I’m In Get the App

Privacy

Privacy Policy

How CL Apps LLC collects, uses, shares, and protects your information when you use I’m In.

I’m In — Privacy Policy

Last Updated: March 20, 2026

CL Apps LLC | support@tryimin.app

This Privacy Policy describes how CL Apps LLC (“I’m In,” “we,” “us,” or “our”) collects, uses, shares, and protects your personal information when you use the I’m In mobile application and related services (the “Service”). It also explains your rights and choices regarding your data.

By using the Service, you agree to the practices described in this Policy. If you do not agree, please do not use the Service.

Questions or concerns? Contact us at support@tryimin.app.

1. Who We Are and How to Contact Us

Data Controller / Operator:

  • Company: CL Apps LLC
  • Address: 980 N Michigan Ave Ste 1090 #445263, Chicago, Illinois 60611, USA
  • Email: support@tryimin.app

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, CL Apps LLC acts as the data controller responsible for your personal data.

2. Information We Collect

We collect information you provide directly, information generated by your use of the Service, and limited information from third-party sources.

2.1 Information You Provide

  • Account & Authentication: Email address and/or phone number used to create or access your account; email and SMS one-time codes; verification and authentication/session metadata.
  • Profile: Name, handle, and avatar/profile image you choose to upload.
  • Phone Number: If added during onboarding or in settings, stored as private account data; used for SMS OTP sign-in and (in hashed form) for optional contacts matching.
  • Social Data: Friend relationships and requests, circles, thread memberships, and related social state.
  • User Content: Chat messages and related metadata (sender, thread, timestamps).
  • Plan Data: Plan submissions and choices (What/Vibe/Distance), optional approximate area text (neighborhood/city/ZIP), optional notes, and votes/picks.
  • Status & Audience Settings: In/Out state, optional expiry time, and visibility settings.
  • Safety Data: Block relationships and user reports (thread/message/user, reason, details you provide).
  • Notification Preferences: In-app notification records, read/unread state, and timestamps.
  • Contacts (Optional & Opt-In Only): If you grant permission, the app reads contact phone numbers/emails, hashes them on-device, and uploads only the hashes for friend matching. We never upload raw contact names, phone numbers, or email addresses.

2.2 Information Generated Automatically

  • Diagnostics & Logs: Basic operational logs and diagnostics required to run, secure, and debug the Service (e.g., crash reports, error logs, performance data).
  • Usage Information: Interaction patterns with features (e.g., which plans you view), session duration, and feature engagement — used in aggregated or anonymized form only.
  • Device & Technical Data: Device type, operating system version, app version, and general network type, where needed for technical support and compatibility.

2.3 Information from Third Parties

  • Google Maps / Places API: When you provide an approximate location for plan suggestions, we may query Google Maps Platform (Places API) with that location string and category queries (e.g., “pizza restaurant”) to retrieve venue candidate data (business names, ratings). See Section 5 for details.
  • Authentication Providers: If we add social sign-in options in future, we will update this Policy accordingly.

3. Legal Bases for Processing (EEA, UK, and Switzerland)

If you are located in the EEA, UK, or Switzerland, we rely on the following legal bases under the General Data Protection Regulation (GDPR) or equivalent legislation:

  • Contract Performance (Art. 6(1)(b) GDPR): Processing necessary to provide the Service — account creation, authentication, content delivery, chat, planning features, and notifications.
  • Legitimate Interests (Art. 6(1)(f) GDPR): Security, fraud prevention, debugging, service reliability, and aggregated analytics. We balance these against your rights and interests.
  • Legal Obligation (Art. 6(1)(c) GDPR): Complying with applicable laws and responding to lawful government requests.
  • Consent (Art. 6(1)(a) GDPR): Contacts matching (opt-in), optional profile data, and any future processing for which we seek your explicit agreement. You may withdraw consent at any time without affecting the lawfulness of prior processing.

4. How We Use Your Information

  • Provide and improve core app functionality: accounts, authentication, profile, status sharing, chat, circles, friends, and planning.
  • Send and verify one-time passcodes for email and phone authentication.
  • Run contacts-based friend matching when you opt in.
  • Generate plan recommendation content (see Section 5 on AI Processing).
  • Deliver and manage in-app notifications and notification preferences.
  • Maintain security, prevent fraud and abuse, investigate misuse, and enforce safety/reporting/blocking tools.
  • Maintain reliability, performance, and service operations.
  • Comply with legal obligations and enforce our Terms of Service.
  • Communicate with you about service updates, support responses, and, where permitted, relevant product information.

We do not use your information for automated decision-making or profiling that produces legal or similarly significant effects.

5. AI Processing and Third-Party Service Integrations

5.1 AI-Powered Plan Recommendations (OpenAI)

To generate Plan recommendations, we send sanitized, aggregated session data to OpenAI — not raw per-user plan submission rows. This aggregate data may include:

  • Participant and submission counts
  • Counts of What/Vibe/Distance selections
  • Counts of approximate location hints
  • Counts of anonymized note tags derived from notes (not the raw note text)

We do not send raw per-user plan submissions, names, handles, or identifying information to OpenAI for recommendation generation. OpenAI’s processing is subject to OpenAI’s Privacy Policy and Terms of Service.

5.2 Google Maps / Places API

When you provide an approximate location for plan suggestions, we may use Google Maps Platform (Places API) to look up venue candidates. This involves:

  • Sending an approximate location string (e.g., neighborhood, city, or ZIP) and category-style queries (e.g., “pizza restaurant”) to Google.
  • Receiving place results such as business names and ratings metadata used to build plan recommendations.

When we display Places-derived venue data in-app, we include Google Maps attribution. Google’s processing is governed by the Google Privacy Policy and Google Maps Platform Terms.

5.3 Authentication & Infrastructure (Supabase / Twilio)

  • Supabase: Provides authentication, database, storage, and serverless functions. Your account and content data is stored on Supabase infrastructure.
  • Twilio: Powers SMS delivery and phone number verification (OTP) through Supabase Auth.

These vendors act as data processors on our behalf and are contractually required to protect your data.

6. How We Share Your Information

We do not sell your personal information. We share data only as follows:

  • Service Providers / Processors: Supabase (infrastructure), Twilio (SMS), OpenAI (AI recommendations), Google (Maps/Places API). Each is subject to appropriate data processing agreements.
  • Other Users: Information you choose to share within the app (e.g., your handle, status, plan participation) is visible to other users according to your visibility and audience settings.
  • Legal Requirements: We may disclose data if required by law, regulation, or a valid legal process (e.g., court order, government request), provided we are legally permitted to notify you.
  • Protection of Rights: To enforce our Terms of Service, protect the safety of users, or prevent fraud or abuse.
  • Business Transfers: In connection with a merger, acquisition, or sale of all or substantially all of our assets, subject to the receiving party maintaining the same level of data protection. We will notify you before your data is transferred and becomes subject to a different privacy policy.

7. International Data Transfers

CL Apps LLC is based in the United States. If you access the Service from outside the US, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

For transfers from the EEA, UK, or Switzerland to countries not recognized as providing adequate protection, we rely on appropriate safeguards such as the EU Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, or equivalent mechanisms. You may request a copy of the relevant safeguards by contacting us at support@tryimin.app.

For users in other jurisdictions, we take reasonable steps to ensure your data is protected in accordance with this Policy wherever it is processed.

8. Data Retention

  • Account, profile, social, chat, and notification data is retained while your account is active.
  • Plan sessions are designed for a short lifecycle (active session windows of approximately 24 hours) and may be archived or deleted thereafter.
  • Hashed contact data used for matching is retained only as long as needed to support matching and is deleted when you opt out or delete your account.
  • Safety and abuse-related records may be retained longer when needed for trust and safety, legal compliance, or security purposes.
  • Upon account deletion, we will delete or anonymize your personal data within 30 days, except where a longer retention period is required by law or legitimate business necessity (e.g., fraud prevention, legal holds). Residual copies in backups and disaster recovery systems may take additional time to expire.

9. Your Rights and Choices

9.1 Rights Available to All Users

  • Update your profile inside the app.
  • Update, verify, or remove your phone number via Profile → Account.
  • Control handle discoverability and privacy settings inside the app.
  • Opt in or out of contacts matching and manage the Contacts permission via iOS Settings.
  • Manage notification preferences in-app and via iOS system notification settings.
  • Delete your account via Profile → Delete Account.

9.2 Additional Rights for EEA, UK, and Switzerland Users (GDPR)

  • Right of Access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to Erasure (Art. 17): Request deletion of your data where it is no longer necessary or you withdraw consent.
  • Right to Restriction (Art. 18): Request that we restrict processing in certain circumstances.
  • Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Right to Object (Art. 21): Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw at any time without affecting prior processing.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority (e.g., in the EU, the supervisory authority in your Member State; in the UK, the Information Commissioner’s Office (ICO)).

9.3 Rights for California Residents (CCPA / CPRA)

California residents have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, disclose, and sell (we do not sell personal information).
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising.
  • Right to Limit Use of Sensitive Personal Information: Where applicable.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights.

9.4 Rights for Other Jurisdictions

Users in Australia (Privacy Act 1988), Canada (PIPEDA/provincial laws), Brazil (LGPD), Japan (APPI), South Korea (PIPA), and other jurisdictions with applicable privacy laws may also have rights to access, correct, or delete their personal data in accordance with local law. We will handle such requests consistently with applicable requirements.

9.5 How to Submit a Request

To exercise any of the above rights, contact us at support@tryimin.app with the subject line “Privacy Rights Request.” We may verify your identity before completing your request. We will respond within the timeframe required by applicable law (generally 30–45 days, with possible extensions where permitted).

10. Children’s Privacy

The Service is intended for users aged 18 and older. We do not knowingly collect personal information from anyone under the age of 18. If you believe a minor has provided us with personal information, please contact us at support@tryimin.app and we will take prompt steps to delete that information.

For users in the EEA, UK, or other jurisdictions with heightened protections for minors, we do not knowingly process personal data of individuals below the applicable age of digital consent.

11. Tracking, Advertising, and Sale of Data

  • We do not sell your personal information to third parties.
  • We do not use third-party cross-app or cross-site tracking for advertising purposes.
  • We do not display third-party advertisements within the Service.
  • We may use aggregated, anonymized analytics data to understand usage patterns and improve the Service.

Apple’s App Tracking Transparency (ATT) framework: We do not use Apple’s IDFA or engage in tracking as defined under ATT. If this changes in a future version, we will update this Policy and seek your permission through the ATT prompt.

12. Security

We implement reasonable technical and organizational security measures designed to protect your personal data against unauthorized access, loss, alteration, or disclosure. These include encryption of data in transit (TLS), secure credential storage, and access controls.

No system is perfectly secure. We cannot guarantee the absolute security of your information. In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify affected users and relevant authorities as required by applicable law.

13. Third-Party Links and Services

The Service may reference or link to third-party websites or services (e.g., Google Maps). This Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access through the Service.

14. Changes to This Policy

We may update this Policy from time to time. When we make material changes, we will notify you within the app and/or by email before the changes take effect, and we will revise the “Last Updated” date at the top of this Policy. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

For material changes affecting how we use data previously collected, we will seek your consent where required by applicable law.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

  • Company: CL Apps LLC
  • Email: support@tryimin.app
  • Address: 980 N Michigan Ave Ste 1090 #445263, Chicago, Illinois 60611, USA

For EEA/UK users exercising GDPR rights or filing complaints, you may also contact your local supervisory authority. A list of EU supervisory authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

© 2026 CL Apps LLC. All rights reserved.