Legal
Privacy Policy
This Privacy Policy explains how A-Listed ("we," "us," "our") collects, uses, and protects personal information when you use the Service at alisted.app. We are committed to handling your data responsibly and in compliance with applicable privacy laws, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Information We Collect
Account data: When you create an account, we collect your email address and display name. If you are a meetup organizer, you may also provide a group name and custom subdomain slug.
Member data: Organizers upload and manage information about their members, including names, email addresses, profile photos, RSVP history, and attendance records. This data is entered or imported by the organizer and relates to real people (your group's members). As an organizer, you are responsible for ensuring you have appropriate authorization to store this data in A-Listed.
Application data: When someone submits a membership application through a public application form, we collect the information they provide (e.g., name, email, and any form fields the organizer has configured).
Usage data: We collect basic usage information such as the pages you visit and actions you take within the app. This helps us understand how the Service is used and improve it. We do not sell this data.
Payment data: If you subscribe to a paid plan, payment is processed by Stripe. We do not store your full card number or CVV. We receive limited billing information from Stripe (e.g., last four digits, card type, billing cycle).
2. How We Use Your Information
- To create and maintain your account and provide the Service.
- To send transactional emails (e.g., application confirmations, approval notifications) via our email delivery provider.
- To process subscription payments.
- To respond to support requests.
- To improve and develop the Service.
- To comply with legal obligations.
We do not use your data for advertising, and we do not sell your personal information to third parties.
3. Third-Party Service Providers
We use the following sub-processors to operate the Service. Each is bound by data processing agreements and handles data only as necessary to provide their service.
| Provider | Purpose | Data location |
|---|---|---|
| Supabase | Database, authentication, file storage | United States (AWS us-east-1) |
| Resend | Transactional email delivery | United States |
| Stripe | Payment processing | United States |
| Cloudflare | Web hosting, DNS, CDN | Global (edge network) |
If you are located in the European Economic Area, please note that some of these providers are based in the United States. Transfers are made under appropriate safeguards (Standard Contractual Clauses or adequacy decisions where available).
4. Cookies and Local Storage
A-Listed uses a cookie named alisted-auth-token scoped to .alisted.app to maintain your authentication session across the marketing site and app subdomains. This cookie is strictly necessary for the Service to function and does not track you for advertising purposes.
We do not use advertising cookies, fingerprinting, or cross-site tracking. We do not use Google Analytics or similar analytics products that send data to third parties.
5. Data Retention
We retain your account data for as long as your account is active or as needed to provide the Service. You can permanently delete your account and all associated data at any time using the self-service Data Portal at alisted.app/my-data — deletion is immediate and irreversible.
Certain records are retained even after account deletion where required for business integrity: group applications you submitted are anonymized rather than hard-deleted (your name, email, and form responses are removed, but the application count is preserved for the organizer's records). We are not legally required to retain any other personal data after deletion.
Organizers independently manage member records within their groups. If you want data about you corrected or removed from a specific group's history (beyond what the portal deletes), contact that organizer directly or email us at [email protected].
6. Your Rights (GDPR — EEA/UK Residents)
If you are located in the European Economic Area or United Kingdom, you have the following rights regarding your personal data:
my-alisted-data.json) directly from the Data Portal — no request needed.
Most rights can be exercised instantly without emailing us. Sign in at alisted.app/my-data to view, download, or permanently delete your data.
View your data
The portal shows everything A-Listed holds about you, organized into five sections:
- Memberships — every group you belong to, your role, status, and join date
- RSVPs — every event you responded to, across all groups, with your response
- Attendance — every event you were marked as attended
- Applications — any group applications you submitted and their outcome
- Notifications — transactional emails sent to your account (subject and date)
Download your data
Click "Download my data" to receive a my-alisted-data.json file containing all of the above in a structured, machine-readable format. The download is generated in your browser from data already on screen — nothing is queued or emailed to you.
Delete your data
Click "Delete all my data," confirm by typing DELETE, and your account is permanently erased. This action:
- Removes you from all groups (your member records are hard-deleted)
- Deletes your RSVPs and attendance records across all groups
- Removes your profile photo from our storage
- Anonymizes any group applications you submitted — your name and email are replaced with
[deleted]and all form responses are cleared, but the application record itself is retained so organizers' historical counts remain accurate - Deletes all email notification records tied to your account
- Permanently deletes your login credentials — you will be signed out of all devices immediately
If you are the sole admin of a group, you must transfer ownership or delete the group before your account can be erased. The portal will identify any affected groups by name.
Deletion is immediate and irreversible. We do not retain backups of deleted accounts beyond our standard 7-day database backup window, after which recovery is not possible.
For rights the portal does not cover — correction of inaccurate data, restriction of processing, or objection to processing — contact us at [email protected]. We will respond within 30 days.
You also have the right to lodge a complaint with your local data protection authority.
7. Your Rights (CCPA — California Residents)
If you are a California resident, the CCPA grants you rights to know what personal information we collect, to request deletion, and to opt out of the sale of your personal information. We do not sell personal information. To exercise your right to know or to delete your data, use our self-service Data Portal at alisted.app/my-data, or contact us at [email protected].
8. Children's Privacy
A-Listed is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.
9. Security
We take reasonable technical and organizational measures to protect your data. For more detail, see our Security page. No system is completely secure, and we cannot guarantee absolute security.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date above and, where appropriate, by email. Continued use of the Service after the changes take effect constitutes your acceptance of the updated policy.
11. Contact
Questions, requests, or concerns about this Privacy Policy? Email [email protected] or use our contact form.