Security & Safety

Authentication is handled by Supabase. Passwords are never stored in plain text. Supabase hashes them with industry-standard algorithms. Sessions are short-lived and tied to the device they were issued on.

You can sign out of all sessions from your profile settings. We recommend using a unique password and enabling two-factor authentication on your email provider, which is the recovery channel for your Gay Map account.

Mainstream event platforms expose your name, your face, and the parties you attend to anyone who looks. We don't. The following controls are first-class on every event:

• Address reveal gates. Hosts can publish an event publicly while keeping the exact venue address private, released only after RSVP, only after host approval, or a set number of hours before start.
• Guest list privacy.Hosts choose whether the guest list is hidden, visible to attendees, or public. The default is “hidden”.
• Anonymous RSVPs.Attendees can opt to hide their identity from other guests while still being counted on the host's door list.
• Discoverability switch. Hosts can mark an event as link-only, hidden from feeds and search even when public events on the same calendar are not.
• QR check-in controls. Door staff use scoped check-in access and unique QR tickets instead of a public attendee list.
• No public attendee history. We don't expose the list of past events you've RSVP'd to on a public profile.

Detailed practices are in our Privacy Policy. The short version of what we don't do:

• We don't sell personal data. Ever.
• We don't run third-party advertising trackers, retargeting pixels, or social-graph scrapers.
• We don't share your RSVP history with anyone other than the hosts of the events you registered for.
• We don't require government ID, phone numbers, or real-name verification to use the platform.

Built-in ticketing uses Stripe Connect for payment collection, onboarding, refunds, and payouts. Gay Map does not store full card numbers. Calendar payment tools are limited to hosts and managers with payment permissions, and order views are kept inside the event and calendar manage areas.

Traffic is served over HTTPS with modern TLS. The database is encrypted at rest. Production secrets are managed outside the code repository and access is restricted to a small number of operators.

We follow the principle of least privilege for internal access: engineers don't routinely query production data, and access to attendee records is limited to operational need.

The Gay Map iOS app does not include third-party analytics, advertising, fingerprinting, or attribution SDKs. We do not use the iOS advertising identifier (IDFA). The only mobile analytics we receive is Apple's aggregated App Analytics, which Apple anonymises and which you can disable from iOS Settings.

Local data on your device is held inside the iOS app sandbox and protected by iOS at-rest encryption. The app is removed cleanly when you delete it. If you grant location access, coordinates stay on your device and are used only to centre the map; we do not retain a server-side history of where the app has been used.

If you experience or witness harassment, doxxing, hateful conduct, or any safety incident, please email [email protected]. Include screenshots or links if you can. We aim to triage every report within 48 hours and act on credible reports promptly, including by removing content, restricting accounts, and cooperating with the affected host.

If you are in immediate danger, please contact local emergency services first.

We welcome reports from security researchers. Please email [email protected] with a clear description, reproduction steps, and any proof-of-concept code. We commit to:

• Acknowledge your report within 3 business days.
• Investigate and provide a status update within 10 business days.
• Not pursue legal action against good-faith researchers who follow responsible-disclosure norms (no data exfiltration, no service disruption, no testing against accounts you don't own).
• Credit you publicly in our changelog after the fix ships, if you wish.

We don't currently run a paid bug bounty programme. We may offer a thank-you and platform credit for impactful reports.

If we discover a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the Berlin Commissioner for Data Protection and Freedom of Information within 72 hours of becoming aware, as required by GDPR. We will also notify affected users without undue delay, with a clear summary of what happened, what data was involved, and what you should do.

• Safety incidents on the platform — [email protected]
• Vulnerability reports — [email protected]
• Privacy / GDPR requests — [email protected]