rowdiRowdi
Log InSign Up

Legal Operations

Privacy Policy

Last updated / Reviewed: June 2026

Privacy Policy: Overview

What We Collect: We collect your account details (email/username), the content you post, and technical data like your IP and device type to keep the app running.

Why We Collect It: We use your data to power the R.E.P. engine, rank your Arena feed, and send you notifications when your favorite team is playing.

No Sale of Identity: We do not sell your name, email, or personal identity.

Your Control: You can update your profile, manage push notifications, or delete your account at any time through the app settings.

Location & Safety: With your permission, we use your location. We store this securely and never share your precise path with third parties.

Children: Rowdi is for fans 13 and older. We do not knowingly collect data from kids under 13.

1. Data Collection Categories

1.1 Information You Actively Provide

  • Identifiers: When you create a Rowdi account, we collect your email address, chosen username, and password. If you use a third-party login (e.g., Google), we receive your name and profile picture associated with that account.
  • Profile Content: Any information you choose to add to your profile, including your avatar image, biography, marquee message, and banner image.
  • User-Generated Content (UGC): We collect the rants, comments, rerants, and media (images, GIFs, videos) you post to Team Hubs or the Virtual Arena.
  • Direct Communications: If you contact us for support or message other users through the platform, we collect those communications and any metadata associated with them.

1.2 Information Collected Automatically (Technical Data)

  • Device & Network Data: We collect your IP address, device type (e.g., iPhone 15), operating system, unique device identifiers, and mobile network information.
  • Usage Activity: To power your R.E.P. (Rowdi Engagement Points System), we track your interactions with the Service, including which Team Hubs you follow, the duration of your stay in a Virtual Arena, and which posts you engage with.
  • Sensor Data: With your permission, we may collect your precise geolocation to provide Local Fan badges or to gate access to campus-specific Arenas. We also access your camera or photo library only when you explicitly choose to upload media.

1.3 Inferred Data (The Fan Profile)

Engagement Insights: We use your activity to infer your sports preferences, such as your Primary Team, rivalries you engage with most, and your Fan Tier (e.g., Bandwagon vs. Superfan). This is used to rank your feed and calculate your R.E.P. milestones.

2. Processing & Legal Basis

We only process your personal information when we have a valid legal reason to do so. These Legal Bases include:

2.1 Performance of a Contract

Most of our data processing is necessary to provide the Rowdi experience you signed up for. This includes:

  • Account Management: Using your email and password to let you log in and keep your account secure.
  • The R.E.P. System: Tracking your engagement and posts to calculate your points, unlock Team Slots, and determine your Fan Tier. Without this processing, the core mechanics of Rowdi would not function.
  • Service Delivery: Hosting your rants and media in the Virtual Arenas and delivering them to the appropriate Team Hubs.

2.2 Legitimate Interests

We process data for our legitimate business interests, provided these do not override your fundamental rights. This includes:

  • Platform Integrity: Analyzing usage patterns to detect bots, prevent REPS farming, and identify bad actors who violate our community guidelines.
  • Service Optimization: Using anonymized data to understand which features are popular so we can improve the app's performance.
  • Safety & Security: Monitoring for harassment or prohibited conduct within the Arenas to protect our community.

2.3 Consent

For certain types of data, we will ask for your explicit opt-in consent before processing:

  • Push Notifications: To alert you when a game starts or your rant goes viral.
  • Location Services: To verify you are on a specific campus or at a stadium for Local Fan rewards.
  • Marketing Communications: To send you updates about new Rowdi features or partner rewards.

Note: You can withdraw your consent at any time through your device settings or the Rowdi app.

2.4 Legal Obligations

We may process your information to comply with laws, such as responding to a valid subpoena or preventing fraud and money laundering.

3. AI & Automated Decision Making

3.1 Content Personalization & Ranking

We use proprietary algorithms to organize your "Arena" and "Team Hub" feeds. These systems analyze your engagement patterns (likes, rants, and time spent) to prioritize content we believe is most relevant to your interests.

The Goal: To ensure you see the hottest rants from your fellow fans in real-time.

User Choice: You can influence these algorithms by adjusting your "Following" list or using the "Not Interested" feature on specific posts.

3.2 The R.E.P. Engine

The distribution of R.E.P. (Rowdi Engagement Points System) and the assignment of Fan Tiers are handled by an automated system. This system evaluates your platform contributions against our quality and engagement metrics.

Automated Outcomes: These decisions may lead to functional benefits, such as unlocking additional Team Slots or earning "Arena MVP" status.

Right to Review: If you believe your R.E.P. have been deducted or your Tier has been downgraded due to an algorithmic error, you have the right to request a human review of the decision by contacting support@rowdi.co.

3.3 Automated Content Moderation

To keep the Arena safe and focused on the game, we use AI-powered moderation tools to identify and flag prohibited conduct, such as hate speech, harassment, or illegal betting solicitation.

Decision Impact: These tools may automatically "shadow-ban" a post, limit its reach, or flag an account for human suspension.

Transparency: If your content is removed by an automated system, we will notify you within the app and provide a path to appeal the decision.

3.4 AI Training Policy

As of the current "Last Updated" date, Rowdi does not sell your personal data to third parties for the purpose of training Large Language Models (LLMs). We may use de-identified, aggregated data to improve our own internal AI models.

4. Third-Party Disclosures

4.1 Categories of Service Providers

  • Cloud Infrastructure & Database: Providers used to host our application, manage our database infrastructure (via systems like Supabase), and securely handle user authentication loops.
  • Real-Time Data Processing: We utilize distributed event streaming architectures (via components like Apache Kafka) to safely process fast "Fan Heat" calculations and R.E.P. metrics in real-time.
  • Product Analytics: We use industry analytics software to evaluate how fans engage with features. This raw traffic is de-identified where natively possible to run programmatic product optimization.
  • Error Monitoring: Infrastructure layers trace app exceptions and stack crashes so we can repair systems ahead of primary game-day windows.
  • Communications & Notifications: Message relays deliver push nodes and programmatic transactional emails cleanly to users.

4.2 Business and Research Partners

Aggregated Insights: Rowdi may share aggregated, anonymized data arrays with sports organizations, universities, and brand partners. Crucial: This data cannot be reverse-engineered to locate your unique identity. It is restricted to high-level market sentiment tracking.

4.3 Legal & Safety Disclosures

We may disclose your transactional records to federal law enforcement or state government bodies if required to:

  • Comply with a legal obligation, statutory warrant, or court subpoena.
  • Protect and defend the established property rights of Rowdi Inc.
  • Prevent or investigate suspected fraudulent behavior tied directly to system functions.
  • Ensure public security during localized real-world sporting matchups.

4.4 Business Transfers

If Rowdi Inc. undergoes an institutional corporate merger, acquisition event, or asset sale ledger transfer, personal profiles may scale over as business equity. Proper operational alerts will issue beforehand.

5. User Rights & Take It Down Requests

5.1 Your Privacy Rights

Depending on your corporate registry location (including Delaware, California, and multiple extra states), your user profile grants the following active rights:

  • Right to Access: You can request a clear copy of all personal raw rows Rowdi securely stores regarding your activity.
  • Right to Deletion: You can clear your account state and data rows (minus baseline compliance audit logs).
  • Right to Correction: You can instantly amend inaccurate profile records within your account interface.
  • Right to Portability: You can export user profiles in a structured, machine-readable format.
  • Right to Opt-Out: You hold the absolute right to refuse programmatic Profiling or targeted consumer ad targeting.

5.2 The Take It Down Act (TIDA) Compliance

In accordance with federal regulatory law, Rowdi presents an immediate, clear pipeline for the systematic elimination of Nonconsensual Intimate Imagery (NCII), including artificial deepfakes.

How to Request Removal: If you identify illicit imagery containing your likeness uploaded without direct consent, flag it immediately via the in-app "Report" system or route a formal claim code package directly to takeitdown@rowdi.co.

Your notification must accurately include:

  • Verification details to locate the file (e.g., specific Arena ID node or source URL link).
  • A good-faith written legal affirmation that the media is nonconsensual.
  • Direct electronic sign-off and active contact endpoints.

Our Commitment: Valid, verified legal TIDA notices are fully cleared alongside matched internal copies within 48 hours of intake processing.

5.3 How to Exercise Your Rights

To deploy any of these statutory options, contact our internal tracking team at privacy@rowdi.co. Users must verify profile ownership before internal data changes trigger.

6. Data Retention & Deletion

6.1 Retention Principles

Rowdi Inc. stores operational information only as long as required to clear the processes laid out across this document:

  • Account Information: Profile credentials, team selections, and identifiers remain live as long as the account stays checked in.
  • The "24-Month Inactivity" Rule: If an account drops below a minimal baseline with zero log activity for 24 continuous months, it triggers an Inactive flag. Following an automated alert, tracking identifiers are fully expunged.
  • Arena & Event Content: Since "Virtual Arenas" act as event-driven ephemeral zones, posts are moved to a secure backup schema 30 days after a game concludes. Archived content disappears from public feeds but remains logged safely for up to 12 months to manage safety metrics.

6.2 User-Initiated Deletion

Accounts can be deleted directly via the in-app Settings panel.

  • Immediate Action: Public views, usernames, and custom marquee headers are scrubbed from general feeds instantly.
  • Processing Period: Active runtime instances drop records completely within 30 days, while cold encrypted infrastructure snapshots cycle them out fully inside a 90-day window.

6.3 Anonymization

Once data retention clocks hit zero, metrics are either scrubbed or permanently anonymized. Anonymized assets—like collective seasonal "Fan Heat" trends—no longer identify unique users and are stored indefinitely for analytical history.

7. Children's Privacy (COPPA Compliance)

Rowdi operates an attention economy ecosystem engineered exclusively for sports fans aged 13 and older.

7.1 Age Verification & Mixed Audience Policy

Our platform deploys neutral registration screens to ensure individuals under 13 cannot mistakenly construct a user state. If you are under the age of 13, registration is strictly barred.

7.2 Information from Children Under 13

Rowdi never intentionally aggregates data from children under 13. If our database identifies that 2026 COPPA defined identifiers (such as device metrics, IP locations, or sensor values) have crossed into production without explicit parental confirmation, immediate system clears will run across both live databases and backup shards.

7.3 Notice to Parents

If you suspect a minor under 13 has designed an account, notify coppa@rowdi.co. Verified guardians can audit the exact log array, order instant data deletions, or refuse extra usage. In alignment with 2026 legal upgrades, parents can approve internal service processing loops (like R.E.P. accumulation) while explicitly blocking external data transfers to associated corporate sports brands.

7.4 Teen Data Protections (Ages 13–16)

Pursuant to state frameworks (including the SECURE Data Act of 2026), profiles linked to users aged 13–16 feature built-in High Privacy defaults, along with straightforward options to opt-out of targeted consumer ads.

8. Biometric & Sensitive Data

8.1 Definition of Biometric Data

Biometric Data targets technical parameters processed from physical, neural, or behavioral traits, including specialized face geometry grids, custom voice footprints, or video sentiment data arrays.

8.2 Collection & Consent

Rowdi shuts off biometric parsing loops by default. Data is processed exclusively if you select standalone opt-ins presented on distinct verification modules before the underlying framework boots up.

8.3 Use of Biometric Data

When verified, processing is limited to validating identity profiles for Official status badges, updating live video traits, or mapping instantaneous team fan metrics during high-profile matches.

8.4 Storage & Destruction

Biometric metrics are fully encrypted, separated from core user lists, and never traded commercially. We permanently wipe these assets once objectives conclude, when you clear your profile, or within one rolling year of inactivity, whichever occurs first.

8.5 Sensitive Data Protections

Rowdi locks down precise location tracking (within 1,750 feet) as Sensitive Personal Information. In alignment with 2026 Oregon and Connecticut legal mandates, this tracing handles local stadium authentication checks exclusively and is protected from external commercial data brokers.

9. State-Specific Privacy Rights (2026 Update)

9.1 California Privacy Rights (CCPA/CPRA)

  • Right to Opt-Out of Automated Decision-Making: You can completely halt programmatic AI sorting loops from executing structural evaluations concerning your overall content reach or tier balances.
  • Right to Limit Sensitive Data: Users can command Rowdi to downscale location calculations (within 1,850 feet) to absolute core requirements needed to authenticate live matches.
  • One-Click Deletion (AB 656): Pursuant to 2026 updates, our platform integrates an easily accessible, un-obscured profile termination control panel in the user interface, avoiding manipulative dark patterns.
  • Browser Signals (OOPS): Our network honors native Global Privacy Control (GPC) opt-out flags passing from mobile operating configurations.

9.2 Virginia & East Coast Rights (VCDPA/SECURE Act)

Minor records (ages 13–16) deploy maximum privacy toggles out-of-the-box, blocking background location parsing and profiling until active validation steps trigger. Age checks utilize non-suggestive screens aligned with active social standards.

9.3 Delaware Accessibility & Transparency (GIC Standards)

As an incorporated Delaware entity, Rowdi ensures its legal privacy portals are fully optimized for standard text readers and layout contrast parameters in compliance with digital accessibility rules.