This Privacy Policy explains how Noktu LLC, a Florida limited liability company ("Noktu," "we," "us"), collects, uses, and shares information when you use the Noktu mobile application and related services (the "Service"). By using the Service, you agree to the practices described here.
1. Our Privacy Approach
Noktu is built on a simple boundary: venues see the crowd in aggregate — never you individually — unless you explicitly choose otherwise. Individual visibility is always opt-in, always under your control, and reversible at any time. This policy reflects how the product is actually engineered, including several things we deliberately do NOT collect.
2. Information We Collect
2.1 Account information
When you create an account we collect your email address, a display name you choose, and authentication credentials (managed by our infrastructure provider). You may optionally add a profile photo.
2.2 Age and identity verification
To verify you are of legal age, the Service scans the barcode on your government-issued ID using your device camera. This processing happens on your device. From the scan, we store only the following:
- Your date of birth and sex, as encoded on the ID, used for age verification and, in aggregate-only form, venue crowd statistics (see Section 4).
- Timestamps recording when verification was completed.
- A one-way cryptographic token derived from your ID, used solely to recognize your verified identity at participating venue doors. This token cannot be reversed to reveal your ID number or any document contents.
We do NOT store, transmit, or retain your ID or license number, an image of your ID, or the raw barcode data. These never leave your device.
2.3 Check-in and presence information
When you are admitted at a participating venue, we record the check-in: which venue, arrival time, and departure or expiration time. During an active check-in, your first name and profile photo may be temporarily visible to the venue door staff solely to operate the door; this is automatically purged when your check-in ends.
2.4 Social information
We store your friend connections, friend requests, and block list to operate the social features you use.
2.5 Content you create
Profile photos, venue reviews, and similar content you choose to post.
2.6 Diagnostics
We collect crash reports and limited performance data to keep the app reliable, using a third-party error-reporting service (Sentry). These reports are associated with your internal account identifier only; our reporting pipeline is configured to strip emails, names, ID-scan data, authentication tokens, and similar sensitive fields before any report leaves the app.
2.7 Payment-card linking (optional)
If you choose to link a payment card to track your spend at participating venues, the card details are collected and processed by our card-linking provider, Fidel. Noktu receives and stores only a tokenized reference to your linked card, the last four digits, and the card network — we never receive or store your full card number, and we never collect your bank login or account credentials. When you make an eligible purchase at a participating venue, Fidel reports the transaction (such as amount, time, and the participating location) to us so we can attribute the spend to you for spend tracking and rewards. Linking is optional, requires your explicit in-app consent, and you can unlink your card at any time.
3. Information We Do NOT Collect
- Location data. The app contains no GPS or location permission. Your presence at a venue is established by the door check-in you initiate — never by tracking your device's location.
- Your contacts, browsing history, or data from other apps.
- Your ID document number or images of your ID (Section 2.2).
- Your full payment card number, or any bank login or account credentials. If you opt into spend linking, your card is processed by Fidel and we store only a tokenized reference plus the last four digits and card network (Section 2.7).
4. How We Use Information
- Operate the Service: authentication, check-ins, presence sharing with your friends, venue discovery.
- Verify legal age and operate venue door admission.
- Attribute your spend at participating venues, and operate spend tracking and rewards, if you opt into card linking (Section 2.7).
- Produce aggregate venue statistics (e.g., headcount, age-range and sex composition of tonight's crowd). Aggregates are subject to a minimum-count suppression floor: statistics for very small groups are never produced or stored, so individuals cannot be singled out.
- Maintain safety features such as blocks and venue exclusion lists.
- Diagnose crashes and improve reliability.
We do not sell personal information, and we do not use your information for third-party advertising.
5. How Information Is Shared
- With your friends: your check-ins are visible to accepted friends according to your visibility settings. You can restrict visibility or go invisible at any time.
- With venues — aggregate only by default: venues see anonymous, aggregated crowd statistics. They do not see your identity, your check-in history, your spend, or your profile unless you opt in.
- Per-venue public opt-in: if you explicitly choose to "go public" at a specific venue for a specific visit, that venue may see your presence individually. This is never a default and never carries over to other venues or visits.
- Door operation: venue door staff temporarily see your first name and photo during admission, purged after your check-in ends (Section 2.3).
- Service providers: we use infrastructure and processing providers — currently Supabase (hosting, authentication, database), Sentry (crash reporting), Fidel (payment-card linking and transaction monitoring, if you opt in), and Expo/Apple (app delivery) — bound to process data only on our behalf.
- Legal requirements: we may disclose information where required by law or to protect rights, safety, or the integrity of the Service.
6. Your Choices and Controls
- Visibility: switch between friends-only and invisible at any time; per-venue public sharing is a separate, explicit opt-in.
- Friends and blocks: manage friend connections and block any user.
- Profile: change or remove your photo and display name.
- Spend linking: link or unlink a payment card at any time; unlinking stops future transaction attribution.
- Consents: revoke any optional data-sharing consent (e.g., spend linking or loyalty status sharing) at any time.
- Account deletion: you may delete your account at any time using the in-app account-deletion feature, which removes your personal information from the Service (see Section 7).
7. Data Retention
We retain account information while your account is active. Check-in records are retained on an ongoing basis to operate the Service and produce aggregate statistics. When you delete your account, your personal information is removed; check-in records are anonymized (de-identified) and retained only in a form that cannot identify you, and aggregated statistics that cannot identify you may be retained indefinitely. If you link a payment card, the linked-card reference is retained until you unlink it or delete your account. Transient door-display data is purged automatically when a check-in ends.
8. Security
We use industry-standard measures including encryption in transit, database-level row security restricting every read and write to authorized parties, one-way cryptographic tokenization of identity-verification data, tokenized handling of linked-card references, and on-device processing of ID scans. No method of transmission or storage is perfectly secure, but the Service is engineered so that the most sensitive data (your ID contents and your full card number) is never collected at all.
9. Age Requirements
The Service is intended for adults. You must be at least 18 years old to create an account. Participating venues may impose higher age requirements (commonly 21+) for admission. We do not knowingly collect information from anyone under 18; if we learn that we have, we will delete it.
10. Changes to This Policy
We may update this policy. Material changes will be communicated through the app or by email, and the "Last updated" date above will change.
11. Contact Us
Questions about this policy or your information: hello@noktu.app • Noktu LLC, 531 NE 39th Street, Suite 201, Miami, FL 33137.