Last updated: May 19, 2026
Gathr is a social event discovery platform that helps people find and host events in their city. References to "Gathr," "we," "us," or "our" in this policy refer to the Gathr application and its operators.
We collect information you provide directly: your name, email address, city, profile photo, interests, bio, and profile mode (Social, Professional, or both). When you use Gathr, we also collect activity data such as events you create or RSVP to, messages you send, connections you make, community groups you join, community group chat messages you send, community posts and photo attachments you share, replies (comments) you submit, and other content you upload. File attachments in chat are limited to images (JPG, PNG, WebP), PDFs, and plain-text files — we do not accept or store other file types. Community post images must be JPG, PNG, or WebP and may not exceed 5 MB. We also store XP and level milestones derived from your activity, and which achievements you have earned. If you subscribe to Gathr+, we record your subscription status and billing period. If you receive a level-milestone Gathr+ preview reward, we record the expiry timestamp of that preview on your profile. Image uploads — public buckets: Profile photos, event covers, community banners, and community post images are stored in Supabase Storage. Each upload is validated server-side for file type and size — the server rejects disallowed types even if the client is bypassed. Deleting your account removes your profile photo; community post images are removed only when the associated post or community is deleted. Image and file attachments in direct messages — private bucket: Photos, PDFs, and other files you send in 1:1 conversations are stored in a private bucket. They are not accessible via a guessable public URL. When you or the conversation partner views an attachment, Gathr issues a short-lived (5-minute) signed URL through an authenticated proxy route. Row-level security restricts read access to the two participants of the thread. Deleting an attachment (long-press to unsend) removes the stored file, not just the message reference. Device-local data: Gathr stores a small amount of data in your browser's localStorage for convenience features — recent searches and recently viewed events. This data is stored under keys that include your account ID, so it is isolated to your account and cannot be read by another user who signs in on the same device. Gathr also stores a small outbox in your browser's IndexedDB for any chat messages composed while offline (see Offline Messaging below). All device-local data is removed when you clear your browser data. Offline messaging: If you compose a chat message while your device is offline, Gathr saves the draft to your browser's IndexedDB (a sandboxed per-origin storage). When connectivity returns, the message is automatically sent in the background. Until that happens, the message sits only in your own browser — it is never transmitted to our servers while offline. Messages that fail to send after reconnection are marked failed and can be retried or discarded. The outbox is cleared automatically as messages succeed. Community moderation: Community owners and admins may delete posts, post replies, and chat messages within communities they manage. Deleted content is permanently removed from our systems. Community event linking: Community owners and admins can link any community member's public event to the community. This updates the event's community association; it does not change the event's host, visibility, or any other data. Community deletion: When a community owner deletes a community, all associated data is permanently removed — including all posts, post comments, chat messages, and member records for that community. Check-In Data: When you tap "I'm Here" to check in to an event, Gathr may request your device's GPS location. If you grant access, we record your approximate latitude/longitude, your distance from the event venue at the moment of check-in, and a trust level indicating how the check-in was verified. The trust level is `geo_verified` when GPS confirmed you were within approximately 0.3 miles (500 metres) of the venue at the time of check-in, or `self_attested` when you confirmed attendance without GPS verification (for example because location access was denied or your device couldn't obtain a fix). Check-in data is visible to the event host and is retained until you delete your account.
We use your information to operate and improve Gathr, match you with relevant events and people, send notifications about activity on your account, calculate your trust score (see section 7), and communicate with you about the service. We do not sell your personal information to third parties.
When you RSVP to an event, Gathr may show your profile to other attendees as a potential match, based on shared interests and profile completeness. By default, matching is enabled. You can turn it off at any time in Settings → Privacy. If matching is disabled, you will not appear in other people's match lists and you will not see matches yourself. Before an event, free users see a limited mystery view: match count and a blurred silhouette. Gathr+ members see partial names and shared interests even before RSVPing (pre-RSVP preview). Full profile details — name, photo, and bio — are only shown to other attendees after the event ends. The post-event survey and match reveals require that you checked in or RSVPed to the event. Paths Crossed: Gathr+ members can view a "Paths Crossed" feed showing everyone they have co-attended events with (based on check-in and RSVP records), ordered by most recent shared event. The feed shows first names, shared interests, and a list of the events you attended together. Only users with matching_enabled = true and a non-flagged safety tier appear in the feed. Users you are already connected with are excluded. Co-attendance records used to compute Paths Crossed are derived from the same check-in and RSVP data described in section 2 and are not collected separately.
Gathr+ members can send a "wave" to a match before an event to signal interest. What free users see: If you receive a wave and are not a Gathr+ subscriber, you see only the total number of waves you have received for that event — no identity information about who sent them. What Gathr+ recipients see: If you are a Gathr+ subscriber, Gathr reveals the sender's first name, profile photo, and interests you share with them for each incoming wave. This means your first name, photo, and shared interests are disclosed to any Gathr+ user you wave at. By sending a wave, you acknowledge that the recipient may be a Gathr+ subscriber and can see this information. Mutual waves: If two users wave at each other for the same event, both see the other's first name regardless of subscription tier. We do not provide any mechanism beyond the above for identifying wave senders. Attempting to infer sender identity through coordinated testing, multiple accounts, or social engineering violates our Terms of Service.
After an event ends, you may be invited to submit a short review for people you attended alongside. A prompt may also appear on the home screen for up to 48 hours after an event ends as a reminder. The survey is only available to users who checked in or RSVPed to the event, and only once the event has ended. Reviews consist of a vibe rating (Loved it / Good / Okay / Not great), three yes/no questions (Did they show up? / Were they respectful? / Would you attend another event with them?), and an optional safety flag. Review responses are stored securely and are never shown to the person being reviewed in individual form. Only aggregated scores and a derived safety tier (New, Verified, Trusted, or Flagged) are displayed publicly on a user's profile. Automatic tiering: Tiers are recalculated automatically each time a new review is submitted. Any of the following will automatically promote a profile to the Flagged tier: • A single safety flag of type "threatening" from any reviewer, or • Two or more safety flags of any type from separate reviewers. Flagged accounts are immediately excluded from all pre-event match lists, Paths Crossed, and similar discovery surfaces. No human action is required for this automatic exclusion to take effect. The lower bar for threatening flags reflects the higher cost of leaving someone in matching while a credible safety concern is under review — a manual reviewer can restore the tier if the report is unfounded. Manual moderation review: Designated members of the Gathr team can access an internal moderation surface that lists flagged users, the categories of flags (uncomfortable, inappropriate, threatening), the distinct reporter count, and per-flag history (event, time, reviewer). This information is used solely to investigate reports, decide on further account action (warning, suspension, termination), and to remove flags that appear to have been submitted in bad faith. Reviewers are not identified to the person being flagged. Bad-faith or coordinated flagging by reviewers is itself grounds for action against the reviewer.
Gathr calculates a safety score for each user based on the aggregate results of post-event reviews submitted by other members. This score determines a publicly visible tier: New (insufficient review history), Verified (3 or more reviews averaging above 70%), Trusted (10 or more reviews averaging above 85%), or Flagged (one threatening flag, or 2 or more safety flags of any type from separate reviewers — see Section 6). Tiers are recalculated automatically after each new review. You can view your own safety score in your profile.
Your profile name, photo, city, and public events are visible to other Gathr users. Your email address is never displayed publicly. Safety tier badges are visible on your public profile once you have received reviews. We do not sell or rent your personal data. We share limited operational data with the following service providers as necessary to run the platform: • Supabase — database, authentication, file storage, and serverless functions. All of your account data lives here. • Vercel — hosting and serving the web application. Vercel processes incoming requests but does not retain personal data beyond standard server logs. • Sentry — error and crash reporting. When the app encounters a bug, an error event (including the page URL, browser, a sanitised stack trace, and — when you are signed in — your user ID and email address) is sent to Sentry so we can fix it. Your email address is included solely so we can follow up on reported errors; it is not used for any other purpose. Session replays only fire on errors and are recorded with all visible text masked and all media blocked. • PostHog — product analytics. Pageviews and specific in-app actions (such as creating an event, RSVPing, or joining a community) are sent to PostHog with your user ID once you are signed in. Anonymous visitors do not have person profiles created. Autocapture is disabled; only events we have explicitly named are recorded. • Resend — transactional email delivery. When Gathr sends you a system email (welcome, event RSVP notification, connection request, connection accepted), the recipient email address and email body are transmitted to Resend for delivery. Resend does not use this data for advertising. Each of these providers acts as a data processor on our behalf and is bound by their own privacy commitments. We do not share personal data with any third party for advertising purposes.
Gathr does not use artificial intelligence, large language models (LLMs), or machine learning to process the content you create on the platform. Specifically: • Your messages, community posts, post comments, profile bio, and event descriptions are not sent to any AI or LLM service. • Your profile photos, event covers, community banners, and chat image attachments are not analysed by computer vision or generative AI. • Search queries you type are not sent to any third-party AI model — search is handled by a deterministic keyword and synonym parser that runs against our database. The "Quick filters" panel that appears for phrases like "music thursday night" is rules-based pattern matching, not AI. • People matching and event recommendations are produced by hand-written scoring functions that compare your stated interests, city, and activity to the interests, tags, and categories of events and other users. There is no AI model in the loop. • Safety tier badges (New / Verified / Trusted / Flagged) are computed by averaging post-event review responses with simple arithmetic — no AI ranking is applied. If we ever introduce AI-assisted features in the future (for example, optional content moderation or smarter search), we will update this policy, name the provider, and describe what data is sent before the feature ships.
If you sign in with Google, we receive your name, email address, and profile photo from Google. We do not receive access to your Google contacts, Gmail, or any other Google services. You can revoke this access at any time via your Google account settings.
Gathr+ is the premium tier of Gathr. It unlocks: pre-RSVP match preview, wave sender identity reveal, unlimited waves, Paths Crossed history, priority matching rank, Open to Dating Mode, and — for the first 1,000 subscribers — a permanent Founding Member badge on your profile. Visual identity: Active Gathr+ subscribers are shown across the app with a subtle gold ring around their avatar wherever the avatar appears (notifications, messages, search results, community member lists, event attendee lists, mystery match cards, and on profile pages). This signals tier status and is visible to all other Gathr users. You can stop being shown this treatment by allowing your Gathr+ subscription / preview to lapse. What we record: When you have an active Gathr+ subscription or trial, we store `gathr_plus = true` and/or `gathr_plus_expires_at` on your profile. If you are among the first 1,000 paid subscribers, we also set `founding_member = true` — a permanent flag that survives subscription cancellation. The trial usage flag (`gathr_plus_trial_used`) records that the one-time trial has been claimed. Pricing: Gathr+ will be available at $4.99/month or $39.99/year (saving 33%). Billing has not yet launched; current subscribers join a waitlist and will be notified before any charge is made. 7-Day Free Trial: Eligible users may claim a one-time 7-day Gathr+ free trial. No card is required. The trial can only be claimed once per account, enforced server-side. Level-Milestone Previews: Reaching level 5 grants a one-time 48-hour Gathr+ preview; reaching level 10 grants a one-time 7-day preview. These are automatic, non-repeatable rewards. We store the preview expiry timestamp on your profile. Open to Dating Mode: Gathr+ members may opt in to Open to Dating Mode in Settings. When enabled, your dating intent (`open_to_dating = true`) is stored on your profile and is visible only to other active Gathr+ members who have also opted in — it appears in the Paths Crossed feed and pre-event match lists between mutually opted-in members. Non-Gathr+ users never see this flag. You can toggle this on or off at any time from Settings; changes take effect immediately. We do not share your dating intent with any third party. Paid Plans (when live): If you subscribe, your subscription status and plan type are recorded on your profile. Billing will be handled through our web payment provider. We will not store full payment card details on our servers. You may cancel at any time and features remain active until the end of the billing period. Server-side enforcement: Gathr+ status, trial flag, expiry timestamp, founding_member flag, and open_to_dating flag are protected database columns. They cannot be modified by direct API calls from your client — only Gathr-controlled server functions can write to them.
Your data is stored securely using Supabase, hosted on AWS infrastructure. We use row-level security policies to ensure users can only access data they are authorised to see, plus database-level safeguards on sensitive columns (billing status, safety scores, activity counts) that prevent client-side tampering. No system is completely secure, and we encourage you to use a strong, unique password. Session management: You can sign out of the current device from Settings → Sign Out, or revoke every active session on every device you have ever signed in from with Settings → Sign Out Everywhere. The latter is recommended if a device has been lost or if you suspect your account has been used without permission. Private-bucket attachments: Direct-message attachments (photos, PDFs, etc.) live in a private storage bucket. Each request is authorised through a server-side proxy that evaluates the same row-level security policies that protect the underlying message thread before issuing a short-lived (six-minute) signed URL — only the two participants of the conversation can mint a URL for a given attachment, and the proxy itself never streams the file bytes to anyone outside that pair. The signed URL is rotated each time the redirect cache expires (roughly every four minutes). Direct CDN access to these files is disabled. File types served as downloads: Any attachment whose file type is not a recognised inline-safe image (JPG, PNG, WebP, GIF) is served with a forced-download response header, even when the recipient does have access. This prevents a malicious upload of an HTML or SVG file from executing scripts in your browser when you view the attachment. Event covers remain on a public bucket but are routed through the same proxy so URLs remain stable as we tighten access over time. Rate limits: To protect against automated abuse, the following operations are rate-limited per account: dating-intent toggle (5 changes per 24 hours), event geocoding requests (5 per hour), feedback submissions (5 per hour), and venue autocomplete (5 requests per second per IP). These limits are enforced server-side. Approaching a limit returns an error but does not affect your account standing. Diagnostic policy reports (Content Security Policy): Modern browsers can be configured to report blocked content-loading attempts back to a server. Gathr sets this report destination to our error-tracking provider (Sentry) when one is configured, so that we can detect compromised devices, malicious browser extensions, or regressions in our security headers. These reports include the URL of the page, the blocked resource, and the violating directive — they do not include personal data or your browsing history. Viewer presence on event pages: When you view an event page, Gathr uses Supabase Realtime's presence feature to share that you are currently looking at the event. Only your account ID is broadcast — no profile information, location, or device identifier. The page may display "N viewing now" when at least two people are looking at an event whose start time is within 24 hours, as a social-proof signal. Your individual identity is never revealed; only the deduplicated count is displayed. Closing the tab or navigating away removes your presence within a few seconds. Push Notifications: Push notifications are opt-in. We do not request permission until you explicitly enable them from Settings → Push Notifications. If you enable them, we store a subscription record (browser endpoint and encryption keys) so we can send notifications to your device. You can disable them at any time from the same settings page, which removes the subscription record. When a notification is sent, only the title, body, and a link path (e.g. "/events/abc") are included in the push payload — never your interests, profile data, or message content beyond what is needed to display the notification. Hosts can additionally toggle "Notify me when people RSVP" off if they don't want pushes for new attendees; RSVP-type pushes are rate-limited to once per event every 30 minutes regardless of how many people RSVP, so popular events never spam. Venue Autocomplete: When you type a venue name while creating an event, Gathr looks up matching venues and addresses using the OpenStreetMap Nominatim geocoding service. These requests are routed through Gathr's own servers — your browser does not contact Nominatim directly, so your IP address is not transmitted to the Nominatim service. We do not store your venue search queries beyond what is saved when you actually create the event. OpenStreetMap's data is published under the Open Database Licence (ODbL). Venue search results are only fetched while you are actively typing in the event creation form and only after you have signed in. Event Location Data: When you publish an event, the address you provide is geocoded into latitude/longitude coordinates so the event can appear on the map. Post-publish geocoding happens server-side via our backend (not your browser), so your IP address is not additionally exposed to third-party services at that step. Coordinates are stored alongside the event and are visible only at the level the event itself is visible (public events show pins to everyone; private events do not appear on the public map). Map Page Location: When you open the Map tab, Gathr requests your device's GPS location to center the map on your position and show a "you are here" marker. This position is used only in your browser — it is not transmitted to our servers or stored in any way. Declining this request does not affect map functionality; the map will center on events in your city instead. City Auto-Detection (Setup): On the city selection step during account setup, you may tap "Detect my location" to automatically select your nearest city. If you grant access, your GPS coordinates are used only to find the closest city in our supported list — the coordinates are computed in your browser and are not transmitted to our servers. Only the resulting city name is saved to your profile. Check-In Location: When you tap "I'm Here" during an event, Gathr may request your device's GPS location. If granted, we record your approximate latitude/longitude and your distance from the event venue at the moment of check-in. Distance is displayed to you in miles. This data is visible to the event host for attendance verification and analytics — hosts see each checked-in attendee's distance from the venue. If you decline location access your GPS coordinates are stored as null — check-in is still recorded and a soft confirmation prompt is shown instead. Check-in location data is retained until you delete your account. Address Reveal: The full street address of an event is not shown to everyone who views the event page. Only the venue name is visible to all viewers. The full street address is revealed only to (1) users who have RSVPed to the event, and (2) the event host. Calendar exports (Google Calendar and .ics downloads) also reflect this — the street address is included in the calendar entry only for RSVPed users and the host. This protects hosts who prefer not to broadcast a home address or private venue location to the general public. Feedback Submissions: When you send feedback through Settings → Send Feedback, we record the message you wrote, the category you picked, the URL path you were on, your user ID, and your browser user-agent string. This information is only used to help us reproduce bugs and prioritise improvements. Feedback rows are only readable by Gathr team members and by you (you can request your own feedback history at any time). You can submit up to 5 feedback messages per hour to prevent abuse.
We retain your account data for as long as your account is active. Post-event reviews you have submitted are retained to maintain the integrity of the safety score system. If you delete your account, your personal profile information is removed within 30 days. Submitted reviews are anonymised rather than deleted, as removing them would unfairly alter other users' safety scores. Connection-request decline records: When you decline a connection request, the underlying record is retained (status flips to "declined" with a timestamp) for at least 7 days to enforce a cooldown period during which the same requester cannot send you a new request. After the 7-day cooldown expires, the declined record may be replaced by a fresh request if the requester tries again. During the cooldown, the requester is not informed that their request was declined.
You have the right to access, correct, or delete your personal information at any time. You can update your profile in Settings. You can disable people matching and control your RSVP visibility in Settings → Privacy. To delete your account, go to Settings → Danger Zone. Deletion confirmation: For accounts that sign in with an email and password, deletion requires you to type the word "DELETE" AND re-enter your password in the confirmation dialog. The password re-check is enforced server-side — a leaked or borrowed session token alone is not enough to delete the account. Accounts that sign in only with Google rely on the freshly issued OAuth session for the same purpose; you may be asked to sign in again before the action completes. What is removed: When you delete your account, any active Gathr+ subscription is cancelled with our payment processor at the same time — you will not be charged again after deletion. Your customer record at the payment processor (which contains personally identifying details such as email and partial card information) is also deleted at the same time, leaving only the historical charge entries that we are legally required to retain for refunds, disputes, and tax records. Your profile, hosted events, RSVPs, connections, messages, and all data we hold for you is permanently removed within 30 days. Anonymised post-event reviews you submitted may be retained to preserve the integrity of other users' safety scores; nothing in those rows links back to you after deletion. For a data export prior to deletion, contact us at the address below.
Gathr is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will delete it promptly.
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy in the app. Your continued use of Gathr after changes are posted constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy, your personal data, or a safety concern, please contact us at: privacy@joingathr.app