Privacy Policy

Introduction

Rally ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. Privacy is a core design principle of Rally—we minimize data collection and use fuzzy signals instead of exact tracking.

Information We Collect

1. Account Information

When you create an account, we collect:

• Email address (for authentication)
• Display name (chosen by you)
• Password (encrypted and never stored in plain text)
• Account creation timestamp

2. Profile Information

You may optionally provide:

• Profile avatar/photo
• Preferred city or location
• Timezone preferences
• Privacy and notification preferences

3. Location Data

Rally uses location data in a privacy-preserving way:

• Approximate location: We request your general location (city/neighborhood level) to show nearby venues
• Intent signals: When you create an intent to visit a venue, we store this temporarily (auto-expires after time window)
• Fuzzy presence: We show aggregated, area-level presence signals—never exact real-time locations
• No continuous tracking: We do not continuously track your location or movements

4. Usage Data

We collect minimal analytics:

• Intent creation and cancellation events
• Rally participation (which venues you signal intent for)
• Time windows and crowd range preferences
• Personal history (stored for 7 days after expiry)

5. Social Data

If you use social features:

• Follow relationships (who you follow, who follows you)
• Delayed presence signals from followed users (if they opt-in)
• Public profile visibility (opt-in only)

How We Use Your Information

We use your information to:

• Provide and maintain the Rally service
• Show you nearby venues with real-time presence indicators
• Display aggregated crowd signals (not individual tracking)
• Enable social features (follows, fuzzy presence signals)
• Send optional notifications about rallies and nearby activity
• Maintain your personal history for reference
• Improve and optimize our service
• Prevent fraud and ensure platform safety

Data Retention

Rally minimizes data retention:

• Active intents: Auto-expire after time window ends
• Historical data: Personal history retained for 7 days after expiry, then deleted
• Account data: Retained while your account is active
• Deleted accounts: All personal data permanently deleted within 30 days

Data Sharing and Disclosure

We do not sell your personal information. We may share data only in these limited circumstances:

• With other users: Only aggregated, fuzzy crowd signals (never individual data)
• Service providers: Trusted third parties who help operate our service (e.g., hosting, authentication)
• Legal requirements: If required by law or to protect rights and safety
• Business transfers: In case of merger or acquisition (users will be notified)

Your Privacy Controls

You have control over your data:

• Profile visibility: Control who can see your public profile (opt-in/opt-out)
• Follow permissions: Control who can follow you
• Presence sharing: Opt-in to share delayed presence signals with followers
• Notifications: Control notification preferences
• Cancel intents: Remove your presence signal at any time
• Delete account: Request full account deletion from your profile
• Export data: Download your history and profile data (JSON export)

Security

We implement industry-standard security measures to protect your data:

• Encrypted data transmission (HTTPS/TLS)
• Encrypted password storage using industry-standard hashing
• Database-level access controls and security policies
• Regular security audits and updates
• Minimal data collection by design

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Third-Party Services

Rally integrates with trusted third-party services to provide our functionality:

• Authentication providers: For secure account management and user authentication
• Mapping services: For maps, venue discovery, and location-based features
• Infrastructure providers: For secure data storage and hosting

These services have their own privacy policies. We carefully select partners who maintain high security and privacy standards.

Children's Privacy

Rally is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us, and we will delete it promptly.

International Users

Rally may store and process data in various locations. If you are accessing Rally from outside the United States, please note that your information may be transferred to, stored, and processed in the United States where our servers are located. By using Rally, you consent to this transfer.

Your Rights Under GDPR

If you are in the European Economic Area (EEA), you have these rights:

• Right to access: Request a copy of your personal data
• Right to rectification: Correct inaccurate data
• Right to erasure: Request deletion of your data ("right to be forgotten")
• Right to restriction: Limit how we process your data
• Right to data portability: Export your data in a machine-readable format
• Right to object: Object to data processing in certain circumstances
• Right to withdraw consent: Withdraw consent at any time

To exercise these rights, please use our contact form and select "Privacy Inquiry" as your reason.

Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of Rally after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: