Yubigo Privacy Policy

Effective Date: January 1, 2026
Last Updated: April 8, 2026

1. Introduction

This Privacy Policy describes how AGW Solutions, LLC (“Yubigo,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you use our event navigation platform. Yubigo consists of:

• Viewer — A public web app for event attendees. No account or login is required.
• Portal — A staff dashboard for venue and event management. Requires an account.
• Vendor Information Submission — Self-service forms for vendors, sponsors, and artists to submit and complete their profiles as part of a venue's event management process.

By using any Yubigo product, you agree to the practices described in this Privacy Policy.

This policy applies to all users regardless of location. Specific rights under the GDPR, CCPA, and other applicable privacy laws are addressed below.

2. Information We Collect

2.1 Viewer (No Account Required)

• Anonymous Identifier. A randomly generated anonymous identifier is automatically assigned to your device and browser. It is not linked to your identity or any personal information.
• Location Data. GPS coordinates are collected only with your explicit browser permission. When granted, your location is used to determine whether you are within the venue grounds, provide navigation and estimated travel times between destinations within the venue, and deliver contextual content based on your proximity. Location is checked when the app is open — it is not continuously tracked in the background. Raw coordinates are processed on your device and are not transmitted or stored by Yubigo.
• Visit Analytics. When you are within the venue grounds, we collect derived engagement data including areas visited, time spent at destinations, navigation and search activity, vendor interactions, and overall visit duration. This data is processed on your device from location information and stored locally until the app is open and able to upload it. Analytics data does not contain raw GPS coordinates. Entry point information (e.g., which QR code or link brought you to the app) is also recorded to help venue operators understand how attendees discover their events.
• Emergency Requests. If you use the emergency feature: your phone number and incident details. The full number is sent via SMS only to designated venue emergency contacts.
• Contact/Feedback Forms. Name, email address, and message text — only if you voluntarily submit a form.
• Favorites and Reviews. Favorites are stored locally on your device. Reviews may include your coordinates at the time of submission.

2.2 Portal (Requires Account)

• Account Information. Email address, password (hashed — never stored or transmitted in plain text), and optionally a phone number if you enable two-factor authentication.
• Authentication Method. You may sign in with email/password or with Google Sign-In. If you use Google Sign-In, we receive your email address and basic profile information from Google.
• Device and Session Data. Browser and device information, IP address, and session cookies used for authentication and security. Untrusted devices require additional verification.
• Two-Factor Authentication. If enabled: one-time password configuration and recovery codes (stored as cryptographic hashes only).
• Audit Logs. Administrative actions performed in the Portal are logged for compliance and security purposes.
• Invitations. When you invite a colleague: recipient email address, name (optional), assigned role, and venue assignment.

2.3 Vendor Information Submission

Vendors, sponsors, artists, and other third-party entities who complete a profile through the platform's vendor information submission feature may provide: business or performer name, contact information (phone number, email, website), product or service description, category, and images or logos.

This feature is an event management tool operated on behalf of the venue. The submission form includes notice that submission constitutes agreement to Yubigo's Terms of Service and Privacy Policy.

Venue management of vendor data. Venues manage and approve vendor data through the Portal. A venue may review, update, or correct the information a vendor submits. Yubigo does not independently verify vendor-submitted information.

Data persistence. Vendor data submitted to the platform persists to allow for correction and resubmission, even if the vendor's association with a specific event is not approved. This is consistent with our data integrity practices.

Internal catalog. To prevent duplicate records and facilitate accurate association of vendor profiles with events, certain non-personal business information — including business name, category, and product type — may be stored in an internal catalog at Yubigo's discretion. This catalog is not publicly accessible and is used solely for platform operation and data quality purposes.

2.4 Vendor Boost Payment Information

Yubigo offers an optional “Vendor Boost” feature. When a vendor purchases a boost, the transaction is processed by Stripe, Inc. through the Stripe Connect platform.

What Yubigo receives from Stripe for each transaction: charge ID, payment intent ID, transfer ID, application fee ID, balance transaction ID, amount totals, currency, payment status, and the connected account ID of the receiving venue. This information is used to record the transaction in Yubigo's internal systems for reconciliation, reporting, and vendor boost profile activation.

What Yubigo does NOT receive or store: credit card numbers, CVV codes, expiration dates, cardholder names, or any other payment card data. All cardholder data is collected and stored exclusively by Stripe.

Venue payment information: When a venue onboards to accept Vendor Boost payments, the venue provides Stripe (not Yubigo) with business and tax identification, banking information, and identity verification. Yubigo does not collect, store, or have access to this information. Yubigo only sees a high-level status indicator (e.g., “active” or “pending”) and the connected account identifier.

Third-party processor: Stripe's use of payment data is governed by Stripe's own Privacy Policy, available at https://stripe.com/privacy. By using the Vendor Boost feature, vendors also agree to Stripe's Terms of Service.

3. What We Do NOT Collect

• No advertising identifiers or ad tracking
• No third-party analytics or telemetry services
• No cross-site tracking cookies
• No biometric data
• No credit card, bank account, or payment card data (Vendor Boost payments are processed by Stripe — we do not see or store payment card information)

4. How We Use Your Information

• Platform operation. Rendering event content, managing accounts and permissions, enabling entity self-management.
• Analytics. Generating aggregate, anonymized analytics (visitor counts, heatmaps, traffic patterns) for venue operators.
• Safety. Delivering emergency requests to venue contacts, providing location data to emergency responders when voluntarily shared.
• Security. Authenticating users, verifying devices, maintaining audit logs, preventing unauthorized access.
• Communication. Sending account-related emails (invitations, verification, security notifications), responding to contact form submissions, and sending SMS verification codes.
• Vendor data quality. Maintaining an internal catalog of non-personal business information (name, category, product type) to prevent duplicate entity records and support accurate association of vendor profiles with events and venues. This catalog is not publicly accessible.
• Legal compliance. Complying with applicable laws, enforcing our terms of service, and protecting rights, property, and safety.

5. Location Data

• Permission-based. Location access is requested through your browser's standard permission dialog. You can deny or revoke permission at any time.
• Device-processed. Raw GPS coordinates are processed on your device. Only derived data (e.g., areas visited, time spent) is transmitted — raw coordinates are not stored by Yubigo.
• Venue-scoped. Location data is used in the context of the specific venue and event you are attending.
• Anonymous. Location data is associated with your anonymous identifier, not with your name, email, or other personal information.
• Encrypted. All transmitted data is encrypted in transit and at rest.
• Opting out. Deny or revoke GPS permission in your browser settings, or close the app. The Viewer remains fully functional without location permission — only navigation, proximity-based features, and on-grounds analytics will be unavailable.

6. Local Storage and Cookies

Viewer: Uses browser storage for offline functionality and app state (cached event data, anonymous identifier, sync information). The Viewer does not use tracking cookies or third-party cookies.

Portal: Uses session cookies strictly necessary for authentication and browser storage for UI preferences.

Do Not Track: Yubigo does not track users across third-party websites and does not participate in advertising networks. Because we do not engage in cross-site tracking, Do Not Track signals do not change our behavior.

7. Information Sharing

We do not sell, rent, or trade your personal information. We share data only in the following circumstances:

• Service providers. We use cloud infrastructure services, an authentication provider, a payment processor (Stripe, for the optional Vendor Boost feature), and communication services (SMS, email) to operate the platform. Each receives only the data necessary for its function. All platform data is hosted on US-based infrastructure and encrypted in transit and at rest.
• Venue operators. Venue operators receive aggregate, anonymized analytics about their events. They do not receive individual visitor identities. If you submit an emergency request, designated emergency contacts will receive your phone number. For vendor and third-party entity data submitted through the vendor information submission feature: venues have access to the data submitted for their events and may review, update, or correct that data. The venue, not Yubigo, is responsible for how it uses vendor information within the venue-vendor relationship.
• Legal requirements. We may disclose information if required by law, in response to valid legal process, or to protect the safety of any person.
• Business transfers. If Yubigo is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify affected users of any change in ownership or control of personal information.

8. Data Retention

We retain personal information as long as necessary for the purposes described in this policy, in accordance with our retention practices, and as required by law. Emergency request records and audit logs are retained for extended periods for safety, security, and legal compliance. You may request deletion of your personal data at any time (see Section 10).

9. Data Security

• All data is encrypted in transit and at rest.
• Passwords are never stored or transmitted in plain text.
• Two-factor authentication is available for all Portal accounts.
• Portal access is role-based with recorded audit trails.
• All infrastructure is hosted in US-based data centers.

No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we protect your information using commercially reasonable measures.

10. Children's Privacy

The Viewer does not require account creation or submission of personal information. The anonymous identifier cannot be used to identify any individual. Location data collection requires explicit browser permission controlled by the device owner.

The Portal is intended for venue staff 18 years of age or older. We do not knowingly create Portal accounts for children under 13.

We do not knowingly collect personal information from children under 13 in a manner requiring parental consent under COPPA. If we become aware of such collection, we will promptly delete the information. If you believe a child has provided personal information to Yubigo, contact us at privacy@yubigo.com.

11. Your Rights and Choices

All Users

• Opt out of location collection. Deny or revoke GPS permission at any time.
• Clear local data. Clear your browser storage to remove all locally stored data, including your anonymous identifier.
• Request access, correction, or deletion. Contact privacy@yubigo.com. We will respond within 30 days, subject to legal retention requirements.

EEA Residents (GDPR)

You have additional rights including: access, rectification, erasure, restriction of processing, data portability, objection to processing, and withdrawal of consent. Our legal bases for processing include consent (location data, optional phone number), contractual necessity (account and profile management), legitimate interests (analytics, security), and legal obligation.

To exercise any right, contact privacy@yubigo.com. We will respond within 30 days. You may also lodge a complaint with your local data protection authority.

California Residents (CCPA/CPRA)

You have the right to know what personal information we collect, request deletion or correction, and opt out of the sale or sharing of personal information. We do not sell or share your personal information as defined by the CCPA/CPRA.

Categories of personal information we collect: identifiers (email, phone, name), geolocation data (with permission), internet/network activity (IP, browser information), and professional information (business name, role). We do not collect financial information, biometric data, protected classifications, education information, or sensory data.

To exercise any right, contact privacy@yubigo.com. We will verify your identity and respond within 45 days.

12. International Data Transfers

All Yubigo data is processed and stored on infrastructure located in the United States. Yubigo currently operates exclusively within the United States. If you access Yubigo from outside the United States, your information will be transferred to and processed in the United States. Our primary infrastructure provider (AWS) maintains a GDPR Data Processing Addendum that includes EU Standard Contractual Clauses. For other service providers, we review their data processing practices and compliance certifications as part of our vendor selection process.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the “Last Updated” date above. For material changes, we will make reasonable efforts to notify affected users. Continued use of Yubigo after changes take effect constitutes acceptance of the updated policy.

14. Contact Us

If you have questions or requests regarding this Privacy Policy, contact us:

AGW Solutions, LLC
Privacy Inquiries: privacy@yubigo.com

For data access, correction, or deletion requests, email privacy@yubigo.com with the subject line “Privacy Request” and include sufficient information for us to verify your identity and locate your data.

We aim to respond to all privacy-related requests within 30 days.