Privacy Policy

Last updated: April 17, 2024

Introduction

We’re a Canadian company with a mission and vision to make each day more authentic through an alternative social space that values honesty, sincerity, and all the things big and small that come up in everyday life.

We play this with our friends and family, and we care about your privacy as much as our own.

We’ve written this to be as transparent and easy to understand as possible, but if you’re not sure about anything, please reach out to us at hello@photodare.ca.

Summary

We have to do the normal things you’d expect to run this App. As with everything in life, it’s more complicated, the details of which can be found in the complete Policy below. Please read it all, not just this summary, there are lots of things in here that impact your privacy, and you should be 100% informed.

That said, here some key items:

To play, we need information like your email and name, but we never sell your data – we only use your Personal Data to provide the Service. To protect your privacy, you can make up any name and username you like, but we verify your email to ensure you meant to create an account. Your email is never shared with other Users.

We collect account information and content from you, including photos and things you say. While there are safety, security, and privacy measures in place to protect your information and content on PhotoDare, any digital tool can be hacked with enough effort, sending data over the internet is never secure, and other people can screenshot or copy content in ways we can’t control.
For these reasons it is important that you:
1. Use it at your own risk.
2. Never upload or share content that reveals sensitive personal details of any kind.
3. Never upload or share photos, or give away details in stories and comments that you wouldn’t be OK with others seeing.
4. Take precautions to ensure your account is never accessed by anyone not authorized.
Speaking of things that shouldn’t be uploaded here, we have Community Guidelines that dictate what’s cool to post, and Terms of Service that you also need to know about.
Please don’t use this if you’re under 16, or if you don’t like our Terms, Privacy Policy or Community Guidelines.
When you create a Dare with someone else, you have ways to play that might introduce risk, such as randomizing and sending photos. Because of this, you should never upload or hit send on anything if you’re not 100% sure you want to do that.
We partner with Third Parties to run the service, and sometimes need to share your info with them to provide things like hosting, email, and analytics, but in the future this may include advertising too. We and they also use cookies to make the App work better for you. They’re all industry standard providers who have committed to upholding your data rights, also outlined in this Policy, and we’ve linked to all their privacy policies below.
We respect your rights, and we comply with the guidelines set out in the GDPR (EU), CCPA (California), and PIPEDA (Canada). If you’re ever in doubt, contact us at hello@photodare.ca. See the ‘Your Rights and Data Management’ section for details.
Please read this entire policy before using PhotoDare, there is a lot of important detail not mentioned above – and THANKS FOR PLAYING!

Key Terms

To ensure clarity and consistency throughout this privacy policy, we've defined several key terms that will be used in the document:

The App: The mobile application provided by PhotoDare, available for download through the Apple App Store and Google Play Store, through which you can access all features, functionalities, and services related to PhotoDare's social media platform. This includes, but is not limited to, creating and participating in Dares, uploading photos, interacting with other Users, and any other services that require an account.

The Website: The official PhotoDare website, currently hosted on Squarespace, which provides information about our company, the App, and our services. The Website may also include news, blogs, contact information, company policies, and other company-related information. The Website is accessible without a PhotoDare account and does not support the features available in the App.

Personal Data: Any information relating to an identified or identifiable individual. This may include, but is not limited to, your name, email address, IP address, and any other information that can be used to identify you, either directly or indirectly.

Dare: In the App, posts including photos, stories and other content are called ‘Dares’.

User: Any individual who interacts with our services. This includes visitors to the Website, as well as individuals who register an account to post content or engage with other Users' content.

Service: All platforms, features, functionalities, content, and services offered by PhotoDare, whether accessed via a web browser, mobile application, or other means. This includes the Website and the App, customer support, newsletters, presences on other social platforms, and other communications from us.

Third Parties: Any companies, individuals, or services that are not part of PhotoDare or its direct operations. This includes Third-Party service providers that support our Service, such as cloud hosting services, analytics companies, and others with whom we may share User information as outlined in this policy.

Information we collect and what it is used for:

Below is a list of the ways we collect or receive information from you.

We never sell this data to any Third Party. We have contracts in place with all Third Parties, see ‘How we Store and Secure Your Information’. These contracts require them to comply with applicable privacy laws, and prohibit Third Parties from sharing or disclosing any Personal Data that we provide to them. Third Parties are contractually bound to limit the processing of Personal Data for the purpose of assisting us in providing the Service.

It is important to note that there may be cases where any of the data collected by us may need to be shared with authorities, law enforcement, or through other events such as legal proceedings or even a merger or acquisition of the Service. This may be done to comply with requests from authorities; ensure the security of our Service and community; enforce our policies; prevent fraud; protect the rights of other Users; and protect the property of us and our Users. We may also have a need to retain Personal Data for these reasons.

Your Account Information:

In order to use the App we need to collect and store:

A username, first name, and last name. These are used to label your content as belonging to you; help others find and interact with you; and help us correspond with you. You can change this information any time by contacting us.
An email address. This is used to verify your account and, only when strictly necessary, send emails. If you choose to subscribe to our newsletter, this will also be used for that purpose, and you can unsubscribe from within the emails.
A password. This is used when signing in to ensure you are authorized to access an account. You can reset it anytime by using the password reset link in the Sign-in screen in the App.
When you create an account, we also create a User ID (a Universally Unique Identifier, or UUID) which is a randomly generated number.

This information is stored for as long as you have an account, see ‘Data Retention’ for details.

The Content You Upload:

Using the App, you may upload, share, or post to PhotoDare. This may include data, images, text, or other materials such as photos, stories, comments, upvotes, and other forms of user-generated data. You can use PhotoDare without uploading any content. If you choose to upload content for your own purposes and to share with others, we collect and store it through our server, database and Third Party storage services. When you create a Dare (either Solo or 2 Player), or interact with a Dare, the content you upload could include:

Photos you upload. To create Dares, the App requires access to photos in your phone’s photo library, but 1) it can only access photos you give it permission to access, and 2) it only processes and stores photos that you explicitly upload by pressing Save or Send while creating Dares. We do not otherwise see, analyze, or process your photos, and we do not process or store those photos that could have been sent, only the ones that are sent. Additionally, we do not store photo metadata; the EXIF data of your photos are removed when saved.
Stories you add to Dares you create.
Comments you post on Dares you or others create.
Upvotes and Bookmarks. You can upvote or bookmark others’ Dares that have been made Public. Users cannot see who has upvoted or bookmarked their Dares, but the Service does associate your upvotes and bookmarks with your account.

This information is stored for as long as you have an account, or until you delete it. If content is found to be in violation of the Terms of Service or Community Guidelines, it may be deleted by a moderator. See ‘Data Retention’ for details.

We may view and moderate this content as needed to ensure the safety and security of the community, and we may also refer to this content in research activities aimed at improving the product, such as conducting research on new features, or determining emerging content trends.

Website Data:

We use an industry standard and GDPR-compliant Third Party website provider named SquareSpace to provide our Website, www.PhotoDare.ca. This Website may collect information you submit via contact or newsletter sign-up forms as well as technical information related to your interactions. Their Privacy Policy is available here.

Website Visitors:
This Website is hosted by Squarespace. Squarespace collects Personal Data when you visit this Website, including:

Information about your browser, network and device
Web pages you visited prior to coming to this Website
Web pages you view while on this Website
Your IP address

Squarespace needs the data to run this Website, and to protect and improve its platform and services. Squarespace analyzes the data in a de-personalized form.

Webform Submissions:
When you submit information to this Website via webform, we collect the data requested in the webform in order to track and respond to your submissions. We share this information with Squarespace, so that they can provide website services to us. We also share this information with Google for storage.

This Website uses a Google Workspace integration to collect newsletter sign-up emails and contact form submissions. In the event you sign-up for the newsletter, this information is either moved to or automatically sent to our Third Party marketing email provider, Twilio Sendgrid; see How we Store and Secure Your Information for details. It may also be retained in this Google Workspace for as long as is needed to process it, and no longer than 24 months. If you contact us via form submission, this information may be stored and retained in a Google Workspace email address or spreadsheet for as long as is needed to resolve any correspondence, and no longer than 24 months. Contact form submissions may also be forwarded to staff members’ email addresses, where the information will be stored and retained as described under ‘Data Retention’.

Cookies:
See the ‘On the Website’ subsection of the ‘Cookies and Similar Technologies’ section.

Fonts:
This Website may serve font files from and render fonts using Google Fonts and Adobe Fonts. To properly display this site to you, these third parties may receive personal information about you, including:

Information about your browser, network, or device
Information about this site and the page you’re viewing on it
Your IP address

Technical Data:

In order to provide the Service across a range of device types; ensure the integrity and security of the Service; and improve the relevance of content, the Service may collect device characteristics including platform type, operating system, and IP address.

This information is stored for as long as your account exists. If your account is deleted, this information may either be anonymized, or deleted permanently. See ‘Data Retention’ for details.

Usage Analytics:

PhotoDare uses an industry standard and GDPR-compliant Third Party analytics tracking platform, Amplitude, to help us improve the experience by ensuring the App is working correctly and troubleshooting, learning how it is used, and testing new features. You can opt into sending analytics events when you register for an account, and opt out any time in the Settings screen of the App. Their Privacy Policy is available here.

This analytics service automatically collects anonymized or pseudonymized User information tracking events such as app crashes, and which pages are navigated to and/or what buttons are pressed, but it does not capture or have access to any identifiable account information or your content.

It collects a User ID (generated by PhotoDare and shared with them) and IP address. This analytics service then uses the IP address to determine properties they define as country, region, city and designated market area. They may also capture device characteristics such as language of the device; platform, operating system, device family; and device ID, which for iOS Users is an Apple Identifier for Vendors (IDFV) and on Android is a randomly-generated identifier created by the analytics service.

This information may be stored by this analytics service indefinitely, but after your PhotoDare account is deleted and has gone through our internal anonymization process, the User ID or IP address collected in the analytics cannot be used to identify you. See ‘Data Retention’ for details.

Correspondence and Interactions With You:

If you contact us via any method, or we contact you via email (e.g. if a moderator needs to reach out to you), we may retain this information for our records, and for compliance reasons.

To provide our automated account emails and an optional newsletter service, we use an industry standard and GDPR-compliant Third Party service called Twilio Sendgrid. In order to provide their service, they may collect and process your information such as email, name, interactions with said emails, and when you interact with an email, your IP Address. Their Privacy Policy is available here.

We may choose to create surveys and invite Users to participate in research sessions to learn more about their experience and improve the Service, in which case we may collect these responses. In this event, your personal identifying information will be pseudonymized and de-identified before being stored or processed.

Moderation, Safety and Security:

If a moderator needs to take action on your content, we may note your account info and any content violating our Terms of Service, Privacy Policy, or Community Guidelines in our system in order to respond to disputes, and protect the safety and security of the community. This may potentially include any information related to your account or content you upload including but not limited to your name, username, user ID, email, as well as screenshots of any content or interactions that are in question for our records. In the event the activity is in violation of the law or threatens the safety of others, we may be obligated to report and share this information with law enforcement authorities. To protect our community in the future and ensure we are able to respond to disputes, this information may be stored indefinitely or for the maximum retention period legally permitted.

Please review the acceptable content rules in our Community Guidelines.

Cookies and Similar Technologies:

Cookies are small files or pieces of text that download to a device when a visitor accesses a website or app. They are unique to your account if you use the App, or your browser if you visit the Website. Website session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire.

Like most social networks and websites, we use cookies and similar technologies in the course of providing you with the Service to enable features, improve performance, gain insights into how the Service is used:

In the App:

To provide a ‘keep me signed in’ feature, we may store an authentication token on your device.
To improve performance, our App may store certain pieces of your account or content information locally on your device.
Our Third Party analytics provider Amplitude may store a cookie not tied to your account but that keeps track of event IDs, device ID, and similar information.
Security: In the future we plan to add additional account security features, which may involve the use of cookies to enable and support this, such as helping us detect suspicious or malicious activity.
Advertising: In order to cover costs associated with providing the Service, we plan to add advertising into the app as soon as possible, which may involve the use of cookies to offer more relevant ads. When this happens, this policy will be revised to reflect the use of cookies of this type and any related impacts on Personal Data handling.

For additional information about what is stored on your device, see the “How we Store and Secure Your Information” section.

On the Website:

We use an industry standard and GDPR-compliant Third Party website provider named SquareSpace to provide our Website, www.PhotoDare.ca. Their Privacy Policy is available here.
This Website uses cookies and similar technologies, which are small files or pieces of text that download to a device when a visitor accesses a website or app. For information about viewing the cookies dropped on your device, visit “The cookies Squarespace uses”.
These functional and required cookies are always used, which allow Squarespace, our hosting platform, to securely serve the Website to you.
These analytics and performance cookies are used on the Website, as described below, only when you acknowledge our cookie banner. The Website uses analytics and performance cookies to view site traffic, activity, and other data.

In automated account related emails and if you subscribe to our newsletter:
Our Third Party email provider, Twilio Sendgrid describes the following regarding their use of cookies and similar technologies:

“Twilio uses common information-gathering tools such as cookies, web beacons, pixels and other similar tracking technologies to automatically collect information as you navigate our websites, our services or when you interact with emails we sent to you. You can manage these technologies easily on our websites.” See Twilio’s Privacy Policy for details.

Changes to our use of cookies
We may change how cookies are used at any time: please take a look at the “Last updated” date at the top of this policy to see when it was last revised.

PhotoDare may, in the future, create accounts on social media platforms including but not limited to LinkedIn, X (Twitter), Facebook, Instagram, Mastodon, Twitch, Discord, Youtube, Snap, TikTok, and others. This is intended to foster a vibrant community and provide you with additional channels to interact with us and other Users.

Please be aware that any data you provide to us through social media, whether by interacting with our profiles, sending us messages, or otherwise, is also governed by the privacy policies of the respective social media platforms. We do not control these third-party platforms and are not responsible for the privacy or security practices of such third parties. We encourage you to review the privacy policies and settings on the social media platforms with which you interact to make sure you understand the information they are collecting, using, and sharing.

When you share content from PhotoDare to social media platforms, the content is governed by the privacy policies of those platforms. Once the content leaves the PhotoDare environment, it is subject to the rules and policies of the platform to which it has been shared. This includes any data or content you choose to share on our potential future social media profiles.

Please note that if you directly disclose personally identifiable information or personally sensitive data through public message boards, this information may be collected and used by other

Future Advertising on PhotoDare:

As part of our commitment to transparency, we want to inform you that we plan to introduce advertising on the PhotoDare platform in the future. This is a step we anticipate taking to help support the platform and provide a sustainable Service while continuing to offer an engaging user experience.

What This Means for You:
When advertising is implemented on PhotoDare, it may involve the use of certain information to deliver relevant ads to you. This could include data you've provided to us, your activity on the platform, or other information used to tailor the advertisements you see. We are committed to maintaining your privacy and will ensure choices and consent options are clear when any such features are rolled out.

Your Choices and Consent:
Before we introduce any advertising features, we will update this Privacy Policy and inform our Users about the changes. You will have the opportunity to review the updated Policy and make informed decisions about your Personal Data. This includes how it's used for advertising purposes and what choices you have regarding such usage.

Potential Data Sharing with Advertising Partners:
While we don't currently share information with Third-Party advertising partners, this may change with the introduction of advertising on the platform. If and when this occurs, we will provide detailed information about what data may be shared, with whom, and for what purposes, as well as how we protect your data during this process.

Commitment to Privacy and Transparency:
Any future changes involving advertising will be made with a steadfast commitment to your privacy and data security. We will provide transparent communication about any new practices, partners, or policies and ensure you have control over your data.

Please note that this section of the Privacy Policy is subject to change. We encourage you to regularly review our Privacy Policy for updates, especially as we continue to develop and potentially introduce advertising features.

PhotoDare never collects or processes your data without your consent. By registering for a PhotoDare account and using the Service, you agree and consent to the Terms of Service, this Privacy Policy, and our Community Guidelines. Optionally you can also consent to our use of analytics, as well as sign up for our newsletter.

See also ‘Your Rights and Data Management’ in this policy for more detail on how consent relates to your rights and use of the Service.

We take your privacy seriously and implement industry-standard security measures to ensure this locally stored data is kept secure. While there are safety, security, and privacy measures in place to protect your information and content on PhotoDare, any digital tool can be hacked with enough effort, sending data over the internet is never secure, and other people can share or copy content in ways we can’t control.

For these reasons it is important that you:

Use it at your own risk.
Never upload or share content that reveals sensitive personal details of any kind.
Never upload or share photos, or give away details in stories and comments that you wouldn’t be OK with others seeing.
Take precautions to ensure your account is never accessed by anyone not authorized.

Storage of photos: To securely store and serve your photos, we use a GDPR-compliant Third Party cloud service called Amazon Web Services. Photos are encrypted and cannot be accessed without a special URL generated by PhotoDare. We do not store any of your photo metadata; the EXIF data of your photos are stripped out in the upload process. See the ‘Visibility of Your Information and Content to Others’ section for more details. Their Privacy Policy is available here.

Storage of your account, technical data, stories, comments, upvotes, and bookmark information: To securely store and serve this content, we use a GDPR-compliant Third Party cloud service called Microsoft Azure. Their Privacy Policy is available here.

All information is encrypted while in transit between the app and the server.
The App does not store password information locally on your device.
Our use of this service follows GDPR-recommended best practices for minimizing data sent to and from the server, as well as to any Third Parties.
Passwords are encrypted.

Storage of usage analytics: These are securely stored and encrypted by our Third Party provider, Amplitude, and can only be accessed by authorized PhotoDare personnel. You can opt into usage analytics tracking when you register and account, and opt out any time in the Settings screen of the App. Their Privacy Policy is available here, and see ‘Data Retention’ below for more information.

Storage of correspondence: These are securely stored and encrypted by our Third Party provider, Google, and can only be accessed by authorized PhotoDare personnel. Their Privacy Policy is available here, and see ‘Data Retention’ below for more information.

If you subscribe to the newsletter, storage of your email address and name: If you choose to subscribe to our newsletter, your email and name may be processed, securely stored and encrypted by a GDPR-compliant Third Party service, Twilio Sendgrid. Their Privacy Policy is available here, and see ‘Data Retention’ below for more information including right to erasure.

Storage of cookies and similar technologies: If you visit our Website, PhotoDare.ca, cookies may be stored locally on your device, see the Cookies sub-section of ‘Information we collect and what it is used for’.

In addition to cookies used on our Website, our App also uses standard industry practices to enhance user experience and performance, which involves storing certain information on your device:

Authentication Token: If you opt to use the 'keep me signed in' feature for convenience, our app will store a secure token on your device. This token is used to authenticate your identity without requiring you to log in each time you use our app.
Local User Data: To improve performance, our app may store certain pieces of your account or content information locally on your device. This locally stored data is only used to enhance the functionality of the app and is not shared with any Third Parties or used for tracking purposes.
As stated in the subsection ‘Cookies and Similar Technologies’ in ‘Information we collect and what it is used for’:
- our Third Party email provider Twilio Sendgrid may store cookies on your device related to your interactions with automated emails;
- and our Third Party analytics provider Amplitude may store cookies on your device related to the optional collection of analytics events to help us maintain and better understand the Service.

Your rights under the GDPR: We and our Third-Party service providers comply with the consumer rights provisions in the GDPR, CCPA, and PIPEDA: you have the right to request your data be erased, and or receive copies of your data. See the ‘Your Rights and Data Management’ section for details.

Where Your Information is Transferred:

Currently all data is transferred to and stored in either Canada or the United States, depending on the data. We have plans to expand to international data centres as soon as possible to keep as much data in the originating region as possible.

Canada:

Microsoft Azure stores the following: account information, technical data, photo URLs, stories, comments, upvotes, and bookmark information.

USA:

Amazon Web Services stores all photos you explicitly upload by pressing Save or Send while creating Dares.
Amplitude stores all analytics data.
Google stores all correspondence and information related to moderation.
For newsletter subscribers, Twilio Sendgrid may store a copy of your email address and name in addition to how this is stored in your account information in order to provide subscription-related features.

For our Users in Europe that are protected by GDPR, rest assured that data transfers of your Personal Data to the above-noted Third Parties in Canada and the United States comply with the requirements of GDPR.

Visibility of Your Information and Content to Others:

When you create an account in the App, your name and username become visible in the Friend Select screen to everyone else with an account. We cannot control if someone else chooses to screenshot or otherwise capture the names and usernames in the friend select list, so please only use a name and username you are comfortable with anyone else seeing.

If you create and share any of your content, this can become visible to others with an account, and even others without an account depending on how it was shared.

Visibility of your Dares
A Dare in PhotoDare is the equivalent of a social media post. To help protect the privacy of content you upload, there are 3 levels of visibility for Dares, which are controlled by their share status and managed through the Share button. Also, PhotoDare Moderators are able to see any content regardless of visibility level.

Private:
1. This means it can only be viewed by the creator(s). If you create a Solo Dare, that means only you can see it, but if you co-create a 2-Player Dare with a friend, you can both see it.
2. All Dares start out Private by default.
3. The link cannot be shared.
4. If it is a 2-Player Dare, the other person may choose to screenshot or capture it in some way outside our control, so never upload anything you wouldn't be OK with others seeing. Screenshotting or otherwise sharing Private Dares is strictly prohibited in our Terms of Use and Community Guidelines and can result in being banned from the Service.
5. If a Dares sharing status is Public or Public on Discover, and then is set to Private again, it can then only be seen by the creator(s), even if others commented on it. The web link to that Dare will not work; displaying only a ‘page not found’ error in the browser.
6. Further to Dares that are publicly visible on the web, but are set to Private again, to better protect your privacy we use timed-expiry presigned URLs for photos. This means if a person had the URLs to your photos from a visible post, those URLs would not load past the 1 minute mark of the original page load, with one exception: if the person trying to access your photo URLs had already loaded them prior, the photo object itself may be cached, meaning the photo(s) may still be visible in their browser, or appear to reload inside their browser. Anyone who had not previously loaded the photo in their browser and who tried to access your photos directly using the URLs would receive an error message. Once anything is shared on the internet it is impossible to control how it is shared or prevent it from being copied, so please do not make any content visible that you would not be comfortable with others seeing.
Public:
1. If you unlock sharing in a Dare, this makes its share status Public.
2. You can now share the link, and anyone with the link, even if they don’t have a user account, can see and share it in their browser of choice.
3. It is important to remember that once a Dare is made Public and the link is shared to anyone else, anything can happen with it including screenshotting, posting on other platforms without your permission, or being logged by a search engine. For these reasons you should never unlock sharing for any content that you would not be comfortable with other people sharing.
4. If you share the link with someone who has an account on the App, that person can comment on, upvote, and bookmark it. Currently it is not possible to see or reveal who upvoted or bookmarked it.
5. If you co-create a 2-Player Dare with a friend, you BOTH need to unlock sharing to make it Public and share the link. If EITHER of you set the sharing status to Private again by locking it, it will revert to Private until you BOTH unlock it.
Public on Discover:
1. Any Dare that is Public can be posted to the Discover feed, which is the front page of PhotoDare.
2. Here, anyone with an account in the App can see it, share the link, as well as comment on, upvote and bookmark it. Currently it is not possible to see or reveal who upvoted or bookmarked it.
3. Anyone with the link, even if they don’t have the app, can see and share it in their browser of choice. It is important to remember that once a Dare is made Public and the link is shared to anyone else, anything can happen with it including screenshotting, posting on other platforms without your permission, or being logged by a search engine. For these reasons you should never unlock sharing for any content that you would not be comfortable with other people sharing.
4. If you co-create a 2-Player Dare with a friend, you BOTH need to Post to Discover to make it Public on Discover. If EITHER of you set the sharing status to Public again by un-posting it from Discover, it will no longer be visible on Discover, instead reverting to Public status. If EITHER of you set it to Private again by locking sharing, it will revert to Private.
Commenting: If you leave comments on anyone else’s Dares that you have access to, those comments along with your name and username become visible to anyone else who can see the Dare, including anyone with the link. Users cannot anonymously comment.
Blocking: If a user blocks another user, those users will no longer be able to see each others’ content including Dares and Comments. They can also no longer send each other Dares. If a user blocks a user they have already created 2-Player Dares with, those Dares will be reset to Private and also hidden from both creators as part of the overall content filtering that happens when users block each other. This can be undone from Settings, in the ‘Blocked Users’ section.
Photo visibility when sending and receiving Dares: You make posts (called Dares) on PhotoDare by playing a mini-game, either by yourself (Solo) or with a friend (2-Player). In 2-Player mode you can co-create Dares with others. If you choose to do this, you and the other person become equal partners in the creation of the content, and managing who can see it.

To protect both of you, we have implemented safety features, but you are each responsible for protecting each others’ privacy.

Visibility of your photos in 2-Player mode: From the Play screen pick a game mode, or if receiving a Dare you can also start from the Incoming feed in My Dares. Once you grant permission to access your photos, the game will shuffle them behind tiles which hides them from view, and you can choose which to play with.

PhotoDare is all about sharing photos and stories, and provides Users with the ability to select photos to share, or to have the App select photos on their behalf. The options and potential privacy risks are described in our FAQ section on the Website “How do I make a post on PhotoDare?” but PhotoDare does provide you with the following safety mechanisms:

Safety mechanisms when co-creating Dares: To protect the privacy of both players, there are several safety mechanisms:
1. Safety check if you send without looking: when you choose this method, you will be prompted to confirm that you really want to send it without knowing which photo it is from your library.
2. Safety check if you peeked and sent: if you look at the photo first, you will also get a confirmation request. There is also a confirmation if you chicken out.
3. Dares are Private by default, and BOTH players must unlock their side before Dares can be shared: see the Visibility of your Dares subsection in this section.
Moderators can see any content:
Be aware that while content set to Private cannot be seen by other Users, for the safety and security of all Users, and to ensure that PhotoDare is complying with all applicable laws, PhotoDare content moderators can view any content created in the Service – regardless of privacy settings..
Rest assured moderators respect and care about the privacy of all our Users, and normally only have reason to view content if it was a) made Public by you, and/or b) reported by another User as violating our Community Guidelines. However, to ensure the safety of all parties, and be able to comply with any applicable laws, we reserve the right to view, monitor and take action on any content uploaded into the Service. See Community Guidelines for details.
PhotoDare may also use automated content flagging and moderation tools in the future to better protect the security and privacy of the community. If implemented, we will revise this Privacy Policy and inform you of any changes and implications it may have on your privacy.

Data Retention:

Your Personal Data is only retained as long as necessary, as further described in this Privacy Policy, and in general, for no longer than needed to provide the Services to you and to meet our legal obligations. How long we retain your Personal Data depends on the type of Personal Data; which Third Party vendor it is stored with; and where applicable, who deletes information from the Service (e.g. you or a moderator). Different retention periods for different types of information are described in this Privacy Policy. For example, see the ‘Secure Backups’ section below that explains additional retention periods that may apply to your data after it has been deleted from our system.

If you have questions, please contact us at hello@photodare.ca.

Accounts: your User account is stored for as long as you have your account, and for a varying window after it is deleted, based on circumstances:

When accounts are deleted by you, they will immediately no longer be usable or visible in the App, however to ensure we can comply with any laws, regulations, and / or relevant authorities, as well as to potentially provide emergency account restoration, this information is securely stored for 31 days until it is deleted from our records.
When your account is deleted, your content is no longer accessible, however others may still be able to access specific content if they have not refreshed their feeds, or on devices where the content may be cached.
If you contact us to request deletion of your account, this may take up to 30 days for us to process, at which point it will disappear from the App and be inaccessible, but may still exist for another 31 days before deletion.
When accounts are deleted by a moderator, they will immediately no longer be usable or visible in the App, however to ensure we can comply with any regional laws, regulations, or relevant authorities, this information along with relevant content may be securely stored for a default of 31 days before deletion or for as long as it is needed to resolve any moderation related matters. If for any reason a moderator has cause to suspect the account is in violation of the law, we may be obligated to share it with authorities and continue to retain it for as long as is necessary, after which time it will be deleted within 31 days.
Deletion of account information occurs through an anonymization process wherein we retain the User ID of your account for our records, but overwrite or delete the rest of the information, along with your content (including photo URLs), and any comments that were made on your content. At this point an individual could not be identified based on this information.
After deletion by you or us for any reason, and the 31 day retention period has elapsed, copies of your account information may still exist in our Third Party storage provider’s system in a secure encrypted backup for an additional 7 days, after which time it cannot be recovered.
In the event your account is deleted by you or us for any reason, all the content associated with it will also be deleted including 2-Player Dares also being deleted. Specifically for 2-Player Dares, these will no longer be visible to or accessible by the other co-creator if EITHER player’s account is deleted, this is to respect the privacy of both players.
While account deletion by you or us for any reason also includes deletion of all associated content, the time period for content retention is different for photos because we use a different Third Party storage service to house these. Once the standard 31 day retention period outlined above has elapsed and your account information is deleted – which includes the URLs to your stored photos – the photos themselves may still exist in our Third Party photo storage provider’s backup system in an inaccessible and encrypted form for up to 35 additional days.

Individual Dares:

Any Dare can be deleted by yourself, or a moderator. Note that 2-Player Dares can be deleted by EITHER player, which deletes the names, usernames, photos, stories, comments, votes, and bookmarks associated with the Dare for all Users in the App.
When a Dare is deleted, the information associated with it including but not limited to names, usernames, photos, stories, comments, votes and bookmarks is immediately no longer visible or accessible, although others may still be able to access it if they have not refreshed their feeds, or on devices where the content may be cached. The Dare information is retained on our server after this for a 31 day retention period after which it is permanently deleted. Photo data may still exist in secure, encrypted Third Party hosting provider systems for as long as an additional 30 day retention period plus a 35 day automatic backup period. After this time the information is permanently deleted. For all other Dare information such as stories, comments, names, etc, this is only retained for an additional 7 days in automated backup systems after the initial 31 day retention period.
It makes no difference to the deletion and retention process if the Dare is a Solo or 2-Player Dare, or if its share status was Private, Public, or Public on Discover.

Photos:

Deleting individual photos is not supported at this time, but the Dares they are associated with can be deleted, which will delete the photos the Dare contains (see Individual Dares in this section).
When a Dare is deleted, the photo(s) associated with it are immediately no longer visible to others in the App or via web links. References to the photos, such as photo URLs are deleted from our server after a 31 day retention period, but the photo objects themselves may still exist for another 30 day retention period following this, as well as in automated encrypted backups and version histories on our Third Party storage server for up to 35 days after that. After this time they are permanently deleted with no chance of recovery.

Stories, Comments, Upvotes, and Bookmarks:

Individual stories and comments can only be deleted by Moderators at this time.
These are retained as long as the Dare exists.
If you see any stories or comments that violate the Community Guidelines, please contact us.
Upvotes and bookmarks can be undone by whoever initiated them, or, if the Dare it is associated with is deleted, the vote or bookmark is also deleted with it. If the account belonging to the User who voted or bookmarked is deleted, all their votes and bookmarks are deleted.

Correspondence: We retain email records only for as long as necessary to resolve any matters they pertain to. If some piece of correspondence is essential to the running of the Service, e.g. if it is required for a compliance or legal matter, it will be retained indefinitely until such a matter is resolved or required by law, and then only for as long as is strictly necessary.

Newsletter emails
If you choose to subscribe to our newsletter, your email and name are stored by our Third Party service provider Twilio Sendgrid.

You can unsubscribe from newsletter emails at any time using the links in the emails. If you unsubscribe, your email may still be stored for as long as they are our provider, and then for 30 days after in a do-not-email list (called a ‘suppression list’) to prevent us from violating anti-spam laws and ensure you are not signed up to our newsletter again. If you wish your email to be completely deleted from their system, or if you have unsubscribed and wish to resubscribe, contact us at hello@photodare.ca and we will process the request within 30 days.

All Emails We Send Including Account Related Transactional Emails
Our Third Party email provider, Twilio SendGrid collects data related to the emails we send and that you interact with including account related emails such as informing you about account actions, as well as opt-in newsletters. This information includes but is not limited to the email content itself, and metadata such as open rates and clicks. This data is retained according to their retention schedule outlined here in the section ‘Data retention — SendGrid service’.

Essentially, all information held by Twilio Sendgrid may be stored as long as they remain our service provider, and for a 30 day retention period after this. If you wish to be completely erased from their system, contact us and we will process the request within 30 days, at which point the remaining time left until you are completely erased is subject to Twilio Sendgrid’s retention, disaster backup retention, and legal exception periods which can be found here.

Usage Analytics: This information is held by our Third Party service provider Amplitude indefinitely, however, when your PhotoDare account is deleted, your personal information is anonymized, meaning the data collected by Amplitude, such as UserID and IP address can no longer be combined with your account information to identify you. See the ‘Information we collect and what it is used for’ section of this Policy for more details.

If you wish to be completely erased from their system, contact us and we will process the request within 30 days, at which point the remaining time left until you are completely erased is subject to their retention, disaster backup, and legal exception periods which can be found here. Please note that while we can process right to erasure requests while you still have a PhotoDare account, or before the account information retention window has elapsed (typically 30-60 days), once your PhotoDare account is permanently deleted and anonymized, we will no longer be able to match your account information to your usage analytics information in Amplitude. This means the Amplitude usage analytics data will also be anonymized, and so we will not be able to process erasure requests past this time.

Data Retention Related to Social Media: If and when we establish social media accounts, we may retain data that you provide to us through these platforms (e.g., messages, comments, or likes) for as long as we maintain those accounts, or deem necessary for the purposes for which it was collected, subject to legal requirements and compliance, including any legal obligations to retain data for a certain period of time.

Data shared directly with Third Party platforms by you, such as through posts, comments, or interactions with our potential profiles, is retained according to the policies of the respective platforms. We do not have control over the retention of data on Third Party platforms, and this policy does not apply to these external platforms.

Backups: To ensure the security and integrity of the Service, we automatically create backups of essential data including your account information and content. For details on what data is included, see ‘How we Store and Secure Your Information’ in this policy.

Your account and any content information stored with our Third Party provider Microsoft Azure is backed up, encrypted, and securely retained for 7 days, after which time backups are permanently deleted.
Your photo information stored with our Third Party provider AWS is backed up, encrypted, and securely retained for up to 35 days, after which time backups are permanently deleted.

Your Rights and Data Management:

At PhotoDare, we are committed to upholding your data rights. We comply with the strictest privacy guidelines in several regions in the hope of best protecting privacy regardless of your region. These include complying with the GDPR (EU region), CCPA (California), and PIPEDA (Canada).

Under the GDPR, PhotoDare is classified as the Data Controller, determining the means and purposes of processing user data. As per CCPA, we operate as the Business, and under PIPEDA, we act as the Organization responsible for the information we collect. In all instances, while we engage third-party services essential to our operations, we ensure their compliance with the respective regulations and maintain Data Processing Agreements (DPAs) with them.

The exact terms vary across each, however in general depending on where you live, you may have rights including but not limited to the following:

Access and Rectification:

You have the right to request a copy of the Personal Data we or our Third-Party service providers hold about you. To do so, please contact us at hello@photodare.ca. This includes Personal Data you have provided to us, content and data generated from your use of our Services, potentially including analytics and promotional email data you may have opted into.

If your account information is incorrect or incomplete, you can request corrections by contacting us at the same email address. We aim to handle requests within one month of receipt, though complex requests may require more time.

You can change your password any time via the password reset link in the Sign-in screen.

Data Portability:

You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format, and have the right to transmit that data to another controller without hindrance, where technically feasible.

Erasure and the Right to Be Forgotten:

You have the right to request the deletion of your Personal Data when it is no longer necessary for the purposes for which it was collected, or when you withdraw your consent. This is subject to certain exceptions, such as compliance with legal obligations.

You can delete your account at any time through the app, or request its deletion by contacting us. Please refer to the 'Data Retention' section for details on what information this includes and how long we retain data before permanent deletion.

We have carefully selected each of our Third-Party service providers (e.g. for storage, emails, and analytics) based on their commitment to these rights, and we have processes in place to ensure your rights are upheld across these service providers in the event of an erasure request.

You can delete your individual Dares any time by using the Delete button found in the More section. See 'Data Retention' for more details, and how this impacts 2-Player Dares.

We currently don't support deleting individual stories or comments in the App, but if you need one of your stories or comments deleted, contact us at hello@photodare.ca. Deleting a Dare will also delete all of its stories and comments.

To help keep PhotoDare a safe space, please do report any objectionable content so that moderators can be aware and take action immediately. In most cases this will be deleted within 24hrs.

Moderators reserve the right to delete any individual photo, story, comment, upvote or bookmark

If you want to delete an upvote or bookmark, simply undo that action by pressing the upvote or bookmark button again.

Objection and Restriction of Processing:

You have the right to object to the processing of your Personal Data for specific reasons, such as direct marketing.

In certain circumstances, you have the right to request the restriction of processing of your Personal Data, for example, when the accuracy of the data is contested.

Consent Withdrawal:

You can withdraw your consent at any time for any data processing based on consent. This won't affect the lawfulness of processing based on consent before its withdrawal, but may affect our ability to provide you with the Services.

Specific instructions for withdrawing consent for various aspects of our Service are detailed in the 'Consent' subsection below.

Consent:

Your consent is a key component of our data processing activities. Here's how it works in the context of our Services:

General Consent at Registration:

When you create an account with PhotoDare, you provide consent by agreeing to our Terms of Service, Privacy Policy, and Community Guidelines. You affirm that you are at least 16 years of age and understand the rights and obligations contained within these documents.

Please do not use or engage with PhotoDare if you do not agree and consent to these policies and guidelines.

To withdraw your agreement and/or consent from these, the easiest way is to delete your account and stop engaging with the Service. You can also contact us at hello@photodare.ca for assistance.

Optional Consents:

Usage Analytics: During registration or within the App settings, you have the option to consent to our collection of usage analytics to help us improve your experience. You can withdraw this consent at any time by opting out in the App Settings screen or by contacting us at hello@photodare.ca.
Newsletter Subscription: You have the option to subscribe to our newsletter. If you decide later that you no longer wish to receive these communications, you can unsubscribe using the link provided in the email or contact us for assistance.
Consent to Share Co-Created Content: In instances where you co-create content with another User, both parties must provide consent to share this content. This consent is managed through in-app sharing settings. If you wish to withdraw consent, you can change the sharing settings, effectively revoking access to the content. See the ‘Visibility of Your Content to Others’ section for details.

Consent on Our Website:

Visitors to the PhotoDare Website are asked to consent to the use of cookies that are not strictly needed by our provider Squarespace for the Website's operation. You have the option to accept or decline these cookies. To respect the privacy of visitors from GDPR-protected regions and others, we have minimized data collection on the Website and to the best of our knowledge does not use analytics tracking, specifically, we have switched off the usage analytics features provided by Squarespace, and do not currently use other analytics tracking services like Google Analytics.

Right to Non-Discrimination under CCPA:

You will not be subjected to discrimination for exercising any of your privacy rights under the CCPA.

Right to Opt-Out under CCPA:

We never sell your Personal Data. In the event of a merger or acquisition, your data may be transferred as a part of our business assets. You will be notified of any such change, and you'll retain the right to opt-out of your data being used in a manner materially different from this policy.

Exercise Your Rights:

If you have any questions, need assistance in managing your data, or want to withdraw consent, please contact us at hello@photodare.ca. We're here to help you exercise your rights and will respond to your requests without undue delay and in any event within one month of receipt of the request.

Please note that we reserve the right to retain certain information for record keeping purposes, to complete transactions, or to comply with our legal obligations.

If you have any concerns about how your Personal Data is handled, you can contact us at hello@photodare.ca, or you may have the right to lodge a complaint with your local data protection authority.

Your local data protection authority may be different than the below list depending on your region, but here is contact information for the EU, USA, and Canada:

EU:

Authority: European Data Protection Supervisor (EDPS)

Website: https://edps.europa.eu

USA (specifically for California):

Authority: California Department of Justice, Office of the Attorney General

Website: https://oag.ca.gov/privacy/ccpa

For the rest of the USA, see below, and you may have an authority specific to your State:

Authority: Federal Trade Commission (FTC)

Website: https://www.ftc.gov/

Canada:

Authority: Office of the Privacy Commissioner of Canada

Website: https://www.priv.gc.ca

Children’s Privacy:

PhotoDare is committed to protecting the privacy of young people using the internet. Our Services are not designed for, or intentionally targeted at, children under 16 years of age. We do not knowingly collect or solicit personal information from anyone under the age of 16 or knowingly allow such persons to register for an account with PhotoDare.

Age Limitation: In alignment with this policy, Users are required to confirm they are at least 16 years old during the registration process. This is enforced through a mandatory checkbox; registration cannot be completed unless this box is checked. This serves as an affirmation of the User’s age at the point of account creation.

Verification and Removal: If we become aware that we have collected personal information from a child under the age of 16 without verification of parental consent, we take steps to remove that information from our servers. If you believe that we might have any information from or about a child under 16, please contact us at hello@photodare.ca, and we will promptly take action to ensure that such information is deleted from our systems. If a parent or guardian becomes aware that their child has provided us with personal information without their consent, they should contact us at the email address provided, and we will take the necessary steps to remove such information and terminate the child's account.

Parental Control: We recognize the importance of safeguarding the privacy of children and encourage parents to check and monitor their children's use of online activities regularly. PhotoDare's Services are not intended for use by children, and we do not knowingly collect Personal Data from children.

Compliance with Laws: PhotoDare complies with all relevant legal requirements and guidelines, including the Children's Online Privacy Protection Act (COPPA) in the United States and the General Data Protection Regulation (GDPR) in Europe, regarding the collection and processing of personal information from individuals under the age of 16.

Changes to the Policy:

We reserve the right to update or change our Privacy Policy at any time, and you should check this Privacy Policy periodically. Your continued use of the Service after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy. The ‘last updated’ date of this Privacy Policy is indicated at the top of the Privacy Policy.

The most current version of our Privacy Policy will always be available on this page, and is linked in the Settings screen of the app.

For any significant changes to this Privacy Policy, we will seek your consent again if required by applicable data protection laws.

If you have any questions about this Privacy Policy, please contact us at hello@photodare.ca.

Automated Decision-Making:

At present, PhotoDare does not engage in automated decision-making or profiling that would significantly affect our Users. However, we are committed to the continual improvement of our platform and the safety of our community. As part of this commitment, we may, in the future, implement automated systems for content moderation or other processes to help ensure our Community Guidelines are upheld and that PhotoDare remains a safe space for creativity and expression.

If we do implement such systems, they will be designed to detect content that violates our guidelines or applicable laws, such as explicit content, hate speech, or illegal activities, and you consent to using automated decision-making for these purposes . These systems may automatically remove content or flag it for review by our team. We will not use automated decision-making to make decisions that produce legal effects concerning you or similarly significantly affect you without your consent, unless we are required or permitted by law to use such technology.

Please note that any such personalization will be conducted in full compliance with applicable data protection laws.

In our ongoing effort to improve User experience, PhotoDare may, in the future, implement algorithms designed to personalize content, such as showing Users content relevant to their location or language preference. This is to enhance User engagement by making the content more relevant and interesting.

If we introduce such automated features, we will update our Users via this Privacy Policy and, if necessary, seek renewed consent for the new data processing activities. We will provide clear information about the logic involved, the scope of personalization, and the potential impact on User experience.

Please refer to our Community Guidelines for more information about the types of content that are not permitted on PhotoDare. If you have any questions about this section or our potential use of automated decision-making and profiling, please contact us.

Data Breach Procedures:

At PhotoDare, we are committed to the security of our Users' data and have implemented robust measures to protect your personal information. However, in the event of a data breach, we have a comprehensive response plan designed to effectively manage such incidents.

Identification and Assessment: Upon discovery of a potential data breach, our team will promptly investigate the situation to determine the nature and scope of the incident. This involves identifying the type of data involved, the extent of data access or disclosure, and whether the data was actually compromised.

Containment and Eradication: Our immediate priority is to contain the breach to prevent any further unauthorized data access or loss. We will take all necessary steps to secure our systems, which may include temporarily disabling affected accounts, services, or certain features, as well as working closely with cybersecurity experts to resolve vulnerabilities.

Notification: In compliance with data protection laws, we will notify affected Users via email without undue delay and no later than 72 hours after having become aware of the breach, unless a longer period is required due to the specific circumstances of the breach. This notification will include:

A description of the nature of the data breach.
The types of data that were involved.
The likely consequences of the data breach.
Measures taken to address the breach and mitigate its possible adverse effects.
Recommendations for Users to protect themselves.

Furthermore, where the breach is likely to result in a high risk to the rights and freedoms of individuals, we will communicate the Personal Data breach to the affected data subjects without undue delay.

Regulatory Reporting: We will report any breach to the appropriate regulatory authorities as required by law, including details of the breach and our response plan.

Review and Future Prevention: After managing the immediate concerns, we will conduct a thorough review of the incident to understand how it happened and how it was handled. Lessons learned from this review will be integrated into our data security policies and procedures, where necessary, to prevent future breaches.

Limitation of Liability: While we implement strong security measures to protect User data, no method of transmission over the Internet or method of electronic storage is 100% secure. As such, we cannot guarantee absolute security. However, we are committed to upholding our obligations and acting swiftly and responsibly in the event of a data breach.

Links to Other Websites and Platforms:

PhotoDare contains functionalities that may allow you to interact with other websites and social media platforms. This includes the Share button, which lets you share content from PhotoDare to other platforms or services based on the options available in your device's share sheet, or any other methods of link sharing you choose to use.

Please be aware that once you leave our app or share content to another platform, you are subject to the terms and conditions and privacy policies of those external platforms or websites. This includes any content or links that you or other Users post on PhotoDare, which may direct Users to external websites or services. Our Privacy Policy does not extend to these external platforms, and we do not exercise control over third-party websites or services. We encourage you to read the privacy policies of any website or platform you visit via links from PhotoDare.

In the future, we may establish accounts and presence on various social media platforms, including but not limited to LinkedIn, X (Twitter), Facebook, Instagram, Mastodon, Twitch, Discord, Youtube, Snap, and TikTok. Interaction with our profiles on these platforms is governed by this Privacy Policy as it pertains to our use and treatment of data, but also by the privacy policies of the respective social media platforms. Any content, comments, or interactions made on these platforms are also subject to the terms and privacy policies of the respective platforms.

We are not responsible for the data policies, content, or security of any other website, including those you link to or from our Service. Your rights and any risks related to your privacy and Personal Data are subject to the terms and privacy policies of those respective entities, and we encourage you to review them carefully.

Impact of Non-Provision of Data:

We strive to maintain transparency about the data we request from you and how it impacts your experience with the Service. Below, we detail the consequences you may encounter should you choose not to provide certain data or withdraw your consent:

Account Creation and User Experience:
Agreement to Terms of Service, Privacy Policy, and Community Guidelines: Acceptance of our Terms of Service, Privacy Policy, and Community Guidelines is essential for creating an account. Without this consent, you will be unable to set up an account, meaning you cannot participate in or access the main feed of content (Discover), create your own content, or engage with other Users' content. However, you may still access our informational Website, PhotoDare.ca, and view content shared with you by an existing User.

Age Requirement:
We require confirmation that you are at least 16 years old to create an account. Failure to verify your age will prevent you from creating an account and accessing services that necessitate an account.

Usage Analytics:
Consent to Usage Analytics Tracking: If you opt not to consent to usage analytics tracking, you can still create an account and use PhotoDare. However, we will not collect data regarding your interactions with the app. This decision does not diminish your User experience, but it does limit our ability to analyze app performance and User behaviour, potentially impacting future improvements and updates.

Email Newsletter Consent:
You have the option to subscribe to our newsletter during the account creation process. Declining this subscription won't affect your ability to create an account or use our Services, but you will miss out on our latest news, updates, and special offers.

Please note that your choices regarding the provision of data are respected and upheld at all times. If you have any questions or concerns about the impact of these choices, please feel free to contact us at hello@photodare.ca.

Access to Your Photo Library:
If you choose to not allow the App to access your photos, you can still see content created by others, but you will not be able to use the play modes including uploading, saving, and exchanging photos, either by yourself or with others.

Contact Information:

If you have questions, concerns, or requests regarding your data and your rights related to your data, please reach out to us using the following information:

Email: For a prompt and electronic response, please email us at privacy@photodare.ca. Our team is dedicated to ensuring your rights are upheld and your concerns are addressed.

Snail mail: If you prefer to contact us via traditional mail, you can send your inquiries to:

PhotoDare Inc.
260 Adelaide St E, Box 165
Toronto, ON, Canada
M5A 1N1

Please include your contact information and any relevant details in your letter so that we can respond effectively and efficiently.

While we currently do not have a designated Data Protection Officer (DPO) as that term is described in GDPR, our entire team is committed to ensuring the privacy and protection of your data, under the leadership of our Privacy Officer, who can be reached at privacy@photodare.ca. We take your inquiries seriously and aim to resolve any issues or concerns in alignment with our privacy policy and applicable laws.