This Privacy Policy describes how Hostrrr ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use the Hostrrr mobile application and website (collectively, the "Service"). By using our Service, you agree to the collection and use of information as described in this policy.
1. Information We Collect
1.1 Account Data
When you create a Hostrrr account, we collect:
- Email address (used for authentication via one-time password)
- First name and last name
- Username
- Profile photo (avatar)
- Bio / about text
1.2 Event Data
When you create or interact with events, we collect:
- Event title, description, and cover images
- Event location (street address and GPS coordinates)
- Event date, time, and pricing information
- Food plan preferences
- Guest list and attendee information
1.3 Behavioral & Preference Data
To personalize your experience and match you with relevant events, we collect:
- Personality traits (selected during onboarding "vibe check")
- Socialization preferences (preferred group sizes, event types)
- Event interests and categories
- Event interaction data (clicks, attendance history, saved events)
1.4 Communication Data
- Chat messages (group and direct messages between users)
- Chat message reports (when a user flags inappropriate content)
1.5 Payment Data
All payment processing is handled by our third-party payment processor, Stripe. We do not store your credit card number, debit card number, or full bank account details. We store:
- Stripe payment intent IDs
- Transaction amounts and platform fees
- Payout status for event hosts
1.6 Device & Technical Data
- Push notification tokens (Expo push tokens)
- Device type and operating system (for notification delivery)
1.7 Identity Verification (KYC)
To enhance trust and safety, we offer identity verification through our third-party provider, SumSub. We store:
- SumSub applicant ID
- Verification status and review results
We do not store raw identity documents such as passport or government ID images. These are processed and retained solely by SumSub in accordance with their own privacy policy.
1.8 Location Data
We collect event location data (latitude and longitude) entered by hosts when creating events. We do not continuously track your GPS location or collect background location data.
2. How We Use Your Information
We use the information we collect to:
- Create and manage your account
- Display events and enable event discovery in your area
- Match you with events based on your personality traits, interests, and socialization preferences
- Facilitate communication between hosts and guests via in-app messaging
- Process payments for paid events through Stripe
- Send push notifications about event updates, messages, and reminders
- Verify user identities to promote trust and safety on the platform
- Enforce our Terms of Service and Community Guidelines
- Investigate reports of abuse, harassment, or policy violations
- Improve and optimize the Service through usage analytics
3. Third-Party Services
We use the following third-party services that may process your data:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication, database, file storage | Account data, event data, media uploads |
| Stripe | Payment processing | Payment details, transaction amounts |
| SumSub | Identity verification (KYC) | Identity documents, verification data |
| Expo | Push notifications | Push tokens, device information |
| Google Maps / Apple Maps | Map display on event pages | Event location coordinates |
Each third-party service operates under its own privacy policy. We encourage you to review their respective policies for details on how they handle your data.
4. Data Sharing & Disclosure
We do not sell your personal data. We may share your information in the following limited circumstances:
- With other users: Your profile information (name, username, avatar, bio) is visible to other users. Event details you create are visible to users who discover them.
- With service providers: We share data with the third-party services listed above solely for the purpose of operating the Service.
- For legal compliance: We may disclose your information if required by law, regulation, legal process, or governmental request.
- To protect safety: We may disclose information when we believe it is necessary to prevent fraud, protect the safety of our users, or enforce our Terms of Service.
- Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. We will notify you before your data becomes subject to a different privacy policy.
5. Data Retention & Deletion
We retain your personal data for as long as your account is active or as needed to provide the Service to you. When you delete your account:
- Your account enters a 14-day grace period during which you can reactivate it by logging back in.
- After the grace period, your account and associated personal data will be permanently deleted from our systems.
- Some data may be retained in anonymized or aggregated form for analytics purposes.
- We may retain certain information as required by law or for legitimate business purposes (e.g., fraud prevention, dispute resolution).
You can delete your account at any time from the Settings screen within the Hostrrr app.
6. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request that we correct inaccurate or incomplete data.
- Deletion: Request deletion of your personal data (subject to legal obligations).
- Data Portability: Request a machine-readable copy of your data.
- Objection: Object to the processing of your data in certain circumstances.
- Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, please contact us at support@hostrrr.com. We will respond to your request within 30 days.
7. Children's Privacy
Hostrrr is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal data from a child under 13, we will take steps to delete that information as quickly as possible.
If you believe that a child under 13 has provided us with personal information, please contact us at support@hostrrr.com.
8. Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption of data in transit (TLS/SSL) and at rest
- Passwordless authentication via one-time email codes
- Row-level security policies on our database
- Regular security reviews and updates
- Access controls limiting employee access to user data
While we strive to protect your personal information, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.
10. International Data Transfers
Hostrrr is operated from Nigeria, but our Service is available globally. Your data may be transferred to and processed in countries other than your country of residence, including the United States (where our infrastructure provider, Supabase, is hosted via AWS). By using the Service, you consent to the transfer of your data to these jurisdictions. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, through in-app notifications. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: