Privacy Policy

• No ads, ever. We don’t sell or share your data to advertisers.
• No public profiles. Your plans and membership are visible only to your circles.
• We store what’s needed to run the product: email, optional display name, the circles you’re in, the plans and RSVPs you create, and billing state if you subscribe.
• You can export or delete your data at any time.

To provide the Service, Gather collects:

• Account data. Your email address (for sign-in) and optionally your display name.
• Sign-in tokens. Sign-in is via emailed magic link or one-time code. Supabase Auth issues a short-lived link tied to your email; we don’t store passwords.
• Circle + plan content. The circles you’re in, the plans you create or RSVP to, your comments and claims. This content is scoped to the circle(s) it was posted to.
• Notification tokens. If you turn on push notifications, we store the device token your browser or the iOS / Android app provides so we can deliver alerts. Web Push subscriptions and native (APNs / FCM) tokens are stored separately and removed when you turn push off or delete your account.
• Reports and blocks. If you flag a post or block another member, we record who reported what (and the reason you gave) so admins can review. Blocks are one-directional and known only to you.
• Usage data. Minimal analytics to understand feature use (for example, how many people use voice Quick Post each month). We don’t use third- party ad trackers.
• Billing data. If you subscribe, Stripe collects your payment information directly; Gather stores a customer identifier and subscription status so we know whether you have Plus. We never see or store your card number.
• Voice input. If you use the Voice Quick Post feature, the transcript of what you said is sent to the Anthropic Claude API to extract structured plan fields. Anthropic processes this data under its own privacy terms and does not train on our traffic.
• Venue search. If you use the venue autocomplete, the text you type is sent to Mapbox to return suggestions. Mapbox processes this data under its own privacy terms.

We use the data we collect to:

• Run the Service (show your circle its plans, deliver notifications, coordinate ticket claims).
• Send you product emails: invitation emails, new-plan notifications you’ve opted into, billing receipts, and important service announcements.
• Enforce the Terms of Service and investigate abuse.
• Improve the product based on aggregate usage (e.g. retention metrics, feature-use counts).

We don’t use your data to build advertising profiles, and we don’t sell it to third parties.

Gather uses third-party services to run the product. Each gets only the data necessary to do its job:

• Supabase. Database and authentication.
• Vercel. Hosting and deployment.
• Resend. Transactional email delivery (sign-in codes, new-plan notifications, invite emails).
• Stripe. Billing and payment processing for Gather Plus.
• Mapbox. Venue autocomplete suggestions and map tiles.
• Anthropic. Voice transcript parsing for Voice Quick Post.

Each service is subject to its own privacy terms. We pick providers that match our data-minimization ethic.

Your plans, RSVPs, comments, and claims are visible to the members of the circle(s) they’re posted in. Other Gather users outside those circles don’t see them. Circle admins can see the membership list for their circle and the email addresses of pending invites they issued.

System administrators of Gather have the technical ability to access data for support, debugging, and abuse investigations. We limit this access to people who need it and log when it happens.

We keep your account and circle data as long as your account is active. You can delete your account at any time from Profile → Delete my account. Deletion removes your profile, your RSVPs, your comments, your claims, your push subscriptions, and your notification preferences. Events you created stay in the circles you shared them with so the people who RSVP’d keep their plans, but your name comes off them.

Records we’re required to retain for legal or billing reasons (for example, invoices for seven years) are kept past account deletion. Backup copies take time to roll off; we don’t intentionally retain deleted data, and backups are encrypted at rest.

You can:

• Access the data we hold about you (on request).
• Correct inaccurate data by editing your profile.
• Export your data in a machine-readable format (on request).
• Delete your account and associated data.
• Opt out of non-essential email (new-plan notifications) from your profile page.

If you’re in the EU or UK, you have additional rights under GDPR including the right to object to processing or lodge a complaint with a supervisory authority. Contact us to exercise any of these rights.

Gather isn’t intended for children under 13. We don’t knowingly collect personal data from them. If you believe a child under 13 has created an account, contact us and we’ll delete it.

We use strictly-necessary cookies for sign-in sessions, theme preferences, and circle-filter state. We don’t use advertising cookies or cross-site trackers.

We use industry-standard security practices: encryption in transit (HTTPS), encryption at rest for the database, scoped access controls, and row-level security policies that scope every database read to the caller’s identity. No system is perfectly secure; if we discover a breach that affects your data, we’ll notify you promptly.

We may update this policy from time to time. If a change materially affects how we handle your data, we’ll give notice before it takes effect.

Privacy questions can go to the address on your Gather Plus receipt, or to your circle’s admin if you haven’t subscribed.