Privacy Policy
Privacy Policy
Last updated: May 7, 2026 · Version 1.1
This Privacy Policy ("Policy") describes how Neighbori ("Neighbori," "we," "us," or "our") collects, uses, shares, retains, and protects information when you access or use the Neighbori mobile application, neighbori.com, and related services (the "Service"). The Service is offered exclusively to users in the United States of America. Use of the Service is governed by this Policy and our Terms of Service. By creating an account or using the Service, you confirm that you have read and understood this Policy. If you do not agree, do not use the Service.
1. Scope and Roles
This Policy applies to information we collect through the App and Service. It does not apply to information collected by third parties not controlled by us (e.g., another user, your bank or payment app, your wireless carrier, or independent websites you visit). Neighbori is the data controller for personal data collected through the Service.
2. Information You Provide to Us
Account & profile: email address, password (stored only as a salted hash), username, first and last name, date of birth (if provided), profile picture, short bio, language preference, and timezone. Address & location: street address, apartment/suite, city, state, ZIP/postal code (collected to determine your local area; full street address is shown to a counterparty only as needed to complete a Transaction). Listings & commerce: photos, descriptions, prices, categories, hours, fulfillment options (pickup, delivery, catering), inventory, schedules, and other details you choose to publish. Orders & cart: items, quantities, addons, delivery instructions, and order status. Communications: messages and media (photos, files) you send to other users through in-app chat; reports you submit (reported user, reason, and details); customer-support emails and any information you choose to provide. Reviews & ratings: reviews, star ratings, photos, replies, and feedback you post. Identity verification (optional): selfie photo and a photo of one of your listed items held with your username, submitted voluntarily for manual identity verification (see Section 9). Subscription information: when you subscribe to Pro, your purchase token / subscription identifier from Apple App Store, Google Play, or RevenueCat (we do not collect or store your full credit-card number, expiration date, or CVV — those are handled by the app store). Other: anything you choose to send us via email, support tickets, or surveys.
3. Information Collected Automatically
Device & app: app version, device model, operating system, OS version, language, timezone, IP address (for security and abuse prevention), Expo / Apple / Google push-notification token (so we can send you push notifications), unique anonymous app installation ID, crash logs, performance metrics, and basic interaction events (e.g., screens visited, features used, error rates). Approximate location: We do not continuously track your GPS. We use the city/state/ZIP from your profile for area filtering. If you tap "Use Current Location," we ask the OS for a single approximate location reading to set your search area; we do not store a history of GPS coordinates. We do not run background-location tracking. Cookies & similar technologies: the App stores small data items locally on your device (e.g., AsyncStorage tokens) to keep you signed in and remember preferences; these are not used for cross-context behavioral advertising. Server logs: routine server logs (IP, request URL, user agent, timestamps) used for security, fraud detection, and operational metrics.
4. Information from Third Parties
We may receive information from: payment platforms (Apple App Store, Google Play, RevenueCat) about your subscription status, renewal, and cancellation events; identity-verification providers (if used) about the result of a verification check; service providers (Supabase, Expo) about logs, errors, and operational data; law enforcement or other parties with valid legal requests; and other users (e.g., when they report you, send you a message, or list you in a Transaction).
5. Sensitive Personal Information
Some categories of information we collect may qualify as "sensitive" or "sensitive personal information" under U.S. state privacy laws, including: precise geolocation only if you tap "Use Current Location" (read once, not stored); login credentials in combination with passwords; and contents of your private communications with other users. We use sensitive information only as reasonably necessary to perform the Service you have requested, to comply with law, or as otherwise permitted under applicable law. We do not use sensitive information to infer characteristics about you, and we do not sell or share sensitive information for cross-context behavioral advertising.
6. How We Use Your Information
We use information to: (a) create and operate your account and profile; (b) display your Listings, profile, and reviews to other users; (c) enable you to discover, message, and transact with users in your area; (d) deliver in-app and push notifications about messages, orders, and account activity; (e) operate, maintain, secure, monitor, and improve the Service; (f) detect, investigate, prevent, and respond to fraud, abuse, harassment, prohibited Listings, security incidents, or violations of our Terms; (g) verify identity (when you opt in to verification); (h) administer subscriptions and Pro features; (i) provide customer support; (j) comply with legal obligations, respond to lawful requests, enforce contracts, and protect the rights, property, and safety of Neighbori, our users, and others; (k) analyze aggregated trends to improve features; and (l) communicate operational notices and, where permitted, marketing messages from which you may opt out.
7. U.S.-Only Service
The Service is intended for users located in the United States. We operate this Privacy Policy and process personal information in connection with U.S.-based operations and legal requirements.
8. Children's Privacy
The Service is intended for users who are at least eighteen (18) years old. We do not knowingly collect personal information from anyone under 18. If we learn we have collected personal information from a person under 18, we will delete it promptly. Parents or guardians who believe their child has provided information to us may contact contact@neighbori.com to request deletion.
9. Identity Verification — How It Works
If you elect to use the optional identity-verification feature, you will be asked to submit (a) a selfie photograph of yourself, and (b) a photograph of one of your listed items held alongside a handwritten note displaying your Neighbori username. A Neighbori team member manually reviews both photos solely to confirm that you are a real person and an active seller. We do not use automated facial recognition, face-matching software, liveness detection, or any biometric processing of any kind. The submitted photos are stored securely, used only for the manual review described above, and permanently deleted within 90 days of submission or upon account deletion, whichever comes first. Verification is optional and declining it does not affect your access to the core Service.
10. How We Share Information
We share information only as follows. (a) With other users: your public profile (username, name, profile picture, bio, city/state, ratings, reviews, and Listings) is visible to other users; when you complete a Transaction, the counterparty may receive the information necessary for the Transaction (e.g., your delivery address, name, and phone number if provided). Other users may see your in-app messages and your reviews. (b) Service providers (sub-processors): Supabase (hosting, database, storage, authentication, edge functions); RevenueCat (subscription management); Apple Push Notification Service / Google Firebase Cloud Messaging via Expo (push delivery); identity-verification provider (only if you use verification); analytics and crash-reporting tools we may add; customer-support tools; cloud-storage providers; and email/SMS providers, all under contracts requiring confidentiality and security. (c) Business transfers: in a merger, acquisition, sale, financing, restructuring, or bankruptcy, your information may be transferred to a successor or acquirer; we will require the recipient to honor this Policy or notify you. (d) Legal & safety: we may disclose information when we believe in good faith it is necessary to comply with a subpoena, court order, or other legal process; respond to lawful requests by public authorities (including for national security or law enforcement); enforce our Terms; protect the rights, property, or safety of Neighbori, our users, or the public; or investigate fraud, abuse, or violations. (e) Aggregated/de-identified data: we may share aggregated or de-identified data that cannot reasonably be used to identify you. (f) With your consent: any other sharing with your express direction or consent. We do NOT sell your personal information for money, and we do NOT share it for cross-context behavioral advertising.
11. Data Storage
Your information is processed and stored in the United States. Our service providers may process data in other countries where they operate, but the Service is intended for U.S.-based users only.
12. Data Retention and Deletion
We retain personal information for as long as your account is active, as needed to provide the Service, comply with law, resolve disputes, enforce agreements, prevent fraud, and protect users. When you delete your account through the in-app option (or email contact@neighbori.com), we delete or permanently de-identify: profile, private contact information, push tokens, notifications, saved items, cart, follows, listings, reviews you wrote (or anonymize them), profile pictures, in-app message bodies (we may retain encrypted backups for a limited window before secure overwrite), and identity-verification photos. We may retain (a) limited records required by law (tax, accounting, anti-money-laundering, and similar) for the period required by that law; (b) information needed to defend or pursue legal claims for the duration of the applicable limitations period; (c) anonymized/aggregated data with no identifiers; and (d) information necessary to enforce safety actions (e.g., if you were banned for safety reasons, we may keep a minimum identifier to prevent re-registration). Backups are rotated and overwritten on a regular schedule.
13. Security
We use industry-standard administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS) and at rest where applicable, hashed passwords, role-based access controls, audit logging, and least-privilege access. Despite our efforts, NO METHOD OF TRANSMISSION OR STORAGE IS 100% SECURE, and we cannot guarantee absolute security. You are responsible for keeping your password confidential, choosing a strong password, enabling device-level security, and notifying us immediately at contact@neighbori.com if you suspect unauthorized access. In the event of a data breach affecting your information, we will notify you and the appropriate authorities as required by applicable law.
14. Your Rights — Universal
Subject to applicable law and verification of your identity, you may: access the personal information we hold about you; correct inaccuracies; request deletion of your account and associated data (the "Delete Account" option in profile is the fastest way); request a portable copy of certain data; opt out of marketing communications (unsubscribe link in emails; device settings for push); withdraw consent for processing based on consent; and lodge a complaint with your local data-protection or attorney-general office. To exercise rights, use in-app controls or email contact@neighbori.com from your account email. We will respond within timelines required by applicable law (generally 45 days, extendable by 45 days when reasonably necessary). We will not discriminate against you for exercising any privacy right.
15. Your Rights — California (CCPA / CPRA)
California residents have the right to: (i) Know — request the categories and specific pieces of personal information we have collected, the categories of sources, the business purpose for collecting, and the categories of third parties with whom we share; (ii) Delete — request deletion of personal information we collected from you (with statutory exceptions); (iii) Correct — request correction of inaccurate personal information; (iv) Opt-Out of Sale or Sharing — we do not sell personal information for money and do not share personal information for cross-context behavioral advertising; (v) Limit Use of Sensitive Personal Information — we use sensitive personal information only for purposes permitted under § 7027(m) of the CCPA Regulations; (vi) Non-Discrimination — we will not discriminate against you for exercising rights; (vii) Authorized Agents — you may use an authorized agent to submit a request, with proof of authorization. Categories of personal information collected in the past 12 months: identifiers (name, email, address, IP), customer records, internet activity, geolocation (approximate), commercial information (Transactions), audio/visual (photos), and professional/employment-related information (if a Seller). Sources, purposes, and disclosures are described above. Shine the Light: California residents may request information about disclosures to third parties for direct marketing — we do not make such disclosures.
16. Your Rights — Other U.S. States (VA, CO, CT, UT, TX, OR, MT, IA, DE, NH, NJ, RI, MN, MD, IN, KY, TN, NE, FL — as applicable)
Residents of states with comprehensive privacy laws — including, as applicable, the Virginia CDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, Texas TDPSA, Oregon OCPA, Montana MCDPA, Iowa ICDPA, Delaware DPDPA, New Hampshire NHPA, New Jersey NJPA, Rhode Island DTPPA, Minnesota MCDPA, Maryland MODPA, Indiana ICDPA, Kentucky KCDPA, Tennessee TIPA, Nebraska NDPA, and the Florida Digital Bill of Rights — have rights generally including: (i) right to confirm whether we process your personal data; (ii) right to access; (iii) right to correct; (iv) right to delete; (v) right to data portability; (vi) right to opt out of (a) sale of personal data, (b) targeted advertising, and (c) profiling that produces legal or similarly significant effects; and (vii) right to appeal a denial of a request. We do not sell personal data, do not engage in targeted advertising, and do not engage in covered profiling. We honor recognized opt-out preference signals (such as Global Privacy Control) where required. To exercise rights, contact contact@neighbori.com.
17. Push Notifications, SMS, Email, and TCPA
You may receive operational push notifications relating to your account, messages, and Transactions. Disable push notifications anytime in your OS settings. Marketing emails include an unsubscribe link as required by the CAN-SPAM Act. If you provide a phone number and consent to SMS, you authorize Neighbori to send you SMS related to your account; you may reply STOP to unsubscribe. We do not use auto-dialers or pre-recorded calls without your express consent under the Telephone Consumer Protection Act (TCPA).
18. Communications Between Users — Not Private from Us
In-app chat is not end-to-end encrypted. We may store, scan, and review chat messages and media for safety, fraud-prevention, abuse-detection, dispute investigation, and policy enforcement, and we may share them with law enforcement in response to valid legal requests. By using the chat, you provide your express consent to such storage and review under any applicable wiretap, eavesdropping, or two-party-consent law.
19. Do Not Track and Global Privacy Control
The App does not respond to "Do Not Track" browser signals, but where required by law (e.g., California, Colorado, Connecticut, Oregon) we will honor the Global Privacy Control as a valid request to opt out of "sale" or "sharing." Because we do not sell or share personal information, the practical effect on the Service is minimal.
20. Third-Party Services and Links
The Service may link to or interact with third-party websites or services (e.g., a Seller's personal website, payment apps, social media). We are not responsible for the privacy practices of those third parties. Review their privacy policies separately.
21. Authorized Agents and Verification
When you submit a privacy request, we may need to verify your identity (e.g., by confirming you can sign in to the account email). For requests submitted by an authorized agent, we may require written proof that the agent is authorized to act on your behalf and may verify the consumer directly.
22. Changes to This Policy
We may update this Policy from time to time. We may also update how the Service works, including adding, changing, or removing features, and we may add payment-related capabilities in the future. If we make material changes, we will provide notice (in-app, email, or push) and update the "Last updated" date. Your continued use of the Service after the effective date constitutes acceptance. If you do not agree with the updated Policy, you must stop using the Service and delete your account.
23. How to Contact Us
For privacy questions, support, security issues, or to exercise your rights, contact us at: contact@neighbori.com. Website: https://neighbori.com.