Privacy Policy

Account and sign-in: email address, password or federated authentication (for example Sign in with Apple or Google where offered), OAuth tokens where applicable, and session data handled by our backend and authentication provider.

Profile: name, phone number, date of birth (if you choose to provide it), biography, a general location label, profile photo, and similar fields shown in the app. Images are stored in our file storage and may be visible to other users as the interface indicates.

Listings: descriptions, photos, category and condition, pricing where applicable, and pickup or map-related location details you add so others can coordinate collection. Visibility of precise versus approximate location follows in-app disclosures and technical controls.

Messaging: messages and related metadata in conversation threads tied to listings and handoffs, stored so participants can communicate.

Activity and reputation: information such as completed handoffs, ratings, points, referrals, or program participation when those features are enabled in the product.

Referrals and invitations: referral codes you create or redeem, attribution tied to invite links or deep links, and records needed to run referral or growth programs securely (for example preventing abuse or duplicate redemption).

Safety and moderation: if you submit a content or conduct report, or use blocking features, we process account identifiers, descriptions, and context needed to review reports, moderate, and honor blocks.

Location: if you grant permission, we may read device location while you use the app to suggest an area, show approximate distances, and render map previews. You can also save a preferred region manually; see “Local storage on your device.”

Notifications: if you allow notifications, your platform (Apple or Google), our push intermediary (such as Expo push services where used), and our delivery stack may process device tokens or similar signals needed to send alerts.

Product analytics (mobile app): when analytics is enabled in the build configuration, native apps may send usage and diagnostics to Firebase / Google Analytics (GA4-compatible), including aggregated or pseudonymous identifiers, screen or route signals without passing sensitive query-parameter values where we configure it that way, and product events (for example creating a listing or opening a conversation). Analytics is gated by configuration and helps us measure reliability and product usage; see Google’s disclosures for categories their SDKs may derive.

First-party product analytics in our database: when analytics is enabled in the build configuration and you are signed in, we may also record discrete in-app events in our Supabase-backed database (for example creating a listing, submitting a request, opening a chat, or engaging optional affiliate discovery links), linked to your account id. We store a short event name, coarse metadata such as platform and app version, and a small JSON object of non-sensitive parameters (values are size-limited and truncated). We use these logs to understand how features are used and to improve the product; they are not shown to other users.

Affiliate commerce (optional): if you choose product discovery links (for example “search on a retailer”), your search query may be sent to that retailer or affiliate redirect so you can browse off-platform offers; those third parties operate under their own terms and notices.

Website and landing pages (givehood.com): pages such as invite links, marketing, support, early-access signup, or account-related flows may collect what you submit on each form—for example email, optional city or age-band selections, locale or browser language—and standard technical data (for example IP address and user agent) that web servers and our providers process automatically.

Technical data: app or web client version, diagnostics our infrastructure emits for reliability and security, and identifiers our providers use to operate authentication and APIs.

We do not sell your personal information and we do not treat your data as a product for unrelated third-party marketing.

We do not store your password in plain text—sign-in secrets are verified and protected by our authentication provider using industry-standard practices.

For the core Givehood experience we do not ask for government ID numbers, bank login credentials, or health information unless a specific, in-product flow clearly requires optional verification in the future and this policy is updated to match.

Full payment card numbers are not stored on Givehood-controlled production databases; if we offer optional paid platform features, payment details are handled only by the designated payment processor under its privacy notice.

Continuous device GPS is optional: you can often use a manually chosen city, map pin, or postal/ZIP-derived area instead of always-on precise location.

We use the above data to create and maintain accounts; host and display listings; power Discover (including distance or region context where available); operate in-app messaging, handoff, referral, and reputation features; send service and transactional communications where applicable; deliver push notifications when you opt in; measure product usage and stability through analytics when enabled; operate optional affiliate links only when you choose them; detect abuse, secure accounts, moderate content, and enforce our Terms; improve reliability and product experience; and comply with law. We do not sell your personal information.

While your account is active we retain the categories described under “Information we collect” on Supabase-hosted systems (and associated subprocessors) so the product can function.

When you delete your account using Profile → Account security → Delete account (or another documented flow), we remove your profile, listings (including listing photos we stored for those listings), favorites, conversations you participated in, notifications tied to your account, and related records from active production databases within technical limits described in Help materials. Some residual copies may persist for a limited time in encrypted backups, caches, or internal logs until routine rotation or expiry; aggregated or de-identified analytics derived before deletion may remain where it cannot reasonably be relinked to you.

We may retain certain moderation records, abuse-prevention signals, minimal technical logs, or communications required for legal compliance, litigation holds, tax or audit obligations, or to establish or defend legal claims—sometimes beyond account deletion—only where permitted by law and proportionate to the purpose.

Each subprocessor listed below maintains server and networking logs under its own retention schedule; consult its privacy notice for detail.

Personal information may be processed in Canada, the United States, and other countries where our vendors operate. Where cross-border transfers are regulated, we use appropriate safeguards consistent with applicable law.

Some preferences and caches—such as saved listings, your selected discover region, a pending referral code before you finish signing up, or similar settings—may be stored on your phone or tablet (for example via the operating system’s local storage) in addition to information kept on our servers. Websites may use browser storage for short-lived referral attribution on invite pages. Clearing app or site data or uninstalling the app may remove local copies without deleting server-side records unless you also delete your account through the processes we offer.

On givehood.com we may use cookies (small text files), local storage, pixels, and similar technologies in your browser. Some are strictly necessary so the site loads and works securely—for example supporting sign-in where we use session cookies, respecting your language choice, or detecting abuse. Others are optional and help us measure how the marketing site is used (for example aggregated or pseudonymous analytics offered by our hosting or analytics providers) so we can improve performance and content.

When you first visit the marketing site, we show a small notice so you can choose to allow optional measurement or to limit the site to strictly necessary technologies. Your choice is remembered in your browser (for example via local storage) and can be changed anytime through the “Privacy choices” link in the site footer. If you later enable third-party web analytics in our stack, we intend to load those scripts only after you opt in to optional measurement.

Depending on where you live—including Canada (including Québec privacy requirements that often call for clear consent before certain non-essential trackers) and U.S. states with comprehensive consumer privacy statutes—you may have rights to access, correct, delete, or limit certain processing as described under “Your choices and rights.” This section supplements that notice and does not replace it.

We use third-party infrastructure providers to run Givehood. We disclose personal information only as needed for them to perform services on our instructions or as otherwise permitted by law. The section “Third-party services that store or process information” lists the main vendors that hold or handle data on our behalf; they must respect contractual confidentiality and security commitments where applicable.

Retailer or affiliate destinations you deliberately open operate independently and receive information directly under their notices. We may also disclose information if required by law, to respond to lawful requests, to protect the rights, safety, and security of users and Givehood, or to enforce our policies.

These vendors typically receive personal information only as needed to operate Givehood and are responsible for storing or processing it on their systems:

• Supabase Inc. — hosts our PostgreSQL database, authentication APIs, Row Level Security–protected application APIs, object/file storage for user-uploaded images (profile photos, listing photos), optional Edge Functions for workflows such as account deletion or notification dispatch, optional Realtime channels, and related operational telemetry Supabase generates for billing and reliability.

• Google LLC / Firebase — when configured on native builds, Firebase Cloud Messaging stores device tokens and delivery metadata needed for push notifications; when mobile analytics is enabled, Firebase/Google Analytics–compatible SDKs may collect pseudonymous usage and diagnostics on Google-controlled systems according to Google’s policies.

• Expo — Expo Application Services and Expo push notification infrastructure may process push tokens and notification payloads when used as an intermediary between our backend and Apple/Google notification services.

• Apple Inc. — distributes the iOS app via the App Store; provides Sign in with Apple where offered; supplies MapKit map content when map features use Apple maps on iOS; processes notification-related identifiers through Apple Push Notification service.

• Google LLC — distributes the Android app via Google Play where applicable; provides Google Sign-In OAuth where offered; supplies Google Maps SDK content on Android where configured; processes notification-related identifiers through Firebase Cloud Messaging.

• Vercel Inc. — hosts and delivers the public marketing site at givehood.com (localized legal pages, invite flows, early-access forms); edge and origin infrastructure may log IP addresses, requested URLs, and headers needed for delivery, caching, and abuse protection.

• Payment processors — only if optional paid Givehood platform features require payment; they store payment instrument details according to their certifications and notices—not on Givehood databases in full card form.

Each provider publishes its own privacy policy governing independent practices beyond what we summarize here.

We use industry-standard measures designed to protect personal data, including HTTPS for transmissions where applicable. Authenticated sessions may persist on the device using the platform’s application storage APIs; whether data at rest on the device is additionally encrypted depends on OS and hardware features. Use a strong, unique password, enable device protections, and report suspected compromise promptly.

You can review and update much of your profile and listing information in the app. You can permanently delete your account from Profile → Account security → Delete account; this removes your profile, listings, favorites, conversations, and related data subject to technical and legal retention limits described above. You can control location and notification permissions in your device settings. Depending on where you live, you may have rights to access, correct, delete, export, or restrict certain processing of your personal data, or to object to processing or lodge a complaint with a supervisory authority (for example a provincial or federal commissioner in Canada). You may also contact support@givehood.com for help. We will respond consistent with applicable law.

Givehood is directed at adults. We do not knowingly collect personal information from children under the age where parental consent is required without such consent as required by applicable law.

Questions about this policy or your data: support@givehood.com. We may update this policy; the “Last updated” date will change and, where appropriate, we will provide additional notice in the app and/or on givehood.com.