BadDrivr

BadDrivr Privacy Policy

⚠️ DRAFT — LAWYER REVIEW REQUIRED BEFORE PUBLICATION

This document is a first draft. It is not legal advice and must not be treated as the final Privacy Policy. A licensed attorney specializing in U.S. internet/UGC law is reviewing and revising it. All placeholders marked [LEGAL ENTITY NAME], [BUSINESS ADDRESS], [DPA], and [GOVERNING STATE] will be resolved during that review.

Known open questions for counsel are flagged inline with ⚠️ Counsel: callouts.

Effective date: [to be set at publication] Last updated: 2026-04-21

1. Introduction

This Privacy Policy explains how [LEGAL ENTITY NAME] ("BadDrivr", "we", "our") collects, uses, shares, and protects information when you use the BadDrivr iOS application and related services (together, the "Service").

BadDrivr is a user-generated content app where people upload short dashcam video clips to publicly report driving behavior they observed. Because the Service is built around publishing user-submitted content that describes third parties (other drivers, their vehicles, and the places those vehicles were seen), this policy covers both the data we collect about you and the data that you submit about others. Section 10 deals specifically with third-party vehicle data.

By creating an account or using the Service, you agree to this Privacy Policy. If you do not agree, do not use the Service.

2. Information we collect

2.1 Information you provide

When you create an account or use the Service, we collect:

Account and identity data:

  • Email address (required for email sign-up or stored for Apple / Google SSO)
  • Username (3–20 characters, required)
  • Password (hashed; only stored for email sign-up)
  • Phone number (optional, only if you choose OTP sign-up)
  • Apple ID token / Google ID token (transient, only used during authentication exchange)
  • Avatar image (optional, JPEG)
  • Tagline or bio text (optional)

Report content:

  • Video files you upload (compressed H.264 MP4, up to 60 seconds)
  • Thumbnails we auto-generate from your video at the one-second mark
  • Voiceover audio you record, which is baked permanently into the video
  • Caption text you write
  • Incident type you select
  • License plate number and jurisdiction (state) you enter or confirm
  • GPS coordinates attached to the report
  • Vehicle attributes (type, color, make, model) detected on your device

Engagement content:

  • Comments you post, and which comments you upvote or downvote
  • Reports you save or repost
  • Users you follow
  • Hawks (our in-app currency) you give to reports
  • Plate claims you submit

2.2 Information collected automatically

Location data. With your permission, we access your device's GPS location "When In Use" to attach coordinates to reports you create. We also read GPS metadata embedded in video files you select from your Camera Roll. Location data is reverse-geocoded on your device (via Apple MapKit) into state, county, and city names; the reverse-geocoded city is displayed publicly on your reports. The underlying GPS coordinates are stored on our servers.

Usage and engagement data. When you scroll the feed, the app records which reports appeared in your view (impression tracking) along with the time and the feed surface (feed, explore, etc.). We use this to improve ranking and to detect abuse. ⚠️ Counsel: confirm required disclosure language under state privacy statutes, and whether an opt-out is required.

Daily-goal tracking. The app records your in-app actions (reports submitted, Hawks given, comments posted, users followed, reports viewed, plates claimed, etc.) against a daily goal system. This data is kept locally on your device; completion records are sent to our servers when you claim a goal reward.

Technical data. To deliver the Service we briefly handle your device type and iOS version (used to pick compression settings) and cache small amounts of UI state (cluster map data, charge-gesture preferences, feed settings) in local device storage. We do not use the Advertising Identifier (IDFA), third-party analytics SDKs, or cross-app / cross-site tracking. NSPrivacyTracking is set to false in our privacy manifest.

2.3 Information about third parties

Every report you submit describes a third party — specifically, the vehicle owner, driver, or operator shown in your video. We collect the following about that third party:

  • The license plate number you enter (or that our on-device OCR reads from your video)
  • The jurisdiction (state) of that plate
  • Vehicle attributes our on-device ML identifies (type, color, make, model)
  • The GPS location where you say the incident happened
  • The incident type you accuse the driver of
  • The video itself, which depicts the vehicle and may depict the driver, passengers, and passersby

We do not purchase, query, or store DMV records. We do not attempt to identify the driver by name. Section 10 covers how this third-party data is handled, published, and deleted on request.

2.4 On-device processing

Some processing happens entirely on your device and is not transmitted to our servers:

  • License plate detection and OCR from video frames
  • Vehicle type, color, make, and model classification
  • Face detection used to offer blur (when we add that feature)
  • Reverse-geocoding of GPS coordinates into state, county, and city names
  • Daily-goal progress tracking

Only the results of this on-device processing (the plate text you confirm, the vehicle attributes, the reverse-geocoded place names) are transmitted to our servers when you submit a report. The raw video frames used for ML inference are never sent to us separately from the final uploaded video.

3. How we use your information

We use the information above to:

  1. Create and authenticate your account.
  2. Let you create, display, save, share, and delete reports.
  3. Power social features: comments, follows, reposts, saves, and Hawks giving.
  4. Compute and display leaderboard rankings.
  5. Cluster and display report locations on the map, and rank cities as hotspots.
  6. Let your device identify plates and vehicles without sending anything to us.
  7. Rank your feed and the "Following" feed, and track impressions for quality and abuse detection.
  8. Manage the Hawks economy: daily grants, purchases, transaction ledger, abuse clawbacks.
  9. Moderate content: scan uploads for violations, process flags, handle blocks, and respond to appeals.
  10. Support account management: profile edits, settings changes, and account deletion.

We do not sell personal information. We do not use it for third-party advertising or cross-app behavioral profiling.

4. How we share your information

4.1 What is public by default

The following are publicly visible to any authenticated user of the Service as part of the core product:

  • Your username, avatar, tagline, and profile stats
  • Every report you submit, including the video, thumbnail, caption, incident type, plate, state, vehicle attributes, reverse-geocoded city, and your username
  • Your comments, comment vote aggregates, reposts, and follow lists (unless you've set your account to private)
  • Your Hawks-given and Hawks-received counts (unless you disable activity visibility)
  • Your appearance on leaderboards (plates and users)

The "private" account setting hides your profile from people who don't follow you, but does not retroactively hide reports you've already submitted — those remain publicly visible because they are how the Service documents driving incidents for the community.

4.2 Service providers

We share data with the third parties below solely to operate the Service:

  • Supabase, Inc. — our backend provider. Handles authentication, database, storage, and edge functions.
  • Amazon Web Services — sub-processor used by Supabase for file storage. Video and image files are stored in AWS S3-compatible buckets.
  • Apple Inc. — when you sign in with Apple, an auth token is exchanged. Apple MapKit performs on-device reverse-geocoding.
  • Google LLC — when you sign in with Google, an auth token is exchanged.
  • Content moderation vendors — when fully wired, we will send hash values of uploaded media to [Thorn Safer Match / Microsoft PhotoDNA] for CSAM detection. Matches are reported to NCMEC as required by federal law.

We have contractual data-processing agreements with these providers. ⚠️ Counsel: confirm the DPA language we need from Supabase and the CSAM vendors.

4.3 Legal and safety disclosures

We may disclose information to law enforcement, regulators, or in response to legal process (subpoena, court order, search warrant, lawful civil discovery) where we reasonably believe disclosure is required. We will also disclose information when necessary to protect the safety of a user or the public, or to investigate suspected violations of our Terms of Service.

We file reports with the National Center for Missing & Exploited Children (NCMEC) CyberTipline when required by 18 U.S.C. § 2258A following a CSAM match.

4.4 No sale or sharing for cross-context advertising

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We do not disclose personal information for monetary or other valuable consideration under any definition used by California, Virginia, Colorado, Connecticut, or other state privacy laws.

5. Data retention

Active accounts. We retain your account data, reports, comments, Hawks ledger, and related metadata for as long as your account is active.

Deleted accounts. When you delete your account (Account Settings → Delete Account), the Service performs a hard cascade deletion. This removes the Supabase auth user, your reports, comments, follows, Hawks events, plate claims, daily goal claims, and associated media files. Content that other users have already reposted or shared externally may persist outside our control.

Deleted reports. You can soft-delete a report within a five-minute grace window after submission, provided no other user has given Hawks, commented, or reposted. Once external engagement occurs, deletion is no longer available and the report stays visible. Hawks are refunded to you for soft-deleted reports.

No automatic expiration. Reports, comments, and Hawks events do not expire on their own.

Backups. Deleted content may persist briefly in routine database backups before being purged on the normal backup rotation. ⚠️ Counsel: confirm the rotation window and language.

6. Your rights

Every user of the Service has the following in-app rights:

  • Access your own data — profile, reports, saved list, comments, Hawks history.
  • Delete your account and all associated data via Account Settings.
  • Delete individual reports within the grace window.
  • Delete your own comments at any time.
  • Control profile visibility via the Public / Private toggle.
  • Control activity visibility via the Show Activity toggle.
  • Revoke plate claims from the dossier view.

6.1 California residents (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we have about you
  • Delete your personal information (subject to exceptions)
  • Correct inaccurate personal information
  • Opt out of sale or sharing of personal information (we do not sell or share, so this right is automatically exercised)
  • Limit the use of sensitive personal information

To exercise these rights, contact moderation@baddrivr.com. We will verify your request through the email associated with your account. We will not discriminate against you for exercising these rights.

6.2 Virginia, Colorado, Connecticut, and similar states

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and other states with comparable consumer privacy laws have substantively similar rights to access, correct, delete, and opt out. Contact moderation@baddrivr.com to exercise them. ⚠️ Counsel: expand this section with the specific statutory language required for each state where we have users.

6.3 Non-users whose vehicles appear in reports

If you are not a BadDrivr user but believe a vehicle you own has been reported on BadDrivr, you have two paths to respond:

  • Claim the plate in-app (requires creating an account) to view reports about your vehicle and post a public reply to each one.
  • Email moderation@baddrivr.com with the plate number and state, and we will review the associated reports for violations of these guidelines and this policy. We cannot guarantee removal of reports that comply with our rules.

For removal requests under state privacy laws, see Sections 6.1 and 6.2.

6.4 Data portability gap

We do not currently provide an automated data-export endpoint. ⚠️ Counsel: this is a gap under GDPR Article 20 and under several U.S. state portability provisions; we plan to add a "Download My Data" endpoint before the user base grows into scoped territories, but we need guidance on priority.

7. Data security

We take reasonable measures to protect your information, including TLS-encrypted transport, hashed passwords, row-level security on our database tables, signed URLs for media uploads, and Keychain-based credential storage on your device. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

If we become aware of a security incident affecting your personal information, we will notify you and relevant regulators as required by applicable law.

8. Children's privacy

The Service is not intended for users under 18 years of age. We recommend this age threshold because BadDrivr is an accusatory platform — users publicly report third parties for alleged driving violations — and the legal exposure of doing so is not appropriate for minors.

If we learn that a user is under 18, we will terminate the account and delete associated data. If you believe a child has created an account, contact moderation@baddrivr.com.

⚠️ Counsel: we currently have no age-verification mechanism at sign-up beyond the user's ToS-level representation that they are 18 or older. Please advise on whether date-of-birth collection is required or recommended.

9. International users

The Service is designed for and offered to users in the United States only. Our servers are located in the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the U.S., which may have different data-protection laws than your jurisdiction.

We do not currently operate a GDPR or UK GDPR compliance program. If you are a resident of the European Economic Area, the United Kingdom, or another jurisdiction whose privacy laws we do not specifically support, please do not use the Service.

⚠️ Counsel: if we choose to geo-restrict at the App Store level, confirm the language required here and in the App Store metadata.

10. Third-party vehicle data

BadDrivr's core function involves collecting and publishing information about vehicles and their operators who are not BadDrivr users. Specifically, when a user submits a report, we collect and publish:

  • The license plate and state
  • The vehicle's type, color, make, and model (inferred by on-device ML)
  • The GPS coordinates and reverse-geocoded city where the reporter says the incident occurred
  • The date and time of the incident
  • The incident type the reporter alleges
  • The video footage, which depicts the vehicle and may depict the driver, passengers, and passersby

This information is unverified user-submitted content. We do not independently verify that the reported plate, incident, or location is accurate. Reports are aggregated into a dossier for each plate that any authenticated user can view, and into leaderboards that rank plates by activity volume.

If you are the registered owner or operator of a vehicle that appears on the Service, we offer the following:

  • Claim the plate in-app to gain access to every report about that vehicle and post a public driver reply on each one.
  • Contact moderation@baddrivr.com to request review of reports you believe are false, harassing, inaccurate, or otherwise in violation of our Community Guidelines. We will review and remove reports that violate our rules. We cannot guarantee removal of reports that comply with our rules and reflect a user's honest observation of a driving incident.
  • Submit a data subject request under the state privacy law that covers you (CCPA, VCDPA, CPA, CTDPA, etc.). We will verify your ownership of the plate to the extent reasonable and will respond within the timeframe required by applicable law.

We recognize this system places significant power in users' hands and creates real risks for the people being reported. Our Community Guidelines prohibit false reporting, stalking, harassment, coordinated mass-reporting, and doxxing; we enforce those rules through automated scanning, user flags, and human review.

⚠️ Counsel: this is the single most legally sensitive area of the Service. Please review this section carefully and advise on mandatory location fuzzing, per-report disclaimer banners, time delays between upload and public visibility, and the scope of the non-user takedown process.

11. Changes to this policy

We may update this Privacy Policy to reflect new features, changes in how we handle data, or changes in the law. The "Last updated" date at the top of this document tells you when the current version took effect. Material changes will be announced in the app. Continued use of the Service after an updated policy takes effect means you accept the update. If you don't agree with a change, you can delete your account.

12. Contact us

For privacy questions, data-subject requests, and other matters covered by this policy:

  • Email: moderation@baddrivr.com
  • Mailing address: [BUSINESS ADDRESS]
  • Designated Privacy Officer (if applicable): [DPA]

For takedown requests under the TAKE IT DOWN Act (NCII removals, 48-hour SLA), use takedown@baddrivr.com.