Privacy Policy for Froz™

We collect information necessary to operate the App and improve your experience: • Account Information: Name, email, username, password, date of birth, country, and profile details you provide during registration. • Age Verification: We collect your date of birth and country during registration to verify you meet the minimum age requirement for your jurisdiction. Minimum ages vary by country (e.g., 13 in the United States, 14 in Canada). Users who do not meet the minimum age for their country are not permitted to use Froz. • Location Data: With your permission, we collect precise GPS location data to enable ski tracking features. Location tracking only occurs when you explicitly enable it and is used to record your skiing/snowboarding activity. You can disable location tracking at any time in your device settings. • Activity Data: Resorts visited, check-ins, ski/snowboard tracks, meetups, rankings, leaderboard participation, resort ratings/reviews you submit, live condition reports, Mountain DNA tag contributions, and resort comments. • Device Information: Device type, operating system, app version, and unique device identifiers for analytics purposes. • Usage Information: How you interact with the App, including pages visited, features used, session duration, and app performance data. • Push Notification Tokens: If you enable notifications, we collect device tokens to send you updates about meetups, messages, and app activity. • Optional Content: Photos, comments, messages, or posts you choose to share. • Content Moderation Data: When you upload profile photos, we process them through automated content moderation systems to detect prohibited content. Moderation results (safe/unsafe classification) may be logged for safety purposes. We track failed upload attempts to prevent abuse. We do not collect sensitive information such as payment data, government identifiers, or health information.

We use your information to: • Operate and improve the App. • Enable ski/snowboard tracking when you activate this feature, using our proprietary GPS tracking algorithms. • Calculate and display resort rankings using our proprietary ranking engine, which incorporates user ratings and other factors. • Display your activity and rankings (e.g., leaderboards, profile stats). • Send push notifications about meetups, messages, and relevant activity (if enabled). • Personalize your experience and show relevant content based on your country/region. • Analyze app usage through analytics to improve features and performance. • Provide customer support. • Maintain app security, detect fraud, and prevent abuse. • Verify user age eligibility. We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

We use trusted third-party services to operate the App: • Firebase (Google): Authentication, database storage, cloud storage, and crash reporting. • Google Analytics: We use Google Analytics to collect anonymized usage data, including app interactions, screen views, and engagement metrics. This helps us understand how users interact with Froz and improve the experience. Google may use this data as described in their privacy policy. • Google Cloud Vision API: We use Google Cloud Vision's SafeSearch feature to automatically screen user-uploaded profile photos for prohibited content (adult, explicit, or inappropriate material). Images are sent to Google's servers for analysis at the time of upload. Google processes this data according to their Cloud Data Processing terms. We do not store images that fail moderation screening. • Open-Meteo API: We use Open-Meteo to obtain weather forecast data, which we process using our proprietary algorithms to generate Snow Quality Index (SQI™) scores, custom weather titles, descriptions, and "best day" recommendations. Open-Meteo provides raw weather data only; all SQI calculations, generated titles/descriptions, and recommendations are created by Froz's proprietary algorithms. • Expo: App development and update delivery platform. We may share data in these cases: • With service providers listed above who help us run the App, bound by data processing agreements. • For legal compliance if required by law or to respond to valid legal requests. • To protect the rights, safety, or property of Froz, our users, or the public. • With your consent if you explicitly agree to share information. Sponsored content may appear in the App, but sponsors do not have access to your personal data unless you explicitly interact with their content. Featured Lists & Recommendations: • Froz displays curated featured lists for gear, après, events, resorts, and other content. • Featured lists may include editorial selections and paid partner placements. • Paid placements are indicated with a "Partner" label or similar designation. • With your permission, we may use your location to show locally-relevant featured content. • Featured brands and businesses do not receive your personal data unless you choose to interact with them.

Froz offers optional ski/snowboard tracking features that use your device's GPS. • Location tracking is OFF by default and only activates when you explicitly enable it. • When enabled, we collect precise location data to record your ski runs, speed, and elevation. • You can disable location tracking at any time through the App or your device settings. • Location data is stored securely and associated with your account. • We do not share your precise location with other users without your consent. • We do not sell location data to third parties.

With your express permission, we send push notifications and electronic messages for: • Meetup invitations and updates • New messages from other users • Activity on your posts or profile • App updates and announcements CASL Compliance (Canada): In accordance with Canada's Anti-Spam Legislation (CASL), we obtain your express consent before sending commercial electronic messages. Each notification includes identification of Froz as the sender. You may withdraw consent and unsubscribe at any time. You can disable notifications at any time: • Through your device settings • Within the App notification preferences • By contacting support@froz-app.com We honor all unsubscribe requests promptly.

We implement industry-standard security measures to protect your data: • Encryption of data in transit (TLS/SSL) and at rest • Secure cloud infrastructure with access controls • Regular security assessments • Limited employee access to personal data However, no system is 100% secure, and we cannot guarantee absolute protection. You are responsible for maintaining the security of your account credentials.

We retain your data for as long as your account is active. • Account data: Retained until you delete your account. • Activity data (tracks, check-ins): Retained until you delete your account or specific content. • Meetup chat messages: Retained while the meetup is active. When a meetup is deleted by the organizer, associated messages are deleted after a 30-day grace period (to allow for abuse report investigations). • Reported content: Messages or content that has been reported for policy violations may be retained for up to 90 days for investigation purposes. • Analytics data: Retained in anonymized form for up to 26 months. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, pending investigations).

Depending on your location, you may have the following rights: • Access: Request a copy of the data we hold about you. • Correction: Request correction of inaccurate data. • Deletion: Request deletion of your data ("right to be forgotten"). • Portability: Request a copy of your data in a machine-readable format. • Opt-out: Disable location tracking, notifications, or analytics. • Restriction: Request we limit how we process your data. • Withdraw Consent: Withdraw consent for data processing at any time. California Residents (CCPA): You have the right to know what personal information we collect, request deletion, and opt-out of any sale of personal information. We do not sell personal information. Canadian Residents (PIPEDA): Under the Personal Information Protection and Electronic Documents Act, you have the right to: • Know what personal information we hold about you • Access your personal information upon request • Challenge the accuracy and completeness of your information • Withdraw consent for collection, use, or disclosure (subject to legal restrictions) • File a complaint with the Office of the Privacy Commissioner of Canada Quebec Residents: Under Quebec's Act Respecting the Protection of Personal Information (Law 25), you have additional rights including privacy by default, explicit consent requirements, and the right to data portability. Users in Canada must be at least 14 years old to use Froz. EU/EEA Residents (GDPR): You have rights under the General Data Protection Regulation including access, rectification, erasure, and data portability. To exercise these rights, contact us at support@froz-app.com. We will respond within 30 days (or sooner if required by applicable law).

Froz enforces age restrictions based on your country of residence. Minimum Age Requirements: • United States: 13 years old • Canada: 14 years old • Other countries: 13 years old (or higher if required by local law) How We Verify Age: • We collect your date of birth and country during registration. • Users who do not meet the minimum age for their selected country are prevented from creating an account. • If we discover a user provided false information to circumvent age restrictions, we will promptly delete their account and associated data. If you believe a minor who does not meet the age requirements has created an account, please contact us immediately at support@froz-app.com. Parents or guardians who become aware of their child's unauthorized use of Froz should contact us to have the account removed.

Froz is operated from the United States. Your information may be transferred to and processed in the United States. For Canadian Users: • Your personal information will be transferred from Canada to the United States for processing and storage. • By using Froz, you explicitly consent to this cross-border transfer. • We implement appropriate safeguards including encryption and secure data handling practices. • U.S. data protection laws may differ from Canadian laws, but we maintain consistent privacy protections. • Our service providers in the U.S. are contractually bound to protect your information. For All International Users: • Data protection laws in the United States may differ from those in your country. • By using Froz, you consent to the transfer of your information to the United States. • We take appropriate safeguards to protect your data during international transfers. • You may contact us to learn more about our data protection practices.

This section applies to users in Canada. Accountability: Froz is responsible for personal information under our control. For privacy inquiries, contact support@froz-app.com. Identifying Purposes: We collect personal information only for the purposes identified in this Privacy Policy. We will inform you of any new purposes before or at the time of collection. Consent: We obtain your meaningful consent for the collection, use, and disclosure of your personal information. You may withdraw consent at any time, subject to legal or contractual restrictions. Limiting Collection: We collect only the personal information necessary for the identified purposes. Limiting Use, Disclosure, and Retention: We use and disclose personal information only for the purposes for which it was collected, unless you consent or as required by law. We retain information only as long as necessary. Accuracy: We keep personal information as accurate, complete, and up-to-date as necessary. You may request corrections to your information. Safeguards: We protect personal information with appropriate security measures relative to the sensitivity of the information. Openness: This Privacy Policy describes our policies and practices for managing personal information. Individual Access: Upon request, we will inform you of the existence, use, and disclosure of your personal information and provide access to it. You may challenge its accuracy. Challenging Compliance: You may challenge our compliance with these principles by contacting us at support@froz-app.com or by filing a complaint with the Office of the Privacy Commissioner of Canada.

This section applies to users in Quebec, Canada. Quebec's Act Respecting the Protection of Personal Information in the Private Sector (as amended by Law 25) provides enhanced privacy protections: Privacy by Default: We implement privacy-protective default settings. Location tracking and optional data sharing are disabled by default. Explicit Consent: We obtain clear, explicit consent before collecting, using, or disclosing your personal information. Consent is requested separately for different purposes. Minimum Age: Users in Canada must be at least 14 years old to use Froz, in compliance with Quebec's requirements for minors. Automated Decision-Making: If we use automated decision-making that produces legal effects or significantly affects you, you have the right to be informed and to request human review. Data Portability: You may request your personal information in a commonly used technological format. Right to be Forgotten: You may request deletion or anonymization of your personal information, subject to legal retention requirements. Privacy Impact Assessments: We conduct privacy impact assessments for high-risk processing activities. To exercise your rights under Quebec law, contact support@froz-app.com.

We use analytics tools to understand how users interact with Froz: • Google Analytics collects anonymized usage data, device information, and engagement metrics. • We use device identifiers for analytics and to prevent fraud. • We do not use cookies in the traditional web sense, but mobile SDKs may store local data on your device. You can limit analytics collection by adjusting your device's privacy settings (e.g., "Limit Ad Tracking" on iOS or "Opt out of Ads Personalization" on Android).

We may update this Privacy Policy from time to time. When we make material changes: • We will update the "Last Updated" date at the top of this policy. • For significant changes, we may notify you via the App or email. • Continued use of Froz after changes means you accept the updated policy. We encourage you to review this policy periodically.

In the event of a data breach that affects your personal information, we will: • Investigate the incident promptly and take steps to contain it. • Notify affected users without undue delay (and within 72 hours where required by law). • Notify relevant regulatory authorities as required by applicable law (including the Office of the Privacy Commissioner of Canada for Canadian users). • Provide information about what data was affected and steps you can take to protect yourself. We maintain incident response procedures and regularly review our security practices to prevent breaches.

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at: Froz Email: support@froz-app.com Canadian Users: You may also file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca. Quebec Users: You may contact the Commission d'accès à l'information du Québec at www.cai.gouv.qc.ca. For data protection inquiries, please include "Privacy" in your subject line. We will respond within 30 days.