Privacy Policy

Last updated: May 2026

gather is built on a simple idea: making plans with people you care about should be easy. This Privacy Policy explains how we collect, use, and protect your information when you use gather.

1. What we collect

When you create an account and use gather, we collect:

• Your email address and display name
• Your profile avatar (generated from your name or a photo you upload)
• Calendar availability data from Google Calendar, when you choose to connect it
• Events you create, time slots you vote on, and venues you suggest
• Friend connections you make within gather
• Photos you take during Photo Moments — a randomly-timed 2-minute window during your confirmed event where all participants are prompted simultaneously to snap and share a photo
• Camera access on your device, used only when a Photo Moment is active and you choose to take a photo
• Device push notification tokens (to send you event alerts)

We do not collect your full calendar content — only free/busy availability blocks used to show when you and your friends are free. Camera access is never used outside of an active Photo Moment.

2. How we use your information

We use your data to:

• Power the core features of gather (scheduling, voting, friend connections)
• Send push notifications about events, votes, and friend activity
• Generate nudges when you haven't made plans with a friend in a while
• Display your availability to friends who invite you to events
• Improve the app based on how features are used

We do not sell your data, run advertising, or share your information with third parties for their own marketing purposes.

3. Third-party services

gather uses a small number of trusted third-party services to operate:

• Supabase — our database and authentication provider. Your account data is stored securely on Supabase infrastructure.
• Google OAuth — used only when you choose to connect Google Calendar. We store a token to read your availability, not your full calendar.
• OneSignal — handles push notifications. Your device token is shared with OneSignal solely to deliver alerts.
• Google Places API — used for venue search and autocomplete when suggesting locations for events. Search queries are subject to Google's privacy policy.
• Supabase Storage — Photo Moment images are stored securely in Supabase's cloud storage. Photos are only accessible to participants of the relevant event.

4. Data storage and security

Your data is stored in secured, access-controlled databases. We use row-level security to ensure your data is only accessible to you and the friends you choose to share it with. Calendar tokens are encrypted at rest. We follow industry-standard practices to protect your information, but no system is 100% immune to risk — we encourage you to use a strong, unique password.

5. Your rights

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate information
• Delete your account and all associated data
• Disconnect Google Calendar at any time from Settings
• Turn off push notifications at any time from Settings → Notifications
• Revoke camera access at any time via your device Settings

To request account deletion or a copy of your data, contact us at the address below.

6. Children's privacy

gather is not intended for anyone under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with their information, please contact us and we will promptly delete it.

7. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we'll update the "last updated" date at the top of this page. For significant changes, we'll notify you within the app. Continuing to use gather after changes are posted means you accept the updated policy.

8. Contact us

Questions about this Privacy Policy or your data? Email us at johngrimesrush2000@gmail.com or use Settings → Send Feedback in the app. We aim to respond within 48 hours.