Legal

Privacy Policy

Effective May 24, 2026

1. What we collect

Account data - email address, display name, password-less authentication identifiers, and (if you sign in with Google or Apple) the basic profile fields those providers share with us.

Profile data you provide - name, location, bio, headline, profession, company, social handles, links, profile photo, and similar fields you choose to fill in. You control whether to provide these and can remove them at any time from your settings.

Private profile data - birthday and email-marketing preferences are stored separately and visible only to you and our admins; other members cannot see them.

Payment data - card details are collected and stored by Stripe, Inc., our payment processor. We never see or store full card numbers; we receive only a customer ID, the last four digits, and the subscription status from Stripe.

Usage data - pages you visit, features you use, approximate location derived from your IP, browser and device metadata, and event timestamps. We use this to operate and improve the Service.

Content you create - posts, comments, messages, RSVPs, and reactions you submit through the Service.

2. How we use it

To provide the Service (accounts, content, events, messages, billing); to communicate with you about your membership; to improve and secure the Service; to enforce our Terms of Service; and to comply with legal obligations.

3. Sub-processors we share data with

We use a small set of trusted vendors to run the Service. We share only what each needs to do its job, and each is contractually required to protect your data.
  • Supabase - primary database and authentication. Hosted in the United States.
  • Vercel - web hosting, serverless compute, and request logging.
  • Stripe - payment processing, billing, and subscription management.
  • Upstash - rate-limiting and ephemeral cache.
  • Google - calendar and video-meeting links for member events; OAuth sign-in (if you choose it).
  • Apple - OAuth sign-in (if you choose it).

4. Cookies & similar technologies

We use first-party cookies and similar storage to keep you signed in, remember your preferences, and protect against abuse. We do not use third-party advertising cookies or cross-site tracking. You can clear cookies at any time in your browser; doing so will sign you out.

5. How long we keep your data

Account and profile data are retained for as long as your account is active. If you delete your account, we remove or anonymize personally identifying data within 90 days, except where we are required to retain it for tax, accounting, fraud prevention, or legal obligations (typically up to 7 years for billing records).

6. Your rights

You have the right to access, correct, export, or delete your personal data. You can update most fields directly in your settings. To request export or full deletion, email hello@createirl.com. If you are in the EEA, UK, or California, you also have rights under the GDPR, UK GDPR, and CCPA respectively, including the right to object to or restrict processing.

7. Children

The Service is not directed to anyone under 18. We do not knowingly collect personal data from children under 18. If you believe a child has provided us data, contact us and we will delete it.

8. International transfers

Our infrastructure is primarily hosted in the United States. If you use the Service from outside the U.S., you understand that your data will be transferred to and processed in the U.S., which may have different data-protection laws than your home country. We rely on appropriate safeguards, such as standard contractual clauses, where required.

9. Security

We use industry-standard safeguards: TLS in transit, encrypted storage at rest, server-side authorization with row-level security on user data, scoped service-role keys, and structured audit logging on sensitive operations. No system is perfectly secure; we will notify affected users without undue delay if a breach affects their data.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or by a prominent notice in the Service. The effective date at the top reflects the latest revision.

11. Contact

Questions or requests? Email us at hello@createirl.com.