Get Gather →
← Back to Gather

Legal

Privacy Policy

Effective Date: April 27, 2026

1. Introduction

Gatherfan, Inc., a Delaware corporation ("Gather," "we," "us," or "our"), operates the Gather mobile application (the "App"). This Privacy Policy explains how we collect, use, and protect your information when you use the App. By creating an account, you confirm you have read and accepted this Privacy Policy.

2. Information We Collect

  • Account Data: Your email address and, if you sign in with Apple, your Apple ID.
  • User-Generated Content: Card artwork, profile photos, and other content you upload.
  • Collectible Transfer History: Records of collectibles you have gifted or received.
  • Device & Usage Analytics: Device identifiers, operating system, app version, usage patterns, and crash reports collected via Firebase Analytics and Crashlytics.
  • Push Notification Tokens: Device tokens used to deliver notifications about drops, gifts, and activity. If you revoke push notification permissions, your token will be deleted from our systems within 30 days.
  • Log Data: IP addresses, access timestamps, and server logs generated automatically when you use the App.

3. How We Use Your Information

  • To create and maintain your account and provide core App functionality (contract performance).
  • To personalize your discovery feed and drop recommendations (legitimate interest).
  • To send push notifications, which you may opt out of in your device settings (consent).
  • To enforce our Terms of Service, detect fraud, and prevent abuse (legitimate interest).
  • For internal analytics to improve the App (legitimate interest for aggregated analytics; consent required for device-level analytics in jurisdictions where the ePrivacy Directive or equivalent law applies).

Where we rely on legitimate interests as our legal basis, you have the right to object to that processing at any time by contacting privacy@gather.fan.

4. Automated Processing & Personalization

We use automated processing to personalize your discovery feed and drop recommendations based on your activity within the App. This processing does not produce legal or similarly significant effects on you and does not constitute solely automated decision-making within the meaning of applicable data protection laws.

5. Device Identifiers & Tracking Technologies

We and our service providers use device identifiers and similar technologies — such as Firebase Installation IDs — to operate the App, analyze usage, and deliver notifications. These identifiers are necessary for core App functionality and cannot be disabled without disabling the App entirely. We do not use third-party advertising networks and do not share your data for targeted advertising purposes.

6. Do Not Track & Global Privacy Control

The App does not respond to browser Do Not Track (DNT) signals. We do not sell or share your personal information for cross-context behavioral advertising. Because we do not engage in these activities, Global Privacy Control (GPC) signals do not change our current data practices — your data is already handled in a manner consistent with GPC intent. We will reevaluate GPC signal support if our data practices change.

7. Third-Party Service Providers

We share data with the following service providers under appropriate data processing agreements:

  • Firebase / Google: Authentication, analytics, and crash reporting (data processor).
  • Amazon Web Services (AWS): Database, API, and compute infrastructure (data processor).
  • Apple: If you use Sign in with Apple, Apple processes your authentication data as an independent data controller under its own privacy policy — not as a data processor acting on Gather's behalf.

8. Data Retention

We retain different categories of data for the following periods:

  • Account data: Retained until you delete your account, then purged within 30 days.
  • Log data and IP addresses: Retained for 90 days on a rolling basis.
  • Analytics data: Retained for 24 months in aggregated form.
  • Backup copies: Purged within 60 days of an account deletion request.

We may retain certain data beyond these periods where required by law (for example, to comply with fraud prevention or legal hold obligations).

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you.
  • Correction: Request that inaccurate data be corrected.
  • Deletion: Request deletion of your personal data.
  • Restriction: Request that we restrict processing of your data in certain circumstances (e.g., while an accuracy dispute is pending).
  • Portability: Request your data in a machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Supervisory Authority: You have the right to lodge a complaint with a data protection supervisory authority in your country of residence or place of work.

California residents (CCPA/CPRA): We do not sell or share your personal information for cross-context behavioral advertising. You have the right to: know what data we collect; correct inaccurate data; request its deletion; and opt out of any future sale or sharing of your personal information. To exercise these rights, contact privacy@gather.fan.

Note on User-Generated Content: Card artwork embedded in collectibles already issued to other users may be retained to fulfill our service obligations to those collectors, even after an account deletion request. We will inform you if this applies to your request.

To exercise any of these rights, contact privacy@gather.fan.

10. Data Security

We use encryption in transit (TLS/HTTPS), access controls, and infrastructure monitoring to protect your personal data. We review our security practices periodically. In the event of a data breach that affects your rights and freedoms, we will notify the relevant supervisory authorities and, where required by applicable law, affected users, within the timeframes required by law. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security. This limitation does not apply to losses caused by our failure to maintain reasonable security measures.

11. Children's Privacy (COPPA)

The App is not directed to children under 13. We require users to confirm their age during account registration. If a user indicates they are under 13, access is denied and no personal data is collected. If we become aware that a child under 13 has provided personal information, we will delete it promptly and terminate the account. To report a suspected under-13 account, contact legal@gather.fan.

12. Geographic Restrictions

The App is not available in jurisdictions where prohibited by applicable law, including U.S. export control and sanctions laws administered by the Office of Foreign Assets Control (OFAC). See our Terms of Service for the current list of restricted countries.

13. Data Transfers

Your data is processed on servers located in the United States. If you access the App from outside the United States, your data may be transferred to and processed in the United States. Our service providers — including Google/Firebase and AWS — participate in the EU-US Data Privacy Framework. For users in the European Economic Area, transfers are made pursuant to Standard Contractual Clauses or other lawful transfer mechanisms under applicable data protection law.

EU/EEA Representative (GDPR Article 27): Gather is in the process of designating an EU representative as required under Article 27 of the GDPR. Until such designation is complete, EU/EEA residents may direct all inquiries to privacy@gather.fan.

14. Changes to This Policy

We may update this Privacy Policy from time to time. "Material changes" include, but are not limited to: changes to the categories of personal data we collect; new purposes for processing your data; changes to how we share data with third parties; and changes to your rights or our data retention practices.

For non-material changes, we will provide in-app notice at least 7 days before the changes take effect. For material changes — particularly those affecting how we process your personal data — we will require your affirmative acknowledgment before the change takes effect. Continued use of the App after a non-material change takes effect constitutes acceptance.

15. Contact Us

Gatherfan, Inc. — a Delaware corporation
For privacy-related questions, requests, or to exercise your rights:
privacy@gather.fan