Privacy Policy

Version 2026-04-26b · Effective 2026-04-26b

This Privacy Policy explains how Profound, Inc. ("Profound," "we," "us") collects, uses, and shares information about you when you use getprofound.net, our mobile apps, and related services (the "Services"). It complements our Terms of Service.

Profound is an adults-only platform. The Services are intended solely for users aged 18 and older.

1. Information we collect

We collect information you provide directly, information generated when you use the Services, and information from third-party providers we use to operate the platform.

  • Account & profile: name, email, role (client or expert), password (hashed by Firebase Authentication), profile photo, bio, areas of expertise.
  • Age attestation. When you accept our Terms at signup, you confirm you are at least 18 years old. We do not collect your date of birth.
  • Bookings & sessions: session times, durations, prices, payment status, and metadata about whether the call was joined.
  • Messages & content: text messages, attachments, profile media, ad-campaign drafts.
  • Payment info: handled by Stripe. We receive transaction metadata (amount, status, last 4 digits of the card) but not the full card number.
  • Device & usage: IP address, device type, OS, app version, event logs (sign-in, sign-up, search, booking funnel), and crash reports.
  • Reports & safety signals: when you submit a report, we record what was reported, the context, and a content snapshot to assist review.

2. How we use information

  • To provide, secure, and operate the Services (account creation, bookings, calls).
  • To enforce our Terms and operate Trust & Safety actions, including suspending or terminating accounts that violate the Terms or applicable law.
  • To process payments and prevent fraud (with Stripe).
  • To send transactional emails and (where you have not opted out) product updates.
  • To improve the Services and develop new features.
  • To comply with legal obligations and respond to lawful requests.

3. Children's privacy

Profound is an adults-only service intended for users aged 18 and older. The Services are not directed to children, and we do not knowingly collect personal information from anyone under 18. We do not target advertising or content to minors, and we do not knowingly enroll minors in any feature of the Services.

If you are a parent or guardian and you believe we have inadvertently collected personal information from someone under 18, please contact privacy@getprofound.net and we will promptly delete the account and the associated data.

4. Sharing of information

  • Other users. Information you put on your profile is visible to other users. Messages and session metadata are shared with the user you transact with.
  • Service providers. Google Firebase (auth, database, storage, cloud functions, hosting), Stripe (payments), Agora (real-time video), Resend / our SMTP provider (email), Sentry-equivalent error logging, and similar vendors. They process your data only on our behalf under contractual safeguards.
  • Trust & Safety. Our Trust & Safety reviewers may read reported content and account details to investigate.
  • Law enforcement & NCMEC. We disclose information when required by law, in response to valid legal process, or to protect the safety of any person — including reporting suspected child sexual exploitation to NCMEC under 18 U.S.C. § 2258A.
  • Corporate transactions. Information may be transferred in connection with a merger, acquisition, or sale of assets, subject to standard confidentiality protections.
  • We do not sell your personal information.

5. International data transfers

Profound is operated from the United States. Information you provide may be transferred to and processed in the U.S. and other countries where our service providers operate. Where required, we rely on Standard Contractual Clauses or other lawful transfer mechanisms for transfers out of the EU/EEA, the UK, or other jurisdictions with similar requirements.

6. Data retention

We retain personal information only for as long as needed to provide the Services and for legitimate business or legal purposes. As a default:

  • Account and profile data: until you delete your account, then up to 30 days for backup purging.
  • Messages: until you or the other party deletes a thread, then up to 30 days for backups.
  • Booking, payment, and tax records: 7 years (regulatory).
  • Trust & Safety records, including reports and NCMEC stubs: as required by law and for as long as needed for safety investigations.
  • Server logs: 90 days unless extended for security investigation.

7. Your rights

Depending on where you live, you may have rights to access, correct, delete, port, or object to certain processing of your personal information, and to lodge a complaint with a supervisory authority. To exercise these rights, email privacy@getprofound.net from the email address on your account. We may need to verify your identity before acting on a request.

California residents have additional rights under the CCPA/CPRA, including the right to know what categories of personal information we collect, the right to delete, the right to correct, and the right to opt out of "sharing" for cross-context behavioral advertising. Profound does not engage in such sharing.

8. Security

We use industry-standard administrative, technical, and physical safeguards. No system is 100% secure. If you believe your account has been compromised, contact security@getprofound.net immediately.

9. Changes to this policy

We will update the version above when we make material changes and require returning users to re-accept on next login.

10. Contact

Privacy questions: privacy@getprofound.net. Safety: safety@getprofound.net. Mailing address available on request.