Privacy Policy

Effective Date: February 13, 2026  |  Last Updated: February 13, 2026

MBGame, LLC ("we," "us," or "our") operates the Free-ish application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. By using Free-ish, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect several categories of information to provide and improve our Service. The types of data we collect include the following:

1.1 Personal Information

When you create an account or update your profile, we may collect:

  • First name, last name, and display name
  • Email address
  • Phone number (optional, used for SMS features)
  • Profile biography
  • Avatar images
  • Timezone preference
  • Hashed passwords (we never store your password in plain text)

1.2 Third-Party Authentication Data

If you choose to sign in using Google OAuth, we collect:

  • Your name and email address from your Google account
  • Google Calendar access tokens, which are encrypted at rest, if you opt in to the Google Calendar integration

1.3 Usage and Activity Data

As you use Free-ish, we collect data related to your activity, including:

  • Gathering creation data (titles, descriptions, locations, dates)
  • Voting behavior and preferences (ranked choices, absolute-no vetoes)
  • Venue ratings
  • AI suggestion request history, including the gathering context sent to Azure OpenAI to generate suggestions

1.4 Communication Data

We maintain records related to communications sent through the Service:

  • Email notification logs
  • SMS notification logs (phone numbers, message content, delivery status)
  • Invitation records (email addresses and/or phone numbers of invitees)
  • TCPA/SMS consent records (timestamps and consent language versions)

1.5 Payment and Subscription Data

If you subscribe to a paid tier, we collect:

  • Stripe Customer ID
  • Subscription tier information

Important: Free-ish never stores your credit card numbers, debit card numbers, or full payment card details. All card data is processed and stored exclusively by Stripe, our third-party payment processor.

1.6 Technical and Automatically Collected Data

We automatically collect certain technical data when you use the Service:

  • Authentication cookies (used to keep you signed in)
  • Theme preference cookie (stores your selected visual theme)
  • Azure Application Insights telemetry (performance monitoring, usage metrics)
  • Sentry error tracking data (error context and diagnostic information for debugging)
  • SignalR connection data (used for real-time features such as live voting updates)

2. How We Use Your Information

We use the information we collect for the following purposes:

Account Management

To create and manage your account, authenticate your identity, and maintain your profile settings.

Service Delivery

To power core features including gathering creation, invitation delivery, voting rounds, venue suggestions, AI-powered recommendations, real-time updates, and calendar integration.

Communication

To send you email and SMS notifications about gatherings you are involved in, invitation updates, voting round status changes, and other service-related communications.

Analytics and Improvement

To monitor application performance, understand usage patterns, identify and fix bugs, and improve the overall user experience. We use Azure Application Insights for performance monitoring and Sentry for error tracking.

Security

To protect user accounts, detect and prevent fraud, and maintain the security and integrity of our Service.

3. Third-Party Services

We use the following third-party services to operate Free-ish. Each service may receive certain data as described below. We encourage you to review their respective privacy policies.

Twilio (SMS Delivery)

We share phone numbers and SMS message content with Twilio to deliver text message notifications and invitations.
Twilio Privacy Policy

Azure OpenAI (AI-Powered Suggestions)

We send gathering context data (such as gathering title, location preferences, and participant count) to Azure OpenAI to generate venue and activity suggestions. No personally identifiable information is intentionally included in these requests.
Microsoft Privacy Statement

Google OAuth and Google Calendar API

If you sign in with Google, we receive your name and email from your Google account. If you enable the Google Calendar integration, we receive and store an encrypted access token to read and write calendar events on your behalf.
Google Privacy Policy

Stripe (Payment Processing)

We share your Stripe Customer ID and subscription information with Stripe to process payments. Free-ish never sees or stores your full credit card number. All payment card data is handled entirely by Stripe.
Stripe Privacy Policy

SendGrid / Postmark (Email Delivery)

We share email addresses and notification content with our email delivery provider to send service-related emails such as invitation notifications, verification emails, and gathering updates.
SendGrid Privacy Policy (Twilio)  |  Postmark Privacy Policy

Azure Application Insights (Monitoring)

We send telemetry and usage data to Azure Application Insights for performance monitoring, request tracking, and understanding application health.
Microsoft Privacy Statement

Sentry (Error Tracking)

We send error context and diagnostic data to Sentry to identify, track, and resolve application errors.
Sentry Privacy Policy

Azure Blob Storage (Avatar File Storage)

Uploaded avatar images are stored in Azure Blob Storage, a cloud-based file storage service.
Microsoft Privacy Statement

Redis (Caching and Real-Time Backplane)

We use Redis for caching application data and as a backplane for SignalR real-time connections. Redis may temporarily store session and caching data to improve performance.
Redis Privacy Policy

4. Data Security

We take the security of your data seriously and implement industry-standard measures to protect it, including:

  • All data transmitted between your browser and our servers is encrypted using HTTPS (TLS)
  • Passwords are securely hashed using ASP.NET Identity's built-in hashing algorithms and are never stored in plain text
  • Google Calendar access tokens are encrypted at rest
  • Authentication is managed through secure, HTTP-only cookies
  • Access to production systems is restricted to authorized personnel

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. If you request account deletion, we will delete or anonymize your data within 30 days, except where retention is required by law or for legitimate business purposes such as fraud prevention, resolving disputes, or enforcing our agreements.

Aggregated, anonymized data that can no longer be used to identify you may be retained indefinitely for analytics and service improvement purposes.

6. Cookies and Tracking Technologies

Free-ish uses a limited number of cookies and similar technologies. We do not use third-party advertising or analytics tracking cookies.

  • Authentication cookies: Essential cookies used by ASP.NET Identity to keep you signed in and manage your session securely.
  • Theme preference cookie: A functional cookie that stores your selected visual theme (e.g., default, coral, slate) so it persists across visits.
  • Azure Application Insights: Collects telemetry data for performance monitoring and application health tracking.
  • Sentry: Collects error tracking and diagnostic data to help us identify and fix application issues.

We do not use any third-party advertising cookies, social media tracking pixels, or cross-site tracking technologies.

7. SMS/TCPA Compliance

Free-ish offers optional SMS notifications for gathering updates, invitations, and voting reminders. Our SMS practices comply with the Telephone Consumer Protection Act (TCPA):

  • Opt-in model: You will only receive SMS messages if you explicitly consent to receiving them. We record the timestamp and consent language version for each opt-in.
  • Opt-out: You can stop receiving SMS messages at any time by replying STOP to any message or by updating your notification preferences in the app.
  • Re-subscribe: You can re-enable SMS notifications by replying START or by updating your notification preferences.
  • Message frequency: Message frequency varies based on your gathering activity.
  • Message and data rates: Standard message and data rates from your carrier may apply.

8. Your Privacy Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information:

  • Right to know: You have the right to know what personal information we collect about you and how it is used.
  • Right to request deletion: You may request that we delete your personal information by contacting us at [Contact Email]. We will process your request within 30 days.
  • Right to opt out of SMS notifications: You can stop receiving SMS messages at any time by replying STOP to any message or by updating your notification preferences within the app.
  • Right to manage notification preferences: You can control your email and SMS notification preferences through the in-app settings.
  • Right to disconnect Google Calendar: If you have connected your Google Calendar, you can revoke this integration at any time through your account settings or through your Google account permissions.

To exercise any of these rights, please contact us at [Contact Email].

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, our business purpose for collecting it, and the categories of third parties with whom we share it.
  • Right to delete: You have the right to request that we delete the personal information we have collected from you, subject to certain exceptions permitted by law.
  • Right to opt out of sale: Free-ish does not sell your personal information to third parties. We have never sold personal information and have no plans to do so.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your privacy rights. You will not receive different pricing, service quality, or access levels based on your privacy choices.

How to Submit a Request

California residents may submit a request to exercise their rights by emailing [Contact Email]. To verify your identity, we will confirm your request using the email address associated with your Free-ish account. We will respond to verifiable requests within 45 days as required by law.

10. Children's Privacy (COPPA)

Free-ish is intended for users aged 13 and older. We do not knowingly collect personal information from children under the age of 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete that information as promptly as possible.

If you are a parent or guardian and believe that your child under 13 has provided us with personal information, please contact us at [Contact Email] so we can take appropriate action to remove the data.

11. Account and Data Deletion

Free-ish does not currently offer a self-service account deletion feature. If you wish to delete your account or request removal of your personal data, please email us at [Contact Email].

Upon receiving your request, we will verify your identity and process the deletion within 30 days. We will send you a confirmation email once your account and associated data have been removed.

Please note that certain data may be retained even after account deletion where required by law or for legitimate business purposes, including:

  • Records required for fraud prevention and security
  • Data needed to resolve pending disputes or enforce our agreements
  • Information we are legally obligated to retain (such as transaction records)

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last Updated" date at the top of this page.

For significant changes that materially affect how we handle your personal information, we will make reasonable efforts to notify you, such as by posting a prominent notice within the Service or sending you an email notification. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Company: MBGame, LLC
  • Mailing Address: 5900 Balcones Dr, STE 100, Austin, TX 78731