Privacy Policy

Effective Date: December 18, 2025

Last updated: December 18, 2025

Welcome to Currot ("we," "our," or "us"), a service owned and operated by Eliary Inc. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "Service"). Currot is a mobile-only application and is not available as a web service or desktop application.

Table of Contents

1. Information We Collect

1.1 Information You Provide Directly

We collect information that you voluntarily provide when using our Service:

  • Account Information: When you create an account, we collect your username, email address, password (encrypted), phone number (optional), date of birth, and profile information (display name, bio, profile picture).
  • User Content: Photos, videos, messages, comments, and other content you create, upload, or share through the app.
  • Communications: Direct messages you send to other users, group chat messages, and any communications with our support team.
  • Social Connections: Information about your friends, followers, and users you follow or block.
  • Payment Information: If you make purchases, we collect billing information through our secure payment processors (we do not store full payment card numbers).
  • Survey Responses: Information you provide when participating in surveys, contests, or promotions.

1.2 Information Collected Automatically

When you use our Service, we automatically collect certain information:

  • Device Information: Device type, model, operating system and version, unique device identifiers (IDFA, GAID), mobile carrier, time zone, and language settings.
  • Usage Data: Features you use, actions you take, time and duration of activities, content you view, search queries, and interaction patterns.
  • Log Data: IP address, access times, pages viewed, app crashes, and system activity.
  • Location Information: With your consent, we may collect precise or approximate location data from your device. You can disable this in your device settings.
  • Camera and Photo Library Access: With your permission, we access your camera to enable photo/video capture and your photo library for content uploads.

1.3 Information from Third Parties

We may receive information about you from third parties:

  • Social Media Platforms: If you connect your Currot account to other social networks, we may receive your profile information from those platforms.
  • Analytics Partners: We receive aggregated analytics data from third-party analytics services.
  • Other Users: When other users share content featuring you or mention you.

2. Your Social Profile and Public Information

Currot is a social platform where you connect and share with others. Here's what you should know about your profile visibility:

2.1 Public Profile Information

The following information is visible to other Currot users:

  • Username: Your unique @username is always public
  • Profile Picture: Visible to anyone who can see your profile
  • Display Name: Your chosen name shown on your profile
  • Bio: Your profile description
  • Follower/Following Counts: The number of your connections
  • Public Posts: Content you choose to share publicly

2.2 Private Profile Information

The following information is NOT visible to other users:

  • Your email address
  • Your phone number
  • Your date of birth (only age range may be shown if enabled)
  • Your precise location
  • Your device information

3. Content You Share

When you share content on Currot, it's important to understand who can see it and how long it's stored.

3.1 Types of Content

  • Posts: Photos, videos, and text you share on your profile
  • Stories: Temporary content visible for a limited time
  • Messages: Direct communications with other users
  • Comments and Reactions: Your interactions on others' content
  • Ask Responses: Your answers to questions from other users

3.2 Content Visibility

  • Public Content: Visible to all Currot users and automatically reviewed by our admin team for policy compliance
  • Followers-Only Content: Visible only to users who follow you
  • Direct Messages: Visible only to you and the recipients

3.3 Admin Access to Public Content

Important: Once you make pictures or posts public, they become accessible to many users on the platform. All public content is automatically visible to our administrators for moderation purposes. Our admin team may:

  • Review public content to ensure it complies with our Community Guidelines
  • Delete content that violates our policies without prior notice
  • Restrict or suspend accounts that repeatedly violate our guidelines

4. Social Interactions and Connections

We collect information about how you interact with others on Currot:

4.1 Following and Followers

  • Who you follow and who follows you
  • Follow requests you send or receive
  • When you unfollow or remove followers

4.2 Engagement Data

  • Posts you like, comment on, or share
  • Content you save or bookmark
  • Accounts you interact with most frequently
  • Time spent viewing specific content

4.3 Blocking and Reporting

  • Users you block or mute
  • Content and users you report
  • Reports filed against you (for safety review)

4.4 Messaging

  • Message content and attachments
  • Read receipts and typing indicators
  • Message timestamps

5. How We Use Your Information

We use the information we collect for the following purposes:

5.1 Providing and Improving the Service

  • Create and manage your account
  • Enable you to create, share, and discover content
  • Facilitate communication between users
  • Personalize your experience and content recommendations
  • Develop new features and improve existing functionality
  • Conduct analytics and research to understand user behavior

5.2 Safety and Security

  • Verify your identity and prevent fraud
  • Monitor for and prevent unauthorized access
  • Enforce our Terms of Service and community guidelines
  • Detect and address harmful or illegal activities
  • Protect the rights and safety of our users

5.3 Communications

  • Send you service-related notifications (account verification, security alerts, updates)
  • Respond to your inquiries and support requests
  • Send promotional communications (with your consent, where required)
  • Notify you about changes to our policies

5.4 Legal Compliance

  • Comply with applicable laws, regulations, and legal processes
  • Respond to lawful requests from public authorities
  • Establish, exercise, or defend legal claims

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your personal data based on the following legal grounds:

Purpose Legal Basis
Account creation and service provision Performance of contract
Security and fraud prevention Legitimate interests
Analytics and service improvement Legitimate interests
Marketing communications Consent
Location data collection Consent
Legal compliance Legal obligation

6. Who Can See Your Information

We do not sell your personal information. Here's who can access your information on Currot:

6.1 Other Users

  • Your public profile information (username, profile picture, bio)
  • Content you choose to share publicly or with specific users
  • Your activity (likes, comments, follows) as visible in the app

6.2 Service Providers

We share information with third-party vendors who provide services on our behalf:

  • Cloud Hosting: Amazon Web Services (AWS), Google Cloud Platform
  • Analytics: Firebase Analytics, Mixpanel
  • Push Notifications: Firebase Cloud Messaging, Apple Push Notification Service
  • Customer Support: Zendesk, Intercom
  • Payment Processing: Stripe, Apple Pay, Google Pay

These providers are contractually obligated to protect your information and may only use it for the purposes we specify.

6.3 For Legal Reasons

We may disclose your information when required to:

  • Comply with applicable law, legal process, or government request
  • Enforce our Terms of Service and other agreements
  • Protect our rights, property, or safety, or that of our users or the public
  • Detect, prevent, or address fraud, security, or technical issues

6.4 Business Transfers

If Currot is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your personal information.

6.5 With Your Consent

We may share your information for other purposes with your explicit consent.

7. Content Retention and Deletion

Understanding how long we keep your content is important. Here's what happens when you delete content on Currot:

7.1 What Happens When You Delete Content

When you delete a picture or post:

  • It is immediately removed from public view
  • Other users can no longer see or interact with it
  • However, the content is retained in our database for up to 90 days

7.2 Why We Retain Deleted Content

We keep deleted content temporarily to:

  • Investigate policy violations and user reports
  • Respond to legal requests and law enforcement inquiries
  • Protect our community from harmful content and abuse
  • Resolve disputes between users

7.3 Reported Content - Extended Retention

Important: If your content has been reported by other users or is subject to an investigation, we may retain it beyond 90 days, including indefinitely, as necessary for:

  • Legal compliance and law enforcement cooperation
  • Safety investigations
  • Policy enforcement
  • Dispute resolution

7.4 Ask Responses - Cannot Be Deleted

Important: Once you respond to an Ask (a question from another user), your response becomes part of a shared conversation and cannot be deleted. This ensures:

  • Conversation integrity is maintained
  • Manipulation of shared interactions is prevented
  • Other users can trust the authenticity of conversations

Please carefully consider your response before submitting an Ask answer.

7.5 Account Data

  • Active Account: Data retained while your account is active
  • After Deletion Request: 30-day recovery period, then permanent deletion
  • Usage Data: Aggregated, anonymized data may be retained indefinitely

8. Data Security

We implement comprehensive security measures to protect your personal data:

8.1 Technical Safeguards

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Secure password hashing using bcrypt
  • Regular security audits and penetration testing
  • Intrusion detection and monitoring systems
  • Multi-factor authentication options

8.2 Organizational Safeguards

  • Access controls limiting data access to authorized personnel
  • Employee security training and confidentiality agreements
  • Incident response procedures
  • Regular review and update of security practices

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

9. Your Privacy Rights and Controls

You have control over your data on Currot. Here are your rights:

9.1 In-App Privacy Controls

  • Profile Visibility: Control who can see your profile and content
  • Blocking: Block users who you don't want to interact with
  • Muting: Mute users without unfollowing them
  • Activity Status: Hide when you're online
  • Download Your Data: Request a copy of all your data

9.2 Your Legal Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to retention policies)
  • Portability: Receive your data in a structured, commonly used format
  • Objection: Object to certain processing of your data
  • Restriction: Request restriction of processing in certain circumstances
  • Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@currot.com or use the in-app privacy settings. We will respond within 30 days.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

10.1 Your California Rights

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: We do not sell personal information or share it for cross-context behavioral advertising.
  • Right to Limit Use of Sensitive Information: Limit the use of sensitive personal information to what is necessary.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

10.2 Categories of Information Collected

In the past 12 months, we have collected the following categories of personal information:

Category Examples Collected
Identifiers Name, email, username, device ID Yes
Personal Information Name, phone number Yes
Protected Classifications Age (date of birth) Yes
Commercial Information Purchase history Yes (if applicable)
Internet Activity Browsing history, interactions Yes
Geolocation Data Precise or approximate location Yes (with consent)
Audio/Visual Information Photos, videos you upload Yes
Inferences Preferences, characteristics Yes

10.3 How to Submit a Request

To submit a request, you may:

  • Email us at privacy@currot.com
  • Use the "Privacy Request" feature in app settings
  • Call our toll-free number: 1-800-XXX-XXXX

We will verify your identity before processing requests. You may designate an authorized agent to make requests on your behalf.

10.4 Shine the Light

California residents may request information about our disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

11. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

11.1 Your GDPR Rights

  • Right of Access (Article 15): Obtain confirmation and access to your personal data.
  • Right to Rectification (Article 16): Correct inaccurate personal data.
  • Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten").
  • Right to Restriction (Article 18): Restrict processing in certain circumstances.
  • Right to Data Portability (Article 20): Receive your data in a portable format.
  • Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing.
  • Rights Related to Automated Decision-Making (Article 22): Not be subject to solely automated decisions with legal or significant effects.

11.2 Data Controller

Eliary Inc., operating as Currot, is the data controller responsible for your personal data. For questions about data processing, contact our Data Protection Officer at dpo@currot.com.

11.3 Supervisory Authority

You have the right to lodge a complaint with a supervisory authority in your country of residence if you believe our processing of your personal data violates applicable law.

12. Children's Privacy

Our Service is not intended for children under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal information from children under these ages.

12.1 Age Verification

We require users to confirm they meet the minimum age requirement during registration. We may use age-screening mechanisms to prevent underage use.

12.2 Parental Rights

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@currot.com. We will take steps to delete such information.

12.3 COPPA Compliance

We comply with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect, use, or disclose personal information from children under 13 without verifiable parental consent.

13. Cookies and Tracking

As a mobile-only app, Currot uses mobile tracking technologies rather than traditional browser cookies:

13.1 Mobile Tracking Technologies

  • Device Identifiers: We use mobile advertising IDs (IDFA on iOS, GAID on Android) for analytics and advertising purposes
  • SDK Tracking: Third-party SDKs may collect usage data for analytics and crash reporting
  • Local Storage: We store preferences and session data locally on your device

13.2 Managing Tracking

You can control mobile tracking through your device settings:

  • iOS: Settings > Privacy & Security > Tracking
  • Android: Settings > Google > Ads > Reset advertising ID or Opt out of Ads Personalization

14. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence:

14.1 Data Storage Locations

Our primary servers are located in the United States. We may also store data in other regions to improve service performance.

14.2 Transfer Safeguards

When transferring data outside the EEA, UK, or Switzerland, we use appropriate safeguards:

  • Standard Contractual Clauses (SCCs): EU-approved contractual terms
  • Adequacy Decisions: Transfers to countries with adequate data protection

15. Third-Party Services

Our Service may contain links to third-party websites and integrate with third-party services. This Privacy Policy does not apply to those third parties.

15.1 Third-Party Integrations

We integrate with the following third-party services:

  • Social Login: Apple Sign-In, Google Sign-In
  • Cloud Storage: AWS S3, Google Cloud Storage
  • Analytics: Firebase, Mixpanel, Amplitude
  • Crash Reporting: Firebase Crashlytics, Sentry
  • CDN: Cloudflare, AWS CloudFront

15.2 Social Sharing

When you share content to other platforms, those platforms' privacy policies apply to that information.

15.3 Third-Party Links

We are not responsible for the privacy practices of websites linked from our Service. We encourage you to read their privacy policies.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

16.1 Notification of Changes

  • We will update the "Last updated" date at the top of this policy.
  • For material changes, we will provide notice through the app, email, or other means.
  • Your continued use of the Service after changes constitutes acceptance of the updated policy.

16.2 Previous Versions

You may request previous versions of this Privacy Policy by contacting us.

17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

General Inquiries:
team@currot.com

Privacy Inquiries:
privacy@currot.com

Data Protection Officer:
dpo@currot.com

Mailing Address:
Eliary Inc. (operating as Currot)
Attn: Privacy Team
[Address to be updated]

California Residents:
privacy@currot.com
Toll-free: 1-800-XXX-XXXX

EU/UK Representative:
[To be appointed if required]

We aim to respond to all inquiries within 30 days.