This Privacy Policy explains how Locale Development LLC ("Locale," "we," "us," or "our") collects, uses, and shares information when you use the Locale mobile app, the website at localeapp.io, and related services (the "Service").
By using the Service, you agree to the collection and use of information as described in this Policy. If you do not agree, please do not use the Service. See also our Terms of Service.
We collect three categories of information: (a) information you provide to us, (b) information we collect automatically when you use the Service, and (c) information we receive from third parties.
When you create an account, we collect:
If you have an individual profile, we may also collect:
If you have a business profile, we may also collect:
google_voice_phone) — the phone number returned by Google Places at signup, used for business voice verification (separate from your publicly listed business phone);When you use the Service, we collect information about how you interact with events, including:
going and a timestamp;Comments and ratings: Users cannot currently post comments or ratings in the app. Legacy database structures may exist for future use but are not exposed in the current product.
To power the map view, "nearby" filtering, and city/region features, we may collect:
We do not sell location data.
If you operate a business account and initiate phone verification (after admin approval), we collect:
The verification call itself is placed by our verification provider (currently Twilio Verify); we do not record the contents of the call.
If your business listing does not include a Google Places phone number suitable for automated voice verification, automated verification may not be available and your account may be marked for manual review until you contact info@localeapp.io.
We collect anything you upload to the Service, including profile photos, business logos, business showcase images, and event images. Files are stored in our cloud storage (currently Supabase Storage) and may be served via public or signed URLs.
If you enable push notifications, we collect:
- Master on/off, sound, and vibration toggles;
- Event reminders, new events from followed businesses, event changes, and event cancellations;
- For business accounts: notifications when someone saves your events (shown in Settings as "New Saves for My Events") and when someone new follows your business;
Quiet hours: The database supports quiet-hours preferences, but the quiet-hours settings UI is not currently exposed in the app. You cannot configure quiet hours in Settings today.
We store in-app preferences that you set through the map/filter UI or that the app syncs automatically, including:
Our database schema includes additional preference fields (such as theme, language, search history, last search query, saved filter presets, profile visibility, location sharing, online status, friend-request preferences, auto-refresh interval, distance units, event-card density, and location accuracy threshold), but the app does not currently expose settings screens that read or write those fields, so we do not collect meaningful values for them beyond schema defaults. If we ship features that use them, we will update this section.
Backend and infrastructure logs. When your app communicates with our backend and infrastructure providers (such as Supabase), those systems automatically generate technical logs that may include your IP address, request timestamps, error codes, and similar network and request metadata.
Activity we record ourselves. As described in §1.2, we record certain first-party engagement signals in our own database — specifically event views and event interaction taps (such as share, map, ticket, and organizer taps).
Product analytics (not currently active). Our app includes an integration with a product-analytics provider (Amplitude), but it is not currently enabled: no analytics key is configured, the integration is inactive, and we do not currently send product-usage telemetry to Amplitude. The integration is also designed to drop direct identifiers (such as email) and to hash user and event IDs before any event would be sent. If we enable analytics in the future, we will update this Policy.
Crash and diagnostic data. We do not currently operate our own crash-reporting or error-monitoring service, and our app does not transmit crash logs or stack traces to us. Diagnostic and crash data may still be collected by the Apple App Store and Google Play in accordance with their own policies and your device settings.
The Locale mobile app does not rely on browser cookies, but it does use device storage (including AsyncStorage and SecureStore) to keep you signed in, remember preferences, and cache data.
Website (localeapp.io). Our marketing site and static pages (including /privacy and /terms) do not use advertising, analytics, or marketing cookies, and we do not display a cookie consent banner on those pages. On password-reset and email-confirmation pages (/reset, /confirm-email), we use browser local storage (not HTTP cookies) through our authentication provider (Supabase) to complete those flows; session data is cleared when the flow finishes. Some pages load fonts from Google Fonts, which may cause your browser to connect to Google's servers (see Google's privacy policy). We do not use local storage on our marketing homepage or on other static landing pages such as /auth/change-phone or /event.
We collect and store your personal phone number at signup. A verified phone number is required for every account, regardless of whether you turn on two-factor authentication.
We use your personal phone number only to:
Phone number changes are confirmed through an email link sent to your account email address (via SendGrid), not by SMS. Changing your phone number in the app requires re-entering your password and completing that email confirmation step.
We do not display your personal phone number publicly, share it with other users or businesses, or use it for marketing. SMS codes are sent through Twilio Verify as the delivery provider, routed through our authentication infrastructure (Supabase).
A "personal" phone number is distinct from any business phone number a business account submits for public listing or for the separate business voice verification flow described in §1.4.
We use the information we collect to:
We do not sell your personal information. We do not use your personal information for cross-context behavioral advertising.
We share information only as described below.
By design, certain information is visible to others on the Service:
Your personal phone number is never displayed publicly or shared with other users or businesses.
We share information with vendors who process it on our behalf. As of the Last Updated date, our primary providers include:
| Provider | Purpose | Categories of data |
|---|---|---|
| Supabase | Authentication, database, file storage, real-time updates, serverless functions | Account info, profile data, events, RSVPs, uploads, push tokens, logs |
| Google Maps Platform (Maps, Places, Geocoding) | Map rendering, place lookups, address geocoding | Coordinates, addresses, search queries |
| Google (OAuth) | Sign in with Google | Google account identifier, email, name |
| Apple (Sign in with Apple) | Sign in with Apple | Apple-issued user identifier, email (real or relay), name (if shared) |
| Twilio (Twilio Verify) | Voice phone verification for business accounts; SMS phone verification and two-factor authentication codes for all accounts | Phone number, verification status, SMS delivery metadata |
| SendGrid | Transactional email delivery (phone-change confirmation and related messages) | Email address, phone-change confirmation link |
| Amplitude | Product analytics — integrated but not currently active (no telemetry is sent today) | Device/app metadata, in-app events (only if analytics is enabled in the future) |
| Expo / Expo Application Services | Push notifications, builds, over-the-air updates | Push tokens, app/device metadata |
| Apple App Store, Google Play | App distribution | Standard store data per Apple/Google |
Each provider is bound by its own contract, terms, and privacy policy. We do not authorize them to use your personal information for their own marketing purposes.
We may disclose information when we reasonably believe it is necessary to:
If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction. We will notify users of any such transfer that materially changes how their information is handled.
We may share information for other purposes with your consent or at your direction.
Our default rule: we keep personal information for as long as your account is active. When you delete your account, we delete the personal information associated with your account.
In practice this means:
There are a few narrow exceptions:
event_views rows where your user id has been cleared after deletion.We have not yet implemented automated category-specific purge jobs for all data types. If we adopt fixed retention windows in the future, we will update this section before enforcing them.
From inside the app you can:
If you signed up with Google or Apple and do not have a Locale password on file, use info@localeapp.io to request account deletion, email change, or phone change. Download My Data (§5.3) works in-app without a Locale password.
When you delete your account, we attempt to delete your associated data in our database and storage layers, and we delete your record from our authentication system.
You can revoke permissions you previously granted to the app (location, camera, photo library, calendar, and notifications) from your device's operating system settings at any time. Some features may not work without those permissions.
Depending on where you live, you may have the right under state privacy laws (for example, California's CCPA/CPRA, Virginia's VCDPA, Colorado's CPA, Connecticut's CTDPA, Utah's UCPA, and similar laws) to:
Self-service access/portability: use Settings → Support → Download My Data in the app for a complete JSON export of your account data.
To exercise other rights, or if you cannot sign in, contact us at info@localeapp.io. We may need to verify your identity before responding. We will not discriminate against you for exercising any of these rights.
We currently send transactional emails only (no marketing email list). You can disable push notifications inside the app (Settings → Notifications) or in your device settings. Some communications (for example, account confirmation, security alerts, and important policy changes) are required to use the Service and cannot be turned off.
SMS messages. By creating an account, you consent to receive transactional SMS messages from Locale at the phone number on file for the purposes described in §1.10 — phone verification at signup and sign-in codes when two-factor authentication is enabled. We do not send marketing SMS. Standard message and data rates may apply. Message frequency depends on your activity (typically only at signup and when you sign in with 2FA enabled). You may stop SMS sign-in codes by turning off two-factor authentication in Settings. The verification SMS at signup is required to create an account.
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, contact info@localeapp.io and we will take steps to delete it.
We use reasonable administrative, technical, and physical safeguards to protect your information, including encryption in transit, access controls, Row Level Security policies on our database, and rate-limiting on sensitive flows like phone verification. No system is perfectly secure, and we cannot guarantee absolute security. If you believe your account has been compromised, contact info@localeapp.io immediately.
The Service is offered only to users located in the United States, and we currently distribute the Locale mobile app only through the U.S. storefronts of the Apple App Store and Google Play.
We are based in the United States, and we and our service providers process information in the United States. We do not target the Service to users outside the United States, do not localize the Service for non-U.S. markets, and do not offer the Service in languages other than English.
If you access the Service from outside the United States, you do so on your own initiative, and you understand and consent to information about you being transferred to and processed in the United States, where data protection laws may differ from those in your country. If you are located in the European Economic Area, the United Kingdom, or another region with cross-border transfer rules, the Service is not directed to you, and you should not use the Service.
We will revisit this section if and when we expand the Service to additional countries.
The Service may link to third-party websites and services (such as business websites, social media, and external ticketing pages). This Privacy Policy does not apply to those services, and we are not responsible for their content or privacy practices.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you in the app, by email, or by posting an updated version on localeapp.io/privacy, and we will update the "Last Updated" date at the top. Your continued use of the Service after changes take effect means you accept the updated Policy.
If you have questions about this Privacy Policy or our privacy practices, contact us at: