Privacy Policy

We designed Detroit Meets with a privacy-first approach. In plain terms:

• We do not display advertisements or monetize user data in any form.
• We do not employ third-party analytics services, tracking pixels, or behavioral profiling tools.
• We do not sell, rent, trade, or otherwise disclose personal information to third parties.
• We collect only the minimum information necessary to operate and secure the Service.

You may browse all publicly listed events, view event details, and access external map links without creating an account or providing any personal information.

We do not set tracking cookies, deploy browser fingerprinting techniques, or maintain server-side access logs tied to individual visitors. No personal data is collected during ordinary use of the public-facing portions of the Service.

When you choose to open a venue location in a third-party maps application (such as Apple Maps, Google Maps, or Waze), you will be redirected to that provider's platform. We transmit only the venue name and street address necessary to display the location — no user identifiers or device information is included. Your use of those services is governed by their respective privacy policies.

Account creation is restricted to invited event organizers and site administrators. Public registration is not available. We do not collect or store personal identifiers such as full legal names, email addresses, phone numbers, or physical addresses from account holders.

When an organizer account is provisioned, we store only the following:

• Username — a chosen display identifier used for sign-in and visible to other staff members. This does not need to be a real name.
• Password — cryptographically hashed and salted before storage. We do not store, transmit, or have access to plaintext passwords at any time.
• Account role — designates permission level ("administrator" or "organizer") to govern access within the platform.

No email verification is required and no personally identifiable information is necessary to create or use an organizer account.

Upon successful authentication, we generate a secure session record that includes a cryptographic token and the browser user-agent string. This information is used exclusively to maintain authenticated state and to detect potentially unauthorized access attempts.

Sessions expire automatically after a defined period of inactivity. A site administrator may revoke any active session at any time.

Events published on the Service contain the following organizer-provided information: event title, optional description, venue name, street address, start and end dates and times, an optional cover image URL, optional latitude and longitude derived from the venue and address (for mapping and calendar accuracy), and optional external links (for example, a social media post or ticketing page). This content is provided voluntarily by organizers and is displayed publicly on the Service.

Cover images may be pasted as a link or uploaded through our admin tools. Uploaded files are sent to a third-party host (see Section 7); we store only the resulting image URL on our systems.

We also maintain a record of which staff accounts are associated with each event listing, as well as any public-facing host links (such as Instagram profiles or websites) that organizers elect to display.

For internal accountability, we maintain an append-only log of administrative actions such as creating or modifying events and managing user accounts. Each log entry records the acting staff member's user identifier, the type of action performed, the affected resource, and a timestamp. Audit logs are accessible only to site administrators and are never disclosed externally.

Address autocomplete (OpenStreetMap Nominatim) — When an organizer enters a venue address in the administrative panel, we relay the search query to the OpenStreetMap Nominatim geocoding service to provide address suggestions. Only the text entered is transmitted; no cookies, authentication tokens, or device identifiers accompany the request.

When an organizer saves an event, our servers may also send the venue name and address to Nominatim once more to obtain coordinates we store alongside the listing. That enables accurate map pins in calendar exports; the same Nominatim usage policy applies.

Cover image hosting (catbox.moe) — When an organizer uploads a cover image file (instead of pasting a URL), our server forwards the file to catbox.moe, a third-party file host, and stores a public direct link returned by that service. Do not upload images you consider sensitive; the hosted file is publicly retrievable by anyone with the link. catbox may log requests according to its own policies.

Calendar subscription feeds (public) — We publish a standard iCalendar (ICS) URL listing the same public event information shown on the website. Subscribing imports that data into your calendar application; your provider's privacy policy governs how they process subscribed feeds.

Hosting (Vercel) — The Service is deployed on the Vercel platform. All connections are encrypted via TLS/HTTPS. We do not enable Vercel Analytics, Web Analytics, Speed Insights, or any other optional telemetry products.

Database — Application data is stored in a managed PostgreSQL database. Access is restricted to the application layer and authorized administrators.

The Service uses a single, strictly necessary session cookie to maintain organizer authentication. This cookie contains only a session identifier — it does not include advertising identifiers, cross-site tracking data, or any third-party payloads.

Public visitors who do not sign in receive no cookies whatsoever. We do not utilize local storage or similar client-side mechanisms for tracking purposes.

We implement reasonable technical and organizational measures to protect the information we hold from unauthorized access, alteration, disclosure, or destruction. These measures include encrypted connections (HTTPS/TLS), hashed credential storage, and role-based access controls. However, no method of electronic storage or transmission is completely secure, and we cannot guarantee absolute security.

Organizer account data is retained for as long as the account remains active. A site administrator may delete any account at any time, at which point all associated sessions, credentials, and account metadata are permanently and irreversibly removed from our systems.

If you are an organizer and wish to request deletion of your account and associated data, please contact the site administrator using the information provided in Section 13 below.

The Service is not directed at individuals under the age of 13. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child under 13, we will take prompt steps to delete such information.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we do, we will revise the "Effective date" at the top of this page. We encourage you to review this page periodically. Material changes will be communicated through a notice on the Service.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us via Instagram at @alex.30mm.