Privacy Policy — ImIn Community

Effective Date: April 27, 2025 Last Updated: March 31, 2026

Welcome to ImIn ("we," "our," "us," or "ImIn Community"). ImIn Community is operated by Hedi Ben Jaafer, based in Quebec, Canada.

Your privacy is important to us. This Privacy Policy explains how we collect, use, disclose, retain, and protect your personal information when you use our mobile application ("the App") and related services. It is designed to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec's Act respecting the protection of personal information in the private sector (Law 25), and Apple's App Store guidelines.

By creating an account or using ImIn, you consent to the practices described in this Privacy Policy. You may withdraw your consent at any time as described in Section 9.

1. Person Responsible for Personal Information

In accordance with Quebec Law 25, the person responsible for the protection of personal information at ImIn Community is:

Hedi Ben Jaafer Founder & CEO, ImIn Community Email: contact@imincommunity.com Phone: 450-232-9024 Location: Quebec, Canada

You may contact this person for any questions regarding this Privacy Policy, to exercise your rights, or to file a complaint related to the handling of your personal information.

2. Information We Collect

We collect the following categories of personal information:

2.1 Information You Provide Directly

  • Account Information: Name, email address, and authentication credentials (via email/password, Apple Sign-In, or Google Sign-In).
  • Profile Information: Profile photo (optional), bio, interests, and social media links.
  • User-Generated Content: Activities you create, participation requests, messages sent in activity group chats, reviews, and endorsements.
  • Verification Information: For our optional community verification system, you may choose to provide endorsements from other users. We do not collect government-issued ID documents or biometric data.
  • Subscription Information: Your subscription plan selection (Free, Premium, or Creator). Payment and billing are handled entirely by Apple through the App Store; we do not collect or store credit card numbers or banking information.
  • Support Communications: Messages you send to our support team.

2.2 Information Collected Automatically

  • Device Identifiers: A unique user ID (UID) assigned by Firebase Authentication, and a device token used for push notifications via Firebase Cloud Messaging (FCM).
  • Location Data: With your explicit permission, we collect your precise geographic location (GPS coordinates) to enable activity discovery, Pulse (instant invite) matching, and city-based features. Location data is used to derive your city and country for your public profile. Precise coordinates are stored separately in a private data partition and are never visible to other users. You can disable location services at any time through your device settings or in-app preferences.
  • Crash and Diagnostic Data: App crash logs, stack traces, device model, operating system version, and app performance data collected through Firebase Crashlytics. This data helps us identify and fix technical issues.
  • Usage Data: Feature interactions, session data, and event data collected through Firebase Analytics for internal product improvement purposes only. We do not use this data for advertising or cross-app tracking.

2.3 Information We Do Not Collect

We do not collect: financial or banking data, health information, contacts from your device, browsing history, advertising identifiers (IDFA), biometric data, or government-issued identification documents.

3. How We Use Your Information

We use your personal information solely for the following purposes:

  • Account Management: To create, authenticate, and manage your user account.
  • Core App Functionality: To enable you to create, discover, and join local activities; to send and receive Pulses (instant invites); and to facilitate group chat within activities.
  • Location-Based Features: To match you with nearby activities and users, to enable geospatial Pulse delivery, and to determine your city for community features. Precise location is processed in real-time for matching; only city-level information appears on your public profile.
  • Push Notifications: To send you relevant notifications about activity updates, participation requests, chat messages, and system alerts via Firebase Cloud Messaging. You can manage notification preferences in your device settings and in-app settings.
  • Subscription Management: To verify your subscription status, enforce feature quotas (activity limits, Pulse limits, chat history retention), and manage entitlements through Apple's StoreKit 2 with server-side verification.
  • Verification and Trust: To calculate and display your verification level based on profile completeness, user reviews, and community endorsements.
  • Gamification: To track your participation and award stamps, badges, and challenges through the Passport feature.
  • App Improvement: To diagnose crashes, fix bugs, analyze feature usage, and improve the App's performance and stability.
  • Safety and Moderation: To enforce our Community Guidelines, investigate reports, and maintain a safe environment for in-person meetups.
  • Legal Compliance: To comply with applicable laws and regulations, respond to legal requests, and protect our rights.

We do not use your personal information for third-party advertising, cross-app tracking, data profiling for marketing purposes, or data brokering.

4. Consent

4.1 How We Obtain Consent

In accordance with PIPEDA and Quebec Law 25, we obtain your consent as follows:

  • Express Consent is obtained for: collection of precise location data (via iOS system permission prompt), sending push notifications (via iOS system permission prompt), and creating your account (at sign-up).
  • Specific Consent for each purpose: When you enable a feature that requires additional data (e.g., turning on location for Pulses), we explain the purpose before requesting your permission. Each consent is separate and granular.
  • Implied Consent applies only to data strictly necessary for providing the service you explicitly requested (e.g., storing your messages when you send a chat message).

4.2 Withdrawing Consent

You may withdraw your consent at any time by:

  • Disabling location services for ImIn in your device settings.
  • Disabling push notifications in your device settings or in-app preferences.
  • Deleting your account through the App (Settings > Account > Delete Account).
  • Contacting us at contact@imincommunity.com.

Withdrawing consent may limit your ability to use certain features of the App. We will inform you of the consequences before processing your request.

5. Data Sharing and Disclosure

5.1 Third-Party Service Providers

We use the following third-party service providers to operate the App. Your personal information may be shared with them strictly for the purposes described:

Service ProviderServices UsedData SharedPurpose
Firebase by Google LLC (USA)Authentication, Firestore (database), Cloud Storage, Cloud Messaging, Crashlytics, Analytics, Remote Config, Cloud FunctionsAccount data, profile data, user content, device tokens, crash data, usage dataCore app infrastructure, authentication, data storage, push notifications, crash reporting, analytics
Apple Inc. (USA)StoreKit 2, App Store ConnectSubscription transaction data, app performance metricsIn-app purchase processing, subscription verification

5.2 Cross-Border Data Transfers

Important: Because we use Firebase (Google Cloud) and other US-based service providers, your personal information is transferred to and processed on servers located in the United States. By using ImIn, you acknowledge that your data will be transferred outside of Canada and Quebec.

In accordance with Quebec Law 25, we have conducted a Privacy Impact Assessment (PIA) before initiating these cross-border transfers. We ensure that your data receives a comparable level of protection through:

  • Written Data Processing Agreements (DPAs) with each service provider.
  • Contractual obligations requiring providers to implement security measures at least equivalent to Canadian standards.
  • Technical safeguards including encryption in transit (TLS) and at rest.
  • Limiting provider access to only the data necessary for their specific function.

Please be aware that personal information stored in the United States may be subject to US laws, including potential access by US courts, government agencies, or law enforcement under applicable legal processes.

5.3 Other Disclosures

We may also disclose your personal information:

  • When required by law, regulation, court order, or legal process.
  • To protect the safety of our users when there is a credible risk of harm in connection with in-person meetups.
  • In connection with a merger, acquisition, or sale of assets, in which case you will be notified.

5.4 What We Never Do

We do not sell, rent, license, or trade your personal information to advertisers, marketers, data brokers, or any third party for their own purposes.

6. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes described in this Policy. Our specific retention periods are:

Data TypeRetention PeriodReason
Account & Profile DataDuration of account + 30 days after deletionAllow account recovery grace period
Activity DataDuration of account; archived activities retained 12 monthsEnable activity history and dispute resolution
Chat Messages30 days (Free plan), 1 year (Premium plan), Indefinite (Creator plan)Per subscription tier; auto-deleted after period
Precise Location DataProcessed in real-time; city-level derivation stored with profileMinimize location tracking; only city persists
Crash & Diagnostic Data90 daysSufficient for debugging and stability monitoring
Usage Analytics12 months (aggregated)Product improvement; aggregated and anonymized
Push Notification TokensDuration of accountRequired for notification delivery
Subscription Records7 years after expirationTax and financial record-keeping obligations
Admin Audit Logs2 yearsCompliance investigations and accountability
Endorsements & ReviewsDuration of accountVerification and trust system integrity

When your data reaches the end of its retention period or you request deletion, we securely destroy or anonymize it. Anonymized data that can no longer identify you may be retained indefinitely for aggregate statistical purposes.

7. Data Security

We implement reasonable technical and organizational security measures to protect your personal information, including:

  • Encryption of data in transit using TLS/SSL.
  • Encryption of data at rest on Firebase servers.
  • Firebase Security Rules restricting database and storage access to authorized users only.
  • Private data partitioning: sensitive data (precise coordinates, private account details) is stored separately from your public profile.
  • Server-side validation and defense-in-depth for all critical operations.
  • Audit logging of administrative actions.
  • Secure authentication via Firebase Auth with support for Apple Sign-In and Google Sign-In.

No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. If you become aware of a security vulnerability, please contact us immediately.

8. Data Breach Notification

In the event of a breach of security involving your personal information that presents a real risk of significant harm, we will:

  1. Notify the Office of the Privacy Commissioner of Canada (OPC) and the Commission d'accès à l'information du Québec (CAI) as soon as feasible after determining the breach occurred.
  2. Notify affected individuals promptly, informing you of the nature of the breach, the types of information involved, measures we are taking, and recommendations to protect yourself.
  3. Maintain a record of all security incidents for a minimum of 24 months, regardless of severity.

9. Your Rights

Under PIPEDA and Quebec Law 25, you have the following rights regarding your personal information:

  • Right of Access: You may request a copy of the personal information we hold about you.
  • Right of Correction: You may request correction of inaccurate or incomplete information. You can also update most profile information directly in the App.
  • Right of Deletion: You may request the deletion of your personal information. You can delete your account directly in the App (Settings > Account > Delete Account), which will remove your data from our active systems within 30 days.
  • Right of Portability: You may request a copy of your personal information in a structured, commonly used, and machine-readable format (e.g., JSON). Contact us to exercise this right.
  • Right to Withdraw Consent: You may withdraw your consent to any processing activity at any time, as described in Section 4.2.
  • Right to File a Complaint: If you are unsatisfied with our handling of your information, you may file a complaint with:
    • The Office of the Privacy Commissioner of Canada: www.priv.gc.ca
    • The Commission d'accès à l'information du Québec: www.cai.gouv.qc.ca

To exercise any of these rights, contact us at contact@imincommunity.com. We will respond within 30 days of receiving your request. We may need to verify your identity before processing your request.

10. Age Restriction

ImIn is intended for users aged 18 and older. The App is rated 17+ on the Apple App Store due to the nature of in-person meetup features.

We do not knowingly collect personal information from anyone under the age of 18. If you are under 18, please do not create an account or use the App.

If we become aware that we have collected personal information from a person under the age of 18, we will take steps to delete that information and terminate the associated account promptly.

If you are a parent or guardian and believe your child has created an account or provided us with personal information, please contact us at contact@imincommunity.com so that we can take appropriate action.

11. In-App Purchases and Subscriptions

ImIn offers optional subscription plans (ImIn Plus) through Apple's App Store:

  • Premium: $3.99/month or $38.30/year (20% savings)
  • Creator: $9.99/month or $95.90/year (20% savings)

All purchases are processed by Apple. We do not collect or store your payment information (credit card, banking details). We receive subscription status information from Apple (plan type, expiration date, transaction identifiers) to manage your entitlements. Subscription receipts are verified server-side using Apple's StoreKit 2 JWS verification.

Subscriptions auto-renew unless cancelled at least 24 hours before the end of the current period. You can manage or cancel subscriptions in your Apple ID settings. For more information, see Apple's subscription terms.

12. Location Data — Detailed Disclosure

Because location data is sensitive, we provide this additional detail:

  • What we collect: GPS coordinates (precise location) when you grant permission.
  • When we collect it: When you open the App with location enabled, when you create or browse activities, and when you send or receive Pulses.
  • How we use it: To find activities and users near you, to deliver Pulses to nearby users via geospatial matching (geohash), and to determine your city for community features.
  • What is stored: Your precise coordinates are stored in a private data partition (not accessible to other users). Only your city and country appear on your public profile.
  • How long we keep it: Precise coordinates are retained while your account is active. City-level data persists with your profile.
  • Your control: You can disable location services for ImIn at any time in your device settings (iOS Settings > Privacy & Security > Location Services > ImIn). Disabling location will prevent activity discovery, Pulse features, and city-based matching from functioning.

We do not sell location data, share it with advertisers, or use it for tracking purposes outside of the App's core functionality.

13. Third-Party SDKs and Privacy Manifests

Our App integrates the following third-party software development kits (SDKs), each of which may collect data as described in their respective privacy policies:

  • Firebase iOS SDK (Google LLC): Authentication, database, storage, messaging, crash reporting, analytics, remote configuration. Firebase's privacy policy: https://firebase.google.com/support/privacy
  • StoreKit 2 (Apple Inc.): In-app purchase and subscription management. Apple's privacy policy: https://www.apple.com/legal/privacy/

In compliance with Apple's requirements, our App includes a Privacy Manifest (PrivacyInfo.xcprivacy) declaring the Required Reason APIs used and the data types collected by each SDK.

14. App Tracking and Advertising

ImIn does not track you across other apps or websites. We do not:

  • Use Apple's Advertising Identifier (IDFA).
  • Participate in ad networks or display third-party advertisements.
  • Share data with advertisers or ad measurement services.
  • Engage in cross-app or cross-site tracking.

Firebase Analytics is used strictly for internal product analytics and is not linked to advertising identifiers.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

  • Material changes: We will notify you via in-app notification or email before the changes take effect, and request renewed consent where required.
  • Minor changes: We will update the "Last Updated" date at the top of this page.

We encourage you to review this Privacy Policy periodically. Your continued use of the App after changes take effect constitutes your acceptance of the updated Policy, subject to any renewed consent requirements.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

ImIn Community Person Responsible for Personal Information: Hedi Ben Jaafer Email: contact@imincommunity.com Phone: 450-232-9024 Website: https://www.imincommunity.com Location: Quebec, Canada

This Privacy Policy was last reviewed for compliance with PIPEDA, Quebec Law 25, and Apple App Store Guidelines on March 31, 2026.