Privacy Policy
Effective date: February 20, 2026 | Last updated: February 20, 2026
Upquark LLC, a California limited liability company ("Company," "we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access or use the a.s.d.f (ask share discover find) mobile application (the "App") and the associated website (the "Website"), collectively referred to as the "Service."
Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.
Table of Contents
- Information We Collect
- How We Use Your Information
- Legal Bases for Processing (EEA/UK Users)
- End-to-End Encryption & Message Privacy
- Data Sharing & Disclosure
- Third-Party Services
- Data Storage & Security
- Data Retention
- Your Privacy Rights
- International Data Transfers
- Children's Privacy
- Do Not Track Signals
- California Privacy Rights (CCPA)
- Changes to This Privacy Policy
- Contact Us
1. Information We Collect
1.1 Information You Provide Directly
We collect information that you voluntarily provide when you register for an account, create or modify your profile, post content, or otherwise interact with the Service:
- Account Registration Data: username, email address, and password (or credentials from a third-party authentication provider such as Google or Apple)
- Profile Information: display name, profile photograph, biographical description, and phone number
- Marketplace Content: listing titles, descriptions, pricing, photographs, videos, categories, and location information associated with your listings
- Community Content: posts, comments, reviews, ratings, and other content you create within community topics or in response to other users' content
- Communications: messages you send through the Service (subject to end-to-end encryption as described in Section 4), support inquiries, and feedback you provide to us
1.2 Information Collected Automatically
When you access or use the Service, we automatically collect certain information, including:
- Device Information: device type, operating system and version, unique device identifiers, and mobile network information
- App Usage Data: app version, features accessed, actions taken, timestamps of activity, and general usage patterns
- Push Notification Tokens: device tokens required to deliver push notifications you have opted into
- Log Data: IP address, access times, and referring URLs when you visit our Website
1.3 Location Information
With your explicit consent, we collect precise geolocation data (latitude and longitude) from your mobile device to provide location-based features, including nearby listing discovery and local search. You may also voluntarily provide location information such as zip codes, addresses, and city/state when creating listings. You may disable location services at any time through your device's operating system settings; however, doing so may limit certain features of the Service.
1.4 Information from Third-Party Authentication
If you choose to register or sign in using Google Sign-In or Apple Sign-In, we receive limited information from these providers, typically your name and email address, as permitted by your privacy settings with that provider. We do not receive or store your passwords from third-party authentication providers.
1.5 Device Permissions
The App may request access to certain features of your device. Each permission is requested only when the associated feature is used and may be revoked at any time through your device settings:
| Permission | Purpose |
|---|---|
| Camera | Capture photos and videos for listings or profile |
| Photo Library | Select existing media for upload |
| Microphone | Record voice messages |
| Location | Enable nearby discovery and location-based search |
| Contacts | Find friends who are already using a.s.d.f |
| Notifications | Receive push notifications for messages and activity |
2. How We Use Your Information
We use the information we collect for the following purposes:
- Provide and Operate the Service: create and manage your account, facilitate marketplace transactions, enable messaging, and deliver core functionality
- Personalize Your Experience: display relevant listings, recommend communities, and surface content based on your location and activity
- Communicate with You: send push notifications, service announcements, security alerts, and support responses
- Improve the Service: analyze usage trends, diagnose technical issues, and develop new features
- Ensure Safety and Security: detect and prevent fraud, abuse, spam, and security threats; enforce our Terms of Service and community guidelines
- Comply with Legal Obligations: respond to lawful requests from public authorities and comply with applicable laws and regulations
We do not use your information for automated decision-making or profiling that produces legal effects or similarly significant effects on you.
3. Legal Bases for Processing (EEA/UK Users)
If you are located in the European Economic Area (EEA) or the United Kingdom (UK), our legal bases for processing your personal data include:
- Performance of a Contract: processing necessary to provide you with the Service as described in our Terms of Service
- Consent: processing based on your explicit consent, such as location data collection and push notifications (you may withdraw consent at any time)
- Legitimate Interests: processing necessary for our legitimate interests, such as improving the Service and ensuring security, provided these interests are not overridden by your rights
- Legal Obligation: processing necessary to comply with applicable laws
4. End-to-End Encryption & Message Privacy
a.s.d.f employs the Fourier Protocol — built on the Signal Protocol implementation, including the Extended Triple Diffie-Hellman (X3DH) key agreement protocol and the Double Ratchet algorithm — to provide end-to-end encryption for direct messages and private group conversations. This architecture ensures:
- Key Generation on Device: all cryptographic keys are generated locally on your device and are never transmitted to or stored on our servers in unencrypted form
- Zero-Knowledge Message Storage: message content is encrypted on your device before transmission. We store only the encrypted ciphertext on our servers to facilitate message delivery. We do not possess the keys to decrypt this content
- Forward Secrecy: the Double Ratchet algorithm provides forward secrecy, meaning that compromise of a single key does not compromise past or future messages
- No Message Recovery: because we do not hold decryption keys, we cannot recover message content if you lose access to your device. Users are responsible for the security of their own devices
- Public Groups: messages in public groups use server-managed epoch keys and are not end-to-end encrypted in the same manner as direct messages and private groups
Metadata associated with messages (such as sender, recipient, and timestamp) may be processed by our servers to facilitate delivery, even though the message content itself is encrypted.
5. Data Sharing & Disclosure
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
We may share your information in the following limited circumstances:
5.1 With Other Users
Information you choose to make public — such as your profile, listings, posts, reviews, and community activity — is visible to other users of the Service. Your privacy settings allow you to control the visibility of certain profile information, including online status and last-seen timestamps.
5.2 With Service Providers
We engage trusted third-party service providers to perform functions on our behalf, including cloud hosting, authentication, data storage, search indexing, and push notification delivery. These providers are contractually obligated to use your information only as necessary to provide services to us and in accordance with this Privacy Policy.
5.3 For Legal Compliance
We may disclose your information if we believe in good faith that such disclosure is necessary to: (a) comply with applicable law, regulation, legal process, or governmental request; (b) enforce our Terms of Service; (c) protect the rights, property, or safety of Upquark LLC, our users, or the public; or (d) detect, prevent, or address fraud, security, or technical issues. Due to our end-to-end encryption architecture, we are technically unable to provide the decrypted content of encrypted messages even pursuant to a lawful request.
5.4 Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via the Service or email of any change in ownership or uses of your personal information.
6. Third-Party Services
The Service integrates with the following third-party services:
| Service | Provider | Purpose |
|---|---|---|
| Firebase Authentication | Google LLC | Account creation and sign-in |
| Cloud Firestore | Google LLC | Database and data storage |
| Cloud Storage for Firebase | Google LLC | Media file storage (photos, videos) |
| Firebase Cloud Messaging | Google LLC | Push notification delivery |
| Google Sign-In | Google LLC | Third-party authentication |
| Apple Sign-In | Apple Inc. | Third-party authentication |
Each third-party service is governed by its own privacy policy. We encourage you to review the privacy policies of these providers.
7. Data Storage & Security
We implement industry-standard security measures to protect your information:
- Encryption in Transit: all data transmitted between the App and our servers is encrypted using Transport Layer Security (TLS)
- Encrypted Local Storage: messages and sensitive data are stored in a SQLCipher-encrypted database on your device, with the encryption key stored in your device's secure enclave (iOS Keychain / Android Keystore)
- Secure Key Storage: cryptographic identity keys and session keys are stored in platform-native secure storage facilities
- Access Controls: server-side data is stored in secured cloud infrastructure with role-based access controls and audit logging
While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, and you acknowledge that you provide your information at your own risk.
8. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you with the Service. Specifically:
- Account Data: retained for the duration of your account and deleted within 30 days of account deletion, unless retention is required by law
- Marketplace Listings: active listings are retained while published; expired listings may be retained for a reasonable period for dispute resolution
- Encrypted Messages: encrypted ciphertext on our servers is deleted when you delete your account; locally stored messages are retained on your device until you uninstall the App
- Usage Data: aggregated, de-identified usage data may be retained indefinitely for analytics and product improvement purposes
- Legal Requirements: certain information may be retained as required by applicable laws, including for tax, legal reporting, or fraud prevention obligations
9. Your Privacy Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Right of Access: request a copy of the personal information we hold about you
- Right to Rectification: request correction of inaccurate or incomplete personal information
- Right to Erasure: request deletion of your personal information, subject to legal retention requirements
- Right to Restrict Processing: request that we limit how we use your information
- Right to Data Portability: request a copy of your data in a structured, machine-readable format
- Right to Object: object to processing of your information based on legitimate interests
- Right to Withdraw Consent: where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing
To exercise any of these rights, please contact us at s@instanc.app. We will respond to your request within 30 days or as required by applicable law.
You may also manage your data through the App, including updating your profile, adjusting privacy settings, and controlling device permissions.
10. International Data Transfers
Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that differ from those in your jurisdiction. When we transfer data internationally, we implement appropriate safeguards, including standard contractual clauses approved by the European Commission, where applicable.
11. Children's Privacy
The Service is not directed to individuals under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under the applicable minimum age without parental consent, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at s@instanc.app.
12. Do Not Track Signals
The Service does not currently respond to "Do Not Track" (DNT) signals transmitted by web browsers. There is no uniform industry standard for recognizing or honoring DNT signals at this time.
13. California Privacy Rights (CCPA)
If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
- Right to Know: you have the right to request the categories and specific pieces of personal information we have collected about you
- Right to Delete: you have the right to request that we delete your personal information, subject to certain exceptions
- Right to Non-Discrimination: we will not discriminate against you for exercising your privacy rights
- Right to Opt-Out of Sale: we do not sell your personal information. If we change this practice, we will provide a "Do Not Sell My Personal Information" link on our Website
To exercise your rights under the CCPA, please contact us at s@instanc.app. We will verify your identity before processing your request.
14. Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time. When we make material changes, we will: (a) update the "Last updated" date at the top of this page; (b) notify you through the App or via email; and (c) where required by law, obtain your consent to the changes. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any modifications to this Privacy Policy constitutes your acceptance of such modifications.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: s@instanc.app
If you are located in the EEA or UK and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.