Streetz Indeed Inc. – Privacy Policy
Effective Date: February 1, 2026
Plain-English summary of what we collect, why, and your rights. Nothing here overrides the Terms of Service.
We take privacy seriously. We do not sell your personal information. Messages sent to our SI Concierge AI are not used to train any AI model. Voice and video calls are peer-to-peer — we never record them.
1. Who We Are
Streetz Indeed Inc. (“Streetz Indeed,” “we,” “our,” “us”) is a Canadian company operating the Streetz Indeed web app, Progressive Web App (PWA), iOS/Android native shells (Capacitor), and the @StreetzIndeedBot Telegram integration. This Privacy Policy explains what we collect, why, and your rights. If you do not agree, please do not use the services.
2. Information You Provide Directly
• Account basics: email address, chosen @username, display name. • Authentication artifacts: one-time email codes (OTP), optional password (stored only as a bcrypt hash — never in plain text), per-browser device_id to recognize trusted devices, and JWT session tokens. • Optional profile: profile picture (≤ 5 MB image) stored in our private object-storage bucket and served via signed URLs; phone number if you choose to add one. • Messages and content: text, attachments (images/videos/files ≤ 5 MB; videos ≤ 60 s), voice notes (audio/webm), polls, scheduled posts, reactions, pins, replies, and read receipts you generate inside chats you have access to. • Support + feedback: anything you submit through /feedback, /careers, or direct emails.
3. Information We Collect Automatically
• Operational metadata: timestamps, channel IDs, delivery status, typing indicators, connection logs. • Device + network signals: IP address (to prevent abuse and flag untrusted devices), user-agent string, approximate device type. • Cookies & local storage: JWT token, device_id, theme preference (light/dark), language choice, and session flags for the Download-App prompt. We do not use third-party advertising cookies.
4. Location Data (Opt-In)
Location is OPTIONAL. During onboarding you may Enable Location or Skip. • If enabled, your browser provides coordinates which we immediately reverse-geocode via OpenStreetMap Nominatim (free, keyless, no tracking). We retain only country, country_code, region, and city — not precise coordinates long-term. • Purpose: personalize SI Concierge responses (province/state slang), surface nearby opportunities, and populate location fields on your profile. • If you skip or deny, we simply flag it as denied/skipped and the rest of the app works normally. • You can revoke at any time from your browser’s site settings and ask us to delete stored location at streetzindeed@cexus.ca.
5. The SI Concierge (AI Assistant)
SI Concierge is a private in-app AI powered by Anthropic's Claude Sonnet 4.5, routed through the Emergent Universal LLM Key. • Privacy-first: Anthropic DOES NOT train its models on data submitted through the API. Your messages are used solely to generate the immediate reply. • What is sent: the text of your message to the Concierge, plus a minimal context block (country/region if you shared it, and your @username) so replies are accurate. • What is stored on our servers: the message and the Concierge's reply (as regular chat messages in the Concierge DM), so you can scroll back. • The AI cannot post on your behalf anywhere outside your Concierge DM or a group chat where you explicitly invoked @concierge. • Treat AI replies as informational only — not legal, financial, medical, or tax advice.
6. Voice, Video, and WebRTC Calls
1-on-1 and small group (up to 4) voice/video calls are peer-to-peer via WebRTC. • Media (audio/video) travels directly between participants — it does NOT pass through our servers and we cannot record it. • Signaling (invite / accept / SDP offer / ICE candidates) is relayed through our WebSocket so participants can connect. Signaling payloads are ephemeral and not archived. • We use free Google STUN servers (stun.l.google.com) to help peers discover each other across NATs. If NAT traversal fails, the call simply fails — we do not fall back to a recording server.
7. Third-Party Processors
We only share the minimum data required for each service: • Stripe (payments) — card data is collected by Stripe directly; we receive a session_id and status webhook. • NOWPayments (crypto) — LTC address + amount; we receive IPN callbacks. • Resend (transactional email) — email + OTP payload for delivery. • Anthropic via Emergent Integrations (AI) — Concierge messages; no training. • Google (optional Sign-In) — OAuth identity claims (email, name, picture). • Telegram Bot API (legacy channel access) — Telegram user_id and chat_id if you link. • Emergent Object Storage — private bucket for profile pictures and uploaded attachments. • OpenStreetMap Nominatim — coordinates → city/region (only if you share location). We do not sell your personal information to anyone, period.
8. How Long We Keep Your Data
• Chat messages: retained until you or an admin deletes them, or your account is closed. • Uploaded files / voice notes: retained as long as the parent message exists. • OTP codes: expire within minutes. • JWT tokens: up to 90 days; revocable from Profile → Devices. • Location: retained until you revoke or delete your account. • Payment records: 7 years (tax/accounting obligations in Canada). • Backups: rolling 30-day encrypted backups; deletion requests are honored on restore.
9. Security Measures
• Passwords stored as bcrypt hashes only. • OTP + device-binding: login on a new device or new IP forces an OTP challenge even if a password exists. • Transport: all API, WebSocket, and storage traffic uses TLS 1.2+. • Role-based access: staff access to production data is least-privilege and audited. • File scanning: uploads are size-capped (5 MB) and content-type validated. • No service is 100% invulnerable — if we ever experience a breach that materially affects you, we will notify you promptly as required by PIPEDA/GDPR/CCPA.
10. Your Rights
You can at any time: • Access, correct, or delete your profile data from the Profile dashboard. • Export a copy of your chat messages by emailing streetzindeed@cexus.ca. • Revoke trusted devices from Profile → Devices. • Delete your account entirely — this hard-deletes your profile, messages, uploads, and linked Telegram association. DMs with other users keep the other user's side intact (we cannot delete their copy unless both parties agree via “Delete for both”). • Canadian residents: rights under PIPEDA (access, correction, complaint to the Privacy Commissioner). • EU/UK residents: rights under GDPR/UK GDPR (access, rectification, erasure, portability, restriction, objection). • California residents: rights under CCPA/CPRA (know, delete, correct, opt-out of sale — we do not sell).
11. Children
Streetz Indeed is not directed at children. You must be at least 13 years old (16 in the EU/UK/Quebec) to create an account. If we learn we have collected data from a child below the applicable age, we will delete it.
12. International Transfers
Our infrastructure and some processors (Stripe, Anthropic, Google, Resend) are located in the United States and the EU. By using the services you consent to cross-border transfer under contractual safeguards equivalent to your home-country standard.
13. Block, Mute, and Contact Tools
When you block, mute, or add another user as a contact, that choice is stored on your user document. Blocked users cannot DM you or see your typing indicators. We never notify the other user that you blocked them.
14. Push Notifications & PWA
If you install the Progressive Web App or the upcoming native iOS/Android shell, you may grant Push Notification permission. You can revoke it at any time in your OS/browser settings. We use it only for transactional notifications (new message, call invite, scheduled post published). No marketing push.
15. Changes to This Policy
We may update this Privacy Policy. Material changes will be announced in-app and on the website at least 7 days before they take effect. Continued use after the effective date means you accept the update.
16. Contact Us
Privacy inquiries, data access requests, or account deletion: streetzindeed@cexus.ca
Live chat: tap the button below to open SI Concierge inside the app — a real human reviews every privacy escalation within 24 hours.
Mailing address: Streetz Indeed Inc., Montreal, QC, Canada.
Get the Streetz Indeed App
Install our app for a faster, native-like experience with push notifications, offline support, and a home-screen icon.
You can install later from the install icon in the address bar.