Remember your preferences (language, region)
• Enhance user experience
• Duration: Up to 1 year
• Opt-out: Browser settings
**No Advertising/Tracking Cookies:**
• We do NOT use cookies for behavioral advertising
• We do NOT sell cookie data to third parties
• We do NOT track you across other websites
Third-Party Cookies
Third-party services we use may set their own cookies:
• Map providers (Mapbox): For map rendering only, no tracking
• Payment processors (if applicable): For secure payment processing only
• Each is subject to their own privacy policies (see Section 6 for links)
Your Cookie Choices
**Browser Settings:**
• Most browsers allow you to refuse cookies or delete existing cookies
• Instructions: Check your browser's Help menu
• Note: Disabling essential cookies may prevent website functionality
**Opt-Out Tools:**
• Network Advertising Initiative: https://optout.networkadvertising.org/
• Digital Advertising Alliance: https://optout.aboutads.info/
• Note: We don't use advertising cookies, but these tools can help with other sites
**Do Not Track (DNT):**
• We honor Do Not Track signals where applicable
• Enable in browser settings
**Mobile Settings:**
• iOS: Settings → Privacy → Tracking → Disable "Allow Apps to Request to Track"
• Android: Settings → Google → Ads → Opt out of Ads Personalization
**Global Privacy Control (GPC):**
• We honor Global Privacy Control signals for opt-out requests
• Enable via browser extension: https://globalprivacycontrol.org/
Effect of Disabling Cookies
Disabling cookies may:
• Limit some website features (e.g., staying logged in)
• Prevent preference saving
• Reduce personalization
• NOT affect core mobile app functionality
Cookie Policy Updates
We may update our cookie practices. Last updated: November 24, 2025
For more details about our cookies:
• Email: admin@turntopia.net
• Subject: "Cookie Information Request"
=================================================================
15. CHANGES TO THIS POLICY
Policy Updates:
We may update this Privacy Policy from time to time to reflect:
• Changes in our services or features
• Changes in applicable privacy laws
• Changes in our data practices
• Feedback from users or regulators
Notice of Changes:
We will notify you of material changes by:
• Posting the new Privacy Policy in the app and on our website
• Updating the "Last Updated" date at the top of this policy
• Sending email notification to your registered email address
• Displaying an in-app notification requiring acknowledgment
• For material changes: Providing 30 days' notice before changes take effect
What Constitutes "Material" Changes:
Material changes include:
• New categories of personal information collected
• New purposes for using personal information
• New third parties with whom we share data
• Reduced user rights or protections
• Changes to data retention periods (longer retention)
• Changes to international data transfers
Non-Material Changes:
Minor changes (typos, clarifications, formatting, contact information updates) may be made without advance notice. Check the "Last Updated" date to see when the policy was last modified.
Your Consent to Changes:
• Continued use after notice period: Constitutes acceptance of updated policy
• If you don't agree: You must stop using services and may delete your account
• For material changes requiring explicit consent: We will request your consent before changes apply to you
Previous Versions:
You can request previous versions of this Privacy Policy:
• Email: admin@turntopia.net
• Subject: "Previous Privacy Policy Request"
• Specify date or version number if known
EU Users:
For EU residents, if changes significantly affect your rights or require a new legal basis, we will obtain your explicit consent before the changes apply to you.
=================================================================
16. CONTACT US AND DATA PROTECTION OFFICER
General Privacy Inquiries:
• Email: admin@turntopia.net
• Mail: Turntopia LLC, Attn: Privacy Team, 5101 Santa Monica Blvd Ste 8 1546, Los Angeles, CA 90029
• Website: https://turntopia.net
• In-App: Profile → Settings → Privacy → Contact Support
Data Protection Officer (DPO):
For GDPR, LGPD, and other data protection inquiries:
• Email: admin@turntopia.net
• Mail: Data Protection Officer, Turntopia LLC, 5101 Santa Monica Blvd Ste 8 1546, Los Angeles, CA 90029
Region-Specific Privacy Contacts:
• **EU/EEA/Switzerland:** admin@turntopia.net
• **United Kingdom:** admin@turntopia.net
• **California:** admin@turntopia.net
• **Brazil:** admin@turntopia.net
• **Canada:** admin@turntopia.net (Subject: "Canada PIPEDA")
• **Australia:** admin@turntopia.net (Subject: "Australia Privacy")
• **Other regions:** admin@turntopia.net (Include your country in subject)
SMS-Specific Support:
• Email: admin@turntopia.net
• For opt-out assistance, technical issues, or SMS-related questions
Security Vulnerabilities:
If you discover a security vulnerability:
• Email: admin@turntopia.net
• Do NOT disclose publicly until we've had time to address
• We appreciate responsible disclosure and will credit you if desired
Response Times:
• Privacy rights requests: 30-45 days (depending on jurisdiction and complexity)
• General inquiries: 5-7 business days
• Security vulnerabilities: 24-48 hours acknowledgment, resolution timeframe varies
Languages:
This Privacy Policy is provided in English. Translations may be available for other languages:
• Request translation: admin@turntopia.net
• If conflicts arise between translations, English version prevails
=================================================================
17. SUPERVISORY AUTHORITIES AND COMPLAINTS
Your Right to Lodge a Complaint:
If you believe we have violated your privacy rights or applicable privacy laws, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.
We encourage you to contact us first (admin@turntopia.net) to resolve concerns, but you are not required to do so before contacting authorities.
European Union / EEA Supervisory Authorities:
Each EU/EEA member state has a data protection authority. You can lodge a complaint with:
• The authority in your country of residence, OR
• The authority where the alleged violation occurred, OR
• The authority where we have our establishment (if applicable)
**Find Your EU Supervisory Authority:**
• Complete list: https://edpb.europa.eu/about-edpb/board/members_en
• Interactive map: https://edpb.europa.eu/about-edpb/board/members
**Notable EU Authorities:**
• Ireland (DPC): https://www.dataprotection.ie/ - Many tech companies are registered here
• Germany: https://www.bfdi.bund.de/
• France (CNIL): https://www.cnil.fr/
• Spain (AEPD): https://www.aepd.es/
• Italy (Garante): https://www.garanteprivacy.it/
United Kingdom:
• **Information Commissioner's Office (ICO)**
• Website: https://ico.org.uk/
• Phone: 0303 123 1113
• Report a concern: https://ico.org.uk/make-a-complaint/
Switzerland:
• **Federal Data Protection and Information Commissioner (FDPIC)**
• Website: https://www.edoeb.admin.ch/
• Email: info@edoeb.admin.ch
United States - California:
• **California Privacy Protection Agency (CPPA)**
• Website: https://cppa.ca.gov/
• File a complaint: https://cppa.ca.gov/regulations/consumer_complaints.html
• **California Attorney General**
• Website: https://oag.ca.gov/privacy
• Consumer complaint: https://oag.ca.gov/contact/consumer-complaint-against-business-or-company
United States - Other States:
• Contact your state Attorney General's office
• Many states have consumer protection divisions handling privacy complaints
Brazil:
• **National Data Protection Authority (ANPD)**
• Website: https://www.gov.br/anpd/
• Email: comunicacao@anpd.gov.br
Canada:
• **Office of the Privacy Commissioner of Canada**
• Website: https://www.priv.gc.ca/
• Phone: 1-800-282-1376
• File a complaint: https://www.priv.gc.ca/en/report-a-concern/
• **Provincial Privacy Commissioners** (for provincial matters in Quebec, Alberta, BC)
Australia:
• **Office of the Australian Information Commissioner (OAIC)**
• Website: https://www.oaic.gov.au/
• Phone: 1300 363 992
• Lodge a complaint: https://www.oaic.gov.au/privacy/privacy-complaints
Japan:
• **Personal Information Protection Commission (PPC)**
• Website: https://www.ppc.go.jp/ (Japanese)
• Email: (via online form on website)
South Korea:
• **Personal Information Protection Commission (PIPC)**
• Website: https://www.pipc.go.kr/ (Korean/English)
• Phone: 1833-6972
Other Jurisdictions:
If your country is not listed, contact your national data protection authority or consumer protection agency. We will cooperate with all legitimate supervisory authority inquiries.
Our Commitment:
We take all complaints seriously and will:
• Cooperate fully with supervisory authorities
• Respond to inquiries within required timeframes
• Implement recommended remedies
• Use feedback to improve our practices
=================================================================
CONSENT AND ACCEPTANCE
By using any Turntopia LLC service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.
If you do not agree with this policy, you must not use our services.
For EU/EEA/UK/Swiss residents: Your use constitutes consent only where consent is the legal basis for processing (see Section 3). For other legal bases (contract, legitimate interest, legal obligation), your consent is not required, but you have rights to object or restrict processing.
=================================================================
This Privacy Policy is effective as of November 24, 2025 and supersedes all prior versions.
For questions about this policy, contact admin@turntopia.net.
© 2025 Turntopia LLC. All rights reserved.
=================================================================
END OF PRIVACY POLICY
=================================================================