Privacy Policy
How Bailar collects, uses, stores, and protects your personal information.
Effective Date: May 24, 2026
Bailar, Inc., a Delaware corporation (successor by statutory conversion effective May 4, 2026 to Bailar LLC, a Florida limited liability company) (“Bailar,” “we,” “us,” or “our”) operates the Bailar mobile application, the website located at bailar.site, and related services (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information when you use the Service.
This Privacy Policy is intended to comply with applicable data protection laws in the jurisdictions in which we offer the Service, including the United States (federal and state), Canada (PIPEDA and Quebec Law 25), the European Union and European Economic Area (GDPR), the United Kingdom (UK GDPR), Mexico (LFPDPPP), Colombia (Habeas Data Law 1581), Argentina (PDPA Law 25,326), and Peru (PDPL Law 29,733).
For users in the European Union, European Economic Area, United Kingdom, Switzerland, Canada, and other jurisdictions that require an explicit lawful basis for processing, your continued use of the Service is not deemed to be implied consent for non-essential processing. Where consent is required, we collect it through opt-in mechanisms in the Service. Where we rely on legitimate interests or contractual necessity, we identify those grounds in Section 4 below.
PRIVACY OFFICER
Paul Plawin, Privacy Officer, Bailar, Inc.
Email: privacy@bailar.site
Postal: 401 Ocean Dr, Suite 404, Miami Beach, FL 33139, United States
For users in Quebec, this individual is the person designated under Article 3.1 of An Act respecting the protection of personal information in the private sector (Quebec Law 25). For users in Canada, this is the individual accountable for compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA). EU and UK users may direct GDPR / UK GDPR inquiries and data subject requests to the same address.
1. INFORMATION WE COLLECT
1.1 Information You Provide
Account Information: Name, email address, phone number, profile photo, date of birth, and other registration information.
Profile Information: Dance experience, preferred styles, bio, location preferences, and additional profile photos.
Communications: All messages, images, files, media, and data transmitted through messaging or chat features (“Communications”), including message text, media attachments, timestamps, sender and recipient identifiers, read receipts, delivery status, and associated metadata.
Photos and Media: Photos, images, videos, and other media uploaded through the Service, including through messaging features, along with metadata such as file type, size, upload time, and EXIF data.
Payment Information: Transaction records, payment amounts, and related metadata. Full credit card numbers and bank account details are processed by third-party payment processors (Apple, Google, Stripe) and are not stored directly by Bailar.
Instructor/Student Information: Booking details, scheduling preferences, session history, reviews, and ratings.
Support Communications: Content of messages sent to us for support, feedback, or inquiries.
Survey and Contest Information: Information provided in response to surveys, promotions, or contests.
Consent Records: Where we rely on consent as a lawful basis for processing (for example, marketing email opt-ins under CASL or GDPR), we maintain records of when and how consent was granted, modified, or withdrawn, including the consent type, the country of the data subject at time of consent, the source (signup, settings, drip resubscribe, etc.), and timestamp.
1.2 Information Collected Automatically
Location Data: With your permission, we collect precise or approximate geographic location data from your device to show nearby events and instructors. You may disable location services through device settings, but this may limit functionality.
Device Information: Device type, operating system, version, unique device identifiers (such as installation IDs, push-notification tokens, and similar values used to operate the Service and to maintain your session), browser type, language, time zone, and mobile network information. We do not request access to the iOS Identifier for Advertisers (IDFA), the Android Advertising ID, or any other identifier whose primary purpose is cross-app advertising.
Usage Data: Pages viewed, features used, search queries, events viewed, messaging activity and patterns, click data, scroll data, interaction patterns, session duration, and dates/times of visits.
Log Data: IP address, browser type, referring/exit pages, crash reports, error logs, and system activity.
Cookies and Similar Technologies: We use cookies, web beacons, pixels, and similar technologies to collect information about your activity on the Service. You may manage cookie preferences through your browser settings or, where required by law (including in the EU/EEA, UK, and Quebec), through our cookie consent interface on the website.
1.3 Information Derived Through Automated Processing
We use automated systems, algorithms, artificial intelligence, machine learning, natural language processing, and computer vision technologies to process and analyze information collected through the Service, including Communications and User Content. Through this processing, we may derive or infer additional information, including user preferences, behavioral patterns, content categorizations, interest profiles, engagement metrics, sentiment indicators, risk scores, and other analytical insights (“Derived Data”). Derived Data is the proprietary property of Bailar, Inc.. For users in jurisdictions providing rights against fully-automated decision-making with legal effects (including Article 22 GDPR and Article 12.1 of Quebec Law 25), Bailar does not make decisions producing legal or similarly significant effects based solely on automated processing without human review.
1.4 Information from Third Parties
We may receive information about events, studios, and instructors from third-party sources, including event listing platforms, mapping providers, and publicly available websites, in order to seed and update the directory. We may also receive information from authentication providers (e.g., Apple Sign In, Google Sign In, Facebook Login, Kakao Sign In), payments processors (e.g., Stripe), and analytics providers about how you reach and use the Service. The data received from any authentication provider is limited to what you authorize at sign-in (typically a stable account identifier, your display name, and, where you have granted permission, your email address). We do not receive personal information from advertising networks; the Service does not currently integrate any third-party advertising SDK.
2. HOW WE USE YOUR INFORMATION
We use collected information, including Communications and User Content, for the following purposes:
(a) To provide, maintain, operate, and improve the Service;
(b) To create and manage your account and verify your identity;
(c) To display nearby events, instructors, and relevant content based on your location and preferences;
(d) To facilitate messaging, connections, and interactions between users;
(e) To process transactions and payments;
(f) To send transactional communications (booking confirmations, payment receipts, account notifications);
(g) To send promotional communications, where you have opted in or such communications are otherwise permitted under applicable law (you may opt out at any time);
(h) To personalize your experience, including content recommendations and feature customization;
(i) To detect, prevent, and address fraud, spam, abuse, harassment, and security issues through automated and manual review;
(j) To enforce our Terms of Service and community guidelines;
(k) To perform analytics, research, trend analysis, and product research, including through analysis of Communications and User Content in aggregated, anonymized, or de-identified form;
(l) To tune, evaluate, and improve the operational automated systems that deliver the Service — including ranking, search, recommendations, language detection, translation, content moderation, spam and fraud detection, accessibility features, and abuse-pattern analysis. We do not use your personal information, your Communications, or your User Content to train general-purpose foundation models for our own commercial sale or for sale or sublicense to third parties, and we contractually require the third-party model providers we call at inference time not to train their foundation models on the inputs we send them on your behalf;
(m) To produce aggregated, anonymized, or de-identified statistics and reports for internal product, operational, financial, and security purposes — for example, the Service’s aggregate active-user count, city-level event density, or the share of users in a given dance-style cohort. We do not sell, license, or otherwise commercialize identifiable personal information, and any aggregated or de-identified data shared externally is restricted by contract from being re-identified;
(n) To develop new products, services, features, and functionality of the Service;
(o) To comply with legal obligations and respond to legal process;
(p) To protect the rights, property, or safety of Bailar, its users, or third parties; and
(q) For any other purpose disclosed to you at the time of collection or with your consent.
3. HOW WE SHARE YOUR INFORMATION
We do not sell your personal information that identifies you individually. We may share your information as follows:
With Other Users: Profile information (name, photo, bio, dance preferences) is visible to other users. Messages are visible to recipients.
With Instructors or Students: Relevant contact and booking information is shared between parties for facilitated transactions.
With Subprocessors and Service Providers: We share information with third parties who process information on our behalf under contractual confidentiality and security obligations. The current list of subprocessors that handle personal information is published at bailar.site/legal/subprocessors. We update this list when we add or remove subprocessors. Subprocessors are bound to use information only for the purposes for which we engage them and are subject to data processing agreements aligned with applicable laws (including GDPR Article 28, Quebec Law 25 Article 18.3, and PIPEDA Principle 4.1.3).
With Advertising Partners: The Service does not currently integrate any third-party advertising network or serve targeted advertising. Bailar maintains an optional “No Ads” consumer subscription (described in our Terms of Service) in anticipation of any future, minimally-invasive in-app advertising; should we introduce such advertising, we will update this Privacy Policy in advance, identify the advertising partner and the data shared, and provide any consent prompts required by applicable law (including, on iOS, the App Tracking Transparency prompt before any cross-app tracking).
Aggregated and De-Identified Data: We may use aggregated, anonymized, or de-identified data derived from the Service for internal product, research, security, financial, and reporting purposes, and we may share such data with our advisors, prospective and current investors, and statistical or academic researchers, provided the data does not identify you and is restricted by contract or technical safeguard from being re-identified. We do not sell or license aggregated or de-identified data derived from Communications or private User Content as a standalone commercial product.
For Legal Reasons: We may disclose your information, including Communications content, if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Bailar, its users, or the public.
For Safety and Enforcement: We may access and disclose Communications to investigate Terms violations, respond to user reports, address fraud or security issues, or protect the safety of any person.
CSAM Reporting: We will disclose information to NCMEC and law enforcement as required when child sexual abuse material is detected.
Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information, including Communications and Derived Data, may be transferred as part of that transaction. We will notify users in advance where required by applicable law.
With Your Consent: We may share your information for other purposes with your express consent.
GOVERNMENT AND LAW ENFORCEMENT REQUESTS
Legality review. When Bailar receives a request from a public authority — including domestic and foreign law enforcement, regulators, intelligence agencies, courts, and other governmental bodies — for personal information about a user, we review the request to confirm that it is lawful, properly issued, and within the requesting authority’s jurisdiction before disclosing any information. Requests that lack a valid legal basis or that are facially defective are rejected.
Challenging unlawful requests. Where Bailar reasonably believes a request is unlawful, overbroad, or contrary to applicable law, we will challenge it through the appropriate judicial or administrative channels — including, where appropriate, by filing a motion to quash, by seeking judicial review, or by declining to comply pending lawful order. We may consult outside counsel for any request whose validity is unclear.
Data minimization. When we are required to disclose personal information in response to a lawful request, we disclose only the minimum information necessary to comply. We narrow the scope of any disclosure where possible — for example, by producing only the specific records, accounts, or time periods expressly required, rather than all records associated with a user.
Documentation. Bailar maintains an internal record of each request from a public authority, including the requesting authority, the legal instrument relied upon, the data categories disclosed (or withheld), the legal reasoning underlying our response, and the personnel involved. These records are retained to support potential transparency reporting, internal compliance reviews, and any subsequent legal challenges.
User notice. Where not legally prohibited (for example, by a non-disclosure order, gag order, or sealing requirement), we will notify affected users of requests for their personal information so that the user may seek appropriate legal remedies. Notice may be delayed where doing so is reasonably necessary to avoid prejudicing an ongoing investigation, endangering safety, or violating a court order.
Inquiries from public authorities should be directed to legal@bailar.site. Service of legal process must comply with applicable rules and may also be directed to the registered agent of Bailar, Inc. in Delaware.
4. LAWFUL BASES FOR PROCESSING (EU/EEA, UK, AND OTHER REGIMES)
For users in jurisdictions requiring identification of a lawful basis (including Article 6 GDPR and Article 6 UK GDPR), we rely on the following bases for the processing activities described in Section 2:
| Processing Activity | Lawful Basis |
|---|---|
| Account creation and identity verification (purposes a, b) | Contractual necessity (Art 6(1)(b)) |
| Discovery, recommendations, and event display (purposes c, h) | Contractual necessity for core functionality; legitimate interests for personalization |
| Messaging and connections (purpose d) | Contractual necessity |
| Transactions and payment processing (purposes e, f) | Contractual necessity; legal obligation (tax/anti-fraud) |
| Marketing communications (purpose g) | Consent (Art 6(1)(a)). Required by GDPR, CASL, and Quebec Law 25 prior to first commercial message |
| Fraud prevention and Terms enforcement (purposes i, j) | Legitimate interests (Art 6(1)(f)); legal obligation |
| Analytics, research, and product development (purposes k, l, m, n) | Legitimate interests, balanced against your interests; consent for non-essential cookies |
| Legal compliance and safety (purposes o, p) | Legal obligation; legitimate interests; vital interests |
You may object to processing based on legitimate interests by contacting our Privacy Officer.
5. AUTOMATED PROCESSING AND ARTIFICIAL INTELLIGENCE
5.1 Bailar uses automated processing technologies, including artificial intelligence, machine learning, natural language processing, and computer vision, to analyze information collected through the Service. These technologies are applied to Communications, User Content, and all other collected data.
5.2 Automated Processing is used for content moderation, safety enforcement, spam and fraud detection, CSAM detection and NCMEC reporting, personalization, accessibility, language detection, translation, search and ranking, internal analytics and research, and service operation and improvement. Automated Processing is not used to serve targeted third-party advertising.
5.3 Automated Processing of Communications and User Content is performed by technical systems and does not ordinarily involve direct human review of individual messages. Authorized Bailar personnel may access Communications in the limited circumstances described in our Terms of Service, including to investigate reports, comply with legal obligations, maintain platform integrity, and evaluate the quality of operational moderation systems — not to train third-party general-purpose AI models on your content.
5.4 Bailar relies on third-party inference vendors (identified on our Subprocessors page) to run AI models we call at the moment of use. We contractually require those vendors not to retain or train their underlying foundation models on inputs we send on your behalf, and we route AI traffic only to vendors operating under United States, European Union, United Kingdom, or Canadian data-protection law. The Derived Data, configurations, prompts, and operational models we build internally on top of those vendors’ capabilities are the proprietary property of Bailar, Inc. and may be used for the operational purposes described in this Privacy Policy and Section 2 of our Terms of Service, but are not sold or licensed as a standalone commercial dataset product.
5.5 We do not make decisions producing legal or similarly significant effects based solely on automated processing without human review. Where you have a right under Article 22 GDPR or Article 12.1 of Quebec Law 25 to obtain human intervention or to challenge an automated decision, contact our Privacy Officer.
6. DATA RETENTION
6.1 We retain your personal information, including Communications, for as long as your account is active or as needed to provide the Service and fulfill the purposes described in this Privacy Policy.
6.2 We may retain certain information, including Communications and Derived Data, as necessary to comply with legal obligations, resolve disputes, enforce agreements, prevent fraud, and support legitimate business interests including analytics, research, and product development.
6.3 When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required or permitted by law, or where data has been anonymized or aggregated such that it no longer identifies you.
6.4 Anonymized and aggregated data derived from your information, including from Communications, may be retained indefinitely.
6.5 Deleted Communications and other personal information may persist in encrypted disaster-recovery backups for up to ninety (90) days after deletion, after which they are rotated out, and in aggregated or de-identified form indefinitely. We do not maintain “trained models” built from your personal information as a separate retention bucket; operational models that have been tuned on internal data are subject to the same deletion and re-training cycle as the underlying source data. For users in Quebec exercising the right to data destruction under Article 28.1 of Law 25, we will document and explain any retention beyond your deletion request.
7. DATA SECURITY
7.1 We implement reasonable technical and organizational measures to protect your personal information, including encryption of data in transit, access controls, security monitoring, and regular security assessments.
7.2 No method of transmission or storage is 100% secure. We cannot guarantee absolute security.
7.3 Communications transmitted through the Service are not end-to-end encrypted. You transmit Communications at your own risk.
7.4 Do not use the Service to transmit sensitive information such as Social Security numbers, financial account numbers, passwords, or medical information.
7.5 Breach notification: We will notify affected users and relevant supervisory authorities of personal data breaches as required by applicable law, including without undue delay and within 72 hours under GDPR Article 33, as soon as possible under PIPEDA section 10.1, as soon as possible under Quebec Law 25 Article 3.5, and as required under applicable U.S. state breach notification statutes.
8. YOUR RIGHTS AND CHOICES
8.1 Account Information
You may update or correct account information through the App. You may delete your account by contacting privacy@bailar.site.
8.2 Location Data
Control location data through your device’s operating system settings.
8.3 Marketing Communications
Email: Where required by applicable law (including for users in Canada under CASL, in the EU/EEA and UK under GDPR / PECR, and in jurisdictions with similar regimes), marketing email is sent only with prior express consent. You may withdraw consent at any time via the unsubscribe link included in every marketing message, by adjusting in-app settings, or by contacting our Privacy Officer. You will continue to receive transactional emails (booking confirmations, password resets, account notifications) as long as you have an active account.
Push notifications: Opt out through your device’s notification settings, or through the in-app notification preferences screen.
SMS / text messages: Bailar sends two categories of text messages, each with its own consent rules.
- Transactional SMS (one-time verification codes, two-factor authentication codes, account recovery codes, password reset codes, and other security-related messages) are sent only when you actively request them — for example, by tapping “send code” during sign-in. These messages are part of the Service and are not considered marketing communications.
- Marketing SMS (promotional offers, event recommendations, announcements, and other non-transactional messages) is opt-in only. We will not send you marketing texts unless you have explicitly consented by checking the “Yes, send me text message updates from Bailar” box during sign-up or in your account settings. By opting in, you consent to receive recurring automated promotional text messages at the phone number you provided. Consent is not a condition of purchase or account creation. Message and data rates may apply. Message frequency varies.
- To stop marketing SMS: reply STOP to any marketing text message at any time, or disable the SMS marketing toggle in your account settings. Replying HELP to any Bailar text message will return contact information. Opting out of marketing SMS does not affect transactional SMS.
SMS communications are subject to the U.S. Telephone Consumer Protection Act (TCPA), the FCC’s rules on autodialed messages, Canada’s Anti-Spam Legislation (CASL), the GDPR / ePrivacy Directive in the EU/EEA, and equivalent regulations in other jurisdictions. Bailar does not share your phone number with unaffiliated third parties for marketing purposes.
8.4 Automated Processing
Certain automated processing is integral to the Service and cannot be opted out of while maintaining an active account. To stop processing, discontinue use and delete your account. For automated decisions producing legal or similarly significant effects, see Section 5.5.
8.5 California Residents (CCPA / CPRA)
You have the right to: (a) know what personal information we collect; (b) request access and a portable copy; (c) request deletion; (d) request correction; (e) opt out of the sale or sharing of personal information for cross-context behavioral advertising (we do not sell information that identifies you individually); (f) limit use of sensitive personal information; and (g) not be discriminated against for exercising these rights. Contact privacy@bailar.site. We will verify your identity before responding to a verifiable consumer request.
8.6 Florida Residents (FDBR)
Under the Florida Digital Bill of Rights, you may have rights to access, correct, and delete personal information, opt out of targeted advertising, and obtain a portable copy of your information. Contact privacy@bailar.site.
8.7 Other U.S. State Residents
Residents of states with comprehensive privacy laws (including Colorado, Connecticut, Delaware, Iowa, Indiana, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia) may have rights similar to those described above. Contact privacy@bailar.site.
8.8 Canada (PIPEDA)
If you are a resident of Canada, you have the right under PIPEDA to: (a) be informed of the existence, use, and disclosure of your personal information; (b) request access to your personal information; (c) request correction of inaccurate or incomplete information; (d) withdraw consent for processing (subject to legal or contractual restrictions); and (e) make a complaint to our Privacy Officer regarding compliance with PIPEDA. If unresolved, you may complain to the Office of the Privacy Commissioner of Canada at priv.gc.ca.
8.9 Quebec Residents (Loi 25)
If you are a resident of Quebec, you have the rights described in 8.8 above plus additional rights under An Act respecting the protection of personal information in the private sector (Quebec Law 25), including:
(a) the right to be informed of the categories of personal information collected, the purposes, the categories of recipients, and where applicable the names of subprocessors and the location of processing;
(b) the right to data portability — the right to receive your personal information in a structured, commonly-used technological format, and the right to have it transmitted to another party of your choice (Article 27);
(c) the right to object to certain processing and the right to data erasure (“destruction”) where information is no longer necessary for the purposes for which it was collected (Article 28.1);
(d) the right to obtain human intervention regarding decisions based exclusively on automated processing that produce legal or similarly significant effects (Article 12.1);
(e) the right to information about cross-border transfers of personal information, including the existence of safeguards, before such transfers occur. Bailar transfers Quebec residents’ personal information outside Quebec to the United States and other jurisdictions for hosting (Supabase, Vercel), error monitoring (Sentry), email delivery (Resend), and other purposes. We have assessed the privacy protection afforded in those jurisdictions in light of the criteria set out in Article 17 of Law 25 and rely on contractual safeguards (data processing agreements) with each subprocessor; and
(f) the right to lodge a complaint with the Commission d’accès à l’information du Québec (CAI) at cai.gouv.qc.ca.
Quebec residents may exercise any of these rights by contacting our Privacy Officer at privacy@bailar.site. We will respond within 30 days of receiving a verified request, with a possible 30-day extension for complex requests.
8.10 European Union and European Economic Area (GDPR)
If you are a resident of the EU or EEA, you have the rights set out in Articles 13–22 of the General Data Protection Regulation (Regulation (EU) 2016/679):
(a) the right to be informed of the processing of your personal data (Articles 13–14);
(b) the right of access (Article 15) and to receive a portable copy in a structured, commonly used, machine-readable format (Article 20);
(c) the right to rectification of inaccurate or incomplete data (Article 16);
(d) the right to erasure (“right to be forgotten”) where applicable (Article 17);
(e) the right to restrict processing (Article 18);
(f) the right to object to processing based on legitimate interests, including for direct marketing (Article 21);
(g) the right not to be subject to a decision based solely on automated processing producing legal or similarly significant effects (Article 22); and
(h) the right to withdraw consent at any time, where processing is based on consent (Article 7(3)).
You may exercise these rights by contacting privacy@bailar.site. We will respond within one month, extendable by two further months for complex or numerous requests. You also have the right to lodge a complaint with your local supervisory authority. The list of EU supervisory authorities is available at edpb.europa.eu.
8.11 United Kingdom (UK GDPR)
UK residents have the rights described in 8.10 above under the UK General Data Protection Regulation and the Data Protection Act 2018. Complaints may be addressed to the Information Commissioner’s Office (ICO) at ico.org.uk.
8.12 Mexico (LFPDPPP)
If you are a resident of Mexico, you have ARCO rights under the Ley Federal de Protección de Datos Personales en Posesión de los Particulares: Acceso (Access), Rectificación (Rectification), Cancelación (Cancellation), and Oposición (Objection), plus the right to revoke consent. To exercise these rights, contact privacy@bailar.site. Complaints may be addressed to the Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI) at home.inai.org.mx.
8.13 Other Latin American Jurisdictions
Colombia (Habeas Data Law 1581 of 2012): rights to know, update, rectify, and request proof of consent; complaints may be addressed to the Superintendencia de Industria y Comercio at sic.gov.co.
Argentina (Personal Data Protection Law 25,326): rights of access, rectification, update, and suppression; complaints may be addressed to the Agencia de Acceso a la Información Pública at argentina.gob.ar/aaip.
Peru (Personal Data Protection Law 29,733): rights of access, rectification, cancellation, and opposition; complaints may be addressed to the Autoridad Nacional de Protección de Datos Personales at gob.pe/anpd.
Residents of these jurisdictions may exercise rights by contacting our Privacy Officer at privacy@bailar.site.
9. CHILDREN’S PRIVACY AND TEEN PROTECTIONS
9.1 Minimum age. The Service is intended for individuals 13 years of age or older. We do not knowingly collect personal information from anyone under 13. If we become aware that we have collected information from a person under 13, we will take steps to delete it promptly and report any child sexual abuse material (“CSAM”) as required by law.
9.2 Age verification at sign-up. All new users must provide their birth month and year before completing sign-up. Existing users are required to provide this information on next launch through an in-app prompt. Accounts that resolve to ages below 13 are not created (or, for existing users, are signed out and queued for deletion). We retain the minimum information necessary to enforce this gate.
9.3 Special protections for minors 13–17. When a user is identified as 13–17, Bailar applies age-appropriate defaults: private account (visible only to approved followers); non-discoverable in “Find Dancers” lists; messaging restricted to followers (16–17) or off (13–15); sensitive-content level clamped to “Less”; and exclusion from the popular-dancers and people-you-may-know surfaces visible to adults. Adults (18+) cannot direct-message a minor unless the minor follows them. These defaults are enforced server-side and cannot be loosened by the user below the age-appropriate floor.
9.4 Family Center. Minor users (13–17) may invite a trusted adult to act as a guardian through Bailar’s Family Center. A guardian can view the minor’s account activity (RSVP counts, follow lists, post counts, recent reports against their content), set daily time limits, configure a bedtime window during which notifications are muted, and lock the minor’s sensitive-content setting. Guardian access is consensual on both sides — the minor invites by email; the guardian must accept; either party may revoke at any time.
9.5 European Union – GDPR-K (Article 8). For users in the EU/EEA, the digital age of consent varies by member state (typically 16, but as low as 13 in Belgium, Denmark, Estonia, Finland, Latvia, Malta, Portugal, Sweden; 14 in Austria, Cyprus, Greece, Italy, Lithuania, Slovenia, Spain; 15 in Czech Republic, France; 16 in Germany, Hungary, Ireland, Luxembourg, Netherlands, Poland, Romania, Slovakia). Where the user’s self-reported age is below the applicable consent threshold, Bailar requires verifiable parental consent (provided through the Family Center guardian-link flow) before processing personal data beyond what is necessary to deliver the Service.
9.6 United States – COPPA. Bailar does not knowingly collect, use, or disclose personal information from children under 13 in violation of the Children’s Online Privacy Protection Act (15 U.S.C. §§ 6501–6506) or its implementing regulations (16 C.F.R. Part 312). Our age gate is designed to prevent such collection at the source. If we learn we have collected information from a child under 13 without verifiable parental consent, we will delete that information immediately and disable the account.
9.7 Reporting concerns. If you believe Bailar has collected information from a child under 13, or if you are a parent or guardian who wishes to review, amend, or request deletion of information about a minor in your care, contact privacy@bailar.site. We respond to verifiable requests within 30 days (or sooner where required by law).
10. THIRD-PARTY LINKS AND SERVICES
The Service may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of these third parties. Review their privacy policies.
11. INTERNATIONAL DATA TRANSFERS
11.1 Bailar is established in the United States. Your personal information is stored, processed, and accessed in the United States and other countries where our subprocessors operate (see bailar.site/legal/subprocessors for the current list and locations).
11.2 Transfers from the EU/EEA, UK, and Switzerland: where personal data is transferred from the EU/EEA, the UK, or Switzerland to a country that has not received an adequacy decision, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, the UK International Data Transfer Addendum, or the Swiss-equivalent SCCs, as applicable, and on supplementary measures including encryption in transit and access controls. Copies of the relevant clauses are available on request from our Privacy Officer.
11.3 Transfers from Canada and Quebec: we have assessed the data protection regimes of jurisdictions to which we transfer personal information using the criteria in PIPEDA Principle 4.1.3 and Article 17 of Quebec Law 25. We rely on contractual safeguards in data processing agreements with each subprocessor and on technical safeguards including encryption.
11.4 Transfers from Mexico (LFPDPPP): cross-border transfers are conducted with the recipient’s commitment to comply with the same obligations as Bailar with respect to the personal data transferred.
12. DO NOT TRACK SIGNALS
The Service does not currently respond to “Do Not Track” signals from your browser. We do, however, respect Global Privacy Control (GPC) signals where required by applicable U.S. state law.
13. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time. Material changes will be notified through the App or by other means. Where required by applicable law (including under Quebec Law 25 Article 8 and GDPR Article 13), we will provide advance notice of material changes that affect your rights. Continued use after changes take effect constitutes acceptance, except in jurisdictions where renewed consent is required.
14. CONTACT US
For privacy inquiries, data subject requests, or to contact our Privacy Officer:
Paul Plawin, Privacy Officer
Bailar, Inc.
401 Ocean Dr, Suite 404
Miami Beach, FL 33139
United States
Email: privacy@bailar.site
For general legal correspondence: legal@bailar.site.