Privacy & Security
Last updated: June 30, 2026
What we collect
We collect the minimum data needed to run your traditions and their gatherings:
| Data Type | Purpose | Retention |
|---|---|---|
| Email address | Sign-in and email notifications | Until account deletion |
| Phone number (optional) | Sign-in verification | Until account deletion |
| Name & avatar | So your groups know who you are | Until account deletion |
| Tradition membership & notification choices | Your durable groups and what updates you want | Until you leave or delete |
| RSVP responses (status, guest count, optional note) | Coordinating each occurrence | Kept with the tradition's history |
We do not collect passwords. Sign-in uses secure one-time codes sent to your email or phone number.
How we communicate with you
Email is the only channel Gatherlight sends. That includes your sign-in code (when you sign in by email) and the tradition updates you opt into — for example a new theme, a location change, or a host announcement. You choose, per tradition, which of these you want to receive.
Phone sign-in: if you sign in with your phone number, the verification code is sent by Firebase (Google) as part of authentication. We never see or store that code, and we do not send automated or marketing text messages.
Inviting people: when you share an invite, your device may open your own Messages or other apps. Those messages are sent by you, from your device — not by Gatherlight.
Privacy by design
A tradition's public page shows only summary information — its name, description, cadence, and aggregate longevity stats. The things that are personal stay protected:
| Information | Who sees it |
|---|---|
| Member list & full archive | Members only — unlocked once you join |
| Who's attending a given occurrence | Members only, never the public |
| Any sensitive signals an organizer reviews | Aggregate counts only — never a name beside a value |
Technical security measures
Transport security
All data transmitted between your device and Gatherlight is encrypted using TLS (HTTPS). We enforce encrypted connections in production — unencrypted HTTP requests are not accepted.
Authentication
- Passwordless login: 6-digit one-time passcodes (OTP) sent via email or phone, with a 15-minute expiry
- No password storage: eliminates risks from password database breaches
- Phone verification: handled by Firebase, a trusted third-party service — Gatherlight never stores your verification codes
- Rate limiting: authentication endpoints are protected against brute-force attacks
Application security
- Content Security Policy (CSP): restricts which scripts, styles, and resources can load
- Clickjacking protection: frame embedding is blocked
- CSRF protection: cross-site request forgery tokens on all forms
- Secure cookies: session cookies are HTTP-only and secure-flagged in production
Data handling
- Filtered logging: sensitive parameters (emails, phone numbers, tokens, credentials) are automatically redacted from application logs
- Encrypted secrets: API keys and credentials are stored using Rails encrypted credentials, never in plain text
- Minimal data exposure: public share links and social previews contain no personally identifiable information
Third-party services
We use a short list of trusted services to operate Gatherlight:
| Service | What we share | Why |
|---|---|---|
| Cloud hosting & storage | Application data and uploaded images | Reliable infrastructure |
| Firebase (Google) | Your phone number | Sending sign-in verification codes |
| Email delivery | Your email + message content | Sending sign-in codes and notifications |
| Maps (Google) | Place searches and coordinates | Location autocomplete and map previews |
We do not share your phone number, email, or other personal data with any third party for marketing purposes.
What we don't do
- ✕ Sell your data to third parties
- ✕ Store passwords
- ✕ Send automated or marketing text messages
- ✕ Share your phone number or email with third parties for marketing
- ✕ Show your individual attendance to non-members
- ✕ Attribute sensitive signals to a named person
- ✕ Include personal information in shareable links or previews
- ✕ Track you across other websites
Your rights
You can:
- Access your data through your profile settings
- Update your information at any time
- Leave a tradition, which removes your membership from that group
- Delete your account and personal data by contacting us
Data retention
- Traditions & occurrences: a tradition's page and history are meant to last — they persist as the group's shared memory for its members
- Archived traditions: kept accessible to members, hidden from everyone else
- Deleted accounts: your personal data is permanently removed
Contact
Questions about privacy or security? Contact us.
Want to report a security concern? Email us directly — we take security reports seriously and will respond promptly.
Policy updates
We'll notify you of significant changes to this policy by email. Continued use of Gatherlight after updates constitutes acceptance of the revised policy.