AnyExtras

Privacy Policy

Last updated: May 25, 2026.

This policy describes what data AnyExtras collects, why, how we use it, and the choices you have. AnyExtras is operated by Tilted Planet Ltd, an Illinois corporation. Plain English first, lawyer's English never.

What we collect

How long we keep things

Most match-related data — chat messages and the location pings above — is automatically deleted 90 days after the event ends. This window is administratively configurable; an admin may set it shorter or longer, and the current value is always whatever the server is configured to.

If you or the other party flag a match for ban, or if an admin bans either of you, we freeze a permanent trust-and-safety record of that match: the participants' contact info, the event, the listings, the chat transcript, the proximity records, and any feedback. These records are retained indefinitely so we can investigate disputes and re-identify banned users who try to come back under new accounts.

Profile data (name, email, phone, completed-match counter, push tokens, device-check token) is kept until you delete your account.

What we don't do

Sign-in links and long-distance invites

If you make a sign-in link to use your account on another device, anyone with that URL is signed in as you for 60 minutes. You're responsible for who you share it with. Long-distance invites (for letting a friend or family member share tickets for one event) work only once and only for that event — you can cancel an unused one any time.

In-app tips

Tips are processed by Apple via in-app purchase. We never see your payment details. Apple does charge Apple's standard fee on tips.

Where data is stored

AnyExtras runs on Fly.io with a Postgres database in the United States. Twilio (SMS verification + phone-line-type lookup) and Brevo (email delivery) are subprocessors. Apple is a subprocessor for in-app purchases (tips), push-notification delivery (APNs), and the device-check ban-enforcement path (DeviceCheck).

Your choices

Children

AnyExtras is for users 13 years and older. We don't knowingly collect data from anyone younger.

Legal basis for processing (EU/UK)

If you're in the European Union, the United Kingdom, or another GDPR-influenced jurisdiction, here's the legal basis we rely on for each kind of processing:

Refusing legitimate-interest processing may limit our ability to keep you on the platform — for example, we can't run a marketplace if we can't enforce bans on bad actors. We weigh that interest against your rights and try to minimize the data we keep, but for safety records (vaulted matches) the answer is that we retain them indefinitely.

Your GDPR rights (EU/UK residents)

We don't have an EU representative because we don't currently have an EU establishment and our processing is on an occasional, opt-in basis. If that changes we'll designate one and update this policy.

Your California rights (CCPA / CPRA)

If you're a California resident, the California Consumer Privacy Act gives you the right to know what we collect, the right to delete, the right to correct, and the right to opt out of "sale" or "sharing" of personal information.

Authorized agents may submit requests on your behalf with written authorization.

Changes

If this policy changes materially we'll surface it in the app on next launch. The most recent version always lives at this URL.

Contact

Questions, requests, or complaints: helper@anyextras.com.