Legal

Privacy notice.

What data gæther processes about you, why, on what lawful basis, and how to exercise your rights.

Last updated: 2026-07-02Version: v7EnglishDeutsch

Who we are

gæther is operated as a sole proprietorship registered in Switzerland. The data controller for the processing described below is:

Oliver Greuter-Wehn

Strassburgerallee 87

4055 Basel

Switzerland

hi@gaether.app

We have not designated a Data Protection Officer (Art. 37 GDPR does not require one at our current scale). Direct any data-protection request to the contact above.

What this notice covers

This notice describes how we process personal data when you use gaether.app, visit our marketing pages, or correspond with us. It applies to all features and pages under the gaether.app domain. Other domains we link to are governed by their own notices.

Our principles

These rules predate any specific implementation choice and constrain every decision we make about your data. They are documented in our internal data-protection reference and enforced through automated checks in our codebase.

  1. 01

    Special-category data is never a structured field

    Sexuality, religion, ethnicity, race, health, disability, neurodivergence, political opinions, trade-union membership, and genetic or biometric data — none of these become columns, enum values, or filter parameters in our system. They may surface only through the free-form tag taxonomy users attach to events and groups; we do not aggregate those tags into inferred categories about individual users.

  2. 02

    Date of birth is not persisted

    We enforce an 18+ age floor at signup. Your date of birth is computed against the floor server-side and discarded — only a timestamp indicating that the attestation took place is stored against your account.

  3. 03

    Raw email, IP, and User-Agent never sit in our tables

    For forensic and security logging, identifiers like your IP address, User-Agent, and (in some audit-log contexts) your email address are hashed with a server-side secret before insert. The hashes are non-reversible without that secret. Raw values are dropped at the application boundary.

  4. 04

    EU data residency by default

    All primary processing happens in EU jurisdictions — Frankfurt for our database, authentication, and analytics; Paris for transactional email; Tallinn for marketing-site analytics. Sub-processors incorporated outside the EU operate EU infrastructure under Standard Contractual Clauses.

  5. 05

    Consent and lawful basis are version-controlled

    Every consent decision you record is stored with the version of the policy text that was in force at the time, the timestamp, and a hash of your IP and User-Agent. The append-only ledger means we can demonstrate exactly what you agreed to and when.

What we process, why, and on what lawful basis

Article 6(1) of the GDPR requires a documented lawful basis for every processing activity. Ours, by data category:

Account credentials — email address and hashed password — used to authenticate you and provide the service.

Lawful basis: Performance of contract (Art. 6(1)(b)) · Retention: Lifetime of your account + 30-day grace period

An '18+ confirmed at' timestamp on your account, recorded at signup to satisfy the age-floor obligation.

Lawful basis: Legal obligation (Art. 6(1)(c)) · Retention: Lifetime of your account

Your preferred language so we can deliver the interface and emails in it.

Lawful basis: Performance of contract (Art. 6(1)(b)) · Retention: Lifetime of your account

An append-only ledger of identity-relevant events (login, signup, password reset, etc.) for security, fraud detection, and incident investigation. Email, IP, and User-Agent are stored only as salted hashes.

Lawful basis: Legitimate interest (Art. 6(1)(f)) · Retention: 2 years

A record of every consent decision you make, with the version of the policy text in force at the time, so we can demonstrate Art. 7(1) compliance.

Lawful basis: Legal obligation (Art. 6(1)(c)) · Retention: 7 years

Outbound transactional email metadata (recipient, message kind, send status) required to operate signup confirmation, password reset, and similar essential flows.

Lawful basis: Performance of contract (Art. 6(1)(b)) · Retention: 90 days

Aggregated product-usage events (page views, feature interactions) we capture to understand how the product is used and what to improve. Only fires after you grant consent in the cookie banner.

Lawful basis: Consent (Art. 6(1)(a)) · Retention: 2 years

Browser exceptions and stack traces from gaether.app so we can identify and fix software defects affecting users. Cookieless and memory-only — no information is stored on your device. IP addresses are suppressed at ingest.

Lawful basis: Legitimate interest (Art. 6(1)(f)) · Retention: Per the sub-processor's stated retention

Aggregate, cookieless page-view counts on our marketing pages, with no per-user identity. Permitted under the ePrivacy Directive's strict-necessity carve-out for aggregate measurement.

Lawful basis: Legitimate interest (Art. 6(1)(f)) · Retention: Per the sub-processor's stated retention

Tags you choose to add to your own profile or to a group. Some tags reveal special-category data under Art. 9 GDPR (for example faith, sexuality, ethnicity, health or neurodivergence). We process these only on your explicit consent (Art. 9(2)(a)), recorded against the policy version in force when you add the tag, and use them to match you to relevant communities. You decide per tag whether it is shown on your public profile — choosing to show it additionally makes it information you have manifestly made public (Art. 9(2)(e)). Removing a tag withdraws consent immediately and deletes the row.

Lawful basis: Consent (Art. 6(1)(a)) · Retention: Lifetime of your account

An optional phone-verification signal — you choose to verify a phone number to raise your account's trust level and join groups that require it. We store a keyed, irreversible hash of the number (never the number itself) so one person can't hold many accounts and to resist ban-evasion. Processed on our legitimate interest in platform safety and abuse prevention (Recital 47); deleting your account removes it and releases the number.

Lawful basis: Legitimate interest (Art. 6(1)(f)) · Retention: Lifetime of your account

A pseudonymous cookie (`gaether_consent_session_id`) we set before you have an account so your consent choices can be remembered across sessions. Strictly necessary under ePrivacy Art. 5(3).

Lawful basis: Legal obligation (Art. 6(1)(c)) · Retention: 1 year

Who processes your data on our behalf

We engage the following sub-processors. Each operates under a Data Processing Agreement (DPA). Where the entity is incorporated outside the EU but operates EU infrastructure, the transfer is covered by Standard Contractual Clauses (SCCs) under Chapter V of the GDPR.

Supabase Inc.

Frankfurt, Germany (eu-central-1)

Database, authentication, and storage

Hosts our Postgres database, the Supabase Auth identity provider, and binary storage (when used). Holds account credentials, the hashed audit ledger, your consent records, and the transactional-email outbox.

Lawful basis: Performance of contract (Art. 6(1)(b)) · Retention: Lifetime of your account + 30-day grace period

Vercel Inc.

EU edge regions (Frankfurt primary)

Application hosting, edge runtime, scheduled jobs

Serves gaether.app from EU edge regions, runs our scheduled jobs, and aggregates request logs (minimised — no request bodies, IPs hashed). Hosts only the application surface; user-data storage lives at Supabase.

Lawful basis: Performance of contract (Art. 6(1)(b)) · Retention: Per the sub-processor's stated retention

Functional Software, Inc. (dba Sentry)

Frankfurt, Germany (EU region)

Error tracking (legitimate interest)

Captures uncaught exceptions and stack traces in Sentry's EU (Frankfurt) region so we can identify and fix software defects affecting users. We send no user identity, suppress IP addresses, disable tracing and session replay, and run a server-side scrubber that removes any personal data from the payload before it leaves us. Cookieless — nothing is stored on your device. You may object to this processing at any time by contacting us using the address above.

Lawful basis: Legitimate interest (Art. 6(1)(f)) · Retention: Per the sub-processor's stated retention

Iubenda S.r.l.

Italy (EU)

Cookie banner and consent UI

Renders the cookie banner you saw on first visit and brokers your per-purpose consent choices. We store the resulting decisions in our own append-only ledger; Iubenda's role is the banner UI and the legal-text infrastructure.

Lawful basis: Legal obligation (Art. 6(1)(c)) · Retention: Per the sub-processor's stated retention

Brevo SAS

Paris, France

Transactional email delivery

Delivers the essential transactional emails we send you (signup confirmation, password reset, email change, magic-link sign-in, account notifications). Receives the recipient address and the rendered message body.

Lawful basis: Performance of contract (Art. 6(1)(b)) · Retention: 90 days

Sinch Sweden AB

European Union

Phone-number verification (one-time codes)

When you choose to verify a phone number, we ask Sinch to send you a one-time code and to confirm the code you enter. Sinch operates the verification exchange, so it — not we — holds your raw number, and only for as long as the check takes. We store only a keyed, irreversible hash of the number, never the number itself. Sinch processes in the EU (headquartered in Sweden).

Lawful basis: Legitimate interest (Art. 6(1)(f)) · Retention: Per the sub-processor's stated retention

Plausible Insights OÜ

Tallinn, Estonia

Marketing-site aggregate analytics

Provides cookieless, aggregate page-view counts on our marketing pages. No per-user identity, no IP storage, no cross-site tracking. Permitted under the ePrivacy Directive's measurement carve-out.

Lawful basis: Legitimate interest (Art. 6(1)(f)) · Retention: Per the sub-processor's stated retention

MapTiler AG

France (EU)

Venue geocoding (address → map point)

When you search for an event venue, we send your search text to MapTiler to turn it into a map point. We don't send your account identity. The point is then matched to a public administrative area in our own data.

Lawful basis: Legitimate interest (Art. 6(1)(f)) · Retention: Per the sub-processor's stated retention

DeepL SE

Germany (EU)

UI string machine translation

Machine-translates the platform's own interface text (buttons, labels, messages) into your language. In v1 we send only our own UI strings — never your messages, posts, or profile. DeepL processes in the EU (Germany).

Lawful basis: Legitimate interest (Art. 6(1)(f)) · Retention: Per the sub-processor's stated retention

Mistral AI SAS

France (EU)

UI translation review (and fallback translation)

Reviews — and, as a fallback, produces — the machine translation of our interface text, checking it against our glossary and brand voice. Like DeepL, only the platform's own UI strings are sent in v1, never your content. Mistral processes in the EU (France).

Lawful basis: Legitimate interest (Art. 6(1)(f)) · Retention: Per the sub-processor's stated retention

Eurostat

Luxembourg

Public geographic taxonomy (data source)

Maintains the NUTS/LAU geographic taxonomy we use as a reference dataset for region selection within Europe. Eurostat receives no user data from us — we ingest their public open data.

Public data source (not a processor)

Overture Maps Foundation

United States (public open-data hosting)

Global place data (data source)

Publishes the Overture Maps Divisions dataset under an open licence. We import a snapshot quarterly. Overture receives no user data from us — we read their public open data.

Public data source (not a processor)

See the full sub-processor list →

International data transfers

All primary processing happens in EU jurisdictions (Frankfurt for our database, Paris for email, Tallinn for marketing analytics, Italy for the cookie banner). Some of our sub-processors are incorporated in the United States but operate EU infrastructure. Where that's the case, transfers between the EU-based processor infrastructure and the US-incorporated parent are covered by Standard Contractual Clauses under each vendor's DPA. The sub-processor list above marks which entries this applies to.

Standard Contractual Clauses are the European Commission's standard-form contract for international data transfers under Chapter V of the GDPR. They impose enforceable data-protection obligations on the non-EU recipient.

Cookies and similar technologies

We set a small number of cookies ourselves and load a few from the sub-processors above. Only the strictly necessary cookies (authentication session, consent-banner state) are set without consent. We set no analytics cookie — in-house product analytics is consent-gated but introduces no new cookie, and error-tracking is cookieless, so nothing is written to your device for either. The full inventory, including vendor-set cookies, is at our cookie policy.

sb-*

Strictly necessary

Maintains your authenticated session after sign-in. Set by Supabase Auth.

Lifetime: Per session token expiry · Flags: HttpOnly, Secure, SameSite=Lax

gaether_consent_session_id

Strictly necessary

A pseudonymous identifier joining your consent decisions to your browser before you have an account. Strictly necessary for consent management to function.

Lifetime: 1 year · Flags: HttpOnly, Secure, SameSite=Lax

_iub_cs_*

Strictly necessary

Stores your cookie-banner preference state so you don't see the banner on every page load.

Lifetime: Per the sub-processor's stated retention · Flags: Per vendor configuration

Open the cookie policy →

Your rights

Under the GDPR you have a number of rights against us as the data controller. To exercise any of them, email hi@gaether.app from the address associated with your account. We will respond within one month (Art. 12(3) GDPR), or tell you why we need an extension. Below is what each right means and how we handle it today; some of these will move from email-based handling to in-product UI in a future release.

Right of access

Art. 15

Email us asking for a copy of the personal data we hold about you. We will provide a structured export covering your account, your audit-log presence (as hashes), your consent records, and your outbox history.

Right to rectification

Art. 16

If any of your personal data is inaccurate, email us with the correction. Profile-editing UI ships in a future release; until then we make the change manually.

Right to erasure ('right to be forgotten')

Art. 17

Email us to request deletion of your account. We will erase your account credentials, your consent records, the outbox history, and your in-house product-analytics events within 30 days. The hashed audit ledger may be retained for its 2-year forensic window under Art. 17(3)(b) (legal claims / fraud detection); raw identifiers are not present in it.

Right to restriction of processing

Art. 18

Email us. We will flag your account as restricted and stop active processing pending resolution.

Right to data portability

Art. 20

Email us to request a machine-readable export of your account data. We will provide it in JSON within one month.

Right to object

Art. 21

For processing based on legitimate interest (error tracking, marketing analytics): the cookie-banner Measurement toggle doubles as the global objection signal — turning it off opts you out. You may also email us at any time to object explicitly; we will scope your account out of the legitimate-interest paths.

Rights related to automated decision-making

Art. 22

We do not make decisions about you based solely on automated processing. There is nothing to opt out of here today; if that changes we will update this notice.

Right to withdraw consent

Art. 7(3)

Where processing is based on your consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal. Open the cookie banner from any page (the small consent icon at the bottom-left) to revise your choices.

Right to lodge a complaint

Art. 77

You can lodge a complaint with the supervisory authority in your country of residence. Two relevant authorities for our processing surface are listed below.

Supervisory authorities

If you believe our processing infringes the GDPR or Swiss data-protection law, you have the right to lodge a complaint with a supervisory authority. EU residents may complain in their member state of residence. The two authorities most directly relevant to our processing surface are:

Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI) — Germany

Most of our personal-data processing happens via EU-based sub-processors operating from Frankfurt.

www.bfdi.bund.de/

Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (EDÖB / FDPIC) — Switzerland

The data controller is established in Switzerland (Basel); the Swiss FDPIC supervises our processing under the revised Swiss FADP.

www.edoeb.admin.ch/

Contact

For any privacy or data-protection question — exercising a right above, reporting a concern, asking for clarification — email hi@gaether.app. We respond within one month, usually sooner.

Changes to this notice

We update this notice when our processing surface changes (new sub-processor, changed retention, new feature with privacy implications). When the change materially affects you, we update the version number and the last-updated date at the top, and where the change requires renewed consent under Art. 7(1) we will re-prompt you via the cookie banner. The version + date pair is also stored in our consent ledger so we can demonstrate which version of this notice was in force when you recorded each consent decision.