Back to home

Privacy Policy

Effective Date: February 25, 2026

This policy should be read together with our Terms of Service. We recommend you review this policy periodically. For questions, contact legal counsel.

1. Information We Collect

We collect information you provide directly to us and information we obtain automatically when you use trouvé.

1.1 Information You Provide

  • Account information (name, email address, phone number)
  • Payment information (processed securely through Stripe)
  • Profile information and preferences
  • Communications with us

1.2 Information We Collect Automatically

  • Device information (device type, operating system, unique device identifiers)
  • Location data (GPS coordinates, approximate location)
  • Usage data (app interactions, features used, time spent)
  • Log data (IP address, browser type, access times)
  • Referral and attribution data (when you use a referral link or install via a campaign, we and our attribution partner may collect device and campaign-related data as described in Section 4.3)

2. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the trouvé service
  • Process rewards and payments, including gift card drops and Zapp (in-app currency used to redeem for gift cards; requires age verification for users 18+)
  • Verify eligibility for gift card drops, Zapp redemptions, and other age-restricted features
  • Operate and measure our referral program and marketing campaigns (including via attribution partners)
  • Send you important updates and notifications
  • Improve our app and user experience
  • Ensure security and prevent fraud
  • Comply with legal obligations

3. Location Data

trouvé requires access to your location to provide core functionality. This section describes what location data we collect, when we collect it, why we use it, and who we share it with.

3.1 What Location Data We Collect

We collect your device's location in the form of GPS coordinates and approximate location (e.g. when you view the map, when you attempt to claim a drop, or when you use other location-based features in the app).

3.2 When We Collect Location Data

We collect location data only while you are actively using the app (when the app is in the foreground or in use). We do not collect or track your location in the background unless you have explicitly granted background location permission for a specific feature, and we will clearly disclose that at the time we request it.

3.3 Why We Collect Location Data

We use your location data to:

  • Show nearby drops and rewards on the map
  • Verify that you are at a drop's location when you attempt to claim (redemption verification)
  • Create aggregated, anonymized heat maps and analytics for our business partners (e.g. to understand foot traffic or popular areas)—these do not identify you individually
  • Improve drop placement and user experience

3.4 Who We Share Location Data With

We do not share your individual location data with partners or third parties. We may share only aggregated, de-identified location data (e.g. heat maps or regional statistics that cannot be used to identify you) with business partners for analytics and improving services. No individual user location is shared.

You can control location permissions through your device settings at any time.

4. Third-Party Services

We use third-party services that may collect and process your information:

4.1 Supabase

We use Supabase for database services, authentication, and backend infrastructure. Supabase may collect device information and usage data as described in their privacy policy.

4.2 Stripe

Payment processing is handled by Stripe. When you make payments, Stripe collects and processes your payment information according to their privacy policy. We do not store your full payment details.

4.3 AppsFlyer (Referral and Attribution)

We use AppsFlyer to operate our referral program, measure campaign effectiveness, and attribute app installs and in-app events (e.g., signups, referrals). In connection with this service, AppsFlyer may collect or receive: device identifiers (e.g., IDFA, Android ID, advertising IDs), IP address, device type and model, operating system, timestamps, and engagement data (e.g., referral link clicks, installs, in-app events). This data is used to attribute referrals, prevent fraud, and support analytics. AppsFlyer acts as our service provider under our instructions. For more information, see AppsFlyer's Services Privacy Policy. By participating in referrals or using links that include attribution parameters, you acknowledge this data collection and processing.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • With your consent
  • To comply with legal obligations, court orders, or government requests
  • To protect our rights, safety, and the safety of others
  • With service providers who assist in operating our app (under contract and only for the purposes we specify)
  • With attribution and analytics partners (e.g., AppsFlyer) for referral and measurement purposes as described in this policy
  • In connection with a business transfer, merger, or sale of assets

We do not sell your personal information for monetary or other valuable consideration. “Sale” and “share” have the meanings given under applicable law (e.g., CCPA).

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

6.1 GDPR Rights (EU Users)

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure (“right to be forgotten”)
  • Right to data portability
  • Right to object to processing

6.2 CCPA Rights (California Users)

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of the sale of personal information
  • Right to non-discrimination

6.3 Consent and Withdrawal

Where we rely on your consent to process personal information (e.g., for marketing or certain analytics), you may withdraw that consent at any time by contacting us or adjusting your account settings. Withdrawal does not affect the lawfulness of processing before withdrawal. Some processing may continue where we have another legal basis (e.g., contract performance, legal obligation).

6.4 How to Exercise Your Rights

To exercise access, deletion, portability, or other rights, contact us at support@cedarlume.com or use our Data Deletion page. We will respond within the timeframes required by applicable law. You may have the right to lodge a complaint with a supervisory authority in your jurisdiction.

7. Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations. When you delete your account, we will delete or anonymize your personal information, except where retention is required by law.

7.1 Account Deletion

You may request deletion of your account at any time through the account settings in the trouvé mobile app. Once you submit an account deletion request:

  • Cancellation Period: You have up to 10 days from the date of your deletion request to cancel it by emailing support@cedarlume.com. After this 10-day period, the deletion process cannot be cancelled.
  • Data Deletion: Upon completion of the account deletion process, we will permanently delete all personal data associated with your account, including but not limited to:
    • Account information (name, email address, phone number)
    • Profile information and preferences
    • Usage data and app interactions
    • Location data
    • Payment information (processed through our payment processor)
  • Retained Data: We will retain only anonymous, aggregated data that cannot be used to identify you, as required for legal compliance, fraud prevention, and business analytics purposes. This anonymous data will be maintained in accordance with applicable legal requirements.

8. Children's Privacy and Age Restrictions

trouvé is not directed to anyone under 18. You must be 18 or older to use the service. We do not knowingly collect personal information from anyone under 18.

8.1 Neutral Age Verification

Where required by applicable law (including laws governing age-restricted advertising and services), we use a neutral age verification mechanism. This means we may require you to enter your date of birth before we collect your personal information or before granting access to age-restricted content or features. Our age verification is designed to confirm eligibility only; we do not incentivize or encourage users to misrepresent their age. Providing false information may result in account termination and forfeiture of rewards.

8.2 Children Under 13 (COPPA)

We do not knowingly collect personal information from children under 13. Our service is not directed to children under 13. If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us at support@cedarlume.com and we will delete such information promptly.

8.3 Users Under 18

If we learn that we have collected personal information from a user under 18, we will take steps to delete that information. You may contact us at support@cedarlume.com to report underage use or request removal.

9. International Data Transfers

We and our service providers may store and process personal information in the United States and other countries. If you are located outside the United States, your information may be transferred to, stored, and processed in jurisdictions where laws may differ from those in your country. Where required by law (e.g., GDPR), we use appropriate safeguards such as standard contractual clauses or other approved mechanisms for such transfers.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security and disclaim liability for unauthorized access to the extent permitted by applicable law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy in the app and on our website and updating the effective date. Your continued use after the effective date constitutes acceptance of the updated policy. For material changes we may also provide additional notice (e.g., email or in-app) where required by law.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at support@cedarlume.com.

This Privacy Policy is a disclosure document and does not constitute legal advice. Laws vary by jurisdiction and may change. Cedarlume, Inc. reserves all rights under applicable law. For jurisdiction-specific or legal questions, please consult your own legal counsel.