Gatherle
Effective date: 22 June 2026. Policy version: privacy-v1.
This policy is written for Gatherle's South African launch context and should be reviewed by a privacy professional before broad production launch.
This Privacy Policy explains how Gatherle collects, uses, stores, shares, and protects personal information when you use our website, mobile app, API-backed services, events, messaging, notifications, and support tools.
We aim to process personal information in line with the Protection of Personal Information Act, 2013 (POPIA), South African privacy expectations, and practical security principles.
Gatherle is the responsible party for personal information processed through our product where we decide why and how that information is processed.
Privacy questions, Information Officer requests, access requests, corrections, objections, deletion requests, or direct-marketing opt-out requests can be sent to gatherle.inc@gmail.com. As Gatherle grows, we may publish more formal Information Officer details and request channels.
Account information: name, username, email address, password-derived authentication data, OAuth identifiers, email verification status, profile photo, profile settings, onboarding state, interests, location preferences, communication preferences, and legal-consent metadata.
Product activity: RSVPs, saves, follows, organizations, venues, hosted events, moments, messages, notifications, support requests, reports, and moderation/admin interactions.
Device and technical information: IP-derived metadata, browser or device information, app version, build version, user agent, authentication tokens, session metadata, push tokens, logs, diagnostics, and security events.
Location information: city or selected location preferences, and precise or approximate device location only where you grant permission for location-based features.
Communications and support information: messages you send through Gatherle, reports you submit, support attachments, email delivery metadata, notification preferences, and related moderation or admin notes.
We process personal information to create and secure accounts, verify email addresses, personalize event discovery, show social context, enable RSVPs and follows, deliver messages and notifications, help hosts manage events, provide support, investigate reports, prevent abuse, comply with law, and improve Gatherle.
We do not sell personal information. We use personal information to operate Gatherle as a social-first event discovery product.
We may use contact details to send transactional messages and, where legally allowed or consented to, product updates or marketing. You can opt out of optional marketing communications.
Depending on the context, we may process information because you consented, because it is necessary to provide the service, because we have a legitimate operational or safety interest, because we must comply with law, or because processing is needed to protect rights and safety.
We aim to limit collection to what is reasonably necessary, keep information accurate where practical, secure it, and retain it only for as long as needed for product, legal, safety, audit, or operational purposes.
Where we process special personal information or information about children, we will do so only where the law allows it, where appropriate consent or another lawful basis exists, and where the processing is necessary for the relevant feature, safety purpose, or legal obligation.
We may share information with service providers that help us run Gatherle, including hosting, database, analytics, email, push notification, media storage, authentication, security, and support providers.
We may disclose information where required by law, to investigate abuse or fraud, to protect users or the public, to enforce our terms, or as part of a business restructuring where appropriate safeguards apply.
Service providers should only process personal information for Gatherle's instructions and must use reasonable security and confidentiality safeguards appropriate to their role.
Some information may be visible to other users depending on product features and your settings. This may include your profile name, username, avatar, public activity, event participation signals, hosted events, organization links, moments, and other social context.
Private or sensitive account information such as email address, pending email, security metadata, and authentication details should not be exposed in public discovery surfaces.
Some service providers may process information outside South Africa. Where that happens, we aim to use providers and safeguards that support reasonable protection for personal information, such as contractual protections, comparable data-protection standards, consent where required, or another lawful transfer basis.
We use technical and organizational safeguards such as access controls, encrypted transport, secure credential handling, verification flows, bot-prevention controls, logging, and operational monitoring.
No system is perfectly secure. Please use a strong password, keep your devices secure, and tell us quickly if you suspect unauthorized access.
If we become aware of a security compromise affecting personal information, we will assess it and, where required, notify affected users and the South African Information Regulator.
Subject to applicable law, you may ask to access, correct, delete, restrict, or object to certain processing of your personal information. You may also withdraw consent where processing depends on consent.
You may have the right to complain to the South African Information Regulator if you believe your personal information has been processed unlawfully. The Information Regulator publishes complaint and guidance information at inforegulator.org.za.
Gatherle accounts are not intended for users younger than 18. We do not knowingly allow under-age users to create accounts. If we learn that an under-age account exists, we may suspend or delete it.
We retain personal information for as long as reasonably needed to provide Gatherle, maintain account and safety records, support legal or audit requirements, resolve disputes, prevent abuse, and improve product reliability.
Retention periods may differ by data type. For example, security logs, support records, legal-consent records, and abuse-prevention records may be retained longer than ordinary product cache or temporary diagnostics.
We may update this policy when our product, laws, vendors, or security practices change. If changes are material, we may notify you or ask you to acknowledge the updated policy before continuing.