Privacy Policy

We designed Detroit Meets with a privacy-first approach. In plain terms:

• We do not display advertisements or monetize user data in any form.
• We do not employ third-party analytics services, tracking pixels, or behavioral profiling tools.
• We do not sell, rent, or trade personal information. We disclose limited data only to service providers necessary to operate and secure the Service, as described in Section 9.
• We collect only the minimum information necessary to operate and secure the Service.

You may browse all publicly listed events, view event details, and access external map links without creating an account or providing personal information.

If you choose to submit a meet listing for review using the public submission form at /submit, you voluntarily provide: a meet title, venue description, optional notes, a social link or website, optional start and end dates and times, your name, and an email address or social handle so we can follow up. No account is required. Your name and contact details are stored in our database and are visible only to site administrators — they are never shown publicly on the Service. Submissions may be approved and published as a meet listing, rejected, or removed as spam at our discretion. See Section 7 for how we use your IP address for rate limiting on this endpoint.

We do not set tracking cookies, deploy browser fingerprinting techniques, or build user profiles. We do, however, operate on standard hosting infrastructure that processes limited technical data to deliver pages and protect against abuse; see Sections 7 and 8 for specifics.

When you choose to open a venue location in a third-party maps application (such as Apple Maps, Google Maps, or Waze), you will be redirected to that provider's platform. We transmit only the venue name and street address necessary to display the location — no user identifiers or device information is included. Your use of those services is governed by their respective privacy policies.

Location-based discovery features (such as "Near me") are opt-in. In a regular web browser, selecting these features triggers your browser's standard geolocation prompt. Your approximate coordinates are used in-memory on your device to sort and filter meets by distance; they are not transmitted to our servers, stored, or shared. You can deny the prompt and continue using the rest of the Service.

Detroit Meets is available as a native iOS app on the Apple App Store. The app loads the same website you see in a browser inside an embedded web view pointed at our servers. Data collection and use for account holders, public visitors, sessions, and event content are the same as described elsewhere in this policy.

When you follow links that leave our site (for example, opening a map or an external ticketing page), those destinations open in the system browser or maps app where applicable; their privacy policies apply there.

Organizers uploading a cover image from within the iOS app may see an iOS permission prompt requesting access to your photo library. We only receive the image file you select for the upload; we do not access, enumerate, or retain any other photos.

If you use map discovery features such as Near me, the iOS app may request location access. Location is used to show nearby meets, sort by distance, and support location-based discovery features. You can deny location access and continue using the rest of the Service.

If you choose to enable notifications, the iOS app requests notification permission for three purposes:

• Meet reminders — reminder alerts you explicitly configure for saved meets are scheduled as on-device local notifications and fire without a network connection. The reminder fire-times themselves are also mirrored to our servers as part of saved-meet sync (see Section 7) so your reminders carry across devices, but the alert is still scheduled and shown locally by iOS.
• Featured post alerts (remote push) — when we publish a new featured blog post, we send a push notification directly to your device via Apple Push Notification service (APNs). To do this, the iOS system generates a device-specific APNs token that our app transmits to our servers, where it is stored alongside a randomly generated installation identifier (a UUID we create and keep in your device's local storage). We use this token only to deliver the featured-post alert and to deactivate the record if the token becomes invalid. We do not use it for advertising or share it with third parties other than Apple's APNs infrastructure, which routes the delivery. You can revoke notification permission at any time in iOS Settings, which prevents further pushes; you can also clear the app's local storage to remove the installation identifier.
• Saved-meet change alerts (remote push) — when an organizer materially changes a meet you have saved (for example, the date, time, location, or cancellation status), our server may send a push notification to the installations that have saved that meet, using the same APNs delivery and installation identifier described above. The change-alert lookup is keyed only by the anonymous installation identifier and the public meet ID; no account or personal information is required. You can disable change alerts by un-saving the meet, by revoking notification permission in iOS Settings, or by clearing the app's local storage.
• Meet submission status alerts (remote push) — if you submit a meet for review using the public submission form on native iOS and your device has an installation identifier (see Section 7), our server may send a push notification when your submission is approved (with a deep link to the published meet) or rejected. This push uses the same APNs delivery path described above. No account is required. You can prevent these pushes by revoking notification permission in iOS Settings or by clearing the app's local storage.

Downloading or updating the app from Apple's App Store (or participating in TestFlight) is subject to Apple's privacy policy and terms. Apple may process account and device information related to the store and platform independent of us.

Account creation is restricted to invited event organizers and site administrators. Public registration is not available. We do not ask for or use real email addresses, full legal names, phone numbers, or physical addresses for account holders.

When an organizer account is provisioned, the following data is stored in our database:

• Username — a chosen display identifier used for sign-in and visible to other staff members. This does not need to be a real name.
• Display name — optional human-readable label shown alongside the username.
• Synthetic email placeholder — our authentication library requires an email field. We generate a non-deliverable placeholder derived from the username (for example username@staff.local). We do not send email to this address and we do not treat it as a contact channel.
• Password — cryptographically hashed and salted before storage. We do not store, transmit, or have access to plaintext passwords at any time. A "must change password" flag is stored when an administrator creates or resets a password, and cleared the first time the user changes it themselves.
• Account permissions — a stored list of permission flags (for example, the ability to manage meets, manage staff accounts, review public meet submissions, or view the audit log) that governs what an account can do within the platform. A legacy role label ("administrator" or "organizer") is derived from these flags for compatibility with our authentication library and is not used for new authorization decisions.
• Internal staff notes — an optional short memo about a staff account, written by another staff member with permission to manage staff accounts. Internal notes are visible only inside the staff admin area and are never shown publicly.
• Moderation metadata — a boolean indicating whether the account is disabled, an optional short reason shown at sign-in if so, and an optional expiry for timed disables.
• Timestamps — account creation and last-update timestamps used for record-keeping.

No email verification is required and no additional personally identifiable information is necessary to create or use an organizer account.

Upon successful authentication, we generate a session record that contains: a cryptographic token, the IP address that initiated the sign-in, the browser user-agent string, creation and expiry timestamps, and (when applicable) an indicator that the session was created by an administrator impersonating the account. This information is used exclusively to maintain authenticated state, to populate the admin sessions view so that administrators can spot unfamiliar sign-ins, and to detect potentially unauthorized access.

If you sign in while using the iOS app, the same session cookie and server-side session record apply as when you sign in on the website; we do not collect additional categories of personal information solely because you used the app.

Sessions expire automatically after a defined period of inactivity. Site administrators may view active sessions for staff accounts (IP address, user-agent string, and expiry time as stored in each session record) and may revoke individual sessions or sign an account out everywhere.

Events published on the Service contain the following organizer-provided information: event title, optional description, venue name, street address, start and end dates and times, an optional cover image URL, optional latitude and longitude derived from the venue and address (for mapping and calendar accuracy), and optional external links (for example, a social media post or ticketing page). This content is provided voluntarily by organizers and is displayed publicly on the Service.

Cover images may be pasted as a link or uploaded through our admin tools. Uploaded files are sent to a third-party host (see Section 8); we store only the resulting image URL on our systems.

We also maintain a record of which staff accounts are associated with each event listing, as well as any public-facing host links (such as Instagram profiles or websites) that organizers elect to display.

We keep a minimum amount of ephemeral, non-marketing technical data needed to run and secure the Service:

• Client error reports — when the web application encounters an unrecoverable rendering error, the error boundary sends the error name, message, a short digest, a truncated stack trace, and the URL of the page where the error occurred to our server, which writes them to our hosting provider's logs. These reports do not include cookies, session identifiers, or account data.
• Address autocomplete rate limiting — the administrative address-suggestion endpoint uses the request IP address as an in-memory key to prevent abuse of the upstream OpenStreetMap service. Entries are held only for a short sliding time window and are not written to the database.
• Meet submission rate limiting — the public meet-submission endpoint uses the request IP address as a short-lived rate-limiting key to prevent automated or abusive submissions. The IP address is held only for the duration of the rate-limit window; it is not stored in the application database or associated with submission content.
• Meet submission records — when you submit a meet for review, the following information is written to our database: the meet title, venue description, optional notes, social link or website, optional start and end dates and times, your name, and your contact detail (email address or social handle). If the submission was made from the native iOS app, we also store the anonymous installation identifier so we can deliver a status push when your submission is reviewed. Submission records are visible only to site administrators. Approved submissions may be published as public meet listings; submitter name and contact are never shown publicly. We retain submission records for moderation accountability and may delete them on request — see Section 12.
• Local preferences — the website may use your browser's local storage to remember lightweight UI preferences, such as whether you have dismissed a banner promoting a blog post. These entries stay on your device, contain no personal data, and are not transmitted to our servers.
• Saved meets (on-device + optional cloud mirror) — if you use the "save" feature, the list of meets you have saved is stored in your browser's local storage (and, in the iOS app, in an equivalent on-device store) so your saved list is available between sessions and works offline. No account is required to save meets. When the cross-device sync feature is enabled, your saved list is also mirrored to our servers, keyed only by an anonymous installation identifier (see "Anonymous installation identifier" below). The cloud mirror is used so that re-installing the app or moving to another device keeps your saved list, and so that we can send the optional saved-meet change alerts described in Section 3. The mirror contains: the public meet ID, the time you saved it, your reminder presets and fire-times for that meet, and a snapshot of public meet fields (title, venue, address, start/end times, description, cover image URL, coordinates). It does not contain account credentials, contacts, advertising identifiers, or device fingerprints.
• Offline meet cache (on-device) — to keep saved meets viewable with a weak or missing connection (for example, inside a parking structure), the app stores a snapshot of each saved meet on your device. That snapshot may include the meet title, venue name, street address, start/end times, description, cover image URL, and coordinates. All of this content is already public on the Service; storing a local copy simply avoids re-fetching it. Clearing the browser's storage (or the app's storage on iOS) removes the cache.
• Reminder configuration (on-device + optional cloud mirror) — if you schedule a reminder for a saved meet, the chosen preset (for example "1 hour before") and the fire time are stored alongside the saved-meet entry on your device. In the iOS app, that configuration is handed to iOS's local-notification scheduler so the alert can fire without a network connection. When the cross-device sync feature is enabled, the same reminder presets and fire-times are mirrored to our servers as part of the saved-meet entry described above so reminders persist across reinstalls or devices.
• UI preferences (on-device + optional cloud mirror) — your default maps app preference (Apple Maps, Google Maps, or Waze) and your haptics on/off setting are saved in local storage. When the cross-device sync feature is enabled, those two values are also mirrored to our servers keyed by the anonymous installation identifier so they follow your saved list across reinstalls. They are not used for advertising, profiling, or analytics.
• Anonymous installation identifier — when the iOS app first launches, it generates a random UUID we call an "installation identifier" and stores it locally on the device. This identifier is the only key we use for: (a) routing remote push alerts to this device via APNs, (b) mirroring your saved meets, reminders, and UI preferences to our servers when sync is enabled, and (c) deciding which devices should receive a saved-meet change alert. The identifier is not derived from any device hardware identifier and is not linked to any account or contact information. Clearing the app's local storage (or reinstalling the app) generates a new identifier and disconnects you from any prior server-side records.

For internal accountability, we maintain an append-only log of administrative actions such as creating or modifying events and managing user accounts. Each log entry records the acting staff member's user identifier, the type of action performed, the affected resource, a timestamp, and structured details of the change (for example, which fields were edited and their before/after values for that action). Audit logs are accessible only to staff with the audit-log permission and are never disclosed externally.

Address autocomplete (OpenStreetMap Nominatim) — When an organizer enters a venue address in the administrative panel, we relay the search query to the OpenStreetMap Nominatim geocoding service to provide address suggestions. Only the text entered is transmitted; no cookies, authentication tokens, or device identifiers accompany the request.

When an organizer saves an event, our servers may also send the venue name and address to Nominatim once more to obtain coordinates we store alongside the listing. That enables accurate map pins in calendar exports; the same Nominatim usage policy applies.

Map basemap tiles (OpenStreetMap + CARTO) — The interactive map (`/map` and the home-page map widget) renders OpenStreetMap data styled by CARTO, served from *.basemaps.cartocdn.com. When you scroll or zoom, your browser fetches map tiles directly from CARTO; CARTO sees the standard request fields (your IP address and user agent) plus the tiles requested. We do not use Mapbox, Google Maps tiles, or any other tile provider in the production render path. Recent tiles may be cached locally by your browser to reduce repeated fetches; the cache is bounded and held only on your device.

Cover image hosting (catbox.moe) — When an organizer uploads a cover image file (instead of pasting a URL), our server forwards the file to catbox.moe, a third-party file host, and stores a public direct link returned by that service. Do not upload images you consider sensitive; the hosted file is publicly retrievable by anyone with the link. catbox may log requests according to its own policies.

Upload availability depends on catbox.moe policy enforcement. Anonymous uploads from some networks may be blocked by catbox, and we may require authenticated forwarding from our server or disable uploads for abuse prevention and policy compliance. We do not control catbox moderation, anti-abuse systems, or retention decisions.

Calendar subscription feeds (public) — We publish a standard iCalendar (ICS) URL listing the same public event information shown on the website. Subscribing imports that data into your calendar application; your provider's privacy policy governs how they process subscribed feeds.

Push notifications (Apple Push Notification service) — When you grant notification permission on iOS, our app transmits your APNs device token and a locally generated installation identifier to our servers so we can deliver three categories of remote push: (a) featured-post alerts when we publish a new blog post, (b) saved-meet change alerts when an organizer updates a meet you have saved, and (c) meet submission status alerts when a submission you made via the native app is approved or rejected. Those tokens are routed through Apple's APNs infrastructure for delivery. Apple may process delivery metadata as described in Apple's privacy policy. We store tokens only for delivery purposes and deactivate them when they become invalid or permission is revoked.

Weather forecast (Open-Meteo) — Each meet detail page can show a small weather card. To build the card, our server proxies the meet's public latitude and longitude (the same coordinates already shown on the map for that meet) to Open-Meteo, a free public forecast API. The request contains only meet coordinates and a timestamp; no user identifier, IP address pass-through, or device information is sent. Open -Meteo's usage is governed by its own terms and privacy practices.

Hosting (Vercel) — The Service is deployed on the Vercel platform. All connections are encrypted via TLS/HTTPS. We do not enable Vercel Analytics, Web Analytics, Speed Insights, or any other optional telemetry products. Like any host, Vercel may process limited technical data (for example, IP addresses and request metadata) to operate its network and protect against abuse, as described in Vercel's privacy policy.

Database (Neon) — Application data is stored in a managed PostgreSQL database hosted by Neon. Connections are encrypted in transit. Access is restricted to the application layer and authorized administrators. Neon may process limited operational metadata to run and secure the database as described in Neon's privacy policy.

The Service uses a single, strictly necessary session cookie to maintain organizer authentication. This cookie contains only a session identifier — it does not include advertising identifiers, cross-site tracking data, or any third-party payloads.

Public visitors who do not sign in receive no authentication cookies. The website may store small, non-tracking UI preferences in your browser's local storage as described in Section 7. We do not use local storage, session storage, or similar mechanisms to build profiles or track behavior across sites.

This does not include ordinary infrastructure/security request logs processed by our hosting and networking providers to deliver pages and protect against abuse.

The same session cookie applies when organizers authenticate in the iOS app's web view, scoped to our domain.

Pages on the Service include a standard Safari apple-itunes-app meta tag so iPhone Safari can show a Smart App Banner that offers to open or install our iOS app. The meta tag contains only our App Store ID and a public link back to our site. No personal data is transmitted to Apple by the tag itself; any interaction you have with the App Store or the installed app is governed by Apple's policies.

We implement reasonable technical and organizational measures to protect the information we hold from unauthorized access, alteration, disclosure, or destruction. These measures include encrypted connections (HTTPS/TLS), hashed credential storage, and role-based access controls. However, no method of electronic storage or transmission is completely secure, and we cannot guarantee absolute security.

Organizer account data is retained for as long as the account remains active. Site administrators can disable organizer access at any time (for example when an organizer leaves the team or violates policy), which prevents further sign-in and revokes active sessions.

If you are an organizer and wish to request deletion of your account data, contact us using the information in Section 16 below. We aim to process deletion requests manually within 30 days of receipt where feasible, and will permanently remove account records that are no longer required for security, fraud prevention, or legal compliance.

To protect account security, we may request reasonable identity verification before processing access, correction, or deletion requests.

Past event listings may be retained indefinitely as part of the site's public historical record, with the associated organizer attribution anonymized on request.

We process personal information only where we have a valid legal basis, including: (a) performance of a contract (for organizer authentication and account administration), (b) legitimate interests (operating, securing, and improving the Service), (c) compliance with legal obligations, and (d) consent where required by law.

Depending on your location, you may have rights to request access, correction, deletion, restriction, objection, or data portability, and to appeal a denied request where local law provides that right. To exercise these rights, contact us using Section 16 below. We will respond within the timeframe required by applicable law.

California residents (CCPA/CPRA) — we do not "sell" personal information and we do not "share" personal information for cross-context behavioral advertising, as those terms are defined under the California Consumer Privacy Act. We do not use targeted advertising, third-party analytics, or behavioral profiling on the Service, and there is no "Do Not Sell or Share My Personal Information" opt-out required because we do neither.

The Service is not directed at individuals under the age of 13. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child under 13, we will take prompt steps to delete such information.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we do, we will revise the "Effective" date at the top of this page. We encourage you to review this page periodically. Material changes will be communicated through a notice on the Service.

Most recent update (May 6, 2026): clarified that staff accounts store a list of permission flags rather than a single "administrator" or "organizer" role label (Section 4); disclosed the optional internal staff notes field visible only to staff with permission to manage staff accounts (Section 4); and clarified that audit log entries include structured before/after change details, with access governed by the audit-log permission rather than only the administrator role (Section 8).

Previous update (April 30, 2026): updated to reflect the public meet submission form at /submit. Added Section 2 disclosure of voluntarily provided personal information (name and contact detail); added Section 7 disclosures for IP-based rate limiting on the submission endpoint and for meet submission records stored in our database (visible only to administrators); added "meet submission status alerts" as a third APNs push category in Section 3; and enumerated all three push categories in the APNs paragraph of Section 9.

Previous update (April 28, 2026): disclosed the optional anonymous cross-device sync of saved meets, reminders, and UI preferences (default maps app, haptics) to our servers, keyed only by an anonymous installation identifier; disclosed saved-meet change alerts as a separate APNs push category in Section 3; named the "anonymous installation identifier" explicitly in Section 7; and added Open-Meteo as a named third-party service used to power the per-meet weather card. Corrected prior language in Section 7 that described saved meets and reminder configuration as on-device only; they are now mirrored to our servers when the sync feature is enabled.

Previous update (April 23, 2026): disclosed remote push notification delivery via Apple Push Notification service (APNs) — including the server-side storage of APNs device tokens and installation identifiers used exclusively for featured-post alerts — and added APNs as a named third-party service in Section 9. Corrected prior language that described featured-post alerts as "local"; they are now delivered as remote pushes when notification permission is granted.

Previous update (April 22, 2026): iOS app is now live on the Apple App Store; documented the browser geolocation prompt used by web location features; expanded the on-device storage section to cover saved meets, the offline meet cache, and reminder configurations; named the database provider (Neon); disclosed the Safari Smart App Banner meta tag; and added an explicit CCPA "no sale / no share" statement for California residents.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at alex@detmeets.com. For general questions, you can also reach us via Instagram at @alex.30mm.