Privacy Policy

Last updated: April 28, 2026

Bout2 ("the App") is owned and operated by Tech Efficient LLC ("we," "us," or "our"). This Privacy Policy explains exactly what we collect, why, and who we share it with when you use the Bout2 mobile application, the website at bout2.net, and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information as described below.

1. Information We Collect

1.1 Information You Provide Directly

Account information: Email address (required) and a password (stored only as a one-way bcrypt hash). Phone number is optional and only used so friends who already have your number can find you in the app.
Profile information: Display name, optional bio, and optional profile photo.
Activity information: Titles, descriptions, dates, times, locations, and photos for activities you create or attend.
Invitation data: Email addresses or in-app user IDs of people you invite to activities.
Comments & reactions: Anything you post on an activity.
Contact matching (optional): If you tap "Find friends from contacts" in the Friends screen and grant the OS permission, the App sends the names, phone numbers, and email addresses from your device contacts to our server only to check which of those people already have a Bout2 account. The list is processed in memory to return matches and is not stored in our database. If you do not tap that button or you deny the permission, no contact data ever leaves your device. You can revoke contacts permission at any time in your device's Settings.
Approximate location (optional): If you open the Nearby screen and grant the OS location permission, the App sends your current latitude and longitude to our server only to find activities happening near you. The coordinates are used for that single search and are not stored on your account or used for tracking. We never read your location in the background. You can revoke location permission at any time in your device's Settings.
Support communications: Any message or feedback you send us.

1.2 Information from Third-Party Sign-In

If you sign in with Apple, Google, or Facebook, we receive your name, email address, and a unique identifier from that provider. We never receive or store your password for those services. Facebook is used only to verify your identity at sign-in — we do not post to Facebook on your behalf and we do not pull your friend list.

1.3 Information Collected Automatically

Device info for push notifications: When you opt in to notifications, we store the push token issued by Apple Push Notification service (APNs) or Firebase Cloud Messaging (FCM) so we can deliver activity reminders and invites. The token is rotated by the operating system and is not used for advertising.
Crash & error logs (Sentry): If the app crashes or throws an unhandled error, we send a stack trace, the app version, the OS version, the device model, and a randomly generated installation ID to Sentry so we can fix bugs. We do not include your name, email, or activity content in crash reports.
Product analytics (PostHog): We record which screens you visit and which actions you take (e.g., "created activity", "tapped invite") so we can understand which features are useful and which are confusing. Events are tied to a randomly generated installation ID, not to your email or phone. PostHog stores data in the US. See PostHog's privacy policy.
Server log data: Standard web-server logs — IP address, user-agent, request path, and timestamp — are kept for up to 30 days for security and abuse detection.

1.4 Information We Do Not Collect

We do not use your device's advertising ID. Bout2 has no ads.
We do not store your device's address book in our database. If you choose to use contact matching, the contact list you send is processed in memory to find existing Bout2 users and then discarded.
We do not read your location in the background. Location is read only when you explicitly open the Nearby screen and grant permission, and the coordinates are used only for that single search.
We do not sell your personal information to anyone.
We do not use your data to train AI models.

1.5 Public, Friends-Only, and Private Activities

When you create an activity, you choose its visibility:

Private (invite only): Visible only to people you explicitly invite.
Friends only: Visible to your accepted friends (in addition to anyone you invite).
Public: Discoverable by any Bout2 user, including people who are not your friends, through the public feed and nearby/search.

If you select Public, the activity title, description, location, time, and your display name and profile photo are visible to other Bout2 users. Choose Public only for activities you intend to be open to strangers (e.g., a community event or pickup game). You can change visibility while editing the activity.

2. How We Use Your Information

We use the information above only to:

Create and authenticate your account.
Show you activities, invitations, and friend requests addressed to you.
Deliver invitations, reminders, and other transactional notifications by push, email, or in-app message.
Help you find friends who are already on Bout2 (by matching on email or, if you've provided one, phone number).
Diagnose crashes and improve the product (Sentry, PostHog).
Detect and prevent abuse, spam, fraud, or security threats.
Comply with legal obligations.

3. How We Share Your Information

We do not sell your personal information. We share it only in these specific cases:

With other Bout2 users: Your display name, photo, bio, and the activities you host or attend are visible to your friends and to other users you've invited or who are participating in the same activity.
With service providers we rely on to operate the App (each acts as a data processor on our behalf):
- GoDaddy — application and database hosting (United States).
- Apple Push Notification service / Firebase Cloud Messaging (Google) — delivery of push notifications.
- Sentry — crash and error reporting.
- PostHog — product analytics.
- Cloudflare Turnstile — bot protection on signup forms.
- SMTP provider on our hosting account — outbound transactional email.
Legal requirements: We may disclose information if we are legally required to (subpoena, court order, lawful government request).
Safety: We may disclose information when we believe it is necessary to protect the safety, rights, or property of our users or the public.
Business transfers: If Tech Efficient LLC is acquired or merged, your information may be transferred as part of that transaction. We would notify you and update this policy before any change of control.

4. Data Retention

We retain your account information for as long as your account is active. If you delete your account, we delete or anonymize your personal information within 30 days. Crash logs and analytics events are retained for up to 12 months. Server logs are retained for up to 30 days. We may retain limited records longer where required for legal, tax, or fraud-prevention purposes.

5. Data Security

We protect your information using industry-standard practices: passwords stored as bcrypt hashes (never plain text), short-lived JWT access tokens with rotating refresh tokens, HTTPS/TLS for all transport, and access controls on the server side. No system is 100% secure, and we cannot guarantee absolute security, but we work to minimize risk.

6. Your Rights and Choices

You may at any time:

Access and update your profile from Profile → Edit in the App.
Delete your account from Profile → Settings → Delete Account in the App. This is self-service and removes your account and personal data within 30 days. You can also request deletion by emailing support@techefficientllc.com.
Opt out of push notifications from your device settings, and of email reminders from links in any reminder email.
Request a copy of the personal data we hold about you by emailing the address above.

If you are a resident of California, the European Economic Area, the United Kingdom, or another jurisdiction with applicable data protection laws (including the CCPA and GDPR), you may have additional rights — including rights of access, correction, deletion, portability, and to lodge a complaint with your local supervisory authority. We honor those rights without charge. Contact us to exercise them.

7. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete it. If you believe a child under 13 has used the Service, contact us at the email below.

8. International Users

Bout2 is operated from the United States. If you use the Service from outside the U.S., your information will be transferred to and processed in the U.S., where data protection laws may differ from those in your jurisdiction.

9. Third-Party Links and Services

The Service may contain links to third-party websites or services (for example, the location of an activity may link to a map provider). We are not responsible for the privacy practices of those third parties. Review their policies before providing information to them.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page with a new "Last updated" date and, for material changes, give you reasonable notice in the App or by email before they take effect. Your continued use of the Service after the effective date means you accept the updated policy.

11. Contact Us

For any question about this Privacy Policy or our data practices:

Tech Efficient LLC
Email: support@techefficientllc.com