Privacy Policy

1. Introduction

Welcome to Stamped. Stamped ("we," "us," or "our") operates the Stamped mobile application and the website located at usestamped.com (collectively, the "Service"). We are committed to protecting your personal information and your right to privacy.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Last Updated" date of this policy.

Contact: Stamped, Miami, Florida, United States · privacy@usestamped.com · usestamped.com

2. Information We Collect

We collect information in the following ways:

2.1 Information You Provide Directly

Account Information:

• Full name, email address, username, and password (stored as encrypted hash — never in plain text)
• Profile photo, biography, and profile details
• Location (city, state, country — for profile display purposes)
• Date of birth (for age verification)

Travel and Activity Data:

• Places you stamp — names, locations, ratings, photos, and notes
• Trip itineraries — destinations, dates, flights, hotels, and bookings
• Booking confirmation details imported via screenshot — flight numbers, confirmation codes, hotel names, and dates
• Countries visited and passport stamps
• Packing lists and travel notes
• Public notes visible to all users
• Followers-only notes visible only to your followers
• Secret Stamps visible only to paying subscribers

Financial and Payment Data:

• Trip expense amounts you enter manually
• Split calculations and settlement records
• Creator subscription pricing you set
• We do not store credit card or payment information — all payments are processed through Stripe, Venmo, Cash App, and PayPal directly. We store only your Stripe customer ID and subscription status.

2.2 Information Collected Automatically

Device and Technical Data:

• Device type, model, and operating system version
• App version and IP address
• Push notification tokens
• Crash reports and diagnostic data
• App usage analytics — screens visited, features used, session duration, and time in app

Photos and Media:

• Photos you upload to stamps and trips
• Screenshots you upload for booking import — processed by our AI system and deleted from our servers within 24 hours
• Camera access when taking photos within the app

2.3 Precise Location Data

We collect precise location data in the following circumstances. This is some of the most sensitive data we collect and we treat it with the highest level of care.

What we collect during Live Trip Tracking:

• GPS coordinates and accuracy radius with timestamps
• Dwell events — when you remain near a specific location for 8 or more minutes
• Route data — the path you walked or traveled during active trips
• Place names associated with your location — detected via Google Places API

Geofencing: We create virtual boundaries around locations saved in your trip itinerary. When you enter or exit these boundaries we may send a notification asking if you want to stamp that location. Geofence data is processed on your device and on our servers.

How we use your individual location data:

• To automatically detect places you visit during active trips
• To suggest stamp opportunities when you spend time at a location
• To display your route on trip maps within the app
• To provide end-of-day summaries of places visited
• To generate anonymized aggregate travel insights — see Section 4

We do NOT collect location data when you have no active trip, when location permissions are disabled, or outside 7am–11pm local time during active trips.

You can disable location tracking at any time:

• In the app: Settings → Privacy → Location Tracking
• In iOS Settings: Privacy and Security → Location Services → Stamped

2.4 Health Data

With your explicit permission we may access step count data from Apple HealthKit — used only to display your step count during active trips. This data is never shared with third parties or used for advertising. You can revoke HealthKit access at any time in iOS Settings → Privacy → Health → Stamped.

2.5 Social Data

• Who you follow and who follows you
• Posts, comments, likes, and replies you create
• Direct messages you send and receive
• Agree and disagree votes on ratings

3. How We Use Your Information

3.1 To Provide and Improve the Service

• Create and manage your account
• Display your profile, stamps, and trips according to your privacy settings
• Enable social features including following, feed, stories, and comments
• Process booking screenshot imports using AI
• Enable Live Trip Tracking features and generate trip itineraries
• Calculate and display trip expense splits
• Enable creator subscriptions and Secret Stamps

3.2 Communications

• Push notifications about account activity — new followers, likes, comments
• Live trip notifications — geofence arrivals, end-of-day rating reminders
• Account security notifications
• Product updates and announcements — you can opt out at any time

3.3 Analytics and Safety

• Analyze usage patterns to improve features and fix bugs
• Detect and prevent fraud, abuse, and Terms of Service violations
• Comply with legal obligations and protect user safety

4. Your Personal Data — What We Do and Do Not Sell

We want to be completely transparent about how your personal data is and is not used commercially.

4.1 What We Never Sell

We do not sell, rent, trade, or share for commercial purposes any of the following:

• Your name, email address, username, or any account information
• Your individual precise location history — the specific coordinates of where you walked, when, and for how long
• Your personal stamps, ratings, notes, or travel history in any form that identifies you
• Your messages, comments, or social interactions
• Your payment or financial information
• Any data that could identify you as an individual

This is an absolute commitment. Your personal information is yours. We do not monetize it individually under any circumstances.

4.2 Anonymized Aggregate Data We May Sell

We do generate anonymized aggregate insights from collective patterns across our user base. We are transparent that these insights may be sold commercially to tourism boards, city planners, hospitality companies, hotel groups, restaurant associations, retail brands, real estate developers, airlines, and travel companies.

This aggregate data is fundamentally different from personal data because it contains zero personal information, cannot identify any individual user, and is derived from a minimum of 50 individual data points before any insight is generated.

Examples of aggregate insights we may sell:

• Foot traffic heatmaps by neighborhood, time of day, and day of week
• Average dwell times at specific location types
• Visitor flow patterns between landmarks and neighborhoods
• Emerging destination trends — which cities are gaining visitor traffic over time
• Aggregate sentiment data — overall rating trends for categories of locations in a city

4.3 Your Consent

By using the Service and enabling Live Trip Tracking you consent to the collection of location data as described in Section 2.3 and the generation of anonymized aggregate insights as described above. You can withdraw consent for location collection at any time by disabling location permissions without affecting your ability to use other features. To opt out of aggregate data inclusion entirely, see Section 8.7.

5. How We Share Your Information

5.1 With Other Stamped Users

• Public stamps and notes are visible to all users including non-registered visitors
• Followers-only content is visible only to users who follow you
• Secret Stamps are visible only to users who pay your subscription
• Direct messages are visible only to you and the recipient

5.2 With Service Providers

• Supabase — database hosting, authentication, and file storage (AWS us-west-2)
• Anthropic — AI processing for screenshot import. Screenshots deleted within 24 hours; no personal data retained beyond the processing request
• Google — Places API for location search; Maps SDK for map display
• Apple — Sign In with Apple; HealthKit for step count data
• Stripe — Payment processing for creator subscriptions
• Vercel — Hosting for our website

All service providers are contractually obligated to use your data only as directed by us and in accordance with this Privacy Policy.

5.3 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities. We will notify you of such requests where permitted by law.

5.4 Business Transfers

If Stamped is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

6. Location Data — Detailed Disclosure

Because we collect precise background location data we want to be completely transparent about how it is handled.

• What we store: GPS coordinates with accuracy radius, timestamps, dwell events (place name, arrival, departure, duration), and route waypoints taken every 5 minutes while moving
• How long: Individual location history is retained for 12 months then automatically and permanently deleted
• Who can access it: Only you can view your own location history. Stamped employees do not access individual user location data except in active security investigations. Location data is never publicly displayed, never included in push notification payloads, and never returned in public API responses.
• Security: Encrypted in transit (TLS) and at rest. Every access creates an audit log entry. Location data is stored in a separate table with stricter access controls.

Your controls:

• Disable all location tracking: iOS Settings → Privacy and Security → Location Services → Stamped → Never
• Disable background only: iOS Settings → Location Services → Stamped → While Using App
• Delete location history: Stamped app → Settings → Privacy → Delete Location History
• Delete specific trip data: Trip Detail → Settings → Delete Location Data

7. Data Retention

• Account data: Retained while your account is active and for 30 days after deletion
• Stamps and trip data: Retained until you delete them or your account
• Location history: Automatically deleted after 12 months from collection
• Screenshot imports: Processed and deleted within 24 hours
• Messages: Retained until you delete them or your account
• Anonymized aggregate insights: Retained indefinitely as they contain no personal information
• Deleted account data: Permanently purged within 30 days of deletion request
• Backup copies: May persist in encrypted backups for up to 90 days after deletion

8. Your Rights and Choices

8.1 Access

You have the right to request a copy of all personal data we hold about you. Contact privacy@usestamped.com. We will respond within 30 days.

8.2 Correction

You can update most information directly in the app under Settings → Edit Profile. For other corrections contact privacy@usestamped.com.

8.3 Deletion

Go to Settings → Account → Delete Account. All personal data will be permanently deleted within 30 days. Anonymized aggregate insights may be retained as they contain no personal information.

8.4 Location Data Deletion

Go to Settings → Privacy → Delete Location History to permanently delete all GPS coordinates, route data, and dwell events independently of deleting your account.

8.5 Portability

Contact privacy@usestamped.com to request a data export in JSON format.

8.6 Opt-Out of Communications

• Push notifications: iOS Settings → Notifications → Stamped
• Marketing emails: unsubscribe link in any email or contact privacy@usestamped.com
• Analytics: Settings → Privacy → Analytics

8.7 Opt-Out of Aggregate Data

If you do not wish your activity to contribute to anonymized aggregate insights, contact privacy@usestamped.com with the subject line "Aggregate Data Opt-Out." We will exclude your data from all aggregate commercial products. This does not affect your ability to use the Service.

8.8 California Residents — CCPA

If you are a California resident you have additional rights under the California Consumer Privacy Act. We do not sell personal information as defined by CCPA. We sell only anonymized aggregate data that does not meet the CCPA definition of personal information. To exercise your California rights contact privacy@usestamped.com with subject line "CCPA Request."

8.9 European Residents — GDPR

If you are located in the European Economic Area you have rights under the GDPR including access, rectification, erasure, restriction, portability, and objection. Our legal bases for processing are your consent and our legitimate interests in providing the Service. Contact privacy@usestamped.com with subject line "GDPR Request."

9. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we become aware of such collection we will delete that information immediately. Contact privacy@usestamped.com if you believe we have information from a child under 13.

Users between 13 and 18 should review this policy with a parent or guardian before using the Service.

10. Security

• All data transmitted is encrypted using TLS
• All data stored is encrypted at rest
• Passwords are hashed using industry-standard algorithms and never stored in plain text
• Authentication tokens are stored in your device's secure Keychain
• EXIF metadata is stripped from all photos before storage
• Access to personal data is restricted to employees who need it to perform their job functions
• In the event of a data breach we will notify affected users within 72 hours as required by applicable law

No security system is impenetrable. If you believe your account has been compromised contact privacy@usestamped.com immediately.

11. Third-Party Links and Services

The Service may contain links to third-party services including Apple Maps, Google Maps, Waze, Venmo, Cash App, PayPal, and booking platforms. This Privacy Policy does not apply to those services. We encourage you to review their privacy policies.

12. International Data Transfers

Stamped is based in the United States. If you are accessing the Service from outside the United States your information may be transferred to, stored, and processed in the United States. By using the Service you consent to this transfer.

13. Apple App Store Disclosure

Data used to track you: None — we do not use data to track you across apps and websites owned by other companies for advertising purposes.

Data linked to you: contact info, user content (photos, stamps, notes, messages), precise location during active trips, usage data, identifiers, and diagnostics.

Data not linked to you: anonymized aggregate location and behavioral insights — cannot be linked to any individual.

14. Changes to This Privacy Policy

We will notify you of material changes by sending a push notification, emailing your registered address, and displaying a prominent notice in the app. We will provide at least 30 days notice before material changes take effect. Your continued use of the Service after changes take effect constitutes acceptance.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy:

• Privacy inquiries: privacy@usestamped.com
• General inquiries: staff@usestamped.com
• Website: usestamped.com
• Address: Stamped, Miami, Florida, United States

We will respond to all privacy inquiries within 30 days. This Privacy Policy was last updated on April 17, 2026 and is effective as of that date.