Privacy Policy

Effective Date: April 30, 2026
Last Updated: May 14, 2026

Pneuma Technologies LLC
15360 Trailside Dr
Kansas City, MO 64152
Contact: Vittles.team@pneumatechnologies.tech
Website: vittles.tech

This Privacy Policy describes how Pneuma Technologies LLC ("Pneuma," "we," "us," or "our") collects, uses, shares, and protects your personal information when you use the Vittles mobile application ("Vittles," "the App," or "the Service") available on iOS and Android.

By creating an account or using Vittles, you agree to the collection and use of your information as described in this Privacy Policy. If you do not agree, please do not use the App.

1. About Vittles

Vittles is a mobile application designed for university students and staff to share unused meal swipes. Users can request a meal swipe at a campus dining hall or offer their extra swipes to others. The App matches requesters with donors, facilitates in-person meetups at dining halls, and uses a 4-digit verification code to confirm that both parties have met in person before completing a transaction. Matched users can communicate through an in-app chat feature that is active for the duration of the swipe request. Vittles currently serves Columbia University and plans to expand to other universities.

2. Eligibility

Vittles is intended for use by university students and staff who are at least 18 years of age. We do not knowingly collect personal information from anyone under the age of 18. If you are under 18, do not create an account or use the App. If we learn that we have collected information from a person under 18, we will delete that information promptly. If you believe a user under 18 has provided us with personal information, please contact us at Vittles.team@pneumatechnologies.tech.

3. Information We Collect

We collect information in the following categories:

3.1 Registration Information

When you create an account, we collect:

  • Email address (used as your login identifier)
  • Password (hashed using bcrypt by our backend provider Supabase before storage; your password is never stored in plaintext and we cannot view it)

3.2 Onboarding Information

During the onboarding process after registration, we collect:

  • First name and last name
  • Birthday (date of birth)
  • Role (student or staff)
  • University affiliation (e.g., School of Engineering and Applied Science, Columbia College, Barnard College, and other Columbia schools)
  • Academic level (undergraduate or graduate, collected from students only)
  • Class year (collected from students only)

3.3 Profile Information

After completing onboarding, you may optionally provide:

  • Avatar photo (captured from your camera or selected from your photo gallery). Photos are compressed to 512x512 pixels in JPEG format with a maximum file size of 5 MB. Avatar photos are displayed immediately upon upload. Our administrators may review and remove photos that violate our community guidelines at any time after upload.
  • Donor availability toggle (a simple on/off setting indicating whether you are available to share meal swipes)

3.4 Device and Technical Information

We collect certain technical information from your device:

  • Push notification token (an Expo push token used to deliver notifications to your device)
  • Device information including platform (iOS or Android), operating system version, device name, and device model

3.5 Locally Stored Preferences

The following preferences are stored locally on your device using AsyncStorage and are not transmitted to our servers:

  • Theme preference (light, dark, or system)
  • Haptics preference (on or off)
  • Avatar image cache

3.6 Location Data

Vittles uses your device's GPS in the foreground only. We never collect or access your location in the background.

General use: When you grant location permission, we use balanced-accuracy GPS to calculate walking distances and sort dining halls by proximity to you.

During active swipe requests: When you have an active swipe request, we use high-precision GPS at approximately 3-second intervals to detect when you arrive within the geofence of the designated dining hall.

Important: Your GPS coordinates are processed entirely on your device. We do not transmit your GPS coordinates to our servers. The only location-related data sent to our server is a timestamp recording when you arrived at the dining hall.

You may deny location permission at any time through your device settings. If you deny permission, a manual arrival button is available as a fallback.

Our crash reporting tool (Sentry) is configured to redact location data from crash reports.

3.7 Swipe Request and Activity Data

When you use the meal swipe sharing features, we collect:

  • Swipe request details including requester and donor identifiers, the selected dining hall, timing type (on-demand or scheduled), scheduled time if applicable, social preference (make a friend, eat alone, or no preference), request status, and timestamps for creation, acceptance, arrival, and completion
  • Verification attempt data including the number of failed code entry attempts and any cooldown periods
  • User statistics including the number of completed donations and completed requests, and your donor availability status

3.8 Notification History

We store a history of notifications sent to you, including notification type, title, body text, and read status.

3.9 Analytics Data (PostHog)

We use PostHog for product analytics. PostHog receives:

  • Your user ID (a unique identifier; your email address and name are not sent to PostHog)
  • Screen views with route parameters (e.g., which screens you visit)
  • Touch interactions on designated interface elements
  • App lifecycle events (app opened, app backgrounded, etc.)
  • Feature flag evaluations
  • Custom events: user_signed_up, otp_verified, user_logged_in, onboarding_completed, swipe_request_created, swipe_request_accepted, donor_availability_toggled, user_arrived, swipe_completed, swipe_cancelled, user_signed_out

PostHog does not receive your name, email address, birthday, or other personal profile details.

3.10 Crash Reporting and Session Replay Data (Sentry)

We use Sentry for crash reporting and application monitoring. Sentry receives:

  • Crash reports including stack traces, device information, and app version
  • Your user ID for correlating crash reports (we have disabled the transmission of personally identifiable information to Sentry via the sendDefaultPii: false configuration)
  • Performance traces (sampled at 10% of sessions)
  • Session replays: Sentry records visual screen recordings of a portion of app sessions. Approximately 10% of normal sessions and 100% of sessions where an error occurs are recorded. These recordings may capture personal information that is visible on screen at the time, such as your name, the names of other users you are matched with, and dining hall information. Session replays are used exclusively for diagnosing bugs and improving the App.

3.11 Chat and Conversation Data

When you use the in-app chat feature, we collect:

  • Conversation metadata: a unique conversation identifier linked to the associated swipe request, the identifiers of both participants, the conversation status (active or closed), and timestamps for creation, closure, and expiration
  • Chat messages: a unique message identifier, conversation identifier, sender identifier, message content (up to 200 characters), whether the message is a system-generated message, whether the message has been flagged by our moderation system, and a creation timestamp
  • For messages flagged by our moderation system: the reason for flagging, moderation scores from our automated systems (stored as structured data), the moderation action taken (e.g., blocked or flagged), and the safety categories triggered

3.12 Content Moderation Data

When a chat message is blocked by our automated content moderation pipeline:

  • We store a record containing a one-way cryptographic hash (SHA-256) of the message content, the reason the message was blocked, the moderation scores assigned by our automated systems, and the safety categories triggered. We do not store the plaintext content of blocked messages.
  • Moderation counters (total blocks and total flags) are tracked in your user statistics.

3.13 Report Data

When you report another user, we collect:

  • Your user identifier (reporter), the reported user's identifier, the conversation identifier associated with the report, and a written reason for the report (up to 1,000 characters)
  • A snapshot of the most recent messages (up to 50) from the relevant conversation at the time the report is submitted
  • Report status and resolution data, including the administrator who reviewed the report and any resolution notes

3.14 Block Data

When you block another user, we store a record of the block relationship, including your user identifier and the blocked user's identifier. This data is used to enforce blocking across matching and messaging.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing and operating the Service, including matching meal swipe requesters with donors, facilitating meetups, and verifying in-person transactions
  • Authenticating your identity and maintaining your account security
  • Sending you push notifications about swipe request updates, matches, and other activity relevant to your use of the App. Push notification content may include the first name of your matched donor or requester and the name of the dining hall (for example, "John is heading to John Jay"). This content passes through our push notification provider, Expo (see Section 5).
  • Calculating walking distances and sorting dining halls by proximity using on-device location processing
  • Detecting your arrival at a dining hall during an active swipe request
  • Displaying your profile information (name, avatar, affiliation) to other users you interact with through the App
  • Analyzing usage patterns to improve the App, fix bugs, and develop new features
  • Diagnosing and resolving technical issues, crashes, and errors
  • Enforcing our terms of use, preventing abuse, and protecting the safety of our users
  • Complying with legal obligations
  • Moderating chat messages through automated content filtering and third-party AI-powered safety scoring to detect prohibited content including personally identifiable information, slurs, hate speech, profanity, sexual content, harassment, and threats of violence
  • Detecting and preventing abuse of the Service, including automated identification of users who repeatedly violate our content policies
  • Enforcing user safety measures, including applying account bans, shadow restrictions, and blocking enforcement based on moderation data and administrator review
  • Enabling administrators to investigate user reports, review message snapshots, and take appropriate enforcement action

5. Third-Party Service Providers

We share your information with the following third-party service providers who help us operate the App. These providers process your data only as necessary to perform their functions on our behalf.

5.1 Supabase Inc.

Purpose: Backend infrastructure including database, user authentication, file storage (avatar photos), real-time data synchronization, and serverless edge functions.

Data received: All user data described in Section 3 that is stored on our servers, including registration information, profile data, swipe request history, chat messages and conversations, notification history, and user statistics.

Server location: United States.

5.2 PostHog Inc.

Purpose: Product analytics to understand how users interact with the App.

Data received: User ID, screen views, touch interactions on designated elements, app lifecycle events, feature flag evaluations, and custom analytics events (see Section 3.9 for the full list). PostHog does not receive your name, email, or other personal profile details.

Server location: United States (us.i.posthog.com).

Data Processing Agreement: In place.

5.3 Sentry (Functional Software Inc.)

Purpose: Crash reporting, error tracking, performance monitoring, and session replay for diagnosing bugs.

Data received: Crash data (stack traces, device information, app version), user ID, performance traces, and visual session replay recordings (see Section 3.10). Session replays may capture personal information visible on screen.

Server location: United States.

Data Processing Agreement: In place.

5.4 Expo (650 Industries Inc.)

Purpose: Application build platform and push notification delivery.

Data received:Push notification tokens and notification payloads. Notification payloads may include personal information such as the first name of a donor or requester and the name of a dining hall (for example, a notification reading "John is heading to John Jay" includes the donor's first name). This personal information passes through Expo's push notification infrastructure to reach your device.

Server location: United States.

Data Processing Agreement: In place.

5.5 Apple Maps (iOS) and Google Maps (Android)

Purpose: Map display within the App via the react-native-maps library.

Data received:Map tile requests. If you have granted location permission, your device location may be shared with the map provider to display your position on the map. This sharing is governed by Apple's or Google's respective privacy policies.

5.6 Google Fonts

Purpose: Font delivery (Bricolage Grotesque and Plus Jakarta Sans typefaces).

Data received: Font files are bundled into the App at build time. No user data is transmitted to Google Fonts during your use of the App.

5.7 OpenAI, L.L.C.

Purpose: Automated content moderation of chat messages.

Data received:The text content of chat messages is sent to OpenAI's content moderation API (omni-moderation-latest model) for safety scoring. OpenAI returns numerical scores across safety categories (including sexual content, harassment, violence, self-harm, and content involving minors). We store the scores returned by OpenAI alongside the message record or blocked message audit record. Message content is sent to OpenAI solely for moderation purposes and is not used by OpenAI to train its models, consistent with OpenAI's API data usage policy.

Server location: United States.

6. Data We Do Not Collect

We want to be clear about information we do not collect:

  • Financial or payment information (no credit cards, bank accounts, or payment data)
  • Government-issued identification numbers (no Social Security numbers, driver's license numbers, or passport numbers)
  • Health or medical information
  • Biometric data (fingerprints, face scans, or voiceprints)
  • Background location data (we only access location while the App is in the foreground)
  • Advertising identifiers or cross-app tracking data
  • Cookies (Vittles is a mobile application and does not use cookies)
  • Data from contacts, calendars, or other apps on your device

7. Data Sharing and Disclosure

7.1 No Sale of Personal Information. We do not sell your personal information to third parties. We have never sold personal information and have no plans to do so.

7.2 No Marketing Sharing. We do not share your personal information with third parties for their marketing purposes.

7.3 Service Providers. We share data only with the third-party service providers listed in Section 5, and only to the extent necessary for them to perform their functions on our behalf.

7.4 Other Users. When you participate in a swipe request, certain information is visible to the other party involved in the transaction, including your first name, avatar photo (if approved), university affiliation, and social preference for that request.

7.5 Chat Participants. When you send a chat message, the message content is visible to the other participant in the conversation. If a conversation is associated with a user report, the message history (up to the 50 most recent messages) may be visible to our administrators during the report review process.

7.6 Content Moderation Providers.As described in Section 5.7, the text content of your chat messages is sent to OpenAI's content moderation API for automated safety scoring. This data sharing is limited to the purpose of content moderation and user safety.

7.7 Legal Requirements. We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, the safety of others, or to investigate fraud or respond to a government request.

7.8 Business Transfers. In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice in the App before your information becomes subject to a different privacy policy.

8. Data Retention

8.1 Active Accounts. We retain your personal information for as long as your account remains active and as needed to provide you the Service.

8.2 Account Deletion. You may request deletion of your account and associated data by emailing Vittles.team@pneumatechnologies.tech. After we receive and verify your deletion request, your data will be retained for 30 days to allow for account recovery if requested. After the 30-day period, your data will be permanently deleted from our active systems.

8.3 Database Backups. Supabase database backups are retained for 7 days. Your data may persist in backups for up to 7 days after deletion from active systems.

8.4 Third-Party Retention.PostHog analytics data is retained according to PostHog's standard plan retention periods. Sentry crash and session replay data is retained according to Sentry's standard plan retention periods (typically 90 days).

8.5 Notification History. Notification history associated with your account is retained indefinitely while your account is active and is deleted when your account is deleted.

8.6 Chat Messages and Conversations. Chat messages and conversation records are retained for as long as your account is active. Messages are not automatically deleted when a conversation closes. Upon account deletion, chat messages and conversations associated with your account are subject to the standard 30-day retention period described in Section 8.2, except that messages that are part of an unresolved report may be retained until the report is resolved.

8.7 Blocked Message Audit Records. Records of messages that were blocked by our content moderation system (containing cryptographic hashes, moderation scores, and block reasons, but not plaintext message content) are retained indefinitely for abuse detection and audit purposes, even after account deletion.

8.8 Reports.User reports and associated message snapshots are retained indefinitely, even after the reporting or reported user's account is deleted. This retention is necessary to maintain the integrity of our moderation records and to comply with potential legal obligations.

8.9 Moderation Data. Moderation scores, flags, and enforcement actions associated with your account are retained for as long as the associated messages or reports are retained.

9. Data Security

We implement the following technical measures to protect your information:

9.1 Authentication Security

  • PKCE (Proof Key for Code Exchange) OAuth 2.0 authentication flow
  • Passwords are hashed using bcrypt before storage; plaintext passwords are never stored
  • Session tokens are stored in platform-native secure storage (iOS Keychain on Apple devices, Android Keystore on Android devices)
  • Authentication error messages are sanitized to prevent account enumeration attacks (error responses do not reveal whether a specific email address is registered)

9.2 Data in Transit

  • All data transmitted between the App and our servers is encrypted using SSL/TLS
  • SSL certificate pinning is implemented on our backend domain (pinning both leaf and intermediate certificate authority certificates) to prevent man-in-the-middle attacks

9.3 Data at Rest

  • Row-Level Security (RLS) is enabled on all database tables containing user data, ensuring users can only access data they are authorized to view
  • Sensitive database operations (accepting requests, verifying codes, cancelling requests, completing transactions) are performed through secure server-side functions with explicit authorization checks
  • The verification code column is excluded from client-side database queries and can only be accessed through authorized server-side functions
  • Avatar photos undergo MIME type validation and file size enforcement before upload

9.4 Rate Limiting

  • Swipe request creation is limited to 5 requests per hour
  • Verification code entry is limited to 5 attempts, after which a 1-minute cooldown is enforced
  • OTP (one-time password) resend requests are subject to a 30-second cooldown
  • Chat message sending is limited to 5 messages per 60 seconds per conversation
  • User reports are limited to 10 per 24-hour period

9.5 Content Moderation as Security Measure

Our automated content moderation pipeline, as described in our Terms of Service, serves as a security measure to protect users from exposure to harmful content including harassment, threats, hate speech, and attempts to share personally identifiable information. Block enforcement between users prevents unwanted contact after a user exercises the block feature.

9.6 Limitations

No method of electronic transmission or storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security. If you become aware of any unauthorized access to your account, please contact us immediately at Vittles.team@pneumatechnologies.tech.

10. Your Rights and Choices

Depending on where you reside, you may have certain rights regarding your personal information.

10.1 Rights Under the General Data Protection Regulation (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights:

  • Right of access: You may request a copy of the personal information we hold about you.
  • Right to rectification: You may request that we correct inaccurate or incomplete personal information.
  • Right to erasure: You may request that we delete your personal information, subject to certain legal exceptions.
  • Right to restriction of processing: You may request that we restrict the processing of your personal information under certain circumstances.
  • Right to data portability: You may request a copy of your personal information in a structured, commonly used, machine-readable format.
  • Right to object: You may object to the processing of your personal information for certain purposes.

Our legal basis for processing your personal information under the GDPR is primarily the performance of our contract with you (providing the Service), our legitimate interests in operating and improving the App, and your consent where applicable.

10.2 Rights Under the California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA)

If you are a California resident, you have the following rights:

  • Right to know: You may request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collection, and the categories of third parties with whom we share it.
  • Right to delete: You may request the deletion of your personal information, subject to certain legal exceptions.
  • Right to opt out of the sale of personal information: We do not sell your personal information. No opt-out is necessary, but you may still exercise this right.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your privacy rights.

10.3 Other US State Privacy Laws

If you reside in a US state with applicable privacy legislation (such as Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, or others), you may have similar rights to access, correct, delete, or obtain a copy of your personal information. Please contact us to exercise these rights.

10.4 Analytics Opt-Out

We are developing an in-app analytics opt-out feature that will be available in account settings. In the meantime, you may contact us at Vittles.team@pneumatechnologies.tech to request that your data be excluded from analytics collection.

10.5 Push Notifications

You can disable push notifications at any time through your device's operating system settings. Disabling push notifications will not affect the core functionality of the App, but you will not receive real-time alerts about swipe request matches and updates.

10.6 Location Permission

You can revoke location permission at any time through your device settings. If you revoke permission, the App will not be able to calculate walking distances or automatically detect your arrival at a dining hall. A manual arrival button is provided as an alternative.

10.7 Exercising Your Rights

To exercise any of the rights described above, please contact us at Vittles.team@pneumatechnologies.tech. We will respond to your request within the timeframe required by applicable law (generally within 30 to 45 days). We may need to verify your identity before processing your request.

11. FERPA Notice

The university affiliation, academic level, and class year information collected by Vittles is self-reported by users during the onboarding process. This information is not sourced from any university's education records. Vittles does not access, connect to, or retrieve data from any university systems, student information systems, or educational databases. The Family Educational Rights and Privacy Act (FERPA) governs education records maintained by educational institutions; the self-reported information in Vittles is not subject to FERPA.

12. International Data Transfers

Our servers and third-party service providers are located in the United States. If you access the App from outside the United States, your information will be transferred to and processed in the United States. By using the App, you consent to this transfer. We rely on contractual safeguards, including Data Processing Agreements with our service providers, to protect information transferred internationally.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you by one or more of the following methods:

  • An in-app notification
  • An email to the address associated with your account
  • A prominent notice within the App

The "Last Updated" date at the top of this Privacy Policy will be revised to reflect the date of the most recent changes. Your continued use of the App after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree to the changes, you should stop using the App and request account deletion.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Pneuma Technologies LLC
15360 Trailside Dr
Kansas City, MO 64152
Email: Vittles.team@pneumatechnologies.tech
Website: vittles.tech

15. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the State of New York, without regard to its conflict of law provisions. Any disputes arising under or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts located in the State of New York.

16. Additional Disclosures for Specific Jurisdictions

16.1 European Economic Area, United Kingdom, and Switzerland

If you are located in the EEA, UK, or Switzerland, Pneuma Technologies LLC is the data controller responsible for your personal information. You have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.

16.2 California

For purposes of the CCPA/CPRA, the categories of personal information we collect, the purposes for which they are used, and the categories of third parties to whom they are disclosed are described in Sections 3, 4, and 5 of this Privacy Policy, respectively. In the preceding 12 months, we have not sold personal information and have not shared personal information for cross-context behavioral advertising purposes.

16.3 Nevada

We do not sell your personal information as defined under Nevada law (NRS 603A). Nevada residents may submit an opt-out request to Vittles.team@pneumatechnologies.tech even though no sale occurs.

17. Definitions

For clarity, the following terms are used throughout this Privacy Policy:

"Personal information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.

"Service provider" means a third party that processes personal information on our behalf for a business purpose pursuant to a written contract.

"Sell" means providing personal information to a third party for monetary or other valuable consideration, subject to exceptions defined by applicable law.