GatherSafe
GatherSafe

Privacy Policy

Effective date: May 5, 2026

1. Introduction

GatherSafe LLC (“GatherSafe,” “we,” “us,” or “our”) operates the GatherSafe mobile application and related services (collectively, the “Service”). This Privacy Policy explains what personal data we collect, how we use it, who we share it with, how we protect it, and the choices you have regarding it. By using the Service, you agree to the practices described below.

2. Who This Policy Applies To

This Policy applies to individuals who download, install, or use the GatherSafe mobile application, and to administrators and members of organizations who use the Service. The Service is intended for adult members of authorized security or safety teams within faith-based or religious organizations. The Service is not directed to children under 13 (or under 16 in the European Economic Area), and we do not knowingly collect personal data from children.

3. Data We Collect

We collect the following categories of personal data, only when necessary to provide the Service:

a. Account information

Email address, display name, hashed password, and (optionally) phone number, provided when you register or are invited to an organization.

b. Organization and group data

Organization name, campus name and address, group names and memberships, role assignments, and invite codes. This data is created by organization administrators.

c. Communications content

Text messages you send through the Service are encrypted with AES-256-GCM and stored on our servers as ciphertext. Push-to-talk (PTT) voice transmissions are routed in real time through our voice infrastructure and may be recorded for organization administrators when that feature is enabled.

d. Location data

Approximate and precise GPS location, collected only when you opt in to location sharing or trigger a panic alert. On supported devices we may also collect background location while you are on duty, so your team can see your position when the app is not in the foreground. You can revoke this access in your device settings at any time.

e. Camera and photo content

Photos you capture or select while filing an incident report. Camera access is used only when you actively choose to attach a photo. We do not access your camera or photo library outside of those flows.

f. Microphone audio

Microphone access is used solely while you hold the push-to-talk control to transmit voice to your team. We do not record, transcribe, or analyze audio outside of an active PTT session.

g. Bluetooth device data

When you choose to pair a Bluetooth push-to-talk accessory, we use Bluetooth permissions to discover and connect to the accessory and to receive its button press events. We do not scan for unrelated devices.

h. Phone and call state

On Android, we use phone state permissions only to integrate push-to-talk audio with the operating system’s telephony stack (so PTT audio does not collide with an incoming call). We do not read your call log, contacts, or phone number for any other purpose.

i. Push notification tokens

Device tokens issued by Apple Push Notification service (APNs), Firebase Cloud Messaging (FCM), and Expo, used to deliver alerts, message notifications, and PTT wake-ups to your device.

j. Subscription and billing data

We do not process payment cards directly. Organization subscriptions are handled by Stripe. We receive subscription state (active, expired, cancelled), customer identifiers, and related billing metadata from Stripe.

k. Diagnostics and device data

Device model, operating system version, app version, language, IP address, and basic crash logs. We use this data to diagnose issues and improve reliability.

l. Biometric authentication

If you enable Face ID, Touch ID, or fingerprint unlock, the biometric match occurs entirely on your device. We never receive or store your biometric data.

4. How We Use Your Data

We use the data described above to:

  • Authenticate you and maintain your account.
  • Deliver messages, alerts, and push-to-talk audio to the correct recipients.
  • Share your location with your security team when you have opted in.
  • Notify you of incidents, alerts, and operational events.
  • Provide customer support and respond to inquiries.
  • Detect, investigate, and prevent abuse, fraud, or security incidents.
  • Comply with legal obligations and enforce our Terms of Service.
  • Improve and maintain the reliability and quality of the Service.

We do not sell your personal data, we do not use your data for advertising, and we do not perform automated decision-making that produces legal effects on you.

5. How We Share Data

We share personal data only as needed to operate the Service and only with the categories of recipients listed below.

Within your organization. Messages, alerts, location (when shared), incident reports, and PTT audio are visible to other authorized members of your organization or group, in accordance with the group hierarchy configured by your administrator.

Service providers. We use the following processors to host and operate the Service:

  • Supabase — database and file storage hosting (United States).
  • LiveKit Cloud — real-time voice routing for push-to-talk (global edge network).
  • Stripe — subscription checkout, billing portal, and payment processing.
  • Apple Push Notification service and Firebase Cloud Messaging — push notification delivery.
  • Expo — over-the-air application updates and push notification routing.
  • Cloudflare — content delivery, traffic routing, and security.
  • Apple App Store and Google Play — application distribution and subscription billing.
  • Planning Center — only when an organization administrator explicitly enables the optional Planning Center integration.

Legal compliance. We may disclose data when required by law, valid legal process, or to protect the rights, property, or safety of GatherSafe, our users, or the public.

Business transfers. If GatherSafe is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before personal data becomes subject to a different privacy policy.

6. Security

We protect your data with industry-standard measures:

  • All network traffic between the app and our servers is encrypted in transit using TLS.
  • Message bodies are encrypted with AES-256-GCM and stored on our servers as ciphertext. Group encryption keys are managed server-side and distributed to authorized members over TLS; this means our infrastructure can decrypt message content where required to operate the Service or comply with law. The Service is not a zero-knowledge system.
  • Voice transmissions are encrypted in transit using SRTP via LiveKit.
  • Stored data is protected by our hosting providers’ at-rest encryption.
  • The mobile app supports biometric or PIN lock so that local data on your device is not accessible if your device is lost or stolen.
  • Encryption keys rotate when group membership changes, so removed members lose access to future messages.

No system is perfectly secure. You are responsible for protecting the credentials and devices used to access the Service. If you believe your account has been compromised, contact us immediately at info@gathersafeapp.com.

7. Data Retention

We retain personal data for as long as your account is active and for a reasonable period afterward to comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

  • Account data: retained until the account is deleted, then removed within 30 days.
  • Messages and incident reports: retained for the lifetime of the organization or until deleted by an authorized administrator.
  • PTT recordings (where enabled by your organization): retained according to your organization’s configured retention period.
  • Diagnostic and log data: retained for up to 90 days.
  • Billing records: retained as required by applicable tax and accounting law.

8. Your Choices and Controls

Permissions. You can grant or revoke camera, microphone, location, Bluetooth, and notification permissions at any time in your device settings. Revoking a permission may disable the corresponding feature.

Location sharing. Location sharing is opt-in. You can disable it inside the app or in your device settings.

Notifications. You can disable notifications, including critical alerts, in your device settings. Note that disabling notifications will prevent you from receiving panic alerts.

Account deletion. You may request deletion of your account and associated personal data through our Account & Data Deletion page or by emailing info@gathersafeapp.com. We will complete deletion within 30 days of verifying your request, except where retention is required by law.

9. Your Rights (US Residents)

Depending on where you live, you may have rights under state privacy laws (including California’s CCPA/CPRA, Virginia’s VCDPA, Colorado’s CPA, and similar laws). These rights may include:

  • The right to know what personal data we collect and how we use it.
  • The right to access and obtain a copy of your personal data.
  • The right to correct inaccurate personal data.
  • The right to delete your personal data.
  • The right to opt out of the sale or sharing of personal data (we do not sell or share for cross-context behavioral advertising).
  • The right not to receive discriminatory treatment for exercising these rights.

To exercise any of these rights, email us at info@gathersafeapp.com. We will verify your identity before processing your request.

10. Your Rights (EEA, UK, Switzerland)

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have additional rights under the GDPR or equivalent laws, including the rights to access, rectify, erase, restrict processing, object to processing, and data portability. You also have the right to lodge a complaint with your local supervisory authority. The legal bases on which we process personal data are: contract performance (to provide the Service), legitimate interests (to keep the Service secure and reliable), legal obligation, and your consent (where applicable, such as for location sharing). When you transfer personal data to us from these regions, you acknowledge that the data is processed in the United States; we rely on Standard Contractual Clauses with our sub-processors where required.

11. Children’s Privacy

The Service is not directed to children. We do not knowingly collect personal data from children under 13 (or under 16 in the EEA). If you believe a child has provided us with personal data, contact us at info@gathersafeapp.com and we will delete the data.

12. International Users

The Service is operated from the United States. By using the Service from outside the United States, you understand that your personal data will be transferred to, processed in, and stored in the United States and other countries where our service providers operate.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you in the app or by email at least 14 days before the changes take effect. The “Effective date” at the top of this page indicates when the current version was published. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

14. Contact

If you have questions, requests, or concerns about this Privacy Policy or our data practices, contact us at:

GatherSafe LLC
info@gathersafeapp.com