Privacy Policy

Last updated: May 4, 2026

This Privacy Policy ("Policy") governs the collection, use, storage, disclosure, and protection of personal information by Liters Inc., a Wyoming Closed Corporation ("Company," "we," "us," or "our"), in connection with the operation of Straw and all associated services, including our iOS application, Android application, web application at straw.community, and all related platforms (collectively, the "Services"). This Policy applies to all individuals who access or use our Services, regardless of geographic location.

By accessing or using the Services, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree with any provision of this Policy, you must immediately discontinue use of the Services.

1. INFORMATION WE COLLECT

1.1 Information You Provide Directly

We collect personal information that you voluntarily provide when registering for an account, participating in community features, contacting us for support, upgrading to Straw+, or otherwise interacting with the Services, including:

  • Email address

  • Display name and username

  • Profile information, including biography, profile photograph, and donation-related information you voluntarily share

  • Authentication credentials (handled via magic link or supported third-party authentication)

  • Payment information for Straw+ subscriptions, processed by the platform provider through which you purchase (Apple In-App Purchase, Google Play Billing, or Stripe for web purchases) — we do not store payment card numbers

  • Communications you submit through community spaces, direct messages, or support channels

  • User-generated content, including posts, comments, center reviews, peer experiences, and media uploads

  • Camera and photo library content if you choose to upload a profile photograph or share photos

  • Microphone audio if you participate in voice features such as Live AMAs (where applicable)

  • Location data if you opt in to features that use approximate location (note: location-based features are not currently active and will only be enabled in the future with explicit user notice)

1.2 Information Collected Automatically

When you access the Services, we and our third-party service providers may automatically collect:

  • Internet Protocol (IP) address and approximate geographic location derived therefrom

  • Device identifiers, including Apple's Identifier for Advertisers (IDFA) and Google's Advertising ID (AAID), where available and where applicable platform consent has been granted

  • Device hardware and software characteristics, including device model, operating system version, and language settings

  • Mobile network information

  • Push notification tokens (Apple Push Notification Service or Firebase Cloud Messaging)

  • Browser type, version, and operating system (web)

  • Pages and screens viewed, features accessed, and time spent on the Services

  • Date and time of access

  • Clickstream data and interaction logs

  • Crash reports and diagnostic data

  • Cookies, pixel tags, software development kits, and similar tracking technologies as described in Section 5

1.3 Information from Third Parties

We may receive information about you from third-party sources, including:

  • Apple, Inc. and Google LLC, the platform providers through which our mobile applications are distributed, which may share aggregate data about app installs, in-app purchases, and platform-level interactions

  • Apple In-App Purchase and Google Play Billing, which provide transaction status, subscription renewal status, and refund information for users who upgrade to Straw+ on iOS or Android

  • Stripe, Inc., for users who upgrade to Straw+ through the web application (where applicable), which provides transaction status, payment method type, and fraud detection signals — subject to Stripe's Privacy Policy

  • Analytics providers, including Firebase Analytics, Google Analytics, and similar services, which may collect data subject to their respective privacy policies

  • Crash reporting providers, which collect diagnostic data about app crashes and errors

  • Authentication providers, where you choose to authenticate with a third-party service

2. HOW WE USE YOUR INFORMATION

We use personal information collected through the Services for the following purposes:

2.1 Service Delivery and Account Management

  • Creating and maintaining your account

  • Providing access to community features, content, and interactions

  • Processing Straw+ subscription payments through the relevant platform (Apple, Google, or Stripe) and managing subscription status

  • Delivering push notifications, email notifications, and in-app messages

  • Responding to support requests and customer service inquiries

  • Sending transactional communications, including account confirmations, payment receipts, and billing notices

2.2 Service Improvement and Analytics

  • Analyzing usage patterns to improve the Services

  • Diagnosing technical issues, crashes, and errors

  • Conducting internal research and product development

  • Measuring the effectiveness of content and community engagement

  • Improving AI-powered features (where present) through aggregated and de-identified data analysis

2.3 Communications and Marketing

  • Sending newsletters, product updates, and community announcements — with your consent where required by applicable law

  • Notifying you of changes to our Terms of Service, Privacy Policy, or Community Rules

  • Surfacing in-app promotional content related to Straw+ and other Liters Inc. services

  • Where you have consented or where permitted by applicable law, serving targeted advertising through advertising platforms such as Meta and similar technologies

2.4 Legal Compliance and Safety

  • Complying with applicable laws, regulations, and legal processes

  • Enforcing our Terms of Service and Community Rules

  • Detecting, investigating, and preventing fraudulent transactions, abuse, harassment, and other illegal activities

  • Protecting the rights, property, and safety of the Company, our members, and third parties

2.5 Aggregated and De-Identified Data

We may use aggregated and de-identified data drawn from how members use the Services to improve the Services, including improving AI-powered features and product decisions. Your individual identifiable content is not used for AI training without your explicit consent. If we ever wish to use identifiable user content for training purposes, we will request opt-in consent from you in your account settings before doing so.

3. LEGAL BASIS FOR PROCESSING (GDPR AND EEA RESIDENTS)

For individuals located in the European Economic Area, United Kingdom, or Switzerland, we process personal data on the following legal bases:

  • Contractual Necessity: Processing required to perform our contract with you, including account creation, community access, and Straw+ subscription management

  • Legitimate Interests: Processing for our legitimate business interests in operating, securing, and improving the Services, provided such interests are not overridden by your rights

  • Legal Obligation: Processing required to comply with applicable law

  • Consent: Processing based on your freely given, specific, informed, and unambiguous consent, including for marketing communications, non-essential cookies, and tracking technologies

Where we rely on consent as a legal basis, you have the right to withdraw such consent at any time without affecting the lawfulness of processing prior to withdrawal.

4. DISCLOSURE OF YOUR INFORMATION

4.1 Service Providers

We may disclose personal information to third-party vendors and service providers that perform functions on our behalf, including:

  • Apple In-App Purchase (iOS payments and subscription management)

  • Google Play Billing (Android payments and subscription management)

  • Stripe, Inc. (web-based payment processing, where applicable)

  • Push notification services (Apple Push Notification Service, Firebase Cloud Messaging)

  • Crash reporting and diagnostics providers

  • Analytics providers (Firebase Analytics, Google Analytics, and similar)

  • Email delivery providers (such as Resend)

  • Anthropic, Inc. (Claude API, where AI-powered features are present)

  • Authentication providers (where third-party sign-in is supported)

  • Customer support tools

  • Cloud hosting and database providers

Such service providers are contractually obligated to use personal information only as necessary to provide services to us and in compliance with applicable law.

4.2 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or substantially all of the Company's assets, personal information may be transferred to the acquiring entity. We will provide notice to you in the event of such transfer and, where required by applicable law, obtain your consent.

4.3 Legal Disclosures

We may disclose personal information where we believe in good faith that such disclosure is necessary to: (a) comply with applicable law or respond to a valid legal process; (b) protect the rights, property, or safety of the Company, our members, or others; (c) detect, prevent, or address fraud, security, or technical issues; or (d) enforce our Terms of Service or Community Rules.

4.4 Aggregated and De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you with third parties for research, marketing, analytics, or other business purposes.

4.5 No Sale of Personal Information

We do not sell personal information to third parties for monetary consideration. We do not share personal information with third parties for their independent direct marketing purposes without your consent.

5. COOKIES, TRACKING TECHNOLOGIES, AND DEVICE IDENTIFIERS

We use cookies, pixel tags, software development kits (SDKs), device identifiers, and similar tracking technologies to operate and improve the Services. These include:

  • Essential Cookies and SDKs: Required for the Services to function, including session management, authentication, and crash reporting

  • Analytics Cookies and SDKs: Used to understand how members use the Services, including Firebase Analytics, Google Analytics, and similar tools

  • Advertising Identifiers: Apple's IDFA and Google's AAID, used for advertising attribution and measurement where applicable platform consent has been granted (App Tracking Transparency on iOS; user consent on Android where required)

You may control cookie preferences through your browser settings, mobile device settings (including iOS App Tracking Transparency and Android privacy controls), and where applicable, in-app preference controls. Note that disabling certain cookies, identifiers, or tracking technologies may impair the functionality of the Services. Where required by applicable law, we will obtain your consent before placing non-essential cookies or activating non-essential tracking.

6. DATA RETENTION

We retain personal information for as long as necessary to fulfill the purposes described in this Policy, maintain your account, comply with legal obligations, resolve disputes, and enforce our agreements.

Active accounts: We retain your data for as long as your account is active.

Deactivated accounts: If you deactivate your account, we retain your data for ninety (90) days during which you may reactivate by logging back in. After ninety (90) days, your account is automatically marked for permanent deletion.

Permanently deleted accounts: Your personal data is purged from active systems within thirty (30) days of permanent deletion, and from backups within ninety (90) days.

User-generated content: Posts, comments, reviews, and other community content you create may, at the Company's discretion and subject to applicable law, remain accessible in community spaces after account deactivation or deletion in anonymized or attributed-to-deleted-user form, where doing so preserves the integrity of community discussions.

Aggregated, de-identified data may be retained indefinitely as it contains no personally identifiable information.

Legal compliance records may be retained for periods required by applicable law.

7. ACCOUNT MANAGEMENT — DEACTIVATION AND DELETION

You have full control over your account at any time.

7.1 Deactivation (90-Day Reversible)

You may deactivate your account at any time from your account settings. When you deactivate:

  • Your account becomes immediately hidden from other members

  • Your community presence is removed from public-facing community spaces

  • All push notifications and email sequences are paused

  • Active Straw+ subscriptions remain active until cancellation through the platform you used to subscribe (Apple, Google, or Stripe), as we cannot cancel platform-managed subscriptions on your behalf

  • Your data is retained internally for ninety (90) days

  • You may reactivate your account by logging in within ninety (90) days

  • After ninety (90) days, your account is automatically marked for permanent deletion

7.2 Permanent Deletion (Irreversible)

You may permanently delete your account through two paths:

In-app deletion: From your account settings on iOS, Android, or web, you may request immediate permanent deletion. Once confirmed, your account and all associated personal data are processed for deletion within thirty (30) days. Backup copies are purged within ninety (90) days. This action cannot be reversed.

Email-based deletion: You may request permanent deletion by emailing info@liters.xyz from your registered email address. We verify the request through your registered email and process deletion within thirty (30) days. Backup copies are purged within ninety (90) days.

What gets deleted:

  • Your account record (email, username, display name, profile information)

  • All private messages, drafts, and notification history

  • Authentication tokens and session data

  • All inquiry history and personalized data

What may be retained:

  • Aggregated and de-identified data that does not identify you

  • User-generated content in community spaces, which may remain accessible in anonymized or attributed-to-deleted-user form at the Company's discretion and subject to applicable law

  • Records required by law (financial, fraud prevention, legal disputes) for the period required

  • Backup data during the 90-day backup purge window

Subscription cancellation: Permanent deletion of your account does not automatically cancel any active Straw+ subscription. Subscriptions managed through Apple In-App Purchase, Google Play Billing, or Stripe must be cancelled through the respective platform's subscription management interface.

8. DATA SECURITY

We implement commercially reasonable technical, administrative, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encrypted data transmission (TLS/SSL)

  • Secure authentication mechanisms

  • Access controls limiting personal information access to authorized personnel

  • Regular security assessments and dependency reviews

  • Platform-level security provided by Apple iOS, Google Android, and our cloud infrastructure providers

Notwithstanding the foregoing, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of personal information and disclaim liability for unauthorized access beyond our reasonable control. In the event of a data breach affecting your rights and freedoms, we will notify you as required by applicable law.

9. INTERNATIONAL DATA TRANSFERS

The Services are operated from the United States. If you access the Services from outside the United States, your personal information will be transferred to and processed in the United States, which may have data protection laws different from those in your jurisdiction.

For transfers of personal data from the EEA, United Kingdom, or Switzerland to the United States, we rely on Standard Contractual Clauses approved by the European Commission, the UK International Data Transfer Agreement, or other legally recognized transfer mechanisms as applicable.

10. YOUR PRIVACY RIGHTS

10.1 All Users

Regardless of your location, you may:

  • Access and update your account information through your account settings on iOS, Android, or web

  • Deactivate your account through your account settings

  • Permanently delete your account through your account settings or by contacting us at info@liters.xyz

  • Opt out of marketing communications by using the unsubscribe link in any marketing email or by adjusting notification preferences in the app

  • Adjust device-level tracking permissions through your iOS or Android privacy settings

  • Request information about our privacy practices

10.2 California Residents (CCPA/CPRA)

California residents have the following additional rights:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose, and the categories of third parties with whom we share it

  • Right to Delete: Request deletion of personal information we have collected, subject to certain exceptions

  • Right to Correct: Request correction of inaccurate personal information

  • Right to Opt-Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising

  • Right to Limit Use of Sensitive Personal Information: Where applicable, request that we limit our use of sensitive personal information

  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at info@liters.xyz with the subject line "California Privacy Rights Request."

10.3 EEA, UK, and Swiss Residents (GDPR)

If you are located in the EEA, UK, or Switzerland, you have the following rights under applicable data protection law:

  • Right of Access (Article 15 GDPR)

  • Right to Rectification (Article 16 GDPR)

  • Right to Erasure (Article 17 GDPR)

  • Right to Restriction of Processing (Article 18 GDPR)

  • Right to Data Portability (Article 20 GDPR)

  • Right to Object (Article 21 GDPR)

  • Right to withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal

To exercise these rights, contact us at info@liters.xyz. You also have the right to lodge a complaint with your local supervisory authority.

10.4 Canadian Residents (PIPEDA)

Canadian residents have the right to access personal information we hold about you and to challenge its accuracy. To make a request, contact us at info@liters.xyz.

10.5 Additional Mobile Platform Rights

iOS users may control App Tracking Transparency (ATT) settings through Settings → Privacy & Security → Tracking. Android users may control advertising identifier resets and personalization through device privacy settings.

11. CHILDREN'S PRIVACY

The Services are intended exclusively for individuals who are eighteen (18) years of age or older. We do not knowingly collect personal information from individuals under the age of eighteen (18). If we become aware that we have collected personal information from a minor, we will take immediate steps to delete such information. If you believe we may have inadvertently collected information from a minor, please contact us at info@liters.xyz.

The Services are not directed to children under thirteen (13), and we do not knowingly collect personal information from children under thirteen (13) in compliance with the Children's Online Privacy Protection Act (COPPA). The age requirement of eighteen (18) is enforced through age attestation during account creation.

12. THIRD-PARTY LINKS AND SERVICES

The Services may contain links to third-party websites, applications, or services not operated by us, including but not limited to plasmadonationtax.com, canidonateplasma.com, and external resources referenced in community discussions or educational content. We are not responsible for the privacy practices of such third parties. We encourage you to review the privacy policies of any third-party services you access through the Services.

13. PLATFORM-SPECIFIC DISCLOSURES

13.1 Apple App Store (iOS)

Our iOS application is distributed through the Apple App Store. Apple's data collection and privacy practices are governed by Apple's Privacy Policy. Privacy disclosures specific to iOS, including App Privacy Nutrition Labels, are available on the App Store listing.

13.2 Google Play Store (Android)

Our Android application is distributed through Google Play. Google's data collection and privacy practices are governed by Google's Privacy Policy. Data Safety disclosures specific to Android are available on the Google Play listing.

13.3 Subscription Management

Straw+ subscriptions purchased through Apple In-App Purchase or Google Play Billing are managed by Apple and Google respectively. Subscription cancellation, refund requests, and payment method changes for these subscriptions must be handled through Apple's or Google's subscription management interfaces. We do not have direct access to or control over these platform-managed subscription mechanisms.

Straw+ subscriptions purchased through the web application (where applicable) are processed by Stripe, Inc. and managed through your account settings or by contacting us at info@liters.xyz.

14. CHANGES TO THIS POLICY

We reserve the right to modify this Policy at any time. Material changes will be communicated to you by email, by in-app notice, or by prominent notice on the Services at least fourteen (14) days prior to the effective date of such changes. Your continued use of the Services after the effective date of any modification constitutes your acceptance of the revised Policy.

15. CONTACT INFORMATION

For privacy-related inquiries, requests, or complaints, please contact:

Liters Inc. 30 North Gould St, STE N Sheridan, WY 82801 United States

Email: info@liters.xyz Website: straw.community

We will respond to verifiable privacy requests within the timeframe required by applicable law, and in no event later than forty-five (45) days of receipt.