Privacy Policy

Last Updated: February 18, 2026

Four Leaf LLC (“we,” “us,” “our,” or “Company”) takes your privacy seriously. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our mobile application and website, Intro (collectively, the “Service”).

1. Information We Collect

1.1 Account Information

  • Name, email address, and password when you create an account
  • Profile photo
  • Organization name
  • Authentication data from third-party sign-in providers (Apple Sign-In, Google OAuth) if you choose to use them

1.2 Contact Information

  • Names, email addresses, phone numbers, and profile images from your device contacts (with your permission)
  • Contact data imported from your Google account via the Google People API (if you choose to connect your Google account)
  • Contacts you create or edit manually within the Service
  • Connection history and introduction data

1.3 Usage Information

  • Introduction requests, responses, and status changes
  • In-app messages and shared contact cards
  • Feature usage patterns and preferences
  • Time and frequency of app usage
  • Signup attribution data, including how you discovered the Service (e.g., referral, ad campaign, organic) and the platform and method used to sign up

1.4 Device and Technical Information

  • Device type, model, and operating system version
  • App version and build number
  • Push notification tokens
  • IP address (used to derive approximate geographic location; we do not collect precise GPS location)

1.5 Activity Logs

We maintain logs of actions taken within the Service (such as creating connections, sending messages, and syncing contacts) as well as API request logs that include IP address, user-agent, request path, and timestamps. These logs are used for security, debugging, and service improvement.

2. How We Use Your Information

2.1 Core Service Functionality

  • Facilitate introductions between your contacts
  • Enable in-app messaging and contact sharing
  • Manage introduction requests and responses
  • Maintain your connection history

2.2 Service Improvement

  • Analyze app performance and usage patterns
  • Identify and fix technical issues via crash reporting
  • Develop new features and improvements
  • Track signup and engagement funnels to improve the user experience

2.3 Communications

  • Send introduction notifications via push notification, email, and SMS
  • Deliver in-app message notifications
  • Provide service updates and announcements via email
  • Respond to your support inquiries
  • Send security alerts and account verification codes

3. How We Share Your Information

3.1 Shared With Other Users

  • Contact information shared during introductions
  • Profile information visible to connected users
  • Introduction messages and responses
  • Connection status

3.2 Service Providers

We share information with the following categories of service providers, who process data on our behalf under contractual obligations:

  • Cloud infrastructure and storage: Amazon Web Services (AWS), including S3 for file storage, SQS for task processing, and Lambda for serverless computing
  • Email delivery: Mailgun for transactional emails (introduction notifications, password resets, verification codes) and Mailchimp for email marketing communications
  • SMS delivery: Twilio for sending introduction notifications and verification codes via text message
  • Push notifications: Expo Push Notification Service and Firebase Cloud Messaging for delivering push notifications to your device
  • Analytics: Google Analytics (Firebase Analytics) for understanding how users interact with the Service, including cross-device usage tracking via user IDs. We do not collect advertising identifiers (AAID/IDFA)
  • Error monitoring: Sentry for crash reporting, error tracking, and performance monitoring. Sentry may receive device information, error details, stack traces, and user context when errors occur
  • Authentication: Apple and Google for third-party sign-in services
  • Contact syncing: Google People API for importing contacts from your Google account (only when you explicitly connect your Google account)

3.3 Legal Requirements

We may share information:

  • In response to legal requests or court orders
  • To protect our rights and property
  • To prevent fraud or abuse
  • To comply with applicable laws

3.4 Business Transfers

If Four Leaf LLC is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

4. Data Security

4.1 Security Measures

  • Industry-standard encryption for data transmission (HTTPS/TLS)
  • Passwords are hashed and never stored in plain text
  • Authentication tokens stored in secure device storage on mobile
  • Access controls and session-based authentication
  • Credential management via AWS Secrets Manager

4.2 Data Retention

  • We retain your data while your account is active
  • Deleted account data is removed within 30 days
  • Backup data is retained for up to 90 days
  • Some data may be retained for legal compliance

5. Your Privacy Rights and Controls

5.1 Account Settings

You can:

  • Edit your profile information and photo
  • Add, remove, and verify your email addresses and phone numbers
  • Manage your email notification preferences, including unsubscribing from marketing emails
  • Grant or revoke device contact access through your device settings
  • Connect or disconnect your Google account for contact syncing
  • Delete your account entirely from within the Service

5.2 Data Access Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate information
  • Request data deletion
  • Request a copy of your data by contacting us at support@introapp.com

5.3 Contact Permissions

  • Device contact access is all-or-nothing based on your device permissions; you can revoke access at any time through your device settings
  • You can remove individual synced contacts from within the Service
  • Google contact syncing requires explicit authorization and can be disconnected at any time

6. International Data Transfers

6.1 Data Storage Location

  • Primary data storage in the United States (AWS)
  • Backup servers in secure locations
  • Service providers in various jurisdictions

6.2 Transfer Safeguards

  • Standard contractual clauses
  • Data processing agreements with service providers
  • EU-US Data Privacy Framework where applicable
  • Appropriate security measures for all cross-border transfers

7. Children's Privacy

  • The Service is not intended for users under 18
  • We do not knowingly collect data from minors
  • If we learn that we have collected personal information from a user under 18, we will take steps to delete that information promptly
  • Parents or guardians who believe their child has provided us with personal information can contact us at support@introapp.com to request deletion

8. Changes to This Policy

  • We may update this policy periodically
  • Material changes will be notified in-app or via email
  • Continued use after changes indicates acceptance
  • Previous versions will be archived and available upon request

9. Contact Us

For privacy-related questions or concerns:

10. Specific Regional Rights

10.1 European Users (GDPR)

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data (“right to be forgotten”)
  • Restrict processing
  • Data portability
  • Object to processing
  • Lodge complaints with supervisory authorities

10.2 California Users (CCPA)

You have the right to:

  • Know what personal information is collected
  • Know if personal information is sold or disclosed (we do not sell personal information)
  • Say no to the sale of personal information
  • Access your personal information
  • Equal service and price (non-discrimination)

11. Data Processing Basis

We process your data based on:

  • Your consent — for example, when you grant access to your device contacts or connect your Google account
  • Contract performance — to provide the core introduction and messaging services you signed up for
  • Legal obligations — to comply with applicable laws and regulations
  • Legitimate interests — for security, fraud prevention, service improvement, and analytics, where these interests are not overridden by your rights

12. Analytics, Crash Reporting, and Tracking

12.1 Analytics

We use Google Analytics (Firebase Analytics) to understand how users interact with the Service. This includes tracking events such as sign-ups, introductions created, messages sent, and screen views. We associate analytics data with your user ID for cross-device tracking. We do not collect advertising identifiers (AAID/IDFA).

12.2 Crash Reporting

We use Sentry to monitor errors and application performance. When a crash or error occurs, Sentry may collect device information, operating system details, error messages, stack traces, and limited user context to help us diagnose and fix issues.

12.3 Cookies

Our website uses cookies for authentication and session management. Third-party analytics services may also set cookies. You can control cookie preferences through your browser settings.

Your use of Intro, operated by Four Leaf LLC, indicates your acceptance of this Privacy Policy. Please read it carefully and contact us with any questions.