What we collect, what we don't, and how to make us delete it.

• We collect what you give us (photos, address, phone, optional email) and what we need to run a complaint flow (your GPS at the moment of submission, your photo's EXIF GPS, IP address for rate-limiting).
• We do not sell your information. We do not run ads.
• Photos run through an explicit EXIF stripper on your device before upload, so no GPS or camera metadata is embedded in the stored file.
• We read your photo's GPS to place your report and keep those coordinates with it — including to improve our AI. Deleting your account removes them.
• You can delete your account and your data at any time via the More tab. We honor deletion requests within 30 days.
• SidewalkSnitch is intended for adults. We do not knowingly collect information from anyone under 13.

From you, directly: photos you upload, the text you write, the mobile phone number you verify, your real name and email and mailing address (collected once when you first verify a phone), a screenname you pick.

From your device: your photo's EXIF GPS and timestamp (read to pre-fill where the issue is; we keep these coordinates with your report and remove them from the stored image file itself), your current GPS at the moment of submission (used only to check you are near the issue), your browser's IP address (for abuse rate-limiting).

About your submissions: the AI's analysis of your photo (which rule was violated, confidence score, drafted complaint text), the rule it cited, the agency it routed to, and the city's acknowledgment if the complaint was filed.

Photos and complaint text are stored to your account so you can view them in My Reports, and are sent to the city agency you select (DOT, DSNY, NYPD, or 311) as part of filing the complaint. The agency receives your real name, mobile number, email, and address — they require a contactable submitter for follow-up.

Other users never see your name, phone, email, or address. If your submission appears in any in-app surface (your own My Reports view, a community map planned for a future release), only your screenname is visible.

License plates. For parking complaints, our AI may extract a plate visible in your photo. We then check that plate against NYC's public Open Parking and Camera Violations dataset and show you the vehicle's prior-violation summary ephemerally on the result screen. We do not store the prior-violation history on your complaint record. The plate itself is stored as a structured field on your complaint because the eventual 311 filing requires it.

Crime reports may be shown on a public city map. Faces and license plates in those photos are blurred server-side before publication. Your name and contact information are never displayed alongside crime reports.

AI processing. Photos and the text you write are sent to xAI's Grok vision model for analysis. We do not send your name, phone, email, or address to the AI — it doesn't need them.

Every photo path runs through an explicit EXIF stripper before upload (see src/lib/image/strip-exif.ts). The stripper parses the JPEG byte stream and removes APP1 (EXIF/XMP), APP2 (ICC profile, camera maker notes), APP13 (Photoshop/IPTC), APP14 (Adobe), and APP11 (JPEG-XR/EXIF extension) segments. The image data is preserved unchanged; the resulting JPEG has no camera model, no camera serial, and no embedded GPS.

We read your photo's EXIF GPS coordinates before stripping them from the file, and use them to pre-fill the location of your report. We keep these coordinates (latitude/longitude plus a reverse-geocoded address) on the complaint record, and — because location is a strong learning signal — we retain a copy in our AI training set so the model can learn where different kinds of issues occur. The stored image file itself still contains no embedded GPS. If you delete your account, we remove these coordinates from both your reports and the training set.

Photos and complaint records: retained as long as your account is active. When you delete your account, the records are soft-deleted and purged within 30 days.

Abandoned analyses (you uploaded a photo but didn't submit): purged within 30 days.

Plate-lookup records: we keep an audit log of every plate lookup (which user, what plate, when, did they file a complaint) for 7 years, to support our own use justification under federal law. The audit log entries do not include the violation history itself — only the plate string.

To delete your account: open the app → More → Delete account. Or email jeffry.white@gmail.com from the email address on file.

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) give you the right to know what we collect, request deletion, and not be discriminated against for exercising those rights. We honor these requests for all users, not just California ones.

If you are a New York resident, the New York SHIELD Act applies; we maintain reasonable administrative, technical, and physical safeguards for the information we collect. Any breach affecting NY residents will be reported to the NY Attorney General within the statutory window.

We do not sell your information. We do not have any business arrangement under which any personal information is exchanged for money or anything of value.

• Google / Firebase — authentication, Firestore database, and Storage hosting (us-central region).
• xAI — AI photo analysis via the Grok API.
• Vercel — application hosting and serverless functions.
• SendGrid — transactional email (email magic-link sign-in, optional CC to agencies).
• Sightengine — server-side face and license-plate blurring on crime-report photos.
• Upstash — rate-limit counters (keyed by phone number or IP).
• Twilio (via Firebase Phone Auth) — SMS one-time verification codes.
• Socrata / Tyler Technologies — host for NYC Open Data, the source of posted-sign and plate-violation lookups.
• NYC 311 / city agencies — recipients of filed complaints (DOT, DSNY, NYPD).

SidewalkSnitch is intended for adults. We do not knowingly collect personal information from anyone under 13. When you verify your phone number, you confirm you are at least 13 years old. If you believe a child has provided information to us, email jeffry.white@gmail.com and we will delete it.

We use SMS one-time-passcodes (via Firebase Phone Auth, sent through Twilio) to verify your phone number before you can file a complaint. By tapping “Send code” you consent to receive that SMS. Standard message and data rates may apply. Reply STOP to any verification message at any time to opt out. We don't send marketing SMS — verification codes only.

The complaint text you see on the result screen is drafted by an AI model from your photo. Before you submit, you must read the text, edit anything inaccurate, and explicitly attest that what it describes is what you personally observed. The submitted text is your statement on the record, not the AI's.

Questions, complaints, or deletion requests: jeffry.white@gmail.com.