How we look after your account and your data

• Email and password sign-in, with a minimum password length enforced at sign-up.
• Google sign-in via a managed OAuth flow.
• Sessions are issued and refreshed by our backend authentication provider; signing out clears the local session.
• Anonymous sign-ups are disabled — every account is tied to a real email or Google identity.

• User data is protected by row-level access rules in the database, so people only see and edit what they're allowed to.
• Admin-only actions (moderation, sync controls, analytics) are gated by a server-checked admin role, not by anything the browser can change.
• Privileged operations run as server functions with the caller's identity attached — never with a public secret in the browser.

• Data is sent over HTTPS in transit and stored by our managed backend provider, which encrypts data at rest.
• We collect the information you give us (profile details, events, RSVPs, feedback, support messages) plus basic activity needed to make the product work.
• You can update your profile at any time, and you can request deletion of your account by emailing us (see below).

For the full picture of what we collect, why, and how long we keep it, please read our Privacy Policy.

We rely on a small number of trusted vendors to run the app. They process data only on our behalf and only as needed to provide the service. The current list — and any change to it — is published in our Privacy Policy.

Listings, events, profiles, and messages are subject to our Community Guidelines. Our team reviews submitted events before they go live and removes content that violates the rules.

If you spot something that looks like a security issue, please email us before sharing it publicly so we can investigate and fix it.

You can also use the in-app Feedback page to reach us about privacy questions, data requests, or anything else on this page.

• Terms of Service
• Privacy Policy
• Community Guidelines
• Copyright & IP Notice
• Beta User Agreement