How TagAlng handles your data.

01Who we are

TagAlng is a block-level social network for moms, built and operated by Phygtl, Inc., a Delaware C-corporation headquartered in San Francisco, California. When this policy says "we," "us," or "TagAlng," it means Phygtl, Inc.

Phygtl, Inc. is the data controller for everything you do inside TagAlng. TagAlng is the consumer product; Phygtl is the company. The first market we're launching in is Lake Nona, Florida, on June 15, 2026 — that's where the moms live, not where we live. Our HQ stays in San Francisco regardless of which market we open next.

Our founder and CEO is Tommaso Di Bartolo. If you ever want to reach a human about your data, the email is privacy@phygtl.com and a real person will answer.

02What we collect

We try to collect the minimum amount of data needed for the product to work. Here's the full list, grouped by where it comes from.

Things you give us directly

• Phone number. Required to sign up. We use it to verify you're a real person and to send you event reminders and the day-of meet-up address. We do not sell or share it.
• Nickname. Required. A short display name (typically a first name plus a last-name initial, like "Marina M."). This is what other moms see.
• Real legal name. Optional and never displayed to other users by default. See Section 3.
• Approximate location. ZIP-code level by default. You can optionally drop a more precise pin to improve "walking distance" matching, but we never share an exact home address (see Section 5).
• Identity tags you choose. Things like heritage, faith community, life stage ("mom of a 3-year-old"), languages spoken, activities. All opt-in. You pick what to share and with whom.
• Event RSVPs and check-ins. Which events you said you'd attend, and whether you confirmed you showed up.
• Messages and comments. Anything you write to a host, a group, or in an event thread.
• Photos you upload. Profile photo (optional) and event photos (optional).
• Payment information, if and when we charge for a Mom Founder membership or any future paid feature. We use a PCI-compliant processor (e.g., Stripe). We never store full card numbers ourselves.

Things we collect automatically

• Device and app data. Device model, operating system version, app version, language and locale, time zone, crash logs.
• Usage data. Which screens you visit, which features you use, when you open the app. We use this to understand which parts of the product help moms find their block and which parts don't.
• IP address. Used to detect fraud, abuse, and to comply with regional law (we need to know if you're in California vs. Florida vs. the EU to apply the right privacy rules).
• Approximate device location, only when you grant the permission and only at the precision you choose. We default to ZIP-level.

Things other people tell us about you

• Invites. If a mom on the block invites you, we know who invited you. We use this to grow the network from real referrals, not bots.
• "We met" confirmations. If two moms tap "we met" at the same event, both records get updated. See Section 3.
• Reports. If another mom reports your behavior under our community guidelines, we keep that report and our resolution.

Things we do NOT collect

• Data about your children. Children are not users of TagAlng. The app may show "Mom of a 3-year-old" as one of your chosen tags, but we never collect names, photos, schools, or any identifying data about minors. See Section 17.
• Your contact list, unless you explicitly invite a friend by tapping the "invite" button. We don't sweep your address book.
• Biometric data. No face recognition, no fingerprint scanning beyond the phone-level unlock you control.
• Background location. When the app is closed, we don't track where you go.

03Nickname-default identity

This is the most important part of the document, so we'll be plain about it.

We built this on purpose. Other social platforms force you onto the network under your full legal identity. That's fine for a college reunion site; it's the wrong default for moms looking for moms in their neighborhood. We see nickname-default as a structural anti-stalker and anti-stranger-danger guarantee, not just a privacy preference you have to remember to turn on.

Specifically:

• If you put your real name in our system (some users want it on file for moderation or recovery), it stays in the server-side database, encrypted at rest, and is never surfaced in the app to anyone except you.
• Our internal staff can see your real name only when they have a legitimate operational need (account recovery, abuse investigation, legal request) and access is logged.
• If a mom on the platform tries to figure out your real name by piecing together public information — that's a violation of our community guidelines and can get her suspended.

04Anti-discrimination architecture

TagAlng filters people on three axes: Identity × Vicinity × Activity. You decide which identity tags to show, and to whom. A Brazilian mom can choose to be visible only to other Brazilian moms when she's posting a PT-BR coffee. A Christian mom can choose to be visible only to other Christian moms when she's organizing a Sunday-service meet-up. That's by design — it's how a network of 4,000 zip-level strangers becomes 7 moms on your block who'd already be there.

The risk of any identity-aware product is that it gets used as a discrimination tool. We took a structural step to make that hard.

We see this as anti-discrimination architecture, not just a UX choice. The same logic applies in reverse: when you filter who can see your event, we don't tell the people you filtered out. The information asymmetry is intentional. It makes it harder to weaponize the platform against any single group of people.

None of this overrides US, state, or local anti-discrimination law. If you host an event that's open to the general public at a public venue (e.g., a park), you should not use TagAlng's filters to discriminate on protected classes in ways that the law prohibits. Our community guidelines spell this out.

05Vicinity & location

The "block" in "block-level social network" is literal: we match you with moms within a short walk of where you live. To do that we need to know roughly where you are. To respect your safety, we limit how precise that gets.

• We store ZIP-code level location for your account by default. We can compute walking-distance matches from a ZIP plus optional cross-street.
• We never share your home address with other users. Other moms see neighborhood-level descriptors ("Laureate Park," "Eagle Creek") and approximate walking time, not your street.
• Event venues that are public — parks, churches, coffee shops, restaurants — are shown to anyone who can see the event.
• Event venues that are private — a host's living room, a backyard pool, a private gym room — are only revealed after mutual RSVP confirmation. The host approves your RSVP, and only then do you receive the address (via SMS, the day before).
• We do not track you in the background. When the app is closed, location stops.

06How we use your data

We use the data we collect to do these things, and nothing else:

• Run the product. Show you matches, deliver event RSVPs, send check-in reminders, surface the right hosts in your neighborhood.
• Communicate with you. Confirmations, event reminders, host messages, the Day Zero launch SMS, and product updates if you've opted in to them.
• Keep the community safe. Investigate harassment, ban repeat offenders, prevent fake accounts and bots, and respond to abuse reports.
• Improve the product. Understand which features moms use, where they get stuck, and what new features to build. We use aggregated, de-identified data wherever possible.
• Meet our legal obligations. Respond to subpoenas, court orders, and lawful government requests; comply with tax, accounting, and corporate-law requirements.

We do not use your data to train large language models, sell to advertising networks, score you for credit or insurance, or build a profile that gets sold to brokers. If we ever decide to change that, we will tell you in plain English first and give you a meaningful choice.

Legal bases (for users in the EU, UK, or other jurisdictions that require them)

• Performance of a contract: we can't deliver TagAlng without processing your account, RSVPs, and messages.
• Legitimate interests: fraud prevention, security, product improvement using de-identified data.
• Consent: for things like optional photos, optional precise location, optional product SMS beyond the launch message, and any future use of your data we couldn't have anticipated.
• Legal obligation: tax records, lawful government requests, mandatory reporting.

07When we share data

We share your data only in the categories listed below. We do not sell your data, and we do not share it with advertising networks for cross-context behavioral advertising.

• With other moms on the platform, as you direct it: your nickname, your chosen identity tags, your events, your messages.
• With service providers who help us run the product, under written contracts that restrict them to processing your data only on our behalf. This includes: cloud hosting (e.g., AWS or Google Cloud), SMS delivery (e.g., Twilio), email delivery (e.g., Postmark), analytics (e.g., a privacy-respecting product analytics tool), error reporting (e.g., Sentry), payment processing (e.g., Stripe).
• With law enforcement or government agencies, when we are legally required to. We require a valid subpoena, court order, or equivalent legal process, and we will push back on overbroad requests. Where the law allows, we will notify you before disclosure so you can object.
• In an emergency, if we believe in good faith that disclosure is necessary to prevent imminent harm to a person.
• In a corporate transaction, such as a merger, acquisition, financing, or sale of all or substantially all of Phygtl's assets. The acquirer must continue to honor this Privacy Policy or give you notice of any change and a chance to delete your data.

08Waitlist & SMS

If you give us your phone number on the TagAlng waitlist before June 15, 2026, we will use it for exactly one thing: to send you one SMS on launch day with a link to download the app and unlock Day Zero access.

• We do not sell, rent, or share waitlist phone numbers.
• If you do not download the app within 90 days of the launch SMS, we delete your waitlist phone number from our systems.
• Once you're inside the app, ongoing product SMS (event reminders, host messages, the day-of meet-up address) require a separate opt-in inside the product. You can turn off non-essential SMS at any time in Settings.
• Standard message and data rates from your carrier may apply. Reply STOP at any time to opt out.

We don't text you on holidays unless an event you RSVP'd to is happening that day.

09Cookies & analytics

Our website (tagalng.com) uses a small number of cookies and local-storage entries:

• Strictly necessary cookies that let you log in, keep your session, and remember your language (English, Portuguese, or Spanish).
• Functional cookies that remember non-essential preferences (e.g., dark mode, whether you've dismissed an in-page banner).
• Analytics via a privacy-respecting product analytics tool. We do not use Google Analytics for behavioral ad targeting, and we do not load Meta Pixel or other ad-network pixels on consumer-facing pages.

You can refuse or delete cookies in your browser settings. The site will still work; some preferences may reset.

We honor the Global Privacy Control (GPC) signal. If your browser sends GPC, we treat it as a valid opt-out of any sale or sharing of your personal information.

10Data retention

We keep your data only as long as we need it to give you the product or to comply with the law.

• Active account data is kept while your account is active.
• Deleted account data is removed from production systems within 30 days, and from backups within 90 days, except for narrow categories we are required to keep (e.g., abuse reports retained for legitimate community-safety reasons, transactional records for tax law).
• Waitlist phone numbers are deleted within 90 days of the launch SMS if you don't sign up.
• Event messages and check-ins are kept for the lifetime of your account; you can delete individual messages at any time.
• Aggregated, de-identified data (counts, trends, neighborhood-level statistics) may be kept indefinitely. By definition, it does not identify you.

11Security

We use industry-standard security controls: encryption in transit (TLS 1.2+) and at rest, role-based access controls inside the company, code review on all changes that touch sensitive data, automated vulnerability scanning, and incident response playbooks. Real names, phone numbers, and precise location data are stored encrypted at rest with separate key management.

That said, no system is perfectly secure. If we ever experience a data breach that affects you, we will notify you as required by applicable law, in plain English, with what happened and what to do.

You can help: use a strong, unique password (or sign in by phone, which is our default), don't share your verification code, and tell us if you see anything suspicious at privacy@phygtl.com.

12Your rights

Wherever you live, you have these rights with respect to your TagAlng data:

• Access. See what we have about you.
• Correction. Fix anything that's wrong.
• Deletion. Ask us to delete your account and your data.
• Portability. Get a copy of your data in a portable format.
• Opt out of marketing communications and any future sale or sharing of your personal data.
• Object to processing that's based on our legitimate interests.
• Non-discrimination. We won't penalize you for exercising any of these rights.

To exercise any of these, email privacy@phygtl.com from the email or phone associated with your account, or tap "Privacy & Data" in the app. We will respond within 30 days, and we will not charge you for the first request in a 12-month period.

You can also authorize an agent to make a request on your behalf, subject to our verifying that you've actually authorized them.

13California (CCPA / CPRA)

Because Phygtl, Inc. is headquartered in San Francisco, California consumer privacy law applies to all California residents who use TagAlng. If you live in California, you have the rights described in Section 12, plus a few specific to California:

• Right to know what categories of personal information we've collected about you in the prior 12 months, the sources, the business purposes, and the categories of third parties we shared it with.
• Right to delete your personal information, subject to legal exceptions.
• Right to correct inaccurate personal information.
• Right to opt out of sale or sharing. TagAlng does not sell your personal information. TagAlng does not share your personal information for cross-context behavioral advertising. There is no opt-out to make, but you can submit one anyway and we will honor it.
• Right to limit use of sensitive personal information. The "sensitive" categories we collect — precise geolocation if you grant it, racial or ethnic origin (when you choose to add an identity tag like "Brazilian"), religious beliefs (when you choose to add an identity tag like "Catholic") — are used only to provide the product and never for inferring characteristics about you for any other purpose. You may direct us to limit our use of those at any time, recognizing that doing so will turn off the matching feature for those tags.
• Non-discrimination for exercising your rights.

To submit a California request, email privacy@phygtl.com with the subject line "California Privacy Request" or tap the "California Privacy" link in the app's Settings. We do not require an account to submit a request, but we will need to verify your identity before we act on it.

"Shine the Light": California Civil Code §1798.83 lets California residents request information about disclosure of their personal information to third parties for those parties' direct marketing purposes. We do not disclose your personal information to third parties for their direct marketing.

14Florida Digital Bill of Rights

Lake Nona is our launch market, so Florida residents are a meaningful share of our community. If you live in Florida and the Florida Digital Bill of Rights (FDBR) applies, you have the rights to access, correct, delete, and obtain a portable copy of your personal data, plus the right to opt out of targeted advertising, the sale of your personal data, and certain profiling decisions.

As noted in the California section: TagAlng does not sell your personal data and does not engage in targeted advertising. There is no opt-out to make on those fronts, but you may submit one and we will honor it.

To exercise your Florida rights, email privacy@phygtl.com with the subject line "Florida Privacy Request." We will respond within 45 days. If we decline a request, you may appeal by replying to our response; we will respond to your appeal within 60 days.

15Other US state laws

If you live in Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon, Montana, Iowa, Tennessee, Delaware, New Hampshire, New Jersey, or any other US state with a comprehensive consumer privacy law, you have substantially the rights described in Section 12: access, correction, deletion, portability, and opt-out of targeted advertising, sale, or certain forms of profiling. To exercise those rights, email privacy@phygtl.com with the subject line "Privacy Request" and tell us which state you live in. We will respond within the time required by your state's law.

16GDPR & UK GDPR

TagAlng is a US product, launching in the United States. We do not actively offer the service in the European Union or the United Kingdom. That said, our Lake Nona community includes Brazilian, Portuguese-speaking, and Spanish-speaking moms whose families travel — some of you may have EU or UK passports or residence. If GDPR or UK GDPR applies to your relationship with us, you also have:

• The right to lodge a complaint with your national data protection authority.
• The right to withdraw consent at any time, where we rely on consent.
• The right to object to processing based on our legitimate interests.
• The right not to be subject to a decision based solely on automated processing that produces legal effects on you. We don't make any such decisions.

For EU/UK residents, the legal bases for our processing are described in Section 6. Our representative for EU/UK matters, when required, can be reached at privacy@phygtl.com. International transfers are covered in Section 18.

17Children & minors

TagAlng is built for adults. You must be 18 years of age or older to create an account. We do not knowingly collect personal information from anyone under 18, and we do not allow minors to register.

Our users are moms, and the app may reference children in non-identifying ways — e.g., you can choose to display "Mom of a 3-year-old" as a stage tag. That is metadata about you, not about your child. We do not collect children's names, photos, schools, birthdays, or any other identifying data.

Because we do not knowingly collect personal information from children under 13, the U.S. Children's Online Privacy Protection Act (COPPA) does not apply to TagAlng. If you believe a minor has somehow created an account, email privacy@phygtl.com and we will close it immediately and delete the data.

18International transfers

Phygtl, Inc. is based in the United States, and our servers and most of our service providers are located in the United States. If you use TagAlng from outside the US, your data will be transferred to and processed in the US, where data-protection laws may be different from those of your home country.

Where required by law (for example, transfers from the EU/UK to the US), we use Standard Contractual Clauses or other valid transfer mechanisms in our contracts with service providers.

19Changes to this policy

We will update this Privacy Policy from time to time. When we make a material change, we will:

• Update the "last updated" date at the top of this page.
• Post a notice on tagalng.com and inside the app.
• Email or text active users at least 14 days before the change takes effect, if the change materially expands how we collect or use your data.

If you don't agree with a change, you can delete your account before the change takes effect. Continued use of TagAlng after the change date means you accept the updated policy.

20Contact us

If you have any question about your privacy on TagAlng, or about this policy, write to a real human:

This Privacy Policy is offered in English, Portuguese (Brazilian), and Spanish. In the event of any conflict between language versions, the English version controls. Translations are provided as a courtesy.