Greenflag

Effective June 30, 2026 · v1.0.0

Greenflag Privacy Policy

Last Updated: June 30, 2026

This Privacy Policy explains how Smarttie Software Inc. ("Smarttie," "Greenflag," "we," "us," or "our") collects, uses, discloses, retains, and protects personal information when you use Greenflag, the trygreenflag.com website, our mobile applications, our public profile pages, our server APIs, and related services (together, the "Services").

Greenflag is a dating app with one defining trait: your profile is built by your friends. That means we handle not only your information, but also content your friends create about you, and content you create about other people. This Policy explains how that works. If you do not agree with this Policy, do not use the Services.

1. Controller and Contact

Smarttie Software Inc. is responsible for personal information processed under this Policy.

Registered address:

329 Howe St
Unit #970
Vancouver, BC V6C 3N2
Canada

Privacy and data requests: privacy@trygreenflag.com
Legal: legal@trygreenflag.com
Support: support@trygreenflag.com
Safety and reports: safety@trygreenflag.com
Website: https://trygreenflag.com

We have not appointed a Data Protection Officer. If that changes, we will update this Policy.

2. Quick Summary

This summary is for convenience only; the full Policy controls.

3. Information We Collect

3.1 Information you provide

3.2 Information collected automatically

3.3 Information from third parties

We may receive information from the app stores (purchase and receipt status), our verification and infrastructure providers, and anyone who reports you or interacts with you on the Services.

4. Sensitive Information

Some information on Greenflag may be considered sensitive, including your photos and face/biometric verification data, approximate location, and information that may reveal characteristics like sexual orientation (inherent in a dating context). We collect and use this only to operate the Services — to verify you, build and show profiles, lock discovery to your metro, and keep the community safe — and we apply the protections described in this Policy. We do not use this information for advertising, and we do not sell it.

A note on verification: Didit performs a liveness check and a 1:1 face match to confirm you match your chosen photo. The face geometry involved may be considered biometric information under laws such as the Illinois Biometric Information Privacy Act (BIPA) and similar Texas, Washington, and other state laws. This data is used only to confirm the verification result. We do not use it to build a facial-recognition database, to identify you across other services, or for advertising, and we do not sell it or disclose it except to Didit (which processes it on our behalf to perform the check) or as required by law.

Where biometric-privacy laws apply, we collect and process this data with your consent, which you give when you choose to complete verification. We retain the biometric data used for the face match only as long as needed to perform and maintain your verification, and in any event we delete it (or require our vendor to delete it) within a reasonable period — generally within 30 days — after the verification is complete, unless a longer period is required to comply with law or to address a safety or security matter. You can decline verification, but your profile will not go live without it.

5. How We Use Information

We use information to:

Content review and automated processing. To keep the community safe and to enforce our Terms and Community Guidelines, profiles, photos, vouches, and messages may be reviewed — using a combination of automated tools and human review — for fraud, abuse, harassment, illegal content, and safety risks. This means messages are not fully private: they may be scanned or reviewed for safety. We also use automated processing to rank and surface profiles in discovery and to support matching. These automated processes do not produce legal or similarly significant effects about you without the ability for human review where required by law; you can contact us to ask about a decision.

6. Legal Bases (where required, e.g. Mexico, EEA/UK)

Where data-protection laws require a legal basis, we rely on one or more of:

For users in Mexico, we process personal data in accordance with the Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP); this Policy serves as our privacy notice ("aviso de privacidad"), and you may exercise your ARCO rights (Access, Rectification, Cancellation, Opposition) and withdraw consent as described in Section 11.

7. How Profiles and Public Decks Affect Privacy

Because friends build your profile, content about you may be created and shared by other people. You control whether your profile is published, can hide or unpublish it, and can revoke a Public Deck. However:

If your friends include other people's information in your pitch, or you do so in someone else's, you are responsible for having any consent required.

8. SMS Verification

We send a one-time verification code by SMS (through Twilio) when you or your invited friends sign in or verify a number. By entering a number and continuing, you consent to receive that code; message and data rates may apply. We use the number to verify and secure accounts, not for marketing. Additional details about our SMS practices are described in our internal SMS consent documentation and may be surfaced in-app at the point of verification.

9. Analytics, Crash Reporting, and Cookies

10. How We Share Information — Service Providers

We share information with service providers who process it on our behalf to run the Services. We do not sell personal information. Our current providers include:

ProviderPurposeData involved
DiditPhoto/identity verification (liveness + 1:1 face match)Selfie/liveness capture, chosen photo, match result
TwilioSMS one-time-code verificationPhone number, verification events
OpenRouter + Google (Gemini)AI features such as vouch translation and pitch assistanceThe specific text submitted for the action (e.g. a vouch to translate)
Google Cloud PlatformHosting, database, storageAll Service data, as infrastructure
Google Maps PlatformReverse geocoding / metro placementApproximate location at signup
OpenIM (self-hosted on GCP)In-app chat (text, images, ≤1-min video)Messages and chat media between matched users
Apple App Store / Google PlayIn-app purchases and receipt verificationPurchase and receipt metadata
PostmarkTransactional emailEmail address and message content for service emails
MixpanelProduct analyticsBounded behavioral events
SentryCrash and error reportingTechnical diagnostics

We may also share information with professional advisors; with authorities, regulators, or courts where required by law or to protect rights and safety; with other users or the public when you publish or share content; and with an acquirer or successor in a merger, financing, or sale of assets. We do not share personal information for cross-context behavioral advertising / targeted advertising as those terms are defined under U.S. state privacy laws.

11. Your Privacy Rights and Controls

Depending on where you live, you may have rights to access, correct, delete, port, or restrict your personal information; to object to certain processing; to withdraw consent; to opt out of marketing; to opt out of "sale"/"sharing" or targeted advertising (note: we do not sell or share for targeted advertising); and to limit the use and disclosure of sensitive personal information to what is necessary to provide the Services (which is already how we use it). Users in Mexico may exercise ARCO rights under the LFPDPPP.

Authorized agents. Where the law allows, you may use an authorized agent to submit a request on your behalf; we may ask the agent for proof of authorization and may still ask you to verify your identity directly.

Opt-out preference signals. Although we do not sell personal information or share it for targeted advertising, where required by law we will treat a recognized browser- or device-level opt-out preference signal (such as Global Privacy Control) as a valid opt-out request for the browser or device that sends it.

To exercise rights, use the in-app controls or contact privacy@trygreenflag.com. You can also:

We may need to verify your identity (for example, via the phone number on your account) before acting. Some requests may be limited where content is also someone else's (for example, a vouch your friend wrote), where we must keep records for legal, security, or safety reasons, or where information is controlled by another person. We will not discriminate against you for exercising these rights.

Appeals. If we deny your request, you may appeal by replying to our response (please reference "Privacy Request Appeal"); we will respond within the time the law requires. Depending on your state or country, you may also complain to your local data-protection or consumer authority — for example, your U.S. state attorney general, the California Privacy Protection Agency, Mexico's INAI, or your regional regulator.

12. Data Retention

We keep personal information only as long as needed for the purposes in this Policy. These are general guidelines, not fixed guarantees, and actual periods may vary with our legal obligations and safety needs:

13. Security

We use technical, organizational, and administrative safeguards designed to protect personal information, including encryption in transit, platform secure storage for secrets, access controls, rate limiting, and redaction rules for analytics and crash reporting. No method is perfectly secure; we cannot guarantee that unauthorized access, loss, or misuse will never occur. Protect your device, phone number, and account. If we learn of a breach affecting your information, we will notify you and authorities where required by law.

14. International Transfers

We are based in Canada and use providers that may process information in Canada, the United States, and other countries — which may have different privacy laws than where you live. Greenflag serves users in the United States and Mexico, and your information may be processed in those countries and in Canada. Where required, we use appropriate safeguards (such as standard contractual clauses or other lawful transfer mechanisms) for international transfers.

15. California and U.S. State Privacy Disclosures

We do not sell personal information or share it for cross-context behavioral advertising as defined under U.S. state privacy laws (including the CCPA/CPRA). Depending on your use, we may collect these categories of personal information:

We collect, use, disclose, and retain these for the purposes and for the periods described in this Policy (see Section 12), and we disclose them only to the service providers and other recipients listed in Section 10. We do not sell personal information, do not share it for cross-context behavioral advertising, and do not use or disclose sensitive personal information beyond the purposes permitted under the CCPA/CPRA (such as providing the Services, verification, and safety). We do not offer financial incentives in exchange for your personal information.

California residents (and residents of other U.S. states with similar laws, such as Virginia, Colorado, Connecticut, Texas, Oregon, and Montana) may exercise rights to know, access, correct, delete, and port their information; to opt out of sale/sharing/targeted advertising; to limit the use of sensitive personal information; and to appeal a denied request (see Section 11). You may not be discriminated against for exercising these rights, and you may use an authorized agent. To exercise these rights, contact privacy@trygreenflag.com. Because Greenflag verifies accounts by phone, we generally verify requests using the phone number on your account.

Washington and Nevada — consumer health data. Some information inherent to a dating service (for example, data that may reveal sexual orientation) could be treated as "consumer health data" under Washington's My Health My Data Act and Nevada law. We collect and use such information only to provide and secure the Services as described in this Policy and with your consent where required; we do not sell it, and we apply the protections described here. Washington and Nevada residents may contact privacy@trygreenflag.com to exercise applicable rights.

16. Mexico — LFPDPPP / Aviso de Privacidad

For users in Mexico, Smarttie Software Inc. acts as the data controller ("responsable") and this Policy serves as our privacy notice. We process the personal data described above to provide the Services, and sensitive data (such as photos, verification data, and data inherent to a dating context) with your consent. You may exercise your ARCO rights (Acceso, Rectificación, Cancelación, Oposición), limit the use or disclosure of your data, and withdraw consent by contacting privacy@trygreenflag.com. You may also file a complaint with the INAI.

17. Children

Greenflag is strictly for adults. The Services are not directed to anyone under 18, and we do not knowingly collect personal information from anyone under 18. If you believe someone under 18 is using Greenflag or has provided information to us, contact safety@trygreenflag.com and we will act, including terminating the account.

If we become aware of apparent child sexual abuse material (CSAM) or the sexual exploitation of a minor, we will remove it, preserve relevant evidence, and report it as required by law to the National Center for Missing & Exploited Children (NCMEC) and/or to law enforcement. We may retain and disclose related information for those reporting, investigative, and child-safety purposes even where we would otherwise delete it.

18. Marketing Communications

If you opt in or provide contact information, we may send product updates and (where permitted) marketing messages. You can opt out using the unsubscribe link or by contacting support@trygreenflag.com. We may still send non-marketing service, security, account, payment, and legal messages.

19. Third-Party Links

The Services may link to or integrate with third-party sites and services governed by their own privacy practices. We are not responsible for their privacy, security, or content.

20. Changes to This Policy

We may update this Policy from time to time. When changes are material, we will provide notice by posting the updated Policy, updating the "Last Updated" date, and/or sending in-app or email notice. Your continued use of the Services after the update takes effect means you acknowledge the updated Policy.

21. Contact

Smarttie Software Inc.
329 Howe St, Unit #970
Vancouver, BC V6C 3N2, Canada

Privacy and data requests: privacy@trygreenflag.com
Legal: legal@trygreenflag.com
Support: support@trygreenflag.com
Safety and reports: safety@trygreenflag.com