Home English Español

Privacy Policy

Effective date: May 7, 2026 · Last updated: June 14, 2026

This Privacy Policy describes how Brydge Holdings LLC ("Spedy," "we," "us," or "our") collects, uses, and shares information when you use the Spedy mobile application and related services (the "Service"). By using Spedy, you agree to the practices described in this policy.

1. Who we are

Spedy is a peer-to-peer marketplace operated by Brydge Holdings LLC, a Florida limited liability company. The Service connects two types of users:

• Explorers — people seeking authentic local experiences in a specific city.
• Brydgees — verified locals who offer to host or guide an experience through the app (Text, Call, or Video).

Both parties create an account, and the app facilitates discovery, real-time in-app communication, payment, and feedback for the resulting experience.

2. Information we collect

2.1 Information you provide directly

• Account information: name, email address, phone number, password (stored hashed), date of birth, country and language preference.
• Profile information: profile photo, biographical text, languages you speak, interests and categories you offer (Brydgees) or are interested in (Explorers).
• Selfie (all users): all users upload a selfie during registration. The selfie is screened automatically and reviewed by our team as a verification artifact. It is not shown to other users (unlike your profile photo).
• Government identity document (Brydgees only): photographs of a government-issued identity document (front and back), reviewed by our team — together with the selfie — to confirm the Brydgee's identity, and to check that the name on the document matches the account, before they can offer experiences.
• Criminal-record certificate (Panama Brydgees only): a Récord Policivo (criminal-record certificate issued by Panama's Dirección de Investigación Judicial). Required for Brydgees operating in Panama; reviewed by our team. Documents are stored encrypted, accessible only to authorized Spedy reviewers, and deleted when your account is deleted (within the window described in Section 5). A Récord Policivo is valid for 90 days from issuance per Panamanian government practice; once it expires, the Brydgee cannot offer experiences until it is renewed.
• Image moderation: profile photos and selfies are automatically screened by Google Cloud Vision for prohibited content (sexual content, nudity, graphic violence) before being saved. Images flagged as containing prohibited content are rejected at upload time. Image moderation is a safety feature; results are not used for any other purpose.
• Payment and payout details: billing addresses and tokenized payment methods. Card numbers and bank account numbers are never stored on Spedy's servers — they are handled directly by our payment processors (Stripe and PayPal). Spedy receives only a tokenized reference to those instruments.
• Communications you send through Spedy: chat messages, image attachments sent in chat, reviews, ratings, and any support requests. In-app chat messages and their attachments are stored in Google Cloud Firestore (see Section 4.2) so they sync across your devices and remain available for the safety and dispute purposes described in this policy.
• User-reported content: reports you submit about other users, safety incidents, or content you flag.

2.2 Information collected automatically

• Location: with your permission, Spedy collects your approximate (city-level) location to match Explorers with nearby Brydgees, and your precise location at the moment an experience starts to associate the experience with a neighborhood. Location is requested only when needed and you can revoke permission at any time in your device settings.
• Device information: device model, operating system version, language, timezone, and a device-specific identifier used for push notifications and security.
• Usage information: features you interact with, screens you visit, errors that occur, and approximate timing of those events. We use this to diagnose bugs and improve the app.
• Network information: IP address, which is used for general security (rate limiting, fraud detection) and country-level localization. We do not use IP for precise location tracking.
• Cookies and similar technologies: our admin-portal web pages use session cookies for authentication. The mobile app does not use cookies.

2.3 Information from third parties

• Payment processors: Stripe and PayPal report transaction status, refund status, and (for Brydgee payouts) the verification state of the connected account.
• Push notification services: Apple Push Notification Service (APNs) and Firebase Cloud Messaging (FCM) provide device tokens used to deliver notifications to your device.

2.4 Face detection & photo screening (not facial recognition)

When you upload your registration selfie or profile photo, Spedy runs automated face detection on the image. This processing is used solely to (a) confirm the image contains exactly one human face, (b) screen the image for prohibited content (for example, adult or violent material), and (c) help position and crop your profile photo. It answers simple questions — "is there a face?", "how many?", "is the content allowed?" — and nothing more.

• No facial recognition. Spedy does not perform facial recognition. We do not match your face against any database, against your government ID, or against any other photo, and we do not attempt to identify you from your face.
• No faceprint or template. Our face detection does not create, derive, or store a faceprint, a face-geometry template, facial landmarks, or any other mathematical representation of your face. The automated tools we use are detection and content-moderation tools and are not capable of facial recognition. Because we do not generate or retain any such identifier, the selfie is retained as an ordinary verification photo and is not a "biometric identifier" or "biometric information" under laws such as the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI), or Washington's biometric-privacy law.
• What we keep. From this processing we retain only a simple integer face-count result and the selfie photo itself, which a member of our team may review as a verification artifact. Retention of the photo is described in Section 5.
• No sale or disclosure. We do not sell, lease, trade, or otherwise profit from your photo, and we do not disclose it to third parties except to the processor that performs the automated detection and content-moderation on our behalf, or where disclosure is required by law or to respond to a valid legal process.

2.5 Sensitive personal information

Some of the information above is treated as "sensitive personal information" under laws such as the California Privacy Rights Act (CPRA). This includes your date of birth, precise (point-in-time) and approximate location, government-issued identity document (where you provide one), and your selfie / profile verification photo. (As explained in Section 2.4, we do not derive or store any biometric identifier from your photo.) We collect and use sensitive personal information only for the purposes described in this policy — identity verification, age verification, safety screening, matching, fraud prevention, and operating the Service — and not to infer characteristics about you. We do not use or disclose sensitive personal information for purposes that would require offering you a right to limit its use under the CPRA.

3. How we use information

We use the information described above to:

• Operate and maintain the Service — accounts, matching, communications, payments, payouts, reviews.
• Verify Brydgee identity before allowing them to offer experiences.
• Process payments to Spedy and payouts to Brydgees.
• Send transactional notifications (experience requests, accepts, completions, refund confirmations, etc.) and important Service updates.
• Provide customer support and respond to your requests.
• Detect, prevent, and address fraud, abuse, security issues, and policy violations.
• Safety screening: at signup and during account review, we screen users against publicly-available U.S. and international government sanction lists (OFAC, UN, UK, and others we may add) and the U.S. sex-offender registry (NSOPW). We also apply fraud-and-integrity checks, such as blocking disposable email addresses, verifying that the name on a Brydgee's identity document matches their account, and flagging profile photos that appear repeatedly elsewhere online (a possible stolen or stock image). This screening uses public-record and uploaded information only and is conducted to protect platform safety. Matches are reviewed manually by our team.
• Diagnose bugs, monitor performance, and improve the Service.
• Comply with legal obligations (tax reporting, court orders, regulatory requests).

3A. Legal bases & automated screening

3A.1 Legal bases for processing (GDPR & Panama Law 81)

If you are in the European Economic Area, the United Kingdom, Switzerland, or Panama, we process your personal information on the following legal bases:

• Performance of a contract — to create your account, match you, facilitate communication, and process payments and payouts (our Terms of Service).
• Legitimate interests — to keep the platform safe and fraud-free, screen users, secure our systems, diagnose bugs, and improve the Service, balanced against your rights.
• Legal obligation — to comply with tax, sanctions, child-safety reporting, and other laws that apply to us.
• Consent — for processing that depends on your permission, such as device location. You may withdraw consent at any time, without affecting processing carried out before withdrawal.

3A.2 Automated screening & human review

To protect platform safety, Spedy uses automated processes to screen users against government sanctions lists (OFAC, UN, UK, and others we may add) and the U.S. sex-offender registry (NSOPW), and to moderate uploaded images. These automated screens may flag an account for review. A flag does not by itself permanently restrict or terminate your account. Where a screen results in a potential restriction or termination, a member of our team reviews the result before any permanent decision is taken, so that you are not subject to a decision producing legal or similarly significant effects based solely on automated processing within the meaning of Article 22 of the GDPR and equivalent provisions of Panama's Law 81. If you believe a screening result about you is inaccurate, you may contest it and request human re-review by emailing privacy@spedyapp.com. Because these screens rely on third-party public-record data matched to the name you provide, they may produce false matches or miss records; see the accuracy disclaimer in our Terms of Service.

4. How we share information

4.1 With other Spedy users

To facilitate the experience marketplace, certain information is visible to other users:

• Your first name, profile photo, languages, interests, and approximate area are visible to potential matches.
• Your first name becomes visible to a specific match once an experience request is placed (so they know who they are connecting with).
• Reviews and ratings you write or receive are visible on the relevant Brydgee's or Explorer's profile.

On public search and the map, only your first name and approximate area are shown to other users. When you are matched with someone in a confirmed experience, the app shows them your first name so you can connect. We do not expose your email address, exact home address, phone number, date of birth, or payment details to other users.

4.2 With service providers

We share specific data with carefully selected third-party processors who help us run the Service. Each receives only the data they need:

• Amazon Web Services (AWS) — server hosting and database storage.
• Google Firebase — authentication, push notification delivery (FCM), crash reporting (Crashlytics), basic analytics, and real-time storage of your in-app chat messages and image attachments in Cloud Firestore so that conversations sync across devices and can be retrieved for the safety and dispute purposes described in this policy.
• Apple Push Notification Service (APNs) — push notification delivery on iOS.
• Stripe — payment processing for Explorers and payouts to Brydgees who choose Stripe Connect.
• PayPal — payment processing for Explorers and payouts to Brydgees who choose PayPal.
• Agora.io — real-time voice and video call infrastructure. Audio and video streams are routed through Agora's network during a call but are not recorded or persisted by Spedy or by Agora.
• Google Maps — map tile rendering and on-device geocoding on the mobile map.
• OpenStreetMap / Nominatim — server-side reverse-geocoding of coordinates into a place name (for example, city, region, or country) for location and service-area features.
• Google Cloud Vision — automated screening of uploaded profile photos, selfies, and chat-image attachments for prohibited content (sexual content, nudity, graphic violence), and web-detection screening of profile photos to flag images that appear repeatedly elsewhere online (a possible stolen or stock image). Images are processed in real time at upload and not retained by Google Cloud Vision after processing.
• Google Cloud Translation — automated translation of user-supplied text (chat messages, profile content) when displaying content to users in different languages. Text is sent to Google for translation in real time and not retained by Google after processing.
• SendGrid — transactional email delivery (verification, password reset, support).
• Sentry (Functional Software, Inc.) — application error monitoring and diagnostics. Sentry receives technical error and crash data and limited surrounding context to help us identify and fix bugs. We configure Sentry to scrub personal information from error reports where feasible; it is not used to track you or for advertising.

4.3 For legal reasons

We may disclose information when we believe in good faith that disclosure is necessary to (a) comply with applicable law or a valid legal process; (b) protect the rights, property, or safety of Spedy, our users, or the public; (c) detect, prevent, or address fraud or security issues; or (d) enforce our Terms of Service.

Specifically, Spedy reports child sexual abuse material (CSAM) and suspected predatory conduct involving minors to the National Center for Missing and Exploited Children (NCMEC) as required by 18 U.S.C. § 2258A. Suspected human trafficking is reported to the National Human Trafficking Hotline. By using Spedy, you consent to such disclosures where Spedy reasonably believes they are appropriate or required.

4.4 In a business transfer

If Brydge Holdings LLC is involved in a merger, acquisition, or sale of all or part of our assets, your information may be transferred as part of that transaction. We will notify you (via email or a prominent in-app notice) of any change in ownership or any new use of your information.

4.5 We do not sell or share your personal information

Spedy does not sell your personal information, and does not share it for cross-context behavioral advertising, as those terms are defined under the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA). We have not sold or shared personal information for such purposes in the preceding twelve (12) months, and we do not sell or share the sensitive personal information described in Section 2.5. We disclose personal information only to the service providers listed in Section 4.2 (who are contractually limited to processing it on our behalf), for the legal reasons in Section 4.3, and in a business transfer under Section 4.4.

If you are a California resident, you have the right to know what personal information we collect, to access and delete it, to correct inaccuracies, and to be free from discrimination for exercising these rights. Because we do not sell or share personal information and do not use sensitive personal information for non-exempt purposes, no "Do Not Sell or Share My Personal Information" opt-out or "Limit the Use of My Sensitive Personal Information" link is required; you may still submit any request, including through an authorized agent, as described in Section 6.

5. Data retention

• Account data — retained while your account is active. When you request deletion, your account enters a 30-day grace period during which you can cancel the request by restoring your account (for your security, we email you a verification code to confirm). After the 30-day grace period expires, account data is permanently deleted, except for records retained up to two years to comply with tax and dispute resolution obligations. Identity verification documents (your government ID and, for Panama Brydgees, the Récord Policivo) are deleted within 90 days of account deletion.
• Chat messages — retained for approximately 30 days after an experience ends to support refund disputes and safety investigations, then deleted (longer where a legal hold or open investigation applies).
• Selfie / verification photo — your registration selfie (Section 2.4) is retained as a verification artifact for as long as your account is active and as needed for fraud-prevention and legal purposes, and is then deleted (and in any event deleted within 90 days of account deletion, as described above). We do not derive or store any face-geometry template or biometric identifier from it.
• Transaction records — retained for seven years as required by U.S. tax law.
• Diagnostic logs — retained for 30 days, then automatically purged. Crash reports are retained by our diagnostics providers (Sentry and Firebase Crashlytics) under their own retention schedules.

6. Your rights

Depending on where you live, you may have the right to:

• Access a copy of the personal information we hold about you.
• Correct inaccurate or incomplete information (most fields can be updated directly in the app's profile screen).
• Delete your account and the associated personal information. Deletion requests enter a 30-day grace period — you can cancel by restoring your account within that window (we email you a verification code to confirm). After the grace period expires, data is permanently deleted subject to retention obligations described above.
• Export a portable copy of the information you provided to Spedy.
• Object to or restrict certain processing.
• Withdraw consent previously given (for example, by revoking location or notification permissions in your device settings).

To exercise these rights, email privacy@spedyapp.com or use the in-app account-deletion option (Profile → Delete or Deactivate Account). California residents have additional rights under the California Consumer Privacy Act (CCPA); residents of the European Economic Area, the United Kingdom, and Switzerland have rights under the GDPR. We respond to verified requests within the timeframe required by applicable law (generally 30 to 45 days), and may extend that period where permitted for complex or numerous requests, with notice to you.

7. Minors

Spedy is not directed at minors under 18 and we do not knowingly collect personal information from minors under 18. Account creation requires entry and server-side enforcement of an 18+ minimum-age requirement based on date of birth. If we become aware that we have inadvertently collected information from a minor, we will delete it. Parents or guardians who believe a minor has registered may contact support@spedyapp.com.

8. Data security

We use industry-standard safeguards to protect your information, including TLS encryption in transit, encryption at rest for sensitive fields, hashed passwords, scoped access controls, and an audit trail for administrative actions. However, no method of transmission or storage is 100% secure; we cannot guarantee absolute security.

9. International data transfers

Spedy is operated from the United States. By using the Service, you understand that your information may be transferred to, processed in, and stored in the United States, where data protection laws may differ from those of your country. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for international transfers.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, if the changes are material, notify you via the app or email. Continued use of the Service after a change indicates acceptance of the updated policy.

11. Contact us

Questions or requests about this policy can be sent to:

Brydge Holdings LLC
Email: support@spedyapp.com
Legal: legal@spedyapp.com
DMCA: dmca@spedyapp.com
Address: 14900 Southwest 30th Street, No. 278552, Miramar, FL 33027