Trust
Privacy
Draft v1 — final language pending legal review before public launch.
What we collect
- Email, phone, and date of birth — for your account and age verification.
- Scene name, optional real name, pronouns, city, and community tags — to find your events.
- IP address (security, jurisdiction detection; not retained past 30 days).
- Device and browser info (security).
- Event RSVPs and comments (core functionality).
- ID verification result and the jurisdiction it was performed in — for legal compliance. We never store the ID image; Stripe Identity handles that.
What we don’t collect
- Sexual preferences beyond the community tags you choose to share.
- Photos of identity documents — Stripe handles capture; we receive only a pass/fail.
- Location data beyond city level.
- Off-platform browsing behavior. No third-party trackers. No ad pixels.
What we don’t do with your data
- We do not sell your data.
- We do not share it with advertisers.
- We share data only with our infrastructure providers (Supabase, Twilio, Stripe Identity, Resend) under data-processing agreements, and only the minimum each needs to do their job.
Your rights
- Download all your data as machine-readable JSON. Settings → Your data.
- Delete your account immediately, no questions. Backups purged within 30 days.
- Correct any field on your profile any time.
- Withdraw ID verification (note: features that required it will become unavailable in your jurisdiction).
Who to contact
Email privacy@offmenu.events (forthcoming). For a public security report, see SECURITY.md in the project repository.