Privacy Policy

1. Introduction and Scope

This Privacy Policy (this “Policy”) explains how Gab’s Ventures Inc. (“we,” “us,” or “our”), a British Columbia corporation, collects, uses, discloses, and protects information in connection with all applications, websites, products, services, tools, and digital experiences we develop, publish, or operate (collectively, the “Services”).

This Policy applies to all users of our Services regardless of how they access them, including through web browsers, mobile applications, desktop applications, APIs, or third-party platforms such as Meta (Facebook/Instagram), Apple App Store, or Google Play.

By using any of our Services, you acknowledge that you have read and understood this Policy. If you do not agree with this Policy, please do not use our Services. If you have questions, contact us at privacy@gabs.ventures.

2. Information We Collect

We are committed to collecting the absolute minimum information necessary to provide our Services. Many of our applications are designed to function without collecting personal data at all. Below is a comprehensive list of the categories of information we may collect, depending on which Service you use:

2.1 Information You Provide Directly

• Account information (if a Service requires an account): name, email address, and password.
• Content you create, upload, or submit through our Services (e.g., images, text, files, configurations).
• Communications you send to us (e.g., support requests, feedback, bug reports).
• Payment information (if a Service includes a paid feature): processed exclusively by third-party payment processors (e.g., Stripe, Apple, Google). We never receive, store, or have access to your full credit card number, bank account details, or other payment credentials.

2.2 Information Collected Automatically

• Device information: device type, operating system, browser type, screen resolution, and language settings.
• Usage data: pages visited, features used, timestamps, crash logs, and performance data.
• IP address: used only for basic functionality (e.g., serving content, preventing abuse) and not stored beyond the session unless required for security purposes.
• Cookies and similar technologies: only essential cookies required for the Service to function. We do not use advertising cookies, tracking pixels, or analytics cookies that identify individual users. See Section 9 for details.

2.3 Information from Third-Party Platforms

If you access our Services through a third-party platform (e.g., by logging in via Facebook, Google, or Apple), we may receive limited information from that platform as authorized by you during the login process. This typically includes:

• Your name and/or username on that platform
• Your email address (if you authorize it)
• Your profile picture (if you authorize it)
• A unique platform identifier

We do not request or access: your friends list, your posts, your messages, your photos, your location history, your browsing activity, or any other data beyond what is strictly listed above.

2.4 Information We Do NOT Collect

For absolute clarity, we do not collect:

• Precise geolocation data (GPS coordinates)
• Biometric data (fingerprints, face scans, voiceprints)
• Financial information (we use third-party payment processors exclusively)
• Contacts or address books from your device
• Call logs, SMS messages, or other communications
• Health, fitness, or medical data
• Data from other apps on your device
• Advertising identifiers for the purpose of ad targeting
• Keystroke patterns, mouse movements, or other behavioral biometrics

3. How We Use Your Information

We use the information we collect solely for the following purposes:

3.1 To Provide and Maintain Our Services

• Operating, delivering, and improving the specific Service you are using
• Authenticating your identity (if the Service requires an account)
• Processing transactions you initiate
• Providing customer support and responding to your requests

3.2 To Improve Our Services

• Diagnosing technical problems and fixing bugs
• Analyzing aggregate, anonymized usage patterns to improve user experience
• Testing new features or improvements

3.3 To Communicate With You

• Responding to support requests or inquiries you initiate
• Sending essential service notifications (e.g., security alerts, changes to terms)
• We do not send marketing emails unless you have explicitly opted in, and you may opt out at any time

3.4 To Comply With Legal Obligations

• Responding to lawful requests from law enforcement or regulatory authorities
• Enforcing our terms of service and protecting against fraud or abuse

4. How We Share Your Information

We do not sell your personal information. We have never sold personal information and have no plans to do so. This commitment applies globally and without exception.

We may share limited information only in the following narrow circumstances:

4.1 Service Providers

We may engage third-party service providers who perform functions on our behalf, such as hosting infrastructure (e.g., cloud servers), payment processing, or error monitoring. These providers are contractually obligated to use your information solely to provide their services to us and are prohibited from using it for their own purposes. They are bound by data processing agreements that require them to maintain confidentiality and security.

4.2 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, including: (a) to comply with a subpoena, court order, or other legal obligation; (b) to protect the rights, property, or safety of Gab’s Ventures, our users, or the public; or (c) to detect, prevent, or address fraud, security, or technical issues.

4.3 Business Transfers

If Gab’s Ventures is involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

4.4 With Your Consent

We may share information with third parties when you explicitly direct us to do so (e.g., if a Service includes a “share” or “export” feature that you initiate).

4.5 What We Never Share

Under no circumstances do we share, sell, rent, or disclose your personal information to: advertising networks or platforms, data brokers, analytics companies that identify individual users, social media platforms (beyond the authentication data you authorized), marketing agencies, or any other third party for their own commercial purposes.

5. Data Retention and Deletion

Our default is deletion. We retain your personal information only for as long as is strictly necessary to provide the Service you are using, after which it is deleted or anonymized.

5.1 Retention Periods

• Account data: retained while your account is active. Deleted within 30 days of account deletion request.
• Content you create: retained while your account is active or until you delete it, whichever comes first.
• Usage/analytics data: collected in aggregate, anonymized form only. Individual-level data is not retained beyond the session.
• Support communications: retained for up to 12 months after resolution to ensure quality, then deleted.
• Legal/compliance records: retained only as long as required by applicable law (e.g., tax records for 6 years under CRA requirements).

5.2 Your Right to Deletion

You may request deletion of your data at any time by contacting privacy@gabs.ventures. We will process your request within 30 days and confirm completion. Upon deletion, your data is permanently removed from our active systems and backups within 90 days.

5.3 Data from Third-Party Platform Logins

If you used a third-party login (e.g., Facebook Login), we delete all data received from that platform when you delete your account or revoke access. We also comply with any deletion requests relayed to us by the platform (e.g., Meta’s data deletion callback requirements).

6. Data Security

We implement and maintain administrative, physical, and technical safeguards designed to protect your information from unauthorized access, destruction, loss, alteration, and disclosure, including:

• Encryption of data in transit (TLS/HTTPS) and at rest
• Access controls limiting who within our organization can access user data
• Regular security assessments and monitoring
• Secure development practices including code review and dependency auditing
• Incident response procedures for data breaches

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. If we become aware of a data breach that affects your personal information, we will notify you and any applicable regulatory authorities in accordance with applicable law.

7. Your Privacy Rights

Depending on where you live, you may have specific rights regarding your personal information. We honor the following rights for all users, regardless of jurisdiction:

7.1 Universal Rights (All Users)

• Right to Access: You may request a copy of the personal information we hold about you.
• Right to Correction: You may request that we correct inaccurate or incomplete information.
• Right to Deletion: You may request that we delete your personal information.
• Right to Data Portability: You may request your data in a structured, machine-readable format.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
• Right to Opt Out: You may opt out of any non-essential communications at any time.

7.2 Canadian Residents (PIPEDA)

Under the Personal Information Protection and Electronic Documents Act (PIPEDA) and British Columbia’s Personal Information Protection Act (PIPA), Canadian residents have the right to: access their personal information held by us; challenge the accuracy and completeness of their information; and withdraw consent for the collection, use, or disclosure of their information, subject to legal or contractual restrictions. We will respond to access requests within 30 days.

7.3 European Economic Area Residents (GDPR)

If you are in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation, including the right to: restrict processing; object to processing; lodge a complaint with a supervisory authority; and not be subject to decisions based solely on automated processing. Our legal basis for processing is typically: (a) performance of a contract (providing the Service you requested), (b) legitimate interests (improving our Services, preventing abuse), or (c) your consent (where specifically requested).

7.4 California Residents (CCPA/CPRA)

If you are a California resident, you have the right under the California Consumer Privacy Act and California Privacy Rights Act to: know what personal information we collect and how it is used; request deletion of your personal information; opt out of the sale or sharing of your personal information (we do not sell or share personal information, so this right is satisfied by default); and not be discriminated against for exercising your rights. We do not use or disclose sensitive personal information for purposes other than those permitted under the CPRA.

7.5 Exercising Your Rights

To exercise any of the rights listed above, contact us at privacy@gabs.ventures. We will respond within 30 days (or sooner if required by applicable law). We may need to verify your identity before processing your request. We will never charge a fee for exercising your rights.

8. Children’s Privacy

Our Services are not directed at children under the age of 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If we learn that we have inadvertently collected information from a child under the applicable age, we will delete it promptly. If you are a parent or guardian and believe we may have collected information from your child, please contact us at privacy@gabs.ventures.

We comply with the Children’s Online Privacy Protection Act (COPPA) in the United States and equivalent protections under PIPEDA and the GDPR where applicable.

9. Cookies and Tracking Technologies

We use only strictly necessary cookies. We do not use cookies or similar technologies for advertising, analytics profiling, or cross-site tracking.

The only cookies we may use are:

• Session cookies: to keep you logged in during a session (deleted when you close your browser)
• Security cookies: to prevent cross-site request forgery (CSRF) and other attacks
• Preference cookies: to remember settings you have explicitly chosen (e.g., language, theme)

We do not use: third-party analytics cookies (e.g., Google Analytics), advertising cookies, social media tracking pixels, fingerprinting technologies, or any tracking technology that follows you across websites or applications.

10. Third-Party Platforms and Services

Some of our Services may be available through or integrate with third-party platforms, including but not limited to Meta (Facebook, Instagram), Apple (App Store, Sign in with Apple), and Google (Play Store, Sign in with Google).

When you use our Services through these platforms:

• The platform’s own privacy policy governs how the platform itself collects and uses your data.
• We only receive the limited data you explicitly authorize during login or use (see Section 2.3).
• We do not provide any user data back to these platforms beyond what is required for authentication.
• We comply with all applicable platform developer policies, including Meta’s Platform Terms and Developer Data Use Policy.

Meta Platform Compliance: In accordance with Meta’s Platform Terms (effective February 3, 2025) and Developer Data Use Policy, we: (a) clearly disclose all data we collect and how we use it in this publicly accessible Policy; (b) only process Meta user data as described in this Policy; (c) obtain valid user consent before building or augmenting user profiles; (d) implement data security safeguards that meet or exceed industry standards; (e) delete Meta user data upon user request, account deletion, or Meta’s request without undue delay; and (f) maintain this Policy at a publicly accessible, non-geo-blocked HTTPS URL that is crawlable by Meta’s automated systems.

11. International Data Transfers

Gab’s Ventures Inc. is based in British Columbia, Canada. If you access our Services from outside Canada, your information may be transferred to and processed in Canada. Canada has been recognized by the European Commission as providing an adequate level of data protection. Where we transfer data to service providers in jurisdictions without adequacy decisions, we use Standard Contractual Clauses or other appropriate safeguards as required by applicable law.

12. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify you by: (a) posting the updated Policy on our website with a revised “Last Updated” date; (b) sending you an email notification (if we have your email address); or (c) displaying a prominent notice within the affected Service. Your continued use of our Services after any changes constitutes your acceptance of the updated Policy.

13. Open Source and Transparency

Where our Services include open-source components, this Policy governs only the data processed by our hosted or distributed versions of those Services. If you self-host an open-source project we have published, your own hosting environment and practices determine how data is handled, and this Policy does not apply to your self-hosted instance.

14. Do Not Track Signals

We honor Do Not Track (“DNT”) browser signals. Since we do not engage in cross-site tracking or advertising-based tracking of any kind, our practices are consistent with DNT by default.

15. Data Breach Notification

In the event of a data breach involving your personal information, we will: (a) notify affected users without undue delay and in no event later than 72 hours after becoming aware of the breach (where feasible); (b) notify the Office of the Privacy Commissioner of Canada and any other applicable regulatory authorities as required by law; (c) describe the nature of the breach, the types of information involved, and the measures taken to address it; and (d) provide recommendations for steps you can take to protect yourself.

16. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For privacy complaints that we have not resolved to your satisfaction, Canadian residents may contact the Office of the Privacy Commissioner of Canada at priv.gc.ca. EEA residents may contact their local data protection authority.

17. Summary of Legal Bases for Processing (GDPR)