Privacy Policy.

FOMO Social is the brand console for ComeClosely. We are operated by Come Closely Inc., a Delaware corporation ("FOMO Social", "we", "us", "our").

Brands sign in at FOMO Social to buy FOMO points (100 points = $1), launch campaigns, and reward users. Those campaigns are then surfaced inside the ComeClosely mobile app, where end users earn and redeem points. This policy covers both surfaces — the brand-facing console and the user-facing app — because data flows between them as part of the same closed-loop economy.

We collect only what we need to operate the service.

From brand accounts:

• Account info — name, work email, role, password hash.
• Business details — legal entity, billing address, tax ID where required.
• Wallet activity — point top-ups, allocations, ledger entries, campaign spend.
• Payment tokens via Stripe — we never see or store raw card numbers; Stripe holds those in their vaulted PCI environment.
• Campaign metadata — what you launched, who you targeted, what triggered a reward.

From ComeClosely app users:

• Profile basics — handle, display name, email, age band.
• App activity relevant to a campaign — shares, attendance check-ins, redemptions, point balance per brand.
• Device + telemetry — IP, OS version, crash reports — for reliability and abuse prevention.

• To operate the closed-loop point economy — crediting points earned, debiting points redeemed, settling brand wallets.
• To fulfill campaigns — matching engagement events to reward rules, issuing rewards.
• To prevent abuse — fraud detection, bot filtering, duplicate-claim protection.
• To support you — answering questions, fixing bugs, sending service notices.
• To comply with the law — tax records, sanctions screening, lawful requests from authorities.

We do not use your data to train external AI models, and we do not build advertising profiles outside the campaigns you have explicitly launched.

• Stripe — to process payments and KYC where required.
• ComeClosely app — to match engagement events to your campaigns and award points to users.
• Service providers — hosting, monitoring, analytics, email delivery — each bound by a Data Processing Agreement that limits them to processing only on our instructions.
• Regulators & courts — when we're legally required, and only the narrowest scope to satisfy the request.

We do not sell personal data to third parties — full stop. There is no advertising-data brokerage in our business model.

• Wallet & financial records — retained for 7 years to satisfy financial-record keeping obligations.
• Account data — retained while your account is active, plus a 90-day grace window after closure so you can reopen without data loss.
• Operational logs — typically 30–90 days, longer only when retained as evidence in an active investigation.

Depending on where you live, you have rights over the personal data we hold about you:

• Access — request a copy of what we hold.
• Correction — fix anything that is wrong.
• Deletion — ask us to remove your data, subject to records we must keep under financial-record law.
• Portability — receive your data in a machine-readable format.
• Object / restrict — limit how we process your data in certain cases.

EU and UK residents may exercise rights under GDPR and UK GDPR; California residents may exercise rights under the CCPA / CPRA, including the right to know, delete, correct, and opt out of any "sharing" for cross-context behavioural advertising (we don't do that). To exercise any of these rights, email privacy@fomosocial.com.

We use a minimal set of essential cookies to keep you signed in and protect your session. We don't use third-party advertising cookies or cross-site trackers.

Analytics (page views, error rates) are first-party and aggregated. Where law requires it, we'll ask for your consent before turning analytics on, and you can revoke it any time from your account settings.

• TLS 1.2+ for everything in transit.
• Encryption at rest for databases and backups.
• Card data is fully out of our scope — Stripe holds it under their PCI-DSS Level 1 compliance.
• Least-privilege internal access, audit logs on sensitive actions, and regular third-party penetration tests.

No system is invincible. If we detect a breach that affects you, we'll notify you without undue delay and within any timelines required by law.

Our infrastructure is primarily in the United States. When we transfer personal data out of the EU/UK, we rely on the European Commission's Standard Contractual Clauses (SCCs) plus appropriate supplementary measures, and we perform transfer impact assessments where required.

FOMO Social and ComeClosely are not directed to children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us data, contact privacy@fomosocial.com and we'll delete it promptly.

We'll update this policy as the product evolves. For material changes, we'll email registered brand account owners at least 30 days before they take effect, so you have time to review or close your account if you disagree. Minor edits — typo fixes, clarifications — we'll just publish with an updated "Last updated" date.

Questions, requests, or just want to know what we hold on you? Reach out:

• Email: privacy@fomosocial.com
• Web: fomosocial.com/contact
• Postal: Come Closely Inc., 1209 Orange Street, Wilmington, DE 19801, USA.

We aim to respond within 30 days, faster where the law requires it.