Rangley Privacy Policy

Effective: September 10, 2025

Who we are. Rangley is offered by Mr. Fox, LLC (“we,” “us,” “our”). Mailing address: 3400 Bloomingdale Ave Melrose Park, IL 60160. This Policy covers the Rangley iOS app and any related websites or services we operate (the “Services”).
For EU/UK users, Mr. Fox, LLC is the data controller. If we appoint a Data Protection Officer or EU/UK representative, we will add their details here.

What’s a “meet”? In Rangley, a meet is a location-based activity users can create and join (e.g., tennis, group outing, local event).

Information we collect

You provide

  • Account & profile: Amazon Cognito ID (cognito_sub); internal user ID; username/handle; display name; first/last name (optional); date of birth (age checks); email; phone in E.164 format (at least one of email or phone is required).

  • Meet participation: meets you create/join; participant status (invited/joined/left); join/leave timestamps.

  • Meet/content metadata: meet IDs; change-history (“change stamps”); coordinates and optional region of meets you create; category/subcategory; status/capacity; icons/features.

  • Notifications: what we sent you; delivery; whether opened.

  • Record UUIDs & timestamps for audit and security.

Collected automatically (app/servers)

  • Device & usage data: IP address, device/OS, app version, in-app events, diagnostics, and logs (to secure, debug, and improve the Services).

  • Precise device location (optional): only if you grant permission. Used to show nearby meets and related features. You can disable/location-limit in system settings; core functionality (e.g., browsing by map/region) remains available.

From others

  • Service providers (e.g., authentication, messaging) and other users (e.g., if you’re invited/tagged in a meet).

How we use information

  • Provide, maintain, and secure your account and the Services.

  • Authenticate (sign-up/sign-in/MFA), prevent fraud/abuse, and protect safety.

  • Enable discovery, creation, joining, and management of meets.

  • Send service and meet-related notifications (with delivery/open tracking).

  • Debug, analyze, and improve performance and reliability.

  • Comply with law and enforce terms.

Sharing of information

We share personal information with service providers under contracts that limit their use to our instructions, including:

  • Hosting/infra & logs: Amazon Web Services (ECS/ECR, RDS Postgres, CloudWatch).

  • Authentication: Amazon Cognito.

  • Messaging: Amazon SNS (SMS via phone pool), Amazon SES (email).

  • Professional/other: advisors, auditors, or authorities when legally required.

We may disclose information if necessary to comply with law, respond to legal requests, or protect rights, safety, and the Services.

We do not sell personal information. We do not “share” personal information for cross-context behavioral advertising. If this changes, we will provide required notices and opt-outs.

Legal bases (EU/UK)

We process personal data when necessary to perform our contract with you (provide the app), for our legitimate interests (security, fraud prevention, improvement), with your consent (e.g., precise location; certain notifications/marketing), and to comply with legal obligations. You may withdraw consent at any time in device/app settings or by contacting us.

Retention

We keep data only as long as needed for the purposes above, then delete or de-identify it.

  • Account & audit records (IDs, change stamps, security logs): for the life of the account and up to 24 monthsafter deletion for security/compliance.

  • Meet records & participation history: while the meet is active and for up to 24 months after for audit/safety.

  • Notification delivery/open logs: up to 13 months.

  • Diagnostics/telemetry: typically 12–24 months.

(Operational constraints or legal requirements may extend these periods; we minimize where feasible.)

Your rights

U.S. state privacy rights (e.g., CA/CO/CT/VA and similar)

You have the right to access, delete, correct, or obtain a portable copy of your data. Account deletion can be done directly within the Rangley app (Hamburger Menu → Account Settings → Delete Account), which permanently removes your account and associated data. We verify requests (for example, by confirming your signed-in account or using contact verification) and respond within 45 days, with a possible 45-day extension where permitted by law. You may designate an authorized agent to act on your behalf where applicable. If we deny your request, you may submit an appeal by replying with “Appeal,” and we will review and respond within the legally required timeframe.

EU/UK rights

You may request access, rectification, erasure, restriction, objection, and portability, and you can complain to your supervisory authority. Where we rely on consent, you can withdraw it at any time.

International transfers

We primarily process in the United States (AWS us-east-2). When personal data is transferred internationally, we use appropriate safeguards such as Standard Contractual Clauses and technical/organizational measures.

Security

We use administrative, technical, and physical safeguards appropriate to our Services, including encryption in transit and at rest, access controls, and monitoring. No method of transmission or storage is 100% secure.

Children’s Privacy (COPPA)

Rangley is not intended for children under 13. We do not knowingly collect, use, or disclose personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete it promptly and take steps to close the account. A parent who believes their child has used Rangley may contact us at rangley-support@mrfoxco.com to review, delete, or stop further collection of the child’s information.

For clarity, “personal information” can include: name, contact details, usernames, phone numbers, government IDs, persistent identifiers (e.g., cookies, device IDs, IP address), photos/voice, precise location, biometrics, and any information combined with those identifiers.

If we ever offer features directed to children, we will first provide clear notice and obtain verifiable parental consent before any collection, use, or disclosure of a child’s personal information; allow parents to review/delete such information; limit data to what is reasonably necessary; maintain reasonable security; and follow a written retention/deletion policy that removes children’s data when no longer needed. https://www.ecfr.gov/current/title-16/chapter-I/subchapter-C/part-312

Changes to this Policy

We will update this Policy as needed and post a new effective date. For material changes, we will provide additional notice (e.g., in-app).

California “Notice at Collection”

  • Categories collected: identifiers (handle, email, phone, device/IP), age/DOB, internet/app activity, precise geolocation (if you allow), user-generated meet content/metadata, and diagnostics.

  • Purposes: account/authentication, meet functionality, security/fraud prevention, debugging/analytics, compliance.

  • Retention: as described above (only as long as needed for the stated purposes).

  • Sale/Share: We do not sell or share personal information.

  • Rights: access, delete, correct, portability; opt-out where applicable; non-discrimination. See “Your rights” above to exercise rights.

Contact us

Email: rangley-support@mrfoxco.com
Mailing address: 3400 Bloomingdale Ave Melrose Park, IL 60160