PRIVACY POLICY

AR Asheville Mobile Application and Website
Operated by Experience AR LLC
Effective Date: 3/3/2026
Last Updated: 3/3/2026

1. Introduction

This Privacy Policy describes how AR Asheville (the “Platform”), owned and operated by Experience AR LLC (“Experience AR,” “Company,” “we,” “us,” or “our”), collects, uses, discloses, stores, and protects personal information.

Experience AR LLC is a Florida limited liability company headquartered in the State of Florida, United States, and provides augmented reality services, historical tours, immersive educational experiences, marketing integrations, and related digital services worldwide.

This Privacy Policy applies to:

Individuals who download, access, or use the AR Asheville mobile application (the “App”).
Visitors to the AR Asheville website (the “Website”).
Businesses, venue operators, advertisers, sponsors, municipalities, cultural institutions, and commercial partners who engage our services (collectively, “Business Clients”).
Individuals interacting with us via email, support forms, marketing communications, or events.

The App and Website are collectively referred to as the “Platform.”

By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy.

2. Our Role

Experience AR LLC may act as:

A Data Controller when determining the purposes and means of processing personal data collected from Users and Business Clients.
A Data Processor when processing personal data on behalf of Business Clients under a written agreement.
A Service Provider under U.S. state privacy laws such as the California Consumer Privacy Act (CCPA), as amended by the CPRA.

3. Categories of Information We Collect

We collect information directly from Users, automatically through technology, and from Business Clients.

3.1 Information Collected from Individual Users

We may collect:

A. Account Information

Full name
Email address
Username
Password (stored in encrypted form)
Profile photo (optional)
Phone number (optional)

B. Device Information

Device type
Operating system
Unique device identifiers
IP address
Mobile network information
App version
Browser type

C. Location Information

Because AR Asheville delivers location-based experiences, we may collect:

GPS location data (precise location with permission)
Approximate location derived from IP address
Location interaction history within AR experiences

Location data is only collected when enabled by the User and may be disabled in device settings.

D. Usage Data

Pages visited
Time spent within AR experiences
Interaction events (taps, selections, AR activations)
Session duration
Feature usage

E. Communications

Support requests
Email communications
Feedback submissions
Survey responses

F. Payment Information

If Users purchase tickets, premium experiences, or merchandise:

Billing name
Billing address
Payment method information
Payment processing is handled by third-party payment processors. We do not store full credit card numbers.

3.2 Information Collected from Business Clients

We collect business-related and professional information including:

Business name
Authorized representative name
Email address
Phone number
Billing address
Tax identification number (where required)
Contract and service agreement details
AR content submissions
Marketing assets
Analytics performance data related to business campaigns

We may also collect:

Business analytics performance data
Sponsored content engagement metrics
Campaign ROI tracking data
Venue location data
Foot traffic insights (aggregated and anonymized)

3.3 Information Collected Automatically

We use cookies, pixels, and similar tracking technologies on the Website.

This may include:

Browser information
Referring URLs
Pages viewed
Clickstream data
Date and time stamps

We may use analytics providers such as:

Google Analytics
Meta Pixel
Other comparable analytics services

4. How We Use Information

We use personal information for legitimate business purposes, including:

4.1 For Users

To provide AR experiences
To enable location-based tours
To personalize content
To authenticate accounts
To process payments
To provide customer support
To send updates about tours and features
To improve Platform functionality
To ensure safety and prevent fraud
To comply with legal obligations

4.2 For Business Clients

To provide contracted AR services
To manage campaigns and partnerships
To analyze campaign performance
To process invoices and payments
To communicate regarding services
To develop new AR experiences
To comply with regulatory obligations

5. Legal Bases for Processing (For International Users)

If you are located in the European Economic Area (EEA), United Kingdom, or similar jurisdictions, we process personal data under the following lawful bases:

Consent
Performance of a contract
Compliance with legal obligations
Legitimate interests
Protection of vital interests

6. Sharing and Disclosure of Information

We do not sell personal data in the traditional sense. However, we may share information in the following circumstances:

6.1 Service Providers

We share data with:

Hosting providers
Payment processors
Cloud storage services
Analytics providers
Marketing automation platforms
Email service providers
Security providers

All vendors are contractually obligated to safeguard data.

6.2 Business Transfers

If Experience AR LLC undergoes:

Merger
Acquisition
Asset sale
Bankruptcy
Reorganization

Personal information may be transferred as part of that transaction.

6.3 Legal Requirements

We may disclose information if required to:

Comply with legal process
Respond to subpoenas
Enforce terms of service
Protect public safety
Prevent fraud or security threats

6.4 Business Client Data Sharing

For Business Clients:

Aggregated analytics may be shared
Individual user data will not be shared without lawful basis
Sponsored campaign metrics may be shared in anonymized form

7. Cookies and Tracking Technologies

We use:

Session cookies
Persistent cookies
Pixel tags
Web beacons
Local storage

Users may manage cookie preferences through browser settings.

We may use cookies for:

Authentication
Performance analytics
Advertising
Retargeting campaigns
Security

8. International Data Transfers

Because Experience AR LLC operates worldwide, personal data may be transferred outside your country of residence, including to the United States.

Where required, we implement:

Standard Contractual Clauses
Data Processing Agreements
Additional safeguards under GDPR

9. Data Retention

We retain personal data only as long as necessary for:

Providing services
Fulfilling contractual obligations
Resolving disputes
Complying with legal requirements

Inactive accounts may be deleted after a defined period unless required for compliance.

10. Data Security

We implement reasonable technical and organizational safeguards, including:

Encryption in transit (SSL/TLS)
Encrypted storage where applicable
Access controls
Role-based permissions
Multi-factor authentication
Secure cloud hosting
Periodic security reviews

However, no system is 100% secure.

11. User Rights

Depending on jurisdiction, Users may have the right to:

Access personal data
Correct inaccurate data
Delete personal data
Restrict processing
Object to processing
Data portability
Withdraw consent
Opt-out of marketing

Requests may be submitted to: [Insert Privacy Email]

12. U.S. State Privacy Rights

Residents of certain U.S. states, including California, Virginia, Colorado, and others, may have additional rights including:

Right to know categories collected
Right to opt out of sale or sharing
Right to non-discrimination

We do not discriminate for exercising privacy rights.

13. Children’s Privacy

The Platform is not directed to children under 13. We do not knowingly collect data from children under 13.

If we learn that we have collected such information, we will delete it promptly.

Parents may contact us for review or deletion.

14. Business Client Data Responsibilities

Business Clients are responsible for:

Ensuring they have lawful rights to content submitted
Obtaining required consents
Complying with applicable laws
Ensuring marketing compliance

When we act as a Data Processor, Business Clients must enter into a Data Processing Agreement.

15. User-Generated Content

If Users submit photos, reviews, or interactive content:

That content may become publicly visible
Users grant us a license to display such content
We may moderate or remove content at our discretion

16. Marketing Communications

Users may opt-in to receive:

Tour updates
Event announcements
Promotional content

Users may unsubscribe at any time.

Business Clients may receive service-related communications.

17. Automated Decision-Making

We may use automated systems to:

Personalize content
Detect fraud
Improve AR functionality

We do not conduct automated profiling that produces significant legal effects.

18. Third-Party Links

The Platform may link to:

Tourism partners
Restaurants
Cultural institutions
Sponsors

We are not responsible for third-party privacy practices.

19. Data Breach Notification

In the event of a data breach, we will:

Assess scope and impact
Notify affected individuals when legally required
Notify authorities where required by law

20. Changes to This Policy

We may update this Privacy Policy periodically.

Changes will be posted with an updated effective date.

Material changes may be communicated via:

Email
In-app notification
Website banner

21. Contact Information

Experience AR LLC
State of Formation: Florida
United States

Privacy Inquiries: [Insert Email]
Legal Correspondence: [Insert Mailing Address]

22. Governing Law

This Privacy Policy is governed by the laws of the State of Florida, United States, without regard to conflict of law principles.

23. Acknowledgment

By using AR Asheville, you acknowledge that you have read and understand this Privacy Policy.