Domus Antonia Lux LLC · United States · Your Privacy Choices · ← Back to home
Privacy Policy
Last updated: June 5, 2026. This policy covers the UPick mobile app on iOS (Apple App Store) and Android (Google Play), plus the getupick.com website. It is a plain-English policy; the operative legal text governs in case of conflict.
The short version. UPick collects what's needed to run the app — your sign-up info, swipes, ratings, and pair relationships. We never sell data that identifies you personally. Your activity contributes to "anonymized aggregate data sharing" — grouped with at least 50 other users and stripped of identifiers before any export.
Default is on; you can opt out any time from this website's
Your Privacy Choices page (also linked from Profile → Your Privacy Choices in the app). The disclosures in Apple's App Privacy labels and the
Google Play Data Safety section are derived from this policy and describe the same data.
What we collect
- Account info — name, email address, and profile photo. You provide these when you sign up with email/password, Sign in with Apple (iOS), or Google Sign-In (Android, via Android Credential Manager). A Firebase user ID is your account key.
- Activity — your swipes, ratings, three-word reviews, mood tags, watchlist, and pair actions. This is the data the app needs to do its job.
- Pair relationships — who you're paired with, when matches happened, who shared what.
- Purchases — your UPick+ subscription and one-time-purchase state, processed through the Apple App Store (iOS) or Google Play Billing (Android) and managed via RevenueCat. We see transaction and entitlement status — never your card or bank details.
- Device & identifiers — a push-notification token (Firebase Cloud Messaging), app-instance/device identifiers used by Google & Firebase SDKs, and — for advertising to free users — a mobile advertising identifier (Apple IDFA on iOS, the Android Advertising ID on Android). Crash and diagnostic data may be collected by our SDKs to keep the app stable.
- Optional demographic context — if you choose to share it, age bracket and US state. Used for personalization and (with your separate consent) aggregate research. Never granular birthdate or zip code.
How we use your data
- To operate the app — match you with your partner, surface recommendations, render Magical Dumpster at year-end.
- To build your taste profile — a 24-dimension flavor fingerprint that powers recommendations. Stored under your account; only shared with your paired partners as aggregated similarity scores.
- To process purchases and restore entitlements across Apple and Google's billing systems.
- To send the notifications you've enabled, and to keep the service secure and free of scripted abuse.
- To improve the app — anonymized usage analytics so we can fix bugs and prioritize features.
- Aggregate data sharing (default on, opt-out anytime) — your activity contributes to anonymized, aggregated research products (see "Aggregate research and licensed insights" below). You can opt out any time on the Your Privacy Choices page of this website; the app's Profile → Your Privacy Choices screen links you to that page.
What we never do
- We never sell your name, email, or any data that identifies you personally.
- We do not show your swipes to your partner. A swipe is private until both of you say yes — that's the whole point.
- We do not track you across apps or websites for advertising without your explicit permission — Apple's App Tracking Transparency prompt on iOS, and Google's consent form (User Messaging Platform) on Android.
- We never license individual rows or accounts. Anything that leaves our servers for research purposes is aggregated across at least 50 users and stripped of identifiers.
Aggregate research and licensed insights (default on, opt-out anytime)
By default, your activity contributes to research products UPick may publish, share with partners, or license to third parties (streaming services, studios, research firms, advertising platforms). You can opt out any time on the Your Privacy Choices page of this website; the app's Profile → Your Privacy Choices screen links you to that page. Specifically:
- Aggregation gate. Nothing leaves UPick's servers as an individual row. Every export is grouped across cohorts of at least 50 users (k-anonymity threshold).
- Geographic granularity. US state level only. Never zip, neighborhood, or finer.
- Demographic granularity. Age brackets only (e.g. 18–24, 25–34). Never exact birthdate.
- Identifiers stripped. No name, email, account ID, device ID, advertising ID, IP address, or pair ID is ever included in any export.
- What gets shared. Taste-vector aggregates ("what genres is this cohort drawn to"), pre-release theatrical demand signal (how many users in a cohort flagged a title for must-watch in the weeks before release), pair-compatibility distributions (how often demographic-X pairs match demographic-Y).
- Default state. On. Opt out any time on the Your Privacy Choices page of this website (linked from Profile → Your Privacy Choices in the app). Opting out stops contribution from that point forward.
Some US state laws (California's CCPA/CPRA, Virginia, Colorado, Connecticut, Utah, Texas) classify this kind of sharing as "sale" or "sharing" of personal information even when the data is aggregated. UPick treats the toggle as a Do-Not-Sell-or-Share mechanism regardless of which state's law applies. See "Your rights" below for how to opt out.
Your rights
You have these rights regardless of where you live; the laws of California, Virginia, Colorado, Connecticut, Utah, Texas, and several other US states make them enforceable.
- Right to know what data we have on you. Email [email protected].
- Right to delete. Profile → Account → Delete Account, on both iOS and Android. Self-serve, no email required.
- Right to opt out of sale or sharing. Use the Your Privacy Choices page on this website (linked from Profile → Your Privacy Choices in the app). Or email [email protected] with subject "Do Not Sell".
- Right to correct. Profile → Account → Edit.
- Right to non-discrimination. Opting out doesn't change pricing or feature access.
For California residents specifically: this section serves as the "Notice at Collection" and "Notice of Right to Opt-Out of Sale or Sharing" required by CCPA/CPRA. The categories of personal information we collect are listed under "What we collect" above. We share anonymized, aggregate-only data by default; you have an unconditional right to opt out at any time on the Your Privacy Choices page of this website (linked from Profile → Your Privacy Choices in the app).
Service providers and partners
UPick uses a small set of third-party services to operate. Each one receives only the data it needs for its specific job. None of them get the full picture of your account, and we don't sell or share personal information with them outside their role as a processor. Where a provider differs by platform, it's noted below.
- Google / Firebase — Authentication (email/password, Sign in with Apple on iOS, Google Sign-In via Credential Manager on Android), Firestore (account + activity database), Cloud Functions (matching, rewards, moderation, deletion), Cloud Messaging (push notifications), Cloud Storage, Analytics (anonymized usage events), and App Check device attestation that blocks scripted abuse — Apple App Attest on iOS, Google Play Integrity on Android. Crashlytics collects crash logs on iOS. Google's privacy practices: policies.google.com/privacy.
- AdMob & Google Mobile Ads (Google) — serves the ads UPick shows to free users (we never show ads on the swipe stack). iOS: if you grant App Tracking Transparency permission, AdMob may use your device identifier (IDFA) for personalized ads; decline and ads are contextual only. Android: AdMob presents Google's User Messaging Platform (UMP) consent form, and personalized ads may use the Android Advertising ID. You can reset or limit this anytime in iOS Settings → Privacy & Security → Tracking, or Android Settings → Privacy → Ads. More on Google ads.
- RevenueCat — purchase/entitlement processor. Manages your UPick+ subscription state across the Apple App Store (iOS) and Google Play Billing (Android). Sees the store transaction ID and the user ID you signed up with. revenuecat.com/privacy.
- Apple App Store (iOS) and Google Play Billing (Android) — handle all in-app purchases, refunds, and receipts on their respective platforms, each under its own privacy practices: apple.com/legal/privacy · policies.google.com/privacy.
- Branch.io — deep-link attribution for pair invites and Second Chance reshares. Currently inactive (placeholder key). On Android, pair invite links use native Android App Links (a
/.well-known/assetlinks.json association on getupick.com), not Branch. When Branch goes live it is primarily an iOS Universal Link router and sees only the device fingerprint Apple already exposes for link routing. branch.io privacy.
- TMDB and Movie of the Night — catalog metadata sources. UPick consumes their movie catalog and streaming-availability data. Your account information is not sent to either provider; the data flow is one-way (their data → us).
- Amazon Associates — affiliate links for movie / TV purchases and rentals. When you tap an Amazon link in UPick, you're sent to Amazon's catalog page; UPick may earn a commission on qualifying purchases. Amazon sees the standard referrer information that any link-out would carry. Amazon's affiliate disclosure.
- Fandango, AMC, Atom Tickets — theatrical ticket affiliates. Same model: tap-out from UPick goes to the ticket vendor's site for purchase; UPick may earn an affiliate commission.
- Impact.com — affiliate-attribution network. Its Universal Tracking Tag (
utt.impactcdn.com) loads on the getupick.com website (not in the iOS or Android app) to attribute outbound affiliate clicks to UPick. It sees standard web request data (page URL, referrer, a click identifier) for attribution; it does not receive your UPick account information. We honor Global Privacy Control and the Your Privacy Choices opt-out on this website. impact.com privacy.
The full list of subprocessors and their roles is also captured in our internal data dictionary at [email protected] on request — useful for enterprise B2B due diligence.
How we protect your data
- Encrypted in transit. All traffic between the app and our backend (Google Firebase / Cloud) uses HTTPS/TLS. This matches the "Data is encrypted in transit" declaration in the Google Play Data Safety section and Apple's App Privacy labels.
- Owner-scoped access. Firestore security rules restrict each user to their own account, swipes, and ratings, and to the pairs they belong to — never another user's data. Matching, rewards, quotas, moderation, and account deletion run on our server, not on the device.
- Abuse protection. Firebase App Check — Apple App Attest on iOS, Google Play Integrity on Android — blocks requests from tampered or scripted clients.
- No secrets on the device. We never ask for or store your banking, card, or password-recovery data — payments and account credentials are handled entirely by Apple, Google, or Firebase Authentication.
Data retention and account deletion
We keep your account and activity data for as long as your account is active. You can delete your account at any time from Profile → Account → Delete Account on both iOS and Android (backed by a server-side deletion process). When you delete, we anonymize your taste vector — it persists under a random hash so the recommendation engine stays useful for everyone — and erase your identity (name, email, profile, account ID). Disclosed up-front because it would be dishonest not to. Aggregate research data already exported before deletion remains in those datasets — we cannot reach back into a third party's licensed copy. Diagnostic and ad-platform data held by Google or Apple is subject to their own retention windows.
Children
UPick is not directed to children under 13 and is not part of Google Play's "Designed for Families" program or a child-directed app under COPPA. We do not knowingly collect data from anyone under 13. On Google Play and the App Store, the app's content rating reflects a general/teen audience. If you believe a child has used the app, email [email protected] and we will delete the account.
Google Play Data Safety & Apple App Privacy
Google Play shows a Data Safety section and Apple shows App Privacy labels on each store listing. Those disclosures are derived from this policy and describe the same collection, use, and sharing — including the data types, purposes, the providers above, encryption in transit, and the in-app account-deletion path. If a store form and this policy ever appear to disagree, they're intended to mean the same thing; email [email protected] and we'll reconcile them.
Changes
If we materially change this policy, we'll notify you in-app and via email at least 14 days before the change takes effect. The "Last updated" date at the top reflects the current revision.
Contact
Privacy questions: [email protected]
Do Not Sell or Share requests: [email protected] (or use the Your Privacy Choices page on this website, linked from Profile → Your Privacy Choices in the app)
General: [email protected]
Domus Antonia Lux LLC (DBA UPick).