Privacy Policy

Last updated: 18 May 2026

Gatherly is built with privacy as the default. This policy explains what data we collect, why we collect it, and how we keep it safe. It complies with the Malaysian Personal Data Protection Act (PDPA) and the EU's GDPR for international visitors.

1. What we collect

• Account info: name, email, optional profile photo.
• Event info: titles, dates, locations, descriptions you create.
• Guest info: name and (optionally) a profile photo. Nothing else.
• Uploaded media: photos and videos you upload to event albums.
• Payment metadata: handled by Stripe — we never see card numbers.
• Standard log data: IP, browser, referrer, basic analytics.

2. Why we collect it

To run the product. To send the reminders you asked for. To deliver the album to your guests. To keep payments and accounts working. We don't sell data. We don't want to.

3. Where it lives

Data is stored on Supabase (Postgres + object storage) and Cloudflare R2 for cold media. Both have SOC 2 compliance and encrypt data at rest and in transit.

4. Media retention

Event media auto-deletes 60 days after the event date unless you upgrade to the "Keep Forever" add-on (coming soon). You can delete media at any time from the album settings.

5. Your rights

Access, correct, export, or delete your data anytime by emailing hello@gatherly.fun. We respond within 30 days.

6. Cookies

We use first-party cookies for sign-in and currency detection. No third-party advertising trackers.

7. Contact

Questions? hello@gatherly.fun.