Privacy Policy
Last updated: June 20, 2026 — Draft — pending legal review before store submission.
Outish is built on trust. This policy explains what we collect, why, who we share it with, and the choices you have. We collect as little as we can to run a safe, real-life social app — and nothing for advertising.
1. Who we are
Outish ("Outish," "we," "us," or "our") provides a mobile application that lets members broadcast what they're doing in real life to their mutual friends. For privacy questions, contact us at [email protected].
2. Information we collect
We collect the following categories of information, and only what each feature needs to work:
Information you provide
- Phone number. Used to create your account and verify it by SMS. We verify your phone number only — we do not verify government-issued identity documents or collect biometric data. SMS delivery is handled by our provider, Twilio.
- Payment information. Subscriptions are processed by Stripe. We do not collect or store your full card number — Stripe handles payment data directly. We receive your subscription status and billing metadata.
- Profile details. Your name, handle, and an optional profile photo.
- Broadcast content. The short activity text, optional note, end time, and exact location you choose to include when you post a broadcast.
- Support communications. Anything you send us when you contact support.
Information collected automatically or with your permission
- Precise location. We access your device's precise location only when you actively create a broadcast, to attach a place to it. We do not track your location in the background and we do not build a location history.
- Contacts (for friend matching). If you choose to find friends from your contacts, contact identifiers are hashed on your device (HMAC) before being sent to us, and we only use them to match against other members. We do not store your raw address book.
- Push notification tokens. If you enable notifications, we store a device push token so we can notify you about friend broadcasts and "I'm in" responses.
- Device & diagnostic data. Basic device information, app version, and crash/error logs, used to keep the app reliable. Crash and error reporting is handled by Sentry.
3. How we use your information
- To create and secure your account via SMS phone verification.
- To operate core features: broadcasts, the friend graph, the home feed and map, and "I'm in" signals.
- To process your subscription and manage billing.
- To send you the notifications you've opted into.
- To detect, prevent, and respond to fraud, abuse, safety issues, and violations of our Terms.
- To provide support and to maintain and improve the app.
- To comply with legal obligations.
We do not use your information for advertising, and we do not sell it.
4. How information is shared
We share information in limited ways:
- With your mutual friends. Your name, handle, photo, and any broadcast you post (including its location) are visible to the people you've mutually accepted as friends. People who tap "I'm in" on the same broadcast can see each other's names.
- With service providers who process data on our behalf, under contract. These include:
| Provider | Purpose |
|---|---|
| Stripe | Subscription payments and billing |
| Twilio | Sending SMS phone-verification codes |
| Maps/places for broadcast locations; app distribution & push delivery (Android) | |
| Supabase | Database & backend data storage |
| Railway | Application hosting |
| Cloudflare | Web hosting, DNS, and security |
| Sentry | Crash and error monitoring |
- For legal and safety reasons. We may disclose information if required by law, or to protect the rights, safety, and security of our members, the public, or Outish.
- In a business transfer. If Outish is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction.
5. Data retention
- Broadcasts are ephemeral. A broadcast and its attached location are removed after it expires or you close it. We do not keep a server-side location history tied to your profile.
- Account data (profile, phone number, friend graph) is retained while your account is active.
- Billing records may be retained by us or by Stripe as required for financial, legal, and fraud-prevention purposes.
- When you delete your account, we delete or de-identify your personal data, except where we must retain limited records to meet legal obligations. See our Account Deletion page.
6. Your choices and rights
- Access & deletion. You can request a copy of your data or delete your account at any time — see how to delete your account.
- Permissions. You can control location, contacts, and notification permissions in your device settings; some features won't work without them.
- Notifications. You can turn push notifications off globally or per friend in the app.
7. Age requirement
Outish is intended only for adults 18 and older. The app is rated 18+ on the Apple App Store and Google Play. We do not perform in-app age or identity verification beyond SMS phone confirmation. By creating an account you represent that you are 18 or older, as required by our Terms of Service.
8. California privacy rights (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know the categories and specific pieces of personal information we collect, use, and disclose.
- Request deletion of your personal information.
- Request correction of inaccurate personal information.
- Not be discriminated against for exercising your privacy rights.
We do not sell or share your personal information as those terms are defined under California law. To exercise these rights, email [email protected]. We will verify your request using your account information before acting on it. You may use an authorized agent to submit a request on your behalf.
9. Children
Outish is intended only for adults 18 and older. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected information from someone under 18, we will delete it.
10. Security
We use technical and organizational measures to protect your information, including encryption in transit, restricted access, and reputable infrastructure providers. No system is perfectly secure, but payment handling is managed by Stripe, a specialized provider built for that purpose.
11. Changes to this policy
We may update this policy from time to time. If we make material changes, we'll update the "Last updated" date above and, where appropriate, notify you in the app.