Privacy Policy
Last updated: July 11, 2026 · Version 1.1.17
Summary. Vouchlist is a private, contact-based directory for trusted local professionals, restaurants, and travel recommendations. To run the Service we collect your phone number (for sign-in), the name on your profile, a city-level or precise location you provide or permit, salted hashes of contacts you choose to sync, content you create (vouches, listings, notes), and standard device and usage data. Optional AI features run on your device: your Ask Scout questions are used only to look up matching listings from your circles and are never stored on our servers, never sent to a third-party AI provider, and never used to train any model. We do not sell your personal information at this time, and we describe below the limited circumstances in which we share data with the third-party processors that operate the Service. We may create and license aggregated, de-identified statistics that do not identify you (see Section 3.6).
This Privacy Policy explains how Alphabyte LLC, doing business as Vouchlist ("Vouchlist," "we," "us," or "our"), collects, uses, discloses, and protects information about you when you use the Vouchlist mobile application (the "App"), the marketing site at vouchlist.app, and any related services, features, content, APIs, edge functions, or push notifications we provide (collectively, the "Service"). It applies to all users of the Service in the United States.
By creating an account or otherwise using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.
1. Information We Collect
We collect information in three ways: (a) information you provide directly, (b) information generated when you use the Service, and (c) information we receive from third parties that help us operate the Service.
1.1 Account and Profile Information. When you sign up, we collect your mobile phone number, which we use to send a one-time SMS verification code (passwordless OTP authentication). Once verified, we also collect the name (first and last) you provide during profile setup. We record a timestamp confirming you have stated you are at least eighteen (18) years old.
1.2 Location Information. Vouchlist is a location-aware product. During onboarding you are asked to set a home city, which we store on your profile. You may set it in one of two ways:
- Manual entry (city, state, or zip code), in which case we store only the city-level text you typed and, where useful, approximate latitude/longitude derived from that text via our geocoding processor.
- Device GPS, with your explicit OS-level permission. We may use precise device coordinates to reverse-geocode a city label and to sort Discover results by approximate distance. We request "While Using the App" location authorization and do not run background location tracking.
When you add a professional, restaurant, or destination as a listing, we may store the latitude and longitude of that listing (not your device location) so other users in your circles can sort it by distance. You can change or remove your stored location at any time from in-app settings.
1.3 Contacts and Contact Matching. If you choose to use the contact-matching feature, the App requests permission to read your device address book. We use the phone numbers in your contacts only to:
- normalize each phone number to E.164 format on your device;
- send the normalized numbers in batches to our backend, which returns (a) matches for numbers already associated with a Vouchlist account and (b) one-way SHA-256 hashes computed server-side using a private salt;
- store, in a "friends" record on your account, the contact's display name, the salted hash of their phone number, and (if matched) the Vouchlist user ID of the contact.
We do not persist your full device address book on our servers, and we do not store plaintext phone numbers of your contacts in the "friends" table — only their salted hashes. Plaintext phone numbers transit our backend transiently to compute matches and hashes. Because the hash uses a private salt, hashed values cannot be meaningfully reversed back to phone numbers without that salt. You can revoke contacts permission in your device settings at any time; doing so will stop future syncs but does not automatically delete records already in your "friends" list (you can delete those from the App or by deleting your account).
Circle invites for contacts not yet on Vouchlist. If you are a circle admin, you can add a contact to your circle even if they are not yet a Vouchlist user. When you do, we store a pending-invite record containing the salted hash of that contact's phone number (never the plaintext number), the display name you have for them, the circle, and your account as the inviter. We do not send any message to the invited contact. If a person later creates a Vouchlist account using that phone number, the pending invite converts into a circle membership and the pending record is deleted. A circle admin can cancel a pending invite at any time, which also deletes the record, and pending invites are deleted if the circle is deleted.
1.4 User Content. When you use the Service, you create content including: professional/business listings (home services and other categories), dining and travel destination listings, vouches (your star rating, free-text notes, and selected relationship context such as "used their services" or "personal contact"), saved/bookmarked items, circle names, and messages or feedback you send us. We store this content on your behalf to operate the features you use.
1.5 Push Notification Tokens. If you enable notifications, we collect an Expo push token issued by Expo's notification service, which in turn is backed by Apple Push Notification service (APNs) on iOS and Firebase Cloud Messaging (FCM) on Android. We store this token alongside your account so we can send you notifications about activity in your circles (for example, a new vouch on a pro you added, or a friend joining the App). You can disable push notifications in your device settings or in the App's notifications screen.
1.6 Camera and Photo Library. The App does not currently access your camera or photo library.
1.7 Device and Usage Data. When you use the App we automatically collect standard mobile telemetry, including IP address, device model and operating system, app version, language, timezone, crash reports and diagnostic logs, and aggregate event data such as which screens you view, which features you interact with, the approximate length of search queries (we do not log the literal query strings as event payloads), and timestamps. This data helps us debug issues, measure feature usage, and improve the product. Crash reports are processed for us by Sentry (see Sections 3.2 and 4) and include stack traces, device and OS information, app version, and recent in-app interaction breadcrumbs; we do not attach your name, phone number, or account identity to crash reports. When an error occurs, Sentry may also capture a visual session replay of the moments leading up to it — by default this replay masks all on-screen text and images, so it captures layout and navigation, not the content you viewed or typed. We do not record session replays outside of error conditions.
1.8 Information from Service Providers. Our authentication, hosting, analytics, push, and geocoding providers (see Section 4) may relay technical metadata to us — for example, OTP delivery status, push delivery receipts, or geocoding results — in order to operate their portions of the Service.
1.9 Ask Scout (On-Device AI Assistant). Where available, the App includes an optional AI assistant called Ask Scout that answers your questions by suggesting listings already shared with you in your circles. Scout is designed to be private by architecture:
- AI processing happens on your device. Scout uses the built-in, on-device AI provided by your device's operating system (Apple Intelligence, powered by Apple's on-device Foundation Models on supported iPhones). Your questions, the listings and vouch notes Scout draws on to answer them, and Scout's answers are processed locally on your phone; they are not sent to any third-party AI provider, and we do not use them to train any model.
- Retrieval only. When you ask Scout a question, the text of your question is sent over an encrypted connection to our backend for one purpose: to look up matching listings and vouches that are already visible to your account under your circles' sharing rules. We do not store your questions on our servers, and our analytics record only that a Scout message was sent and whether results were returned — never the text of what you asked.
- Conversations are ephemeral. Scout conversations are held in your device's memory only; they are not saved to our database and are cleared when the App restarts.
- No model download; device availability. The App does not download any AI model. Scout relies on the on-device AI built into your operating system, so the feature is available only on devices that support Apple Intelligence and have it enabled — currently an iPhone 15 Pro or newer running iOS 26 or later with Apple Intelligence turned on. Where your device does not support or has not enabled Apple Intelligence, Ask Scout is unavailable and you can use the rest of the App normally.
2. How We Use Information
We use the information described above for the following purposes:
- Provide the Service. Verify your identity by SMS; create and maintain your profile; render circles, vouches, and discovery feeds; deliver push notifications; and operate the dining and travel features added in version 1.1 of the App.
- Match you with people you already know. Use salted contact hashes to identify which of your contacts are already on Vouchlist and to power circle invites.
- Sort and surface local content. Use city-level or precise location to order Discover results by approximate distance and to filter listings to your area.
- Answer your Ask Scout questions. Use the text of a question you ask Scout, transiently, to retrieve matching listings and vouches from your circles (see Section 1.9). AI processing of your conversation happens on your device, and your questions are not stored on our servers or used to train models.
- Safety, trust, and abuse prevention. Detect spam, fraud, harassment, scraping, fake listings, and other violations of our Terms; investigate reports submitted via the in-app Report flow; and enforce account-level restrictions.
- Product analytics and improvement. Understand which features are used, identify bugs, and prioritize improvements.
- Communications. Respond to your support requests, send service-related messages (e.g., security or policy notices), and — only if you opt in — send optional product update emails.
- Legal and compliance. Meet our legal obligations and exercise or defend our legal rights.
3. How We Share Information
3.1 Other Users. Vouchlist is fundamentally a social/contact-graph product. Certain information is visible to other users by design:
- Your name and any listings, vouches, and circle memberships you create are visible to other members of the circles you share with them.
- When you add a listing (a pro, restaurant, or destination) and publish it to one or more circles, members of those circles can see the listing, including any coordinates you attached and any notes you added.
- When another user has your phone number in their contacts and syncs contacts, our backend will indicate to them (via salted-hash match) that you are on Vouchlist; this is how friend discovery works.
- If you share a circle invite link, anyone who opens that link can see your name and the circle's name and can join the circle while the link remains active. Invite links are multi-use, expire automatically (currently after thirty (30) days), and can be reset at any time by a circle admin, which immediately invalidates previously shared links.
- If a circle admin invites one of their contacts who is not yet on Vouchlist (see Section 1.3), members of that circle can see the invited contact's display name (as it appears in their own or the inviter's contacts) marked as "Invited" until the invite is claimed or canceled. The invited contact's phone number and its hash are never shown to circle members.
- Your account phone number — the mobile number you use to sign in — may be shown to other members of a circle you belong to, but only to those members who do not already have you in their phone contacts, so they can recognize and save you. Members who already have you in their contacts do not see it, and your number is never displayed on listings or shown to the public.
3.2 Service Providers and Processors. We share limited data with third-party vendors that process information on our behalf, under contracts that restrict their use of that data:
- Supabase — primary database, authentication (including SMS OTP via Supabase Auth), file storage (avatars and listing images), realtime channels, and edge functions. Hosts substantially all account, listing, vouch, and friend-record data.
- PostHog — product analytics. Receives event names, screen views, anonymized usage signals, your user ID, device type, OS, and IP address.
- Google Places API — restaurant search, accessed through our edge function. When you search for a restaurant to add a listing, Google receives the text you type and, where available, approximate coordinates (your saved city or, with your permission, device location) used to prefer nearby results. We do not send your account identifiers with these requests.
- LocationIQ — geocoding and reverse geocoding (for example, converting a typed city into coordinates), accessed through our edge function, and a fallback for restaurant search. Receives the search text or coordinates needed to return a place result. We do not send your account identifiers with these requests.
- Sentry — crash and error monitoring, active only in production builds of the App. Receives crash reports and diagnostic context such as stack traces, device model and operating system version, app version, and recent in-app interaction breadcrumbs, as well as a masked session replay captured only when an error occurs (see Section 1.7). We do not configure Sentry to attach your account identity to crash reports.
- Expo Application Services (EAS) and Expo Push Notifications — builds, over-the-air updates, and push delivery. The Expo push service receives push tokens and notification payloads.
- Apple Push Notification service (APNs) and Google Firebase Cloud Messaging (FCM) — platform-level delivery of push notifications to your device.
- An SMS gateway (via Supabase Auth) — delivery of one-time login codes to your phone number.
Each of these providers has its own privacy practices. We encourage you to review them: Supabase (supabase.com/privacy), PostHog (posthog.com/privacy), Google (policies.google.com/privacy), LocationIQ (locationiq.com/legal/privacy), Sentry (sentry.io/privacy), Expo (expo.dev/privacy), and Apple (apple.com/legal/privacy).
3.3 Legal, Safety, and Compliance. We may disclose information if we believe in good faith that disclosure is necessary to (a) comply with applicable law, legal process, or a lawful government request, including subpoenas and court orders; (b) enforce our Terms of Service or other agreements; (c) protect the rights, property, or safety of Vouchlist, our users, or others; or (d) prevent or investigate fraud, security incidents, or violations of our policies.
3.4 Corporate Transactions. If Vouchlist is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information about you may be transferred to a successor or affiliate as part of that transaction. We will require the recipient to honor the commitments in this Privacy Policy or provide notice of any material changes.
3.5 Sale of Personal Information; "Sharing" for Cross-Context Behavioral Advertising. We currently do not sell your personal information in exchange for monetary or other valuable consideration, and we currently do not "share" your personal information for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the "CCPA"), and similar U.S. state privacy laws. We also currently do not knowingly sell or share the personal information of any consumer under the age of sixteen (16).
These are statements about our current practices, not perpetual commitments. If our practices change — for example, if we introduce advertising features, partnerships, or business models that would constitute a "sale" or "sharing" of personal information under applicable law — we will update this Privacy Policy, post a conspicuous in-app notice, provide an opt-out mechanism where required, and, to the extent legally required, obtain your opt-in consent before any such sale or sharing takes effect.
3.6 Aggregated and De-Identified Data. We may create aggregated or de-identified data from information collected through the Service — for example, statistics and datasets about recommendations, ratings, prices paid, categories, and city-level geographic trends — by removing or transforming the elements that identify you (such as your name, phone number, contact hashes, account identifiers, and precise location) so that the resulting data cannot reasonably be linked to you, your household, or your device. We may use, license, sell, or otherwise disclose aggregated or de-identified data for any lawful business purpose, including commercial data products and market insights. Aggregated and de-identified data is not personal information under the CCPA and similar U.S. state privacy laws, and the creation, use, or licensing of such data as described in this section is not a "sale" or "sharing" of personal information under Section 3.5.
Where we maintain or disclose de-identified data, we: (a) take reasonable technical and organizational measures to ensure the data cannot be associated with you; (b) publicly commit, including in this Section 3.6, to maintain and use the data only in de-identified form and not to attempt to re-identify it, except as permitted by law solely to test whether our de-identification processes satisfy legal requirements; and (c) contractually obligate any recipient of the data to comply with these same requirements, including the prohibition on re-identification.
4. Third-Party Processors We Use
To help you evaluate our data handling, here is the current, complete list of subprocessors that materially handle user data on our behalf. We may update this list as our infrastructure evolves and will reflect changes in this section.
- Supabase, Inc. — auth, database, storage, realtime, edge functions (United States).
- PostHog, Inc. — product analytics (United States).
- Google LLC — Google Places API (restaurant search) and Firebase Cloud Messaging (Android push delivery).
- LocationIQ (Unwired Labs) — geocoding and reverse geocoding; fallback restaurant search.
- Functional Software, Inc. (Sentry) — crash and error monitoring (United States).
- Expo / 650 Industries, Inc. — builds, OTA updates, push notification routing (United States).
- Apple Inc. — Apple Push Notification service (iOS delivery).
- An SMS provider configured through Supabase Auth — delivery of one-time SMS login codes.
5. Data Retention
We retain personal information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
- Account data (phone number, name, age-confirmation timestamp, onboarding flags) is retained until you delete your account.
- Listings, vouches, and saved items are retained until you delete them in the App, until the listing is removed by us or by another user with appropriate permissions, or until you delete your account.
- Salted contact-hash records are retained while the corresponding contact remains relevant to your friend graph; you can remove them by removing the friend in-app or by deleting your account.
- Pending circle invites (the salted phone hash and display name of an invited contact who is not yet on Vouchlist) are retained until the invite is claimed by that contact joining Vouchlist, canceled by a circle admin, or the circle is deleted.
- Ask Scout conversations are not retained on our servers at all — they exist only in your device's memory and are cleared when the App restarts.
- Push tokens are retained while they remain valid; tokens that the push services report as invalid are pruned.
- Analytics and diagnostic logs are retained for a rolling period (currently up to twenty-four (24) months) and then deleted or aggregated.
- Backups may persist deleted data for a limited additional period (typically up to thirty (30) days) until backup rotation completes.
We may retain limited information longer where necessary to comply with legal obligations, resolve disputes, prevent fraud or abuse, or enforce our agreements.
6. Your Rights and Choices
Depending on where you live, you may have the following rights with respect to your personal information. We honor these rights regardless of whether they are technically required to be extended to you.
- Access / Know. Request confirmation of whether we process information about you and a copy of that information.
- Correction. Ask us to correct inaccurate personal information. You can edit your name, location, listings, and vouches directly in the App.
- Deletion. Delete your account at any time from Profile → Settings → Delete Account. Account deletion removes your profile, your saved items, your friends list, and your push tokens. Your listings and authored vouches are removed or de-identified (subject to limited exceptions for content already shared into other users' circles) — for example, a vouch you wrote may be re-attributed to "Former Member" rather than deleted outright, so that recommendations relied upon by other Circle members are not silently removed. This applies across all categories (services, dining, and travel): on deletion we remove your name from your vouches and delete their free-text content, including written notes, travel warnings, dining visit context, and favorite dishes and drinks; only the star rating and non-identifying structured details (such as price tier) remain. See our Terms of Service, Section 14, for details.
- Opt-out of marketing. You can disable push notifications in your device settings or the App. We do not currently send marketing email.
- Opt-out of "sale" or "sharing." As stated in Section 3.5, we do not currently sell or share personal information. If that changes, we will provide an in-product opt-out and honor recognized opt-out preference signals such as the Global Privacy Control (GPC) where required.
- Limit use of precise location. You can use the App with manual city entry only, or revoke location permission in your device settings.
- Portability. Where required by law, request a copy of your personal information in a portable, machine-readable format.
- Withdraw consent. Where we rely on consent (e.g., contacts permission, precise location), you may withdraw it at any time without affecting the lawfulness of prior processing.
- Non-discrimination and appeal. We will not discriminate against you for exercising your privacy rights. If we deny a request, you may appeal by replying to our response or emailing the address in Section 12.
To submit a rights request that you cannot complete in the App, email us at support@vouchlist.app. We may need to verify your identity (for example, by sending a verification code to the phone number associated with your account) before fulfilling the request.
7. California-Specific Disclosures
This section provides additional information for California residents under the CCPA. In the twelve (12) months preceding the "Last updated" date, we have collected the following categories of personal information: identifiers (phone number, account ID, device identifiers, IP address); customer records (name); commercial information (none, beyond record of features used); internet or other electronic network activity information (app usage, event analytics); geolocation data (city-level location and, with your permission, precise location); inferences (limited inferences used to sort and recommend listings); and sensitive personal information limited to precise geolocation (only when you permit it). We collected these categories from the sources, used them for the business purposes, and disclosed them to the categories of third parties described in Sections 1–4.
We have not sold or "shared" personal information, and have not used or disclosed sensitive personal information for purposes other than those permitted under the CCPA without a separate right to limit. You may, however, request that we limit our use of your precise geolocation to that which is necessary to perform the Service; you can do this by using manual location entry or revoking location permission. To exercise California rights, contact us using the methods in Section 6.
When we disclose or license aggregated or de-identified information as described in Section 3.6, we maintain and use it in de-identified form, do not attempt to re-identify it (except as permitted by the CCPA solely to test our de-identification processes), and contractually prohibit recipients from attempting re-identification, consistent with Cal. Civ. Code § 1798.140(m).
8. Children's Privacy
The Service is intended for adults. The App presents an in-app age gate requiring users to affirm they are at least eighteen (18) years old (or the age of majority in their jurisdiction, if higher) before completing onboarding. The Service is not directed to children under thirteen (13), and we do not knowingly collect personal information from children under thirteen (13). If we learn that we have collected personal information from a child under thirteen (13), we will delete it as required by the Children's Online Privacy Protection Act (COPPA). If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@vouchlist.app.
Child Safety (CSAE). Vouchlist has a zero-tolerance policy toward child sexual abuse and exploitation. Apparent child sexual abuse material (CSAM) discovered on the Service is reported to the National Center for Missing & Exploited Children (NCMEC) as required by law, and offending accounts are terminated. Users can report concerns in-app via the Report control on any profile or by emailing support@vouchlist.app with the subject line "Child Safety Report."
9. Security
We implement reasonable administrative, technical, and physical safeguards designed to protect personal information. These include encryption in transit (TLS) for traffic between the App and our backend; storage of session tokens on-device in the operating system's secure storage; salted SHA-256 hashing of contact phone numbers stored in our database; passwordless authentication via one-time SMS codes; and access controls and row-level security policies on our backend.
However, no system can be guaranteed to be 100% secure. You are responsible for safeguarding access to the phone number and device associated with your account. If you believe your account has been compromised, contact us immediately at support@vouchlist.app.
10. International Data Transfers
Vouchlist operates in the United States, and our primary infrastructure and service providers (including Supabase, PostHog, Expo, Apple, and Google) operate or may operate from the United States and other countries. By using the Service from outside the United States, you understand that your information will be transferred to, stored in, and processed in the United States and potentially other countries that may have data-protection laws different from those of your country of residence. Where required, we rely on appropriate transfer mechanisms (such as standard contractual clauses) with our processors.
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes — for example, new categories of data collected, new processors that materially expand who handles your data, or any change that would result in our beginning to sell or "share" personal information — we will provide reasonable advance notice through an in-app notice, email (where we have an address for you), or other appropriate means, and, where required by law, obtain your consent. Non-material changes (clarifications, typo fixes, contact-info updates) may take effect upon posting. The "Last updated" date at the top of this policy will always reflect the most recent revision.
12. Contact Us
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or need to report a privacy or security concern, please contact:
- Email: support@vouchlist.app
We will acknowledge verifiable rights requests within the time frame required by applicable law and respond as promptly as reasonably possible.