Privacy Policy
Last updated: April 19, 2026
At TAD, we take your privacy seriously. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our application.
1. Information We Collect
Information you provide:
- Account information: Email address, phone number, name, username, and password when you create an account
- Profile information: Bio, location, date of birth, interests, and profile photo
- Event content: Events you create, including titles, descriptions, dates, and locations
- Photos: Images you upload to events, your profile, and spot check-ins
- Social connections: Friends list, friend groups, and group memberships
- Messages: Communications sent through event chats and direct messages (direct messages are automatically deleted after 24 hours)
- Location data: GPS coordinates when you check in at events or spots (only when you grant location permission)
Information collected automatically:
- Device information: Device type, operating system, and app version
- Crash reports: When the app crashes, we collect diagnostic information including device type, OS version, and stack traces via Firebase Crashlytics (Google). This data is not linked to your identity.
- Push notification tokens: For delivering notifications to your device
2. How We Use Your Information
We use your information to:
- Provide and maintain the TAD service
- Connect you with friends and events
- Send notifications about events and friend activity
- Improve and personalize your experience
- Diagnose and fix technical issues (via crash reports)
- Ensure safety and security of the platform
- Comply with legal obligations
3. How We Share Your Information
We share your information in the following ways:
- With other users: Your profile, events, and shared photos are visible to other users based on your privacy settings
- Service providers: We use third-party services to operate TAD (see Section 4)
- Legal requirements: We may disclose information if required by law or to protect rights and safety
We do not sell your personal information to third parties.
4. Service Providers (Data Processors)
We use the following third-party services to operate TAD:
| Provider | Purpose | Data Processed |
|---|---|---|
| Supabase Inc. | Database, authentication, file storage | All user data, photos, messages |
| Google LLC (Firebase) | Crash reporting (Crashlytics), push notifications (FCM) | Crash data, device tokens |
| Apple Inc. | Sign in with Apple, push notification delivery | Authentication tokens, device tokens |
5. Data Storage and Security
Your data is stored securely using Supabase infrastructure with:
- Encrypted data transmission (HTTPS/TLS)
- Row-level security policies on all database tables
- Authenticated access to storage buckets
- Secure password hashing
While we implement industry-standard security measures, no method of electronic storage is 100% secure.
6. Your Privacy Controls
TAD provides you with control over your data:
| Control | Description |
|---|---|
| Profile visibility | Set your profile to Public, Friends Only, or Private |
| Discoverability | Control whether you appear in search results |
| Field visibility | Choose which profile fields are visible to others |
| Blocking | Block users to prevent them from seeing your content |
| Notifications | Customize which notifications you receive |
| Group privacy | Set group walls to members-only visibility |
7. Data Retention
We retain your data for as long as your account is active. Direct messages are automatically deleted after 24 hours. When you delete your account:
- Your profile information is removed
- Your photos are deleted from storage
- Your event participation history is anonymized
- Your friend connections and group memberships are removed
Some information may be retained for legal or security purposes for up to 30 days after account deletion.
8. Children's Privacy
TAD is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. The app enforces a minimum age of 13 during account creation. If we become aware of such collection, we will delete it promptly.
9. International Data Transfers
Your data may be processed and stored in servers located outside your country of residence, including in the United States. For transfers from the European Economic Area (EEA), we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- The EU-US Data Privacy Framework, where applicable
10. Your Rights (EEA/GDPR)
If you are in the European Economic Area, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate personal data
- Erasure: Request deletion of your personal data
- Portability: Receive your data in a portable format
- Restriction: Restrict processing of your data
- Object: Object to processing of your data
- Withdraw consent: Where processing is based on consent, you may withdraw it at any time
To exercise these rights, contact us at privacy@tad.app.
Legal Basis for Processing (EEA users)
We process your data under the following legal bases:
- Contract performance: Account data, event data, and social connections — necessary to provide the TAD service
- Legitimate interest: Crash reporting, security monitoring, and service improvement — to maintain and improve the app
- Consent: Push notifications, location access, and camera/photo access — obtained via operating system permission dialogs, which you can revoke at any time in your device settings
11. Your Rights (California/CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know: You can request information about the categories and specific pieces of personal information we collect
- Right to delete: You can request deletion of your personal information (available via account deletion in the app)
- Right to opt-out: You have the right to opt out of the sale of your personal information. TAD does not sell personal information.
- Non-discrimination: We will not discriminate against you for exercising your CCPA rights
To exercise these rights, contact us at privacy@tad.app.
12. Cookies and Tracking
TAD is a mobile application and does not use browser cookies. We do not track users across other apps or websites. Firebase Crashlytics collects anonymous crash data to help us fix bugs — this data is not used for advertising or tracking purposes.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes through the App. The "Last updated" date at the top reflects the most recent revision.
14. Contact Us
For questions or concerns about this Privacy Policy or your data:
- Email: privacy@tad.app
- Support: support@tad.app
- Company: Aggregate
- Country: Denmark
© 2026 Aggregate. All rights reserved.