Privacy Policy (GoldMap.app)

1. Introduction

This Privacy Policy describes how GoldMap.app, operated by GoldStream Enterprises LLC ("GoldMap.app," "we," "us," or "our"), collects, uses, stores, discloses, and otherwise processes personal information in connection with your access to and use of the GoldMap.app platform, including our websites, applications, and related services (collectively, the "Service").

This Privacy Policy is intended to be read together with our Terms of Service and any additional notices or disclosures that may be provided in connection with specific features or services.

By using the Service, you acknowledge that your personal information will be handled as described in this Privacy Policy.

We provide Notice at Collection disclosures at or before applicable collection points, including account signup, device permission prompts (such as location, camera, and notifications), and identity verification flows. These contextual notices summarize categories of information collected, processing purposes, and available rights, and link to this Privacy Policy.

2. Scope of This Policy

This Privacy Policy applies to personal information we collect or process when you:

• visit or use our website;
• create or use an account;
• use our mobile or web applications;
• submit listings, messages, images, events, or other content;
• complete identity verification or related trust and safety processes;
• communicate with us for support or other inquiries; or
• otherwise interact with the Service.

This Privacy Policy does not apply to third-party websites, platforms, applications, or services that are not operated by us, even if they are accessible through the Service. Those third parties have their own terms and privacy policies, and you are responsible for reviewing them.

3. Information We Collect

We may collect the following categories of personal information, depending on how you use the Service.

3.1 Information You Provide Directly

We may collect information you provide directly to us, including:

• your name;
• username;
• email address;
• telephone number;
• account credentials or authentication-related information;
• profile information;
• support requests and communications;
• survey responses or feedback;
• verification status and related trust indicators; and
• any other information you choose to provide through the Service.

3.2 Content and Activity Information

We may collect information and content you submit, upload, transmit, or otherwise make available through the Service, including:

• listings and listing details;
• event information;
• messages and communications with other users through the Service;
• images, attachments, and other files;
• map pins, saved locations, and related location content;
• profile descriptions; and
• reports, flags, complaints, or moderation-related submissions.

3.3 Identity Verification Information

Where identity verification features are offered or required, we may collect and process information submitted for verification purposes, including:

• images of government-issued identification documents;
• selfies, liveness checks, facial geometry, biometric identifiers, or similar media and data;
• supporting documentation;
• associated metadata; and
• results, status, and records generated through internal or third-party verification processes.

Identity verification is used as a due diligence, platform integrity, anti-fraud, and recordkeeping measure. We limit processing of biometric identifiers and biometric information to verification, safety, compliance, and related recordkeeping purposes, and do not use such data for unrelated secondary purposes without consent where required by law. We do not sell biometric data or share it with unauthorized third parties for marketing purposes. Where required by law, we provide biometric-specific notice describing purpose and retention duration and obtain consent before collection or processing.

Verification is not a guarantee of identity, authenticity, legitimacy, or trustworthiness. No identity verification method is infallible, and verification systems may be defeated through forged documents, stolen credentials, synthetic identities, impersonation, or other fraudulent means.

3.4 Location Information

We may collect location-related information, including:

• approximate location derived from IP address;
• device location information if you grant permission;
• map coordinates, addresses, or other location details you submit; and
• nearby discovery context and location-based interactions within the Service.

You may control certain location permissions through your device or browser settings. Disabling location permissions may limit functionality.

On Android, this may include requesting ACCESS_COARSE_LOCATION and ACCESS_FINE_LOCATION permissions for map, discovery, and location-aware features. We request these permissions in context and use them only for policy-compliant, user-consented functionality.

We treat precise geolocation as sensitive data and limit its use to providing requested location-based functionality, safety and fraud-prevention operations, and related legal compliance activities, unless otherwise permitted by law or based on your consent.

3.5 Technical, Device, and Usage Information

We may automatically collect certain technical and usage information when you use the Service, including:

• device type and model;
• operating system;
• browser type;
• IP address;
• app version;
• language and regional settings;
• log files;
• crash data;
• system diagnostics;
• session information;
• push notification tokens;
• interaction events and feature usage;
• referral URLs; and
• performance and reliability metrics.

On Android, we may request POST_NOTIFICATIONS permission so you can receive service-related notifications (for example, account, safety, moderation, and messaging updates). You can disable notifications in system settings at any time.

On Android, we may also request camera access and/or open the system photo picker when you choose features such as ID verification, selfie/liveness checks, profile photos, listing images, event images, message attachments, or bug report attachments. With picker-based flows, we only receive the specific media items you choose.

3.6 Transaction, Support, and Administrative Records

We may collect records relating to:

• support inquiries and correspondence;
• account actions;
• reports and moderation decisions;
• enforcement actions;
• dispute-related communications; and
• administrative records necessary to operate the Service, enforce our policies, and maintain platform integrity.

3.7 Information from Third Parties

We may receive information from third parties, such as:

• authentication providers;
• verification vendors;
• analytics providers;
• communications providers;
• fraud prevention and security providers;
• hosting and infrastructure providers; and
• other users, including reports, complaints, or transaction-related information concerning you.

4. How We Use Information

We may use personal information for the following purposes:

• to provide, operate, maintain, and improve the Service;
• to create, authenticate, secure, and administer accounts;
• to enable listings, messaging, discovery, and other platform features;
• to provide location-based functionality;
• to perform identity verification, due diligence, anti-fraud, and trust and safety processes;
• to support automated abuse, fraud, and moderation detection workflows, with human review where required by law;
• to detect, investigate, prevent, and respond to fraud, abuse, impersonation, security incidents, policy violations, and unlawful activity;
• to communicate with you regarding your account, the Service, support requests, updates, and administrative matters;
• to personalize features, content, and user experience;
• to analyze usage, monitor performance, debug issues, and improve reliability;
• to enforce our Terms of Service and other policies;
• to create records and audit trails relating to user activity, verification, moderation, and platform safety;
• to comply with legal, regulatory, tax, law enforcement, and contractual obligations; and
• to protect the rights, property, safety, users, and integrity of GoldMap.app, the Service, and others.

Where required by law, we do not make legally or similarly significant decisions based solely on automated processing without the required human review or other legally required safeguards.

We may also use information for other purposes disclosed to you at the time of collection or as otherwise permitted by law.

5. Legal Bases for Processing

Where applicable law requires a legal basis for processing personal information, we may rely on one or more of the following legal bases:

• performance of a contract or steps taken at your request before entering into a contract;
• our legitimate interests, including operating the Service, fraud prevention, security, trust and safety, enforcement, platform improvement, and recordkeeping;
• compliance with legal obligations; and
• your consent, where required or appropriate.

Where we rely on consent, you may withdraw that consent as permitted by law. Withdrawal of consent does not affect the lawfulness of processing conducted before withdrawal.

Where required by law, we conduct privacy risk assessments and cybersecurity reviews for high-risk processing activities, including certain sensitive data and automated processing workflows.

6. How We Share Information

We do not sell personal information. We may disclose personal information in the following circumstances.

6.1 Service Providers and Processors

We may share personal information with vendors, service providers, contractors, and processors that perform services on our behalf, including providers of:

• cloud hosting and infrastructure;
• storage and databases;
• authentication;
• identity verification;
• communications and messaging;
• customer support;
• analytics and diagnostics;
• security and fraud prevention;
• notification delivery;
• mapping and geolocation functionality; and
• software development, maintenance, and monitoring.

These parties may process personal information on our behalf for authorized business purposes, subject to contractual and legal restrictions.

6.2 Other Users and Public Visibility

Certain information may be visible to other users, or in some cases more broadly, depending on the nature of the Service and your use of its features. For example, profile information, listings, images, event information, location-related content, trust indicators, and messages may be shared or displayed as part of the Service's functionality.

You are solely responsible for the information and content you choose to make available to others through the Service.

6.3 Verification and Safety Processes

We may share information, including identity verification information, with service providers or partners involved in verification, fraud prevention, compliance, trust and safety, risk review, or related operational processes.

Verification and related safety processes are intended to support due diligence and platform integrity. They do not guarantee the accuracy of information, identity, legitimacy, or future conduct of any user.

6.4 Legal and Protective Disclosures

We may disclose personal information:

• to comply with applicable law, regulation, legal process, subpoena, court order, or governmental request;
• to enforce our Terms of Service or other agreements;
• to investigate or address suspected fraud, impersonation, abuse, or unlawful conduct;
• to protect the rights, property, safety, and security of GoldMap.app, our users, or others; and
• to establish, exercise, or defend legal claims.

6.5 Business Transfers

We may disclose or transfer personal information in connection with a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of assets, or other corporate transaction, whether actual or proposed.

6.6 With Your Direction or Consent

We may disclose personal information where you direct us to do so or where you otherwise consent.

7. Relationship with Google and Other Third-Party Services

GoldMap.app may rely on Google and other third-party services for authentication, hosting, analytics, messaging, geolocation, mapping, infrastructure, and related platform functions.

When you use Google Sign-In or related Google-based features, we may receive basic account data necessary for authentication and account linking, such as:

• Google account identifier;
• email address;
• basic profile information; and
• authentication tokens.

We use this information for account creation, sign-in, security, fraud prevention, and account recovery workflows.

GoldMap.app does not request access to Gmail message content, Google Drive files, Google Contacts, or Google Calendar data unless a future feature specifically requires such access and this Privacy Policy is updated accordingly.

Google and other third-party providers may independently collect or process information under their own terms and privacy policies. We do not control those third-party processing practices.

You may be able to review and revoke certain Google account permissions at: https://myaccount.google.com/permissions

8. Cookies, Similar Technologies, and Online Data Collection

We may use cookies, local storage, pixels, SDKs, and similar technologies to collect and process information in connection with the Service. These technologies may be used for purposes such as:

• authentication and session management;
• security and fraud prevention;
• saving preferences and settings;
• analytics and performance measurement;
• debugging and reliability;
• feature functionality; and
• communications and notifications.

You may be able to control certain cookies or similar technologies through your browser, device, or platform settings. Blocking or disabling some technologies may affect the availability or functionality of the Service.

Where required by law, we may request your consent before using certain non-essential cookies or similar technologies.

9. Data Retention

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to:

• provide and operate the Service;
• maintain account records;
• support trust and safety operations;
• perform identity verification and related due diligence;
• preserve audit trails and enforcement records;
• detect, investigate, and prevent fraud and abuse;
• resolve disputes;
• enforce agreements;
• comply with legal, tax, regulatory, accounting, and reporting obligations; and
• protect rights and defend legal claims.

Retention periods vary depending on the nature of the information, the context in which it was collected, applicable legal requirements, operational needs, and risk considerations. Specifically, any biometric identifiers or biometric information derived from selfies or liveness checks are retained only as long as necessary to complete the verification process or to comply with legal requirements, and are permanently destroyed when the initial purpose for collecting such identifiers has been satisfied or within three (3) years of your last interaction with the Service, whichever occurs first.

If you request account deletion, we process the request on a delayed basis (generally up to sixty (60) days) to support fraud prevention, user safety incident review, dispute handling, legal compliance, and platform integrity. During this hold period, your account may be deactivated while deletion is pending.

If you sign back in during the hold period, the deletion request may be canceled and the account may reactivate. Even after account closure or deletion, we may retain limited information where necessary for legitimate business purposes, compliance obligations, security, fraud prevention, dispute resolution, trust and safety, or legal defense.

10. Security

We use administrative, technical, and organizational safeguards designed to protect personal information from unauthorized access, loss, misuse, alteration, and disclosure.

However, no method of transmission, storage, or security control is completely secure. Accordingly, we do not and cannot guarantee absolute security.

You are also responsible for helping protect your information, including by maintaining the confidentiality of your account credentials and using appropriate security practices.

11. Your Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your personal information, which may include the right to:

• access personal information we hold about you;
• request correction of inaccurate information;
• request deletion of personal information;
• request portability of certain information;
• object to or restrict certain processing; and
• withdraw consent where processing is based on consent.

These rights are not absolute and may be subject to limitations, exceptions, verification requirements, and legal obligations.

To exercise available rights or make a privacy-related request, you may contact us at support@goldmap.app.

You may also submit a privacy choices request, including a "Do Not Sell or Share My Personal Information" request, through our in-app Privacy Choices form (Help > Privacy Choices) or the public web form at https://goldmap.app/privacy-choices/. While we do not sell personal information or share it for cross-context behavioral advertising, we provide this operational mechanism to support rights requests and changing legal requirements.

Where required by law, we provide a response workflow and may offer an appeal path if you disagree with our determination, subject to verification requirements and applicable legal exceptions.

Where required by law, we process recognized universal opt-out preference signals, including Global Privacy Control (GPC), as valid requests for applicable opt-out rights.

For a dedicated account deletion request path outside the app, visit https://goldmap.app/account-deletion/.

We may request information necessary to verify your identity before processing a request. We may deny or limit a request to the extent permitted by law.

You may also manage certain permissions, settings, or disclosures through your device, browser, or account settings, where available.

Privacy-related disputes, to the extent arbitrable, are governed by the arbitration provisions in our Terms of Service, including the class action waiver and opt-out mechanism.

12. International Data Transfers

Your personal information may be processed, stored, and transferred in countries other than your own, including countries that may have data protection laws different from those in your jurisdiction.

Where required by law, we take steps intended to provide appropriate safeguards for such transfers, including contractual protections such as Standard Contractual Clauses and other legally recognized transfer mechanisms, where applicable.

13. Children's Privacy

The Service is not directed to children under the age required by local law to validly consent to the processing of their personal information. We do not knowingly collect personal information from children in violation of applicable law.

We may use age-gating or related account controls to help prevent underage use of features that are restricted by law or policy.

If we become aware that personal information has been collected from a child in violation of applicable law, we may take steps to delete such information and terminate associated accounts.

If you believe that a child may have provided personal information through the Service, you may contact us at support@goldmap.app.

14. Verification-Specific Privacy Notice

Where identity verification is used, you acknowledge and agree that:

• verification requires the collection and processing of sensitive identity-related information;
• such information may be reviewed by us and/or third-party verification providers;
• where required by law, verification flows include informed consent prior to biometric collection or processing;
• verification is conducted for due diligence, trust and safety, anti-fraud, recordkeeping, and platform integrity purposes;
• verification is not a certification, warranty, endorsement, or guarantee of identity or conduct; and
• even robust verification systems, including those used by governments and financial institutions, may be circumvented through fraud or impersonation.

We comply with applicable biometric privacy laws, including by providing written notice of collection purpose and retention duration and obtaining informed consent (electronic where permitted) before processing biometric identifiers.

Accordingly, you agree that no verification status should be interpreted as proof of identity or an assurance of legitimacy, and that you remain solely responsible for your own decisions, due diligence, and interactions with other users.

15. Changes to This Privacy Policy

We may revise this Privacy Policy from time to time. Any changes will become effective when the updated Privacy Policy is posted, unless otherwise stated.

Where appropriate, we may provide notice of material changes through the Service, by email, or by other reasonable means. Your continued use of the Service after changes become effective constitutes acknowledgment of the revised Privacy Policy.

The "Last Updated" date above indicates when this Privacy Policy was most recently revised.

16. Contact Information

GoldStream Enterprises LLC
1209 Mountain Rd Pl NE Ste N
Albuquerque, NM 87110

Email: support@goldmap.app

17. Supplemental U.S. State Privacy Disclosures and Privacy Choices

We do not sell personal information and do not share personal information for cross-context behavioral advertising as those terms may be defined under certain U.S. state privacy laws.

Depending on your state of residence, you may have additional rights, such as the right to appeal our response to a rights request, rights related to sensitive data processing, and rights related to profiling or targeted advertising, where applicable.

To submit a privacy choices request (including a "Do Not Sell or Share My Personal Information" request), use the in-app Privacy Choices form or our public web form at https://goldmap.app/privacy-choices/.

If we engage in profiling or targeted advertising activities that trigger sensitive-data opt-out rights under applicable law, we will provide an applicable opt-out mechanism through our Privacy Choices channels.

Where required by law, we honor recognized universal opt-out preference signals such as Global Privacy Control (GPC).

Based on our current operations, GoldMap.app does not operate as a data broker and does not sell personal information.

18. Do Not Track Signals

At this time, the Service does not respond to browser "Do Not Track" signals in a uniform way because there is no consistent industry standard for interpreting such signals.

This statement does not limit our processing of universal opt-out preference signals, including GPC, where required by applicable law.