FrontRow Privacy Policy

1. Introduction and Scope

This Privacy Policy (“Policy”) explains how Northslate LLC, a Utah limited liability company (“Northslate,” “we,” “us,” or “our”), collects, uses, discloses, retains, and protects information in connection with the FrontRow service, including our mobile application, websites, and related features (collectively, the “Service”). FrontRow is an invitation-only, closed-beta social network built around device-attested, “verified-real” video.

This Policy is incorporated into and forms part of the FrontRow Terms of Service. By accessing or using the Service, you acknowledge that you have read and understood this Policy. If you do not agree with it, do not use the Service. Capitalized terms not defined here have the meanings given in the Terms of Service.

This Policy applies to information we process about users of the Service, people on our waitlist or invite allowlist, and visitors to our websites. It does not apply to third-party services, websites, or applications that we do not own or control.

2. Who We Are and How to Contact Us

The controller responsible for your information is:

• Northslate LLC (operator of FrontRow), a Utah limited liability company.
• Mailing address: Northslate LLC, [registered Utah business mailing address — CONFIRM BEFORE LAUNCH].
• Privacy and legal contact: [email protected]

For data-protection inquiries, rights requests, or other privacy questions, contact us using the details in Section 25.

3. A Note on Our Privacy-First Design

FrontRow is built to be minimally invasive by design. Several of the most sensitive operations the app performs happen entirely on your device and never leave it. We do not use third-party advertising or cross-site tracking technologies, we do not embed third-party analytics or tracking SDKs, we do not process payments, and we do not sell your personal information. We do perform first-party device identification (device public key, attestation token, and similar signals) for security, anti-spoofing, and provenance. Where we describe on-device-only processing below, those determinations and the underlying data stay on your phone unless this Policy expressly says otherwise.

4. Information We Collect

We collect the categories of information described below. The specific information collected depends on how you use the Service.

4.1 Account and Profile Information

When you create an account or sign in, we collect and store:

• Your email address;
• A securely hashed version of your password (passwords are hashed using bcrypt; we do not store your plaintext password);
• Your display name and your unique handle;
• If you sign in with Google, your Google profile image (picture) URL;
• Email-verification tokens and password-reset tokens (time-limited);
• Account status indicators such as whether your email is verified and whether your account is approved for the closed beta.

Authentication is available via email and password or via Google OAuth sign-in. If you use Google sign-in, Google provides us with limited profile information (such as your email, name, and profile picture) as described in Google’s own privacy disclosures.

4.2 Invite, Allowlist, and Waitlist Information

Because FrontRow is invitation-only, we store the email addresses on our invite/allowlist and the email addresses of people who join our waitlist, along with optional context such as the source of a waitlist entry or an administrator’s note about an allowlist entry.

4.3 Captured Content You Upload

When you choose to publish a capture, the following may be uploaded to the Service:

• Video and its accompanying microphone audio;
• Device motion-sensor data recorded at a high sample rate during capture, consisting of gyroscope and accelerometer (inertial measurement unit, or “IMU”) readings;
• A device-signed cryptographic “provenance manifest,” which includes SHA-256 hashes of the video and sensor data, camera intrinsics (such as sensor dimensions, focal length, and frame rate), and the capture time;
• The device’s public cryptographic key;
• A Google Play Integrity device-attestation token;
• Thumbnails (keyframes used for feed previews);
• Captions you write.

We use the motion-sensor data and the manifest to perform a best-effort “verified real” correlation check (see Sections 6 and 15). The video and audio you capture are content you choose to record and submit.

4.4 Social and Interaction Data

We collect data generated by your use of social features, including comments, likes, follows and followers, and reports or flags you submit about content.

4.5 Device, Technical, and Log Information

When you register a device or use the Service, we may collect and store:

• Device registration details, including the device’s public key, platform (for example, Android), an optional user-supplied device label, and the Play Integrity attestation payload;
• Administrative audit logs recording operational and moderation actions taken on the Service (for example, account approvals, allowlist changes, and content-moderation decisions). Audit logs may retain a denormalized copy of an actor’s email so that records remain legible even after an account is deleted.

We do not separately store your IP address or user-agent string in our own application database. However, our hosting and infrastructure providers (such as Cloudflare, our database host, and our email provider) may automatically log technical data such as IP address and user-agent as part of delivering and securing the Service.

4.6 Content-Safety Metadata

When you publish content, a content-safety metadata bundle generated on your device may be sent to and stored by the Service for moderation and safety purposes. This may include: a content-safety classification (for example, an NSFW verdict and score), a watermark-detection signal, self-harm signals, and a likelihood signal for whether a minor appears in frame; and descriptive content metadata such as detected objects, scenes, and actions, a maximum face count, whether speech or music is present, a text transcript of spoken audio, text recognized on-screen (OCR), dominant colors, motion intensity, and resolution. These signals estimate whether a face or a minor appears in a frame and detect content characteristics; they detect presence or likely age for safety purposes only and do not identify any specific individual (see Section 6). We use this metadata solely for content moderation and safety. The raw on-device NSFW/watermark scan verdict and the underlying on-device scan are not included in this bundle and are not uploaded; only the limited moderation signals described here are sent when you publish (see Section 5).

5. Information We Do NOT Collect

We want to be precise about the boundaries of our collection. The following are processed on your device only and are not uploaded to or stored by the Service:

• Your encrypted local “vault” of captures. Captures held in your on-device vault stay on your phone. A “locked” vault tier never leaves your device.
• On-device nudity (NSFW) and watermark scan verdicts generated by the app’s local, pre-upload scan. These verdicts are never uploaded. (If you choose to publish a capture, a separate, limited safety-metadata bundle may be sent to the Service for moderation, as described in Section 4.6; the on-device pre-upload scan verdicts themselves are not part of what we store.)
• Your device’s private cryptographic key. The private key is generated and held in your device’s secure hardware and never leaves it. Only the corresponding public key is shared with us.

In addition:

• Location. The capture/manifest format contains an optional location/region field, but the app does not currently collect your location, and we do not populate or store location data from that field. We do not collect precise geolocation.
• Advertising and analytics tracking. We do not embed third-party advertising networks or analytics/tracking SDKs in the Service, and we do not use cross-site tracking technologies.
• Payment data. The Service does not process payments and we do not collect payment-card information.

6. No Biometric Identifiers (BIPA and Similar Laws)

This Section is provided to be clear and accurate about our practices under the Illinois Biometric Information Privacy Act (“BIPA”) and comparable laws.

• FrontRow does not perform facial recognition.
• FrontRow does not create, collect, capture, store, or use biometric identifiers, faceprints, voiceprints, retina or iris scans, or scans of hand or face geometry.
• FrontRow does not use your video, audio, or motion data to identify you biometrically or to determine who any individual is.

Our “verified real” check works by mathematically correlating the device’s motion sensors (gyroscope/accelerometer) with the apparent motion in the video frames (optical flow). It measures whether the camera physically moved in a way consistent with the recorded footage. It is not biometric identification, facial recognition, or voice recognition, and it is not used to identify any person. The on-device pre-upload scan detects nudity and watermarks; it does not identify individuals. We do not derive identity-linked biometric templates from any of the data we process.

Some content-safety signals estimate whether a face or a minor appears in a frame; these detect the presence or likely age of a person for safety purposes only and do not identify any specific individual, create a faceprint, or match a face against any database.

You acknowledge and agree that the motion-to-video correlation check, the on-device nudity/watermark scan, and the cryptographic provenance process do not constitute the collection or use of biometric identifiers or biometric information, and you agree not to assert any claim under BIPA or similar biometric-privacy laws based on those features. If we ever introduce any feature that would collect or use biometric identifiers as defined under BIPA or similar laws, we will first provide the notice and obtain any required written consent before doing so.

7. How We Use Your Information

We use the information we collect for the following purposes:

• To provide and operate the Service: create and authenticate your account, register your devices, host and display your content, deliver feeds, and enable social features such as comments, likes, follows, and notifications.
• To perform provenance verification: validate the device signature on your manifest and run the best-effort motion-correlation check to support the “verified real” signal.
• For content safety and moderation: review, classify, hold, remove, or block content; investigate reports and flags; enforce our Terms of Service and acceptable-use rules; and conduct the CSAM scanning and reporting described in Section 10.
• For security and integrity: detect, prevent, and respond to fraud, abuse, spoofing, unauthorized access, and other harmful or unlawful activity; maintain audit logs.
• To communicate with you: send transactional and account-related messages (for example, email verification, password resets, and important Service notices) and, where applicable, beta-related communications.
• To manage the closed beta: administer invites, the allowlist, and the waitlist.
• To improve our internal systems: develop, train, test, tune, and improve our own internal models, classifiers, integrity/anti-spoofing systems, and the provenance-verification engine, including from derived data, hashes, embeddings, and aggregated or de-identified datasets. We do not license your raw content to third parties to train their generative-AI models.
• To comply with law: meet legal obligations, respond to lawful requests, and establish, exercise, or defend legal claims.
• To maintain the Service: debug, maintain, and improve features and reliability, consistent with our no-third-party-analytics design.

8. Legal Bases for Processing (EEA/UK Users)

If you are in the European Economic Area (“EEA”) or the United Kingdom, we process your personal data under one or more of the following legal bases:

• Performance of a contract (Article 6(1)(b) GDPR): to provide the Service you request, including account creation, content hosting, and verification.
• Legitimate interests (Article 6(1)(f) GDPR): to secure the Service, prevent abuse and spoofing, moderate content, maintain audit logs, improve our internal systems, and operate the closed beta, balanced against your rights and interests.
• Legal obligation (Article 6(1)(c) GDPR): to comply with applicable laws, including child-safety reporting obligations.
• Consent (Article 6(1)(a) GDPR): where required, for example for certain communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.

To the extent User Content you choose to make public reveals special categories of personal data (Article 9 GDPR), our processing is based on the data having been manifestly made public by you (Article 9(2)(e)) and/or your explicit consent (Article 9(2)(a)), which you may withdraw by deleting the content. For child-safety detection and reporting, we rely on substantial public interest and legal obligation (Articles 9(2)(g) and 6(1)(c)). We do not intentionally process special categories of personal data; content you choose to record and publish may reveal information about you, and you control what you capture and submit. Providing certain data (such as your email and a capture you choose to publish) is necessary to use the corresponding features of the Service; if you do not provide it, those features may be unavailable. We do not engage in solely automated decision-making that produces legal or similarly significant effects concerning you. You may request information about, or a copy of, the relevant transfer safeguards by contacting us at [email protected].

9. How Captured Content Is Stored and Transmitted

Uploaded media and related bytes (video, microphone audio, sensor data, the provenance manifest, and thumbnails) are transmitted directly from your device to third-party, S3-compatible object storage using pre-signed URLs. Depending on configuration, object storage may be provided by Cloudflare R2, Amazon S3, or self-hosted MinIO.

Associated metadata (such as account records, content records, verification status, and social data) is stored in a PostgreSQL database hosted by our database provider. We maintain administrative audit logs as described above.

10. Content Safety, CSAM Scanning, and NCMEC Reporting

Child sexual abuse material (“CSAM”) is strictly prohibited and we have zero tolerance for it. To detect and prevent it, we plan to operate server-side CSAM scanning using a hash-matching provider (planned via Cloudflare’s CSAM scanning capability; this is not yet operational, and this Policy will be updated when it is activated). To perform server-side CSAM detection, uploaded images and/or cryptographic hashes derived from them may be transmitted to our scanning provider for hash-matching against known-CSAM databases; this scanning is limited to child-safety detection. Where we identify apparent CSAM, we will remove it and report it to the National Center for Missing & Exploited Children (“NCMEC”) and/or law enforcement as required by law, and we may preserve related information as legally required. We also conduct general content moderation and may hold, remove, or block content and suspend or terminate accounts at our discretion as described in the Terms of Service.

11. How We Share Information; Sub-Processors

We do not sell your personal information. We share information only as described below:

• Service providers / sub-processors that operate the Service on our behalf, including:
  • Object storage — Cloudflare R2, Amazon S3, or self-hosted MinIO (storage of uploaded media, sensor data, manifests, and thumbnails);
  • Database hosting — our PostgreSQL host (storage of metadata);
  • Google — OAuth sign-in and Play Integrity device attestation;
  • Resend — transactional email delivery;
  • Cloudflare — CSAM scanning (planned; not yet operational);
  • NCMEC — recipient of CSAM reports as required by law.
• Other users. Content and information you choose to make public (such as your handle, display name, profile image, published videos, captions, comments, likes, and follows) are visible to other users of the Service.
• Legal and safety. We may disclose information to comply with applicable law, regulation, legal process, or governmental request; to enforce our Terms; to protect the rights, property, or safety of Northslate, our users, or the public; and to detect, prevent, or address fraud, security, or technical issues.
• Business transfers. In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our assets, information may be transferred as part of that transaction, subject to this Policy or a successor policy.

We do not use any advertising networks, and we do not share personal information with third parties for their own independent marketing. We mark planned-but-not-yet-active processors (such as Cloudflare CSAM scanning) accordingly and will update this Policy when they become operational.

12. We Do Not Sell or Share for Targeted Advertising

We do not sell your personal information, and we do not share your personal information for cross-context behavioral advertising or targeted advertising, as those terms are defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”), the Utah Consumer Privacy Act (“UCPA”), and similar laws. We have no actual knowledge that we sell or share the personal information of consumers under 16 years of age, and we do not knowingly do so; we do not sell or share the personal information of any consumer.

13. Cookies and Similar Technologies

We use strictly necessary cookies and similar technologies (such as session tokens) to authenticate you, keep you signed in, and operate core Service functionality. We do not use advertising or third-party analytics cookies. You can control cookies through your browser settings, but disabling strictly necessary cookies may prevent the Service from working.

14. Data Retention and Deletion

We retain personal information for as long as reasonably necessary to provide the Service, comply with our legal obligations, resolve disputes, enforce our agreements, and maintain security and audit records. The table below summarizes our retention criteria by category.

• Account and profile data: retained for the life of your account and deleted on account deletion, subject to the backup cycle and legal exceptions below.
• Captured content, sensor data, manifests, thumbnails, and content-safety metadata: retained until you delete the content or your account, subject to the object-storage and backup cycle below.
• Social and interaction data (comments, likes, follows, reports): retained for the life of your account, subject to the backup cycle below.
• Device, technical, and provider log data (IP/user-agent logged by infrastructure providers): retained according to the providers’ own log-retention periods, typically a limited number of months, for security and operational purposes.
• Administrative audit logs: retained for as long as required by law and for our legitimate compliance and security interests; audit logs may retain a denormalized actor email after an account is deleted.
• Waitlist and allowlist emails: retained until you request removal or the entry is no longer needed for the beta program.
• Child-safety / CSAM-related records: retained as long as required by law and for our legal-compliance interests.

When you delete your account or specific content, the corresponding records in our PostgreSQL database are removed (deletion of a user cascades to that user’s associated database records). Copies of the underlying uploaded files in our object storage and in our backups are not necessarily deleted at the same time as the database records and may be retained; we are working to implement automated deletion of stored files upon account or content deletion. Until that is in place, you may request deletion of your stored files by contacting us at [email protected], and we will honor verified deletion requests, subject to the backup-retention window described below.

Consistent with CCPA/CPRA, the UCPA, and GDPR Article 17(3), we are not required to delete information from archived or backup systems on demand; during any backup-retention window, residual data is access-restricted and is not used for any other purpose, and deletion is reapplied when the backup is cycled or restored. We may also retain certain information after deletion where an exception applies (legal obligation, child-safety, security, fraud-prevention, establishment/exercise/defense of legal claims, or audit). Information that has been de-identified or aggregated may be retained.

15. “Verified Real” Is Not a Guarantee

The “verified real” feature is a best-effort provenance signal only. A “verified” indicator means that our automated checks (device signature validation and motion-to-video correlation above a configured threshold) were satisfied. It is not a guarantee that any video is authentic, accurate, unaltered, human-made, or free from manipulation, and it should not be relied upon as such. Verification results may produce false positives or false negatives, may be affected by configuration, and may change over time. We disclaim any warranty regarding the accuracy or reliability of the “verified real” signal, as further described in the Terms of Service.

16. Children’s Privacy (COPPA)

The Service is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. Use of the Service by anyone under 13 is strictly prohibited. If we learn that we have collected personal information from a child under 13, we will delete it as required by the Children’s Online Privacy Protection Act (“COPPA”).

Users who are 13 to 17 years old may use the Service only with the consent of a parent or legal guardian, who must also agree to the Terms of Service and who is responsible for the minor’s use of the Service. The minor and their parent or guardian are responsible for ensuring such consent has been obtained, and we may require verification of it before or during use of the Service. A parent or guardian may review the personal information we have collected about their minor, refuse to permit its further collection or use, and request its deletion by contacting us using the details in Section 25. Published content from a minor is visible to other users of the Service; guardians should consider this and supervise the minor’s use accordingly. For any inadvertently collected under-13 data, our direct-notice practices describe the purposes of collection, the categories of third parties to whom data may be disclosed (such as object-storage providers and Google), and that consent to collection necessary to operate the Service may be given without consenting to disclosure to third parties that are not integral to the Service. If you are a registered user under 18 and a California resident, you may request removal of content you posted by contacting us using Section 25.

17. Your Privacy Rights (California — CCPA/CPRA)

If you are a California resident, you have the following rights, subject to certain exceptions:

• Right to know / access: to request the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of third parties with whom we share it.
• Right to delete: to request deletion of personal information we collected from you.
• Right to correct: to request correction of inaccurate personal information.
• Right to opt out of sale/sharing: we do not sell or share personal information for cross-context behavioral advertising, so there is nothing to opt out of in this respect.
• Right to limit use of sensitive personal information: see the note on sensitive personal information below.
• Right to non-discrimination: we will not discriminate against you for exercising your rights.

Categories of personal information. In the preceding 12 months, we collected the following CCPA/CPRA categories, all as described in Section 4: identifiers (email, display name, handle, device public key); internet or other electronic network activity (technical/device information and provider-side logs); audio, visual, and similar information (video, microphone audio, thumbnails, captions, and content-safety metadata including transcripts and OCR text); sensor data (device motion/IMU readings — note we do not collect geolocation); professional or commercial information (none beyond the above); and sensitive personal information as described below. The sources of this information are you and your device; the business and commercial purposes are described in Section 7; and we disclosed these categories only to the service providers/sub-processors listed in Section 11. We did not sell or share any category and did not use any category for cross-context behavioral advertising.

Sensitive personal information (SPI). The SPI we collect consists of your account log-in credentials (email plus hashed password) and the contents of communications and recordings you create (microphone audio, video, and captions). We use this SPI only to provide the Service you request and for related security, safety, and operational purposes — uses that do not trigger the right to limit the use of SPI under CCPA/CPRA. We do not use SPI to infer characteristics about you.

Automated decision-making / profiling. We do not use your personal information for profiling that produces legal or similarly significant effects concerning you. The “verified” signal is an automated integrity check applied to content, not a decision producing legal or similarly significant effects about you.

To exercise these rights, contact us using the details in Section 25 (email is a designated request method for our online-only Service). We will verify your request using information associated with your account. You may use an authorized agent where permitted by law.

18. Your Privacy Rights (Utah Consumer Privacy Act)

If you are a Utah resident, the Utah Consumer Privacy Act (“UCPA”) provides you with rights, subject to its terms and exceptions, including the right to confirm whether we are processing your personal data and to access it, the right to delete personal data you provided, the right to obtain a portable copy of your personal data, and the right to opt out of the processing of your personal data for purposes of targeted advertising or the sale of personal data. As described in Section 12, we do not sell personal data and we do not process it for targeted advertising. To exercise your rights, contact us using the details in Section 25.

19. Your Privacy Rights (EEA/UK — GDPR)

If you are in the EEA or the UK, you have the following rights with respect to your personal data, subject to applicable law: the right of access; the right to rectification; the right to erasure; the right to restrict processing; the right to data portability; the right to object to processing (including processing based on legitimate interests); and the right to withdraw consent where processing is based on consent. To exercise these rights, contact us using the details in Section 25. You also have the right to lodge a complaint with your local supervisory authority (in the EEA) or the Information Commissioner’s Office (in the UK), although we encourage you to contact us first so we can address your concerns.

20. International Data Transfers

We operate from the United States, and our service providers may process information in the United States and other countries. If you access the Service from outside the United States, you understand that your information may be transferred to, stored in, and processed in the United States and other jurisdictions whose data-protection laws may differ from those of your country. Where we transfer personal data of EEA or UK individuals outside the EEA or UK, we rely on appropriate safeguards where required, such as the European Commission’s Standard Contractual Clauses (and the UK Addendum), or other lawful transfer mechanisms. You may request information about, or a copy of, the relevant transfer safeguards by contacting us at [email protected].

21. Email Communications (CAN-SPAM)

We send transactional and relationship messages necessary to operate your account and the Service — for example, email-verification messages, password-reset messages, security alerts, and important Service notices. These messages are not promotional and are required for us to provide the Service; you generally cannot opt out of them while you maintain an account, although you may close your account.

If we send marketing or promotional email, we will comply with the CAN-SPAM Act and applicable law: such messages will identify themselves accordingly, include a valid physical postal address, and include a working unsubscribe mechanism. You can opt out of marketing email at any time by following the unsubscribe instructions in the message or by contacting us. Opting out of marketing email does not stop transactional messages.

22. Data Security

We take reasonable administrative, technical, and physical measures designed to protect information, including hashing passwords with bcrypt, keeping device private keys in device secure hardware (they never leave your device), using pre-signed URLs for direct-to-storage uploads, performing cryptographic provenance checks, and maintaining audit logs. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your credentials confidential and for the security of your devices.

23. Third-Party Links and Services

The Service may interoperate with or link to third-party services (such as Google sign-in). Their handling of your information is governed by their own privacy policies, not this Policy. We encourage you to review those policies. We are not responsible for the practices of third parties we do not control.

24. Changes to This Privacy Policy

We may update this Policy from time to time. When we make material changes, we will update the “Effective date” and “Version” above and provide notice as appropriate (for example, by posting within the Service or by email). Your continued use of the Service after the updated Policy takes effect constitutes your acceptance of the changes, to the extent permitted by law. We may also ask you to re-consent where required. If we intend to use previously collected personal information for a materially different purpose, we will provide notice and, where required by law, obtain your consent before doing so.

25. How to Contact Us

If you have questions, concerns, or requests regarding this Policy or your personal information, contact us at:

• Northslate LLC (operator of FrontRow), [registered Utah business mailing address — CONFIRM BEFORE LAUNCH].
• Email: [email protected]

We will respond to privacy rights requests within the timeframes required by applicable law.

Northslate LLC, a Utah limited liability company. Effective June 14, 2026 · Version 2026-06-14.