Privacy & Security
Last updated: December 14, 2025
What we collect
We collect the minimum data necessary to coordinate your gatherings:
| Data Type | Purpose | Retention |
|---|---|---|
| Email address | Authentication & notifications | Until account deletion |
| Availability dates | Finding dates that work for your group | Duration of gathering |
| Location preferences | AI-powered destination recommendations | Duration of gathering |
| Budget preferences | Ensuring recommendations fit everyone | Duration of gathering |
| Travel considerations | Safety-conscious destination filtering | Duration of gathering |
We do not collect passwords. Authentication uses secure one-time codes sent to your email.
How we protect sensitive information
Some information you share is deeply personal. We've built privacy protections directly into how Gatherlight works.
Travel considerations (LGBTQ+ safety, accessibility, dietary needs, etc.)
These preferences influence destination recommendations without exposing who indicated what:
| What You Share | Who Sees It |
|---|---|
| Your individual selections | No one — not even organizers |
| Aggregate counts (e.g., "2 people need accessibility") | Organizers only |
| How it affects recommendations | Reflected in AI suggestions, never attributed |
Budget preferences
Your budget range is completely anonymous:
- Other participants never see your selection
- Organizers see only the group's budget distribution, not individual responses
- AI recommendations use aggregate budget data without attribution
Travel consideration notes
If you add a personal note (e.g., explaining a specific need), the organizer can see it with your name — because it's addressed to them. This is the only sensitive field where your identity is attached, and only to facilitate direct communication about your needs.
Technical security measures
Transport security
All data transmitted between your device and Gatherlight is encrypted using TLS (HTTPS). We enforce encrypted connections in production — unencrypted HTTP requests are not accepted.
Authentication
- Passwordless login: We use 6-digit one-time passcodes (OTP) with 15-minute expiry
- No password storage: Eliminates risks from password database breaches
- Rate limiting: Authentication endpoints are protected against brute-force attacks
- 5 OTP requests per email per 15 minutes
- 10 verification attempts per IP per 15 minutes
- 30 total auth requests per IP per hour
Application security
- Content Security Policy (CSP): Restricts which scripts, styles, and resources can load
- Clickjacking protection: Frame embedding is blocked
- CSRF protection: Cross-site request forgery tokens on all forms
- Secure cookies: Session cookies are HTTP-only and secure-flagged in production
Data handling
- Filtered logging: Sensitive parameters (emails, tokens, credentials) are automatically redacted from application logs
- Encrypted secrets: API keys and credentials are stored using Rails encrypted credentials, never in plain text
- Minimal data exposure: Public share links and social previews contain no personally identifiable information
Third-party services
We use trusted services to operate Gatherlight:
| Service Type | What We Share | Why |
|---|---|---|
| Cloud hosting | Application data | Reliable infrastructure |
| Email delivery | Your email + login codes | Sending OTP and notifications |
| Maps | Destination coordinates | Displaying location information |
| AI processing | Anonymized group preferences | Generating recommendations |
We do not share individual travel considerations, budget selections, or other sensitive preferences with any third party in identifiable form.
What we don't do
- ✕ Sell your data to third parties
- ✕ Store passwords
- ✕ Share your individual preferences with other participants
- ✕ Include personal information in shareable links or previews
- ✕ Track you across other websites
- ✕ Retain data longer than necessary
Your rights
You can:
- Access your data through your profile settings
- Update your information at any time
- Delete your account and all associated data by contacting us
- Withdraw from any gathering, removing your preferences from that group
Data retention
- Active gatherings: Your preferences are retained for the duration of the gathering
- Completed gatherings: Data is retained for reference until you delete your account
- Deleted accounts: All associated data is permanently removed
Contact
Questions about privacy or security? Contact us.
Want to report a security concern? Email us directly — we take security reports seriously and will respond promptly.
Policy updates
We'll notify you of significant changes to this policy via email. Continued use of Gatherlight after updates constitutes acceptance of the revised policy.