Privacy Policy

The data controller for personal data processed via Gay Map and the separate Gay Widgets: Pride Countdown iOS app is Pride Nav Ltd, a private limited company registered in England and Wales (company number 17211137). Registered office: 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom. You can reach us at [email protected].

We collect the minimum we need to operate Gay Map:

• Account data: email, display name, optional profile photo, the calendars and events you create or RSVP to, and your visibility preferences.
• Event content: titles, descriptions, cover images, venue addresses, ticket prices, and any community agreements you publish.
• RSVP data. When you register for an event, the host sees your name, email, and any answers to questions they asked. You can opt to RSVP anonymously where the host has enabled that.
• Payment data: ticket orders, refund status, tax settings, Stripe account status, and payout or sales-history records needed to operate paid ticketing.
• Approximate location: your city or current coordinates (with permission) to surface nearby events and venues.
• Device and first-party usage analytics: browser and device context, pages, venues, events, tickets, and product actions viewed or used, plus reliability and performance signals. See “Analytics & cookies” below.
• Sensitive profile data (optional): pronouns, gender expression, and any other information you choose to publish on your profile. This is entirely optional and never required to use the Service.
• Contact form messages: name, email, and message body when you write to us via the contact form. Retained for up to 90 days, then auto-deleted.

We process the data above to:

• Operate the Service (authentication, RSVPs, hosting tools).
• Surface relevant events and venues, including by proximity and the calendars you follow.
• Send transactional email: RSVP confirmations, address-reveal notifications for DAY_OF events, and event reminders.
• Investigate abuse, fraud, and safety incidents.
• Improve reliability, performance, and product decisions using first-party usage analytics.
• Use authentication, profile, event, RSVP, and ticket data for app functionality such as sign-in, profiles, hosting tools, registrations, check-in, refunds, and account support.

The legal bases are: performance of the contract with you (Art. 6(1)(b) GDPR), our legitimate interest in operating a trustworthy platform (Art. 6(1)(f)), and your consent for optional features such as precise location (Art. 6(1)(a)).

For optional analytics, our legal basis is consent. We limit analytics to intentional product-level events, and rejecting or withdrawing consent stops future analytics capture.

Sensitive profile data (Art. 9 GDPR). Gay Map serves an LGBTQ+ audience, and information you choose to publish on your public profile (including pronouns, gender expression, and which calendars and events you participate in) may reveal data falling within Art. 9 special categories (sexual orientation, gender identity). We process this data only on the basis of your explicit consent under Art. 9(2)(a), given when you fill in those optional fields or take part in optional activities. You can withdraw at any time by clearing the field, changing your profile visibility in settings, or deleting your account. None of these affect your ability to keep using the rest of the Service.

We do not sell your personal data. We share it only with sub-processors that help us run Gay Map, under data-processing agreements:

• Supabase: authentication and database hosting (EU region).
• Vercel: application hosting and edge delivery for the web app.
• Cloudflare: CDN, image optimisation, and DDoS protection.
• Google Cloud Storage: storage for venue, event, and user-uploaded images.
• PostHog EU Cloud: consent-gated product analytics for reliability, performance, and product decisions.
• Google Tag Manager: container for measurement tags during our analytics migration. Only loaded after you accept the cookie banner; no cross-site advertising trackers run.
• Resend: transactional email delivery (RSVP confirmations, security notices, address-reveal emails).
• Stripe Connect. Stripe processes in-app ticket payments, host onboarding, payout details, refunds, fraud checks, and the payment records they need under their own privacy policy.
• Mapbox & Google Places: venue lookups; queries are forwarded as you type.
• Hosts of events you RSVP to: see “RSVP data” above.

We use a small number of strictly-necessary cookies (sign-in session, CSRF token, preference cookies). These do not require consent and are loaded on first visit.

Gay Map uses optional analytics to improve reliability, performance, and product decisions. We use PostHog EU Cloud and, during the migration period, a Google Tag Manager container for measurement tags.

Analytics is not enabled until you click “Accept All” on the cookie banner. If you click “Reject All”, analytics scripts do not run. When you are signed in on the web, accepted analytics may be linked to your Gay Map account. We do not sell personal data, share usage data with data brokers, use advertising identifiers, or track you across other companies' apps or websites for targeted advertising or advertising measurement.

You can change your choice anytime here or in Settings with the Share Usage Analytics control. Rejecting or opting out stops future analytics capture, and we do not identify your signed-in account again unless you opt back in.

We do not use session replay, autocapture, heatmaps, rage-click capture, or tools that record UI content. Analytics events are intentional and product-level only, such as web opened, venue viewed, search used, bookmark toggled, event viewed, ticket viewed, and check-in flow actions. We avoid sending raw search text, email, names, exact location, ticket QR payloads, access tokens, or free-form user content.

We retain account data for as long as your account is active. When you delete your account, your profile is taken offline immediately and, within 30 days, your personal data (email, name, photos, bio, bookmarks, RSVPs) is anonymised: PII fields are nulled or replaced with placeholders, while record IDs are kept so attendance counts and host history stay consistent for events you participated in.

We retain a longer tail in narrow cases:

• Ticket order, refund, payout, and tax records when payments flow through Stripe Connect, typically up to 10 years to comply with applicable tax law.
• Audit logs of administrative actions and security-relevant events, up to 12 months in anonymised form.
• Anonymised, aggregated event statistics: indefinitely.
• Contact form messages: up to 90 days, after which they are permanently deleted by an automated daily job.

You can download a machine-readable copy of your personal data at any time by calling GET /auth/me/export while signed in (returns JSON). You can also expedite deletion by emailing [email protected].

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data, or complete incomplete data.
• Erase your data (right to be forgotten), subject to retention obligations above.
• Restrict or object to specific kinds of processing.
• Receive your data in a machine-readable format (portability).
• Withdraw consent at any time, where processing was based on consent.
• Lodge a complaint with a supervisory authority. Our lead authority is the Berlin Commissioner for Data Protection and Freedom of Information.

To exercise any of these rights, email [email protected]. We aim to respond within 30 days.

See our Security & Safety page for the technical and organisational measures we take, including location-privacy gates, anonymous RSVPs, and our vulnerability disclosure address.

Gay Map is for adults only. You must be 18 or older to create an account or use Gay Map. We ask you to confirm this at sign-in and we will close any account we discover to be under 18.

Some sub-processors (e.g. Stripe) may process limited data outside the EU/EEA. Where we do, we rely on Standard Contractual Clauses or other transfer safeguards as required by GDPR.

Gay Map is available as an iOS app on the App Store. The same Privacy Policy applies; here is what is specific to the mobile context:

• Use without an account. You can browse the venue map without signing in. When you are signed out we do not associate map activity with you.
• App functionality data. If you sign in, save or bookmark venues, edit your profile, upload an avatar, or suggest edits, we collect and store the data needed to provide those features and keep your account in sync across Gay Map.
• Location.The app uses iOS Core Location only with your permission. You can grant precise location, approximate location, or no location at all from iOS Settings → Privacy & Security → Location Services. Coordinates are used to centre and sort the map and may be sent to our API to return nearby venues or results. We do not retain a server-side history of your location.
• No third-party analytics or tracking. The iOS app does not include Firebase, AppsFlyer, the advertising identifier (IDFA), or third-party advertising, attribution, or analytics SDKs. The only mobile analytics we receive is Apple's aggregated App Analytics, which Apple anonymises and which you can disable from iOS Settings.
• Sign-in and account deletion. If you do sign in within the iOS app, the same account rules and deletion rights described above apply. You can delete your account at any time from the in-app profile settings, which fulfils Apple's App Store requirement 5.1.1(v).

Gay Widgets: Pride Countdown is a separate iOS app for Pride countdown widgets. It does not use a Gay Map account, and the privacy model is different from the Gay Map app:

• No accounts. Gay Widgets does not ask you to create or sign in to an account.
• No tracking or third-party analytics. Gay Widgets does not use the iOS advertising identifier (IDFA), third-party ads, attribution SDKs, or third-party analytics SDKs.
• Local preferences. Your selected city, theme, widget configuration, unlock state, and cache preferences are stored locally using App Group UserDefaults so the app and widgets can share them on your device.
• Pride date refreshes. The app refreshes Pride date data from our API so the countdown stays current.
• Wrong-date reports. If you choose to report a wrong Pride date, the app sends the city, the Pride date you submit, the source URL, any notes you enter, and the app version to our backend for editorial review. Reports are optional.
• Subscriptions and purchases. Paid unlocks and subscriptions are processed by Apple through StoreKit. Pride Nav does not receive your payment card details.
• Apple App Analytics. Apple may make aggregated App Analytics available to developers. This is controlled by your iOS analytics settings.

When we change this Policy materially, we will notify active users by email and in-app at least 14 days before the change takes effect.