Privacy Policy
This Privacy Policy explains how Drift ("Drift," "we," "us," or "our") collects, uses, discloses, retains, and deletes information when you use the Drift mobile application, websites, support channels, and related services (collectively, the "Service").
Drift is a location-based social app. The core experience lets you create an account, find friends, share location-based posts, see friends at places, and receive location and friend activity notifications. Some features require permissions such as Location, Contacts, Camera, Photos, Microphone, Motion & Fitness, Bluetooth, and Notifications. You can deny or later revoke permissions in your device settings, but some features may not work without the relevant permission.
1. Information we collect
We collect information directly from you, from your device with your permission, through your use of the Service, and from service providers that help operate the Service.
A. Account and profile information
- Phone number and verification information used to create, sign in to, and secure your account.
- User ID, username, handle, first name, last name, full name, avatar URL, profile colors, account visibility preferences, Ghost Mode status, onboarding state, notification preferences, and similar account settings.
- Authentication tokens and session data used to keep you signed in. Access and refresh tokens may be stored on your device using secure storage and local app storage.
B. Location and motion information
If you grant location permissions, including background location permission, Drift may collect precise device location, latitude, longitude, accuracy, altitude, heading, speed, timestamps, location event identifiers, and related location payloads while the app is open and, when enabled, in the background. Drift uses this information to power maps, detect arrivals and departures, identify likely places, show friends who are at places, send location confirmation prompts, and improve location reliability.
If you grant Motion & Fitness permission, Drift may use device motion activity signals, such as walking, biking, driving, stationary, and similar motion states, to improve location detection and reduce unnecessary location processing. We do not use Motion & Fitness data for advertising or marketing.
C. Contacts information
If you grant Contacts permission, Drift reads names and phone numbers from your address book to help you find people you may know on Drift. Contact phone numbers may be normalized and compared with Drift profile phone numbers to show which contacts are already on Drift. We do not sell your contacts, use them to build a contact database for advertising, or contact people from your address book unless you choose to initiate a specific invitation or communication.
D. Photos, videos, camera, microphone, and user content
If you use avatar, camera, or posting features, Drift may collect:
- Photos and images you select or take for your profile avatar.
- Photos, videos, captions, comments, likes, story metadata, place metadata, and other content you create or upload.
- Camera and microphone access while recording or capturing media in the app.
- Photo library metadata needed to select media, preview your latest photo, or save captured media to your library.
Your posted content may be visible to friends or other users according to the feature, your settings, and the audience selected at posting time.
E. Bluetooth proximity information
If you allow Bluetooth access or if Drift uses Bluetooth-enabled background features, Drift may process Bluetooth service identifiers, temporary proximity tokens, scan request identifiers, RSSI signal strength, timestamps, scan status, scan duration, and related diagnostic fields. Drift uses this information to privately detect nearby friends at places and improve place-presence features. Bluetooth proximity tokens are designed to be temporary and are used for Drift functionality, not for advertising.
F. Notifications and device information
If you allow notifications, Drift may collect and store Expo push tokens, APNs device tokens, location push tokens, notification environment values, and token update timestamps so we can send friend requests, comments, arrival prompts, location confirmations, and other Service notifications.
We may also collect device and app information such as app version, platform, operating system, network status, app state, language/locale, and limited device or installation identifiers needed for security, push delivery, diagnostics, and app functionality.
G. Usage, diagnostics, logs, and support information
We collect app interactions and technical information needed to operate, troubleshoot, protect, and improve Drift, including activity feed events, search history stored on device, place searches, notification interactions, crash logs, performance data, background geolocation diagnostics, queue sizes, error logs, and support messages or reports you submit. Some diagnostic logs may include location payloads or other personal data when needed to investigate a problem.
H. Information from third-party services
Drift relies on service providers and SDKs that may process information on our behalf, including Supabase for authentication, database, storage, realtime, and serverless functions; Expo and Apple Push Notification service for push and app services; Mapbox for maps; Sentry for crash and error reporting; Google Places or similar place data providers for place search and place details; and cloud hosting or infrastructure providers used to operate the Service.
2. How we use information
We use information for the following purposes:
- App functionality: create and authenticate accounts, provide maps, location sharing, friend discovery, stories, comments, notifications, Bluetooth proximity features, settings, media uploads, and account management.
- Product personalization: personalize profile, friend, place, map, notification, and content experiences based on your settings and interactions.
- Safety and security: verify sessions, prevent unauthorized access, enforce access controls, protect accounts, investigate abuse, and maintain service integrity.
- Diagnostics and reliability: detect crashes, measure performance, troubleshoot location, notification, media, Bluetooth, and backend issues, and improve app stability.
- Customer support: respond to questions, privacy requests, bug reports, and other support communications.
- Legal compliance: comply with laws, enforce terms, respond to lawful requests, and protect the rights, safety, and property of Drift, users, and others.
We do not use precise location, Contacts, Photos, Camera, Microphone, Motion & Fitness, or Bluetooth proximity data for third-party advertising or for data broker tracking.
3. App permissions and your choices
You can control permissions through iOS Settings or in-app flows where provided. Withdrawing a permission stops future collection that depends on that permission, except where information has already been collected and retained as described in this policy.
- Location While Using / Always: used for maps, places, arrival/departure detection, friend location features, background location, and location notifications. You can disable location permissions in iOS Settings or use Drift visibility controls such as Ghost Mode where available.
- Motion & Fitness: used to improve motion and arrival detection. You can disable this permission in iOS Settings.
- Contacts: used to find friends by matching contacts' phone numbers to Drift profiles. You can deny or revoke Contacts permission.
- Camera: used to capture avatar photos and story media. You can deny or revoke Camera permission.
- Microphone: used when recording videos with audio. You can deny or revoke Microphone permission.
- Photos / Media Library: used to select, preview, upload, and save media. You can limit or revoke photo access in iOS Settings.
- Bluetooth: used for nearby-friend and place-presence features. You can disable Bluetooth access in iOS Settings.
- Notifications: used to send friend, comment, location, arrival, and service notifications. You can change notification preferences in Drift where available and in iOS Settings.
4. How we disclose information
We disclose information only as described below:
- To other users as part of the Service. Your profile, avatar, handle, selected content, place presence, friend status, comments, likes, and location or place information may be shown to friends or other users depending on the feature and your settings.
- To service providers. We share information with vendors that process it for us to provide hosting, authentication, database, storage, maps, place search, push notification delivery, crash reporting, diagnostics, and support.
- For legal, safety, and security reasons. We may disclose information if we believe it is necessary to comply with law, legal process, or enforceable government requests; protect users; investigate fraud or abuse; or protect the rights, property, or safety of Drift and others.
- Business transfers. If Drift is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction subject to appropriate protections.
- With your direction or consent. We may share information when you ask us to do so or after we provide notice and obtain any required consent.
Each third party or service provider with access to user data must provide the same or equal protection for user data as described in this Privacy Policy and as required by applicable App Store guidelines and privacy laws. We do not sell your personal information. We do not share personal information with data brokers. We do not use App Tracking Transparency tracking unless Drift separately requests and receives your permission through Apple's ATT prompt.
5. App Store privacy label summary
Based on the current app implementation, Drift expects the following App Store privacy disclosures to be reviewed and kept consistent with App Store Connect:
| Apple data category | Examples in Drift | Typical use | Linked to you? |
|---|---|---|---|
| Contact Info | phone number, name fields | app functionality, account management, friend discovery | yes |
| Precise Location | latitude/longitude, accuracy, heading, speed, timestamps | app functionality, product personalization, diagnostics | yes |
| Coarse Location | inferred places and place presence | app functionality, product personalization | yes |
| Contacts | contact names and phone numbers when permission is granted | app functionality/friend discovery | yes |
| User Content | avatars, photos, videos, comments, likes, stories, support content | app functionality, personalization, support | yes |
| Identifiers | user ID, handle, push tokens, device tokens, request IDs | app functionality, notifications, security | yes |
| Usage Data | activity events, notification interactions, search history, settings | app functionality, diagnostics, personalization | yes |
| Diagnostics | crash data, performance data, background location logs, error reports | diagnostics, app functionality | may be linked |
| Fitness | motion activity states from Motion & Fitness APIs | app functionality for location accuracy | yes |
| Other Data | Bluetooth proximity tokens, scan status, RSSI, place metadata | app functionality, diagnostics | yes or may be linked |
This summary is provided to help keep the App Store privacy label accurate. The actual App Store Connect answers must be updated whenever Drift's code, SDKs, backend, data collection, or data uses change.
6. Data retention and deletion
We retain information for as long as reasonably necessary to provide the Service, maintain security, meet legal obligations, resolve disputes, enforce agreements, and support legitimate business needs.
Typical retention practices include:
- Account and profile information is retained while your account is active.
- User content is retained until you delete it, your account is deleted, or it is removed under our policies.
- Location logs, place presence, notification events, Bluetooth proximity events, and diagnostics are retained as needed to provide current and historical app functionality, troubleshoot the Service, and maintain safety and security.
- Crash logs, support records, and security logs may be retained for a limited period after resolution if needed for security, compliance, auditing, or fraud prevention.
- We may retain de-identified or aggregated information that no longer identifies you.
You may request deletion of your account or personal information by using any in-app account deletion tool that Drift provides or by contacting us at the email listed in Section 13. After we verify your request, we will delete or de-identify personal information unless retention is required or permitted for legal, security, fraud prevention, dispute resolution, accounting, or legitimate business purposes. Backup copies may persist for a limited time before automatic expiration.
7. How to revoke consent and manage data
You can revoke consent or limit collection in these ways:
- Change app permissions in iOS Settings.
- Turn off notifications in iOS Settings or Drift notification preferences.
- Use Drift visibility controls, such as Ghost Mode if available, to limit location visibility to other users.
- Delete uploaded content or profile data where the app provides controls.
- Sign out to stop authenticated app activity on that device.
- Request access, correction, deletion, or other privacy assistance by contacting us.
Revoking a permission may limit core features that depend on that permission, such as background location sharing, nearby-friend detection, friend discovery, media capture, or notifications.
8. Security
We use administrative, technical, and organizational measures designed to protect information from unauthorized access, loss, misuse, disclosure, alteration, and destruction. These measures include authenticated backend access, row-level or similar access controls where applicable, transport security, token-based sessions, secure token storage on device, and restricted provider access. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
9. International transfers
Drift and its service providers may process and store information in the United States and other countries where we or our providers operate. These countries may have privacy laws that differ from those in your jurisdiction. Where required, we use appropriate safeguards for international transfers.
10. Children
Drift is not intended for children under 13 or for anyone under the minimum age required to use the Service in their jurisdiction. We do not knowingly collect personal information from children under 13. If you believe a child provided us personal information, contact us and we will take appropriate steps to delete it. Drift is not intended to be listed in the App Store Kids Category.
11. Regional privacy rights
Depending on where you live, you may have rights to request access to, deletion of, correction of, portability of, restriction of, or objection to certain processing of your personal information. You may also have the right to withdraw consent where processing is based on consent and the right to appeal a privacy request decision.
California and other U.S. state privacy laws may provide rights to know, access, correct, delete, and opt out of certain sharing or targeted advertising. Drift does not sell personal information and does not share personal information for cross-context behavioral advertising as those terms are commonly used under U.S. state privacy laws. If our practices change, we will update this policy and provide required opt-out controls.
European Economic Area, United Kingdom, and Swiss users may have rights under the GDPR or similar laws. Where applicable, our legal bases may include performance of a contract, consent, legitimate interests, compliance with legal obligations, and protection of vital interests.
12. Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last updated" date and provide additional notice when required, such as in-app notice or other appropriate communication. Your continued use of the Service after an update means the updated policy applies to your use of the Service, to the extent permitted by law.
13. Contact us
For privacy questions, requests, or complaints, contact us at:
- Email: legal@driftapp.io
- Mailing address: Voyyp, Inc. DBA Drift, 2035 Sunset Lake Rd. Newark, Delaware 19702, US
