Where2 Privacy Policy

Effective Date: May 26, 2026 Last Updated: May 26, 2026

Where2 is operated by BarBuzz LLC ("Where2," "we," "us," or "our"). This Privacy Policy explains how we collect, use, share, and protect personal information when you use our mobile application, our website at thewhere2app.com, and related services (collectively, the "Services").

If you have any questions about this Privacy Policy or how we handle your information, contact us at support@thewhere2app.com.

Our Data Privacy Philosophy

We're a team of people who go out, who use nightlife apps, and who know firsthand how poorly most companies handle personal data. When we built Where2, we decided to approach things differently. We treat your data the way we'd want someone to treat our own.

Where2's data privacy philosophy is to only collect and share the information needed to operate and optimize our Service and to tailor our offerings to you. We've designed our product from the ground up with privacy in mind:

We don't require full legal names to register
By default, we don't share your phone number or email with other users
We don't allow your personal data to be used for purposes unrelated to our platform unless you explicitly consent
We don't subscribe you to marketing lists when you sign up
We do not currently sell your personal information or engage in "targeted advertising" as those terms are defined under U.S. state privacy laws. If we ever change that, we will update this Policy, notify you, and give you a clear way to opt out before any such sharing begins.

Summary of Key Points

What personal information do we collect? Only what we need to make Where2 work: information you give us when you create an account or use the app, information collected automatically (like device and usage data), and precise location when you grant permission.

Do we receive personal information from third parties? We do not buy or receive personal information about you from data brokers. We may receive limited information about you from other users of the Services (for example, when someone tags you at a venue or invites you to an event) and from authentication providers (Apple, Google, or Meta) if you choose to sign in using one of those services.

Do we process sensitive personal information? Yes — limited categories: your precise geolocation (when you grant permission) and your date of birth (which we use to confirm you are at least 18). We do not collect biometric data, government ID information, or other special-category data.

Do we sell or share your data for advertising? Not today. We do not currently sell personal information or engage in targeted advertising as defined under U.S. state privacy laws. We reserve the right to do so in the future, and if we do, we will update this Policy and provide you with the right to opt out (including by honoring Global Privacy Control signals).

How do we keep your information safe? We use technical and organizational security measures appropriate to the data we hold. No system is 100% secure, but we do our best.

What are your rights? Depending on where you live, you may have the right to access, correct, delete, or get a copy of your personal information, withdraw consent, opt out of targeted advertising or sale, and appeal our decisions. See "Your Privacy Rights" below.

How do you exercise your rights? Email support@thewhere2app.com or use the in-app account controls under Settings.

What information do we collect?
How do we use your information?
When and with whom do we share your information?
Cookies and tracking technologies
How long do we keep your information?
How we keep your information safe
How your information appears to other users
Children's privacy (under 18)
Your privacy rights
State-specific privacy notices
Do Not Sell or Share / Targeted Advertising opt-out
Do-Not-Track and Global Privacy Control signals
International data transfers
Data deletion instructions
Changes to this Policy
How to contact us

1. What information do we collect?

1.1 Information you provide to us

When you create an account or use the Services, you may give us:

Phone number (used to create and verify your account)
Display name or screen name
Date of birth — used to confirm you are at least 18 years old (see Section 8)
Profile photo and bio (optional)
Social media handles (optional, if you choose to link them)
Authentication information if you sign in using Apple, Google, or Meta — see Section 1.5
User-generated content — venue reviews, ratings, vibe assessments, check-ins, chat messages, wishlists, and saved venue preferences
Communications with us — including support requests, feedback, and survey responses

All personal information you provide must be true, complete, and accurate, and you must update it if it changes.

1.2 Information collected automatically

When you use the Services, we (and our service providers) automatically collect:

Log and usage data — IP address, device information, browser type, operating system, language preferences, the pages or screens you view, actions you take in the app, dates and times of access, crash and error reports, and other diagnostic information
Device data — device model, manufacturer, operating system version, unique device identifiers, mobile carrier, and system configuration information
Cookies and similar technologies — see Section 4

1.3 Location information (sensitive personal data)

With your permission, we collect precise geolocation information from your mobile device using GPS, Wi-Fi, Bluetooth, and cell tower signals. We use this to:

Show you bars, venues, and events near you
Calculate crowd levels, wait times, and live vibe data
Verify check-ins
Power location-based notifications you opt in to

Precise location is considered sensitive personal information under U.S. state privacy laws (including Texas and California). You can revoke location permission at any time in your device settings. Location is core to how Where2 works — if you turn it off, many features will be limited or unavailable.

1.4 Date of birth (sensitive personal data)

We collect your date of birth to verify that you are at least 18 years old, as required by our Terms of Service. Date of birth may be treated as sensitive personal information in some jurisdictions. We use it only for age verification and for product features that depend on age-gating (for example, 21+ venue filtering where applicable). We do not share it with advertising partners.

1.5 Information from third-party sign-in providers

If you choose to register or sign in using Apple Sign-In, Google Sign-In, or Meta (Facebook) Login, the provider may share with us your name, email address, profile picture, and a unique identifier, depending on what you authorize. We do not receive your password from these providers. You can review and revoke this access at any time in your account settings with Apple, Google, or Meta.

1.6 Information from other users

Other users may provide information about you when they tag you at a venue, invite you to an event, or mention you in a chat or review. We treat this information the same way we treat information you provide directly.

1.7 Information from Google APIs

Our use of information received from Google APIs (including Google Maps Platform APIs such as Maps, Places, and directions) adheres to the Google API Services User Data Policy, including the Limited Use requirements. See Section 3 for more on how Google Maps Platform handles your location.

2. How do we use your information?

We use personal information for the following purposes:

To operate the Services — account creation, authentication, venue discovery, crowd-level and vibe calculations, chat, check-ins, wishlist features, and the rewards program
To communicate with you — to respond to your requests, provide customer support, send service announcements, security alerts, updates, and administrative messages (including SMS, push notifications, and email)
To verify your age and identity — to confirm you are at least 18 and to prevent fraudulent or duplicate accounts
To personalize your experience — to surface venues, events, and content relevant to you
To improve and develop the Services — including troubleshooting, product research, testing new features, and analyzing usage trends (we use de-identified or aggregated data wherever possible)
To keep the Services safe — to prevent and investigate fraud, abuse, harassment, spam, and other harmful conduct, and to enforce our Terms of Service
To comply with legal obligations — to respond to lawful requests from authorities, enforce legal claims, and meet our regulatory obligations
For marketing — to send you Where2 promotional messages where permitted by law and your preferences (you can opt out at any time)

We will not use your personal information for materially different, unrelated, or incompatible purposes without first updating this Policy and, where required, getting your consent.

3. When and with whom do we share your information?

We share personal information only in the following situations:

Service providers and processors — companies that perform services on our behalf, including:
- Cloud hosting and data storage
- Analytics providers (such as Google Analytics and Amplitude) — see Section 4
- Communication tools (such as SMS delivery, push notification services, and email)
- Authentication providers (Apple, Google, Meta) — see Section 1.5
- Performance monitoring, crash reporting, and customer support tools
- Mapping and location services (Google Maps Platform) — see below
Other Where2 users — limited information you choose to make public on your profile, as well as reviews, chat messages, and check-in activity, depending on your privacy settings. See Section 7.
Authorities and legal process — when required by law, subpoena, court order, or other legal process, or when we believe disclosure is necessary to protect our rights, prevent fraud or harm, or comply with a judicial proceeding.
Professional advisors — lawyers, auditors, bankers, and insurers, where reasonably necessary.
In connection with a business transfer — if we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you and post a notice on our Services if your information becomes subject to a different privacy policy.

Google Maps Platform

We share location information with Google Maps Platform APIs (e.g., Google Maps API, Places API) to power maps, place data, and directions in the app. Google Maps uses GPS, Wi-Fi, and cell towers to estimate your location. GPS is accurate to about 20 meters; Wi-Fi and cell towers help improve accuracy when GPS signals are weak. We may cache your most recent location on your device to improve performance. Your use of Google Maps content is also subject to the Google Maps/Google Earth Additional Terms of Service and Google's Privacy Policy. You may revoke location permission at any time in your device settings.

Categories of third parties we share with (TX TDPSA / CCPA disclosure)

The categories of third parties to whom we disclose personal information are:

Cloud computing and data storage providers
Analytics providers
Communication and messaging providers (SMS, push, email)
Authentication providers
Mapping and location service providers
Customer support and crash reporting tools
Professional advisors
Government authorities, law enforcement, and parties to legal proceedings, when required

What we do not do

We do not sell your personal information for monetary consideration.
We do not currently engage in "targeted advertising" as defined under U.S. state privacy laws.
We do not share personal information with data brokers.
We do not share, sell, or rent personal data collected through our messaging programs to unaffiliated third parties for their own independent marketing purposes.

If this ever changes, we will update this Policy and provide you with the rights described in Section 11.

4. Cookies and tracking technologies

We use cookies, SDKs, pixels, and similar technologies on our website and within our mobile app to:

Keep you logged in
Remember your preferences
Understand how the Services are used (analytics)
Diagnose and fix bugs and crashes
Protect against fraud and abuse

We work with the following types of analytics and tracking partners:

Google Analytics — to understand traffic patterns and feature usage. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
Product analytics platforms (such as Amplitude) — to measure feature engagement and improve the product.
Crash and performance monitoring — to diagnose technical issues.

We do not currently use third-party advertising cookies, ad-network pixels, or retargeting technology on the Services. If we begin to use such technologies in the future, we will update this Policy and provide an opt-out mechanism consistent with applicable law.

You can manage cookies through your browser settings and limit ad tracking on your mobile device through your device's privacy settings (for example, "Allow Apps to Request to Track" on iOS or "Reset advertising ID" on Android).

5. How long do we keep your information?

We keep personal information only as long as we need it to provide the Services and for the purposes described in this Policy, unless a longer retention period is required or permitted by law (for example, for tax, accounting, fraud-prevention, or legal compliance reasons).

When you delete your account, we will delete or anonymize your personal information from our active systems within 30 days, subject to the exceptions in Section 14. Backups containing your information may be retained for a limited additional period until they are overwritten in the ordinary course of business.

6. How we keep your information safe

We use technical and organizational security measures designed to protect personal information from unauthorized access, disclosure, alteration, or destruction. These include encryption in transit (TLS), access controls, monitoring, and security reviews. We comply with applicable security requirements, including the New York SHIELD Act's reasonable safeguards requirements.

No method of transmission over the internet or method of electronic storage is 100% secure. While we work hard to protect your information, we cannot guarantee absolute security. If we become aware of a security breach affecting your personal information, we will notify you and the appropriate authorities as required by law.

7. How your information appears to other users

Your public profile on Where2 is configurable by you. It may contain a display name, profile photo, bio, badges earned, and check-in activity that you choose to make visible. Your phone number and email are never shown to other users unless you explicitly choose to share them.

Reviews, ratings, and chat messages you post are visible to other users of the Services. Check-in data and leaderboard positions may be visible to other users depending on your privacy settings. You can review and adjust these settings in the app under Settings > Privacy.

Content you post publicly may be cached, copied, or saved by other users. Where2 cannot guarantee removal of public content from third-party copies after you delete it.

8. Children's privacy (under 18)

Where2 is intended for users 18 years of age or older. We do not knowingly collect personal information from anyone under 18.

By using the Services, you represent that you are at least 18 years old. We use your date of birth at registration to confirm this. If we learn that we have collected personal information from someone under 18, we will deactivate the account and take reasonable measures to delete the information.

If you believe we may have collected information from a child under 18, please contact us at support@thewhere2app.com.

9. Your privacy rights

Depending on where you live, applicable privacy law may give you the following rights regarding your personal information:

Right to know / access — request confirmation of whether we process your personal information and a copy of it
Right to correct — request correction of inaccurate or outdated personal information
Right to delete — request deletion of your personal information
Right to portability — request a copy of your information in a portable, machine-readable format
Right to opt out — opt out of the sale of personal information, targeted advertising, and certain types of profiling
Right to limit use of sensitive personal information — restrict our use of sensitive data to what is necessary to provide the Services
Right to withdraw consent — withdraw consent where we rely on consent to process your information
Right to non-discrimination — exercise your rights without retaliation
Right to appeal — appeal our decision if we decline to act on your request

How to exercise your rights

By email: send your request to support@thewhere2app.com with the subject line "Privacy Rights Request" and include enough detail for us to identify you (such as the phone number or email associated with your account).
In-app: use Settings > Account to view, update, or delete your information, or to delete your account.

We will respond to verifiable requests within the time frame required by applicable law (typically 45 days; we may extend by an additional 45 days when reasonably necessary and will notify you of the extension).

Verification

To protect your information, we will need to verify your identity before responding to a request. We may ask for information that matches what we already have about you (for example, the phone number on your account). If we cannot verify you using existing information, we may ask for additional information solely for verification, which we will use only for that purpose.

Authorized agents

You may use an authorized agent to submit a request on your behalf. The agent must provide written permission signed by you and we may also ask you to verify your identity directly.

Appeals

If we decline your request, you may appeal our decision by emailing support@thewhere2app.com with the subject line "Privacy Rights Appeal." We will respond within the time frame required by law and provide a written explanation of our decision. If you remain unsatisfied, you may contact your state attorney general.

10. State-specific privacy notices

10.1 New York residents

We comply with applicable New York laws, including the New York SHIELD Act, which requires us to maintain reasonable administrative, technical, and physical safeguards to protect your personal information. New York residents may contact us using the methods in Section 9 to exercise any rights they have under applicable New York law.

10.2 Texas residents (Texas Data Privacy and Security Act)

If you are a Texas resident, the Texas Data Privacy and Security Act ("TDPSA") gives you the following rights:

The right to confirm whether we are processing your personal data and to access that data
The right to correct inaccuracies in your personal data
The right to delete personal data we have about you
The right to obtain a copy of your personal data in a portable, readily usable format
The right to opt out of: (a) the sale of your personal data, (b) targeted advertising, and (c) profiling in furtherance of decisions that produce legal or similarly significant effects

To exercise any of these rights, contact us as described in Section 9. To opt out of sale or targeted advertising, see Section 11.

TDPSA-required notice: Where2 does not currently sell personal data and does not currently engage in targeted advertising. If this changes, we will update this Policy and provide you with a clear opt-out method before any such sharing begins. Where2 does not sell sensitive personal data or biometric personal data.

Sensitive personal data: We process precise geolocation information and date of birth, which may constitute sensitive personal data under the TDPSA. We process these data points only as described in Sections 1.3 and 1.4, and only with your consent (which you provide at the device level for location and at registration for date of birth). You may withdraw consent for location at any time in your device settings.

Appeals: If we decline your TDPSA request, you may appeal as described in Section 9. If your appeal is denied, you may submit a complaint to the Texas Attorney General at https://www.texasattorneygeneral.gov/consumer-protection/file-consumer-complaint.

10.3 California residents (CCPA / CPRA)

Although our initial launch markets are New York and Texas, California residents who use the Services may also exercise rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act. Those rights, the categories of personal information we collect, the purposes for which we use it, and the categories of third parties we share it with are summarized in this Policy. California residents may also designate an authorized agent and may opt out of any "sale" or "sharing" of personal information using the mechanism described in Section 11.

Categories of personal information collected (last 12 months)

Category	Examples	Collected by Where2?	Sold / shared for targeted ads?
A. Identifiers	Phone number, account ID, IP address, device ID, social media handles you choose to add	YES	NO
B. CA Customer Records statute information	Name, contact information	YES (limited — phone, display name, optional email)	NO
C. Protected classification characteristics	Age (DOB used for age verification only)	YES (limited — DOB)	NO
D. Commercial information	Purchase history, transaction records	NO (no paid features today)	NO
E. Biometric information	Fingerprints, faceprints, voiceprints	NO	NO
F. Internet / network activity	Browsing/usage of the Services, interactions with features	YES	NO
G. Geolocation data	Precise device location	YES (with permission)	NO
H. Audio, electronic, visual, or similar information	Profile photos, content you upload	YES (only what you provide)	NO
I. Professional or employment information	Job title, work history	NO	NO
J. Education information	Student records	NO	NO
K. Inferences	Profiles drawn from collected data about your preferences	YES (limited — to personalize recommendations)	NO
L. Sensitive personal information	Precise geolocation; date of birth	YES (limited, as described in Sections 1.3 and 1.4)	NO

We have not sold or shared personal information for cross-context behavioral advertising in the preceding 12 months.

11. Do Not Sell or Share / Targeted Advertising opt-out

We do not currently sell your personal information or engage in targeted advertising. If we ever begin to do so, we will:

Update this Privacy Policy and notify you in advance
Provide a "Do Not Sell or Share My Personal Information" link or in-app control
Honor opt-out preference signals where required by law, including the Global Privacy Control (GPC) browser signal, which we will treat as a valid opt-out request for the browser and device that transmits it

Until then, you can submit a forward-looking opt-out preference by emailing support@thewhere2app.com with the subject line "Opt Out of Sale / Sharing." We will record your preference and apply it automatically if we ever introduce these practices.

12. Do-Not-Track and Global Privacy Control signals

Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") signal. Because there is no industry-wide standard for how DNT signals should be interpreted, we do not currently respond to DNT signals.

We do honor Global Privacy Control (GPC) signals where required by law. When we receive a recognizable GPC signal from your browser, we treat it as a valid request to opt out of any "sale" or "sharing" of personal information for that browser and device, to the extent we engage in such activities.

13. International data transfers

Where2 is operated from the United States and our service providers are located primarily in the United States. If you access the Services from outside the United States, you understand and agree that your personal information may be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your country.

14. Data deletion instructions

If you wish to delete your Where2 account and all associated personal data, you may:

In-app: go to Settings > Account > Delete Account and follow the on-screen prompts.
By email: send a request to support@thewhere2app.com with the subject line "Account Deletion Request" from the email address associated with your account, or include the phone number registered to your account.

Upon receiving a valid deletion request, we will:

Delete or anonymize your personal information from our active databases within 30 days
Remove your profile, reviews, chat messages, check-in history, and rewards data
Notify our third-party service providers and authentication providers to delete your data where applicable (including a deletion signal to Meta if you signed in with Meta Login)

Some information may be retained:

As required by law (for example, transaction records for tax purposes)
For legitimate business purposes (such as fraud prevention, security incident investigation, or defending legal claims)
In de-identified or aggregated form that cannot reasonably be used to identify you

This data deletion process is designed to comply with Meta Platform requirements for apps that integrate with Facebook Login or other Meta services, as well as Apple App Store and Google Play in-app account deletion requirements.

15. Changes to this Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this Policy. If we make material changes — for example, beginning to sell personal information or engage in targeted advertising — we will notify you in advance through the app, by email, or by another reasonable means, and where required by law, we will obtain your consent.

We encourage you to review this Policy periodically to stay informed about our practices.

16. How to contact us

If you have any questions, comments, or requests regarding this Privacy Policy or your personal information, contact us at:

BarBuzz LLC (d/b/a Where2)
Email: support@thewhere2app.com
Website: https://thewhere2app.com
New York, NY
United States