← Trust & Safety

WeRoll Privacy Policy

Effective Date: May 28, 2026

The short version

WeRoll only shares location while a vendor chooses to Go Live.

Location visibility is temporary, session-based, and designed for real-time discovery — not continuous tracking. When a session ends, visibility ends. We do not collect location in the background.

This Privacy Policy explains how BusterSense, Inc. (“BusterSense,” “we,” “us,” or “our”) collects, uses, and protects information through the WeRoll platform.

What We Collect

  • Account information — email address, password hash (for vendors who create an account).
  • Vendor profile — business name, category, hours, photo, optional links (provided by the vendor).
  • Live location signals — vendor latitude/longitude pings, only while the vendor is actively broadcasting.
  • Approximate follower proximity — coarse location used to match followers to nearby live vendors. Not stored as a history.
  • Push notification subscriptions — opaque tokens (APNs, FCM, Web Push) used to deliver notifications.
  • Session analytics — session start/stop timestamps, ping counts, follower deltas (aggregate operational data).
  • Device / browser metadata — user agent, app version, OS, persistent install ID (a random UUID generated on first launch, used to detect abuse and resume your account on the same device after sign-out).

What We Do NOT Do

  • No always-on or background location tracking.
  • No location monitoring after a broadcast session ends.
  • No precise residential address collection or storage.
  • No sale, license, or transfer of personal location data to third parties.
  • No movement profiles or behavioral aggregation across individuals.
  • No cross-app or off-platform tracking.

Location Visibility

  • Vendors explicitly tap Go Live to activate visibility. Until that moment, no location is collected.
  • Sessions automatically expire after 4 hours, and earlier if GPS goes inactive for 15 minutes.
  • Vendors may stop broadcasting at any time. Visibility ends immediately.
  • Anonymous “Try Go Live” sessions use coarsened GPS (precision reduced to ~50–80 meters).
  • Followers can see vendor live position within a small radius; we do not show historical paths.
  • What is stored vs. what is shown: backend systems retain GPS coordinates at approximately 100 meter precision for the duration of a live session (10-minute half-life decay after). Public discovery surfaces display coordinates rounded further to ~1 km. A small number of authorized BusterSense Trust & Safety staff can view the stored precision for incident response, fraud investigation, and law enforcement requests. Every such access is audit-logged. See /governance for the audit policy.

How We Use Information

  • To show nearby live vendors to users.
  • To deliver push notifications when a followed vendor goes live near a follower.
  • To operate vendor dashboards, analytics, and account settings.
  • To detect and prevent abuse (rate limiting, GPS spoofing checks, impossible-travel detection).
  • To provide customer support.
  • To comply with applicable law.

Data Retention

We retain different data types for different periods. See /governance for the full retention schedule. Highlights:

  • Live location signals: 10 minutes (half-life decay).
  • Session summaries: 90 days for operational analytics.
  • Push subscriptions: until unsubscribe or 90 days of inactivity.
  • Account records: lifetime of account; purged on deletion request.

Sharing of Information

We share information only as required to operate WeRoll:

  • With users — vendor profiles (business name, category, hours) are visible to followers and nearby users by design.
  • With service providers — hosting (AWS), payments (Stripe), email (AWS SES), analytics. Subject to contractual confidentiality.
  • For legal compliance — in response to valid legal process. See /legal-requests.
  • In an emergency — to address imminent threat of physical harm.

We do not sell personal information to advertisers, data brokers, or other third parties.

Your Controls

  • Stop broadcasting at any time from the Go Live screen.
  • Disable notifications via your device settings or the WeRoll app.
  • Manage followers from your vendor dashboard.
  • Delete your account at /delete-account or via Profile → Delete Account in the mobile app.
  • Request data access or export by emailing privacy@bustersense.com.

Data Security

We protect data in transit with HTTPS/TLS 1.2+, encrypt data at rest in managed datastores, and apply least-privilege access controls to internal systems. See /security for technical detail and our responsible disclosure policy.

Children's Privacy

WeRoll is not directed to children under 13. We do not knowingly collect personal information from children. If we learn we have collected such information, we will delete it.

Changes to This Policy

We may update this policy. Material changes will be announced via email or in-app notice at least 14 days before taking effect. Continued use of WeRoll after the effective date constitutes acceptance.

Contact

BusterSense, Inc.

Privacy: privacy@bustersense.com

Security: security@bustersense.com

Web: bustersense.com

f6a79ae · 2026-05-29 14:29