Legal

Privacy Policy

Effective April 22, 2026  ·  Last updated April 22, 2026

This Privacy Policy explains how A-Listed ("we," "us," "our") collects, uses, and protects personal information when you use the Service at alisted.app. We are committed to handling your data responsibly and in compliance with applicable privacy laws, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. Information We Collect

Account data: When you create an account, we collect your email address and display name. If you are a meetup organizer, you may also provide a group name and custom subdomain slug.

Member data: Organizers upload and manage information about their members, including names, email addresses, profile photos, RSVP history, and attendance records. This data is entered or imported by the organizer and relates to real people (your group's members). As an organizer, you are responsible for ensuring you have appropriate authorization to store this data in A-Listed.

Application data: When someone submits a membership application through a public application form, we collect the information they provide (e.g., name, email, and any form fields the organizer has configured).

Usage data: We collect basic usage information such as the pages you visit and actions you take within the app. This helps us understand how the Service is used and improve it. We do not sell this data.

Payment data: If you subscribe to a paid plan, payment is processed by Stripe. We do not store your full card number or CVV. We receive limited billing information from Stripe (e.g., last four digits, card type, billing cycle).

2. How We Use Your Information

  • To create and maintain your account and provide the Service.
  • To send transactional emails (e.g., application confirmations, approval notifications) via our email delivery provider.
  • To process subscription payments.
  • To respond to support requests.
  • To improve and develop the Service.
  • To comply with legal obligations.

We do not use your data for advertising, and we do not sell your personal information to third parties.

3. Third-Party Service Providers

We use the following sub-processors to operate the Service. Each is bound by data processing agreements and handles data only as necessary to provide their service.

Provider Purpose Data location
Supabase Database, authentication, file storage United States (AWS us-east-1)
Resend Transactional email delivery United States
Stripe Payment processing United States
Cloudflare Web hosting, DNS, CDN Global (edge network)

If you are located in the European Economic Area, please note that some of these providers are based in the United States. Transfers are made under appropriate safeguards (Standard Contractual Clauses or adequacy decisions where available).

4. Cookies and Local Storage

A-Listed uses a cookie named alisted-auth-token scoped to .alisted.app to maintain your authentication session across the marketing site and app subdomains. This cookie is strictly necessary for the Service to function and does not track you for advertising purposes.

We do not use advertising cookies, fingerprinting, or cross-site tracking. We do not use Google Analytics or similar analytics products that send data to third parties.

5. Data Retention

We retain your account data for as long as your account is active or as needed to provide the Service. If you request deletion of your account, we will delete your personal data within a reasonable time, subject to legal obligations that may require us to retain certain records.

Member records managed by an organizer may be retained by that organizer independently of your account. If you want data about you removed from an organizer's group, you should contact that organizer directly.

6. Your Rights (GDPR — EEA/UK Residents)

If you are located in the European Economic Area or United Kingdom, you have the following rights regarding your personal data:

Access Request a copy of the personal data we hold about you.
Correction Ask us to correct inaccurate or incomplete data.
Erasure Request deletion of your personal data ("right to be forgotten").
Portability Receive your data in a structured, machine-readable format.
Restriction Ask us to restrict how we process your data in certain circumstances.
Objection Object to processing based on legitimate interests.

To exercise any of these rights, contact us at [email protected]. We will respond to requests within 30 days. We may need to verify your identity before processing the request. There is no automated self-service portal for data export or erasure — all requests are handled manually by email.

You also have the right to lodge a complaint with your local data protection authority.

7. Your Rights (CCPA — California Residents)

If you are a California resident, the CCPA grants you rights to know what personal information we collect, to request deletion, and to opt out of the sale of your personal information. We do not sell personal information. To exercise your rights under the CCPA, contact us at [email protected].

8. Children's Privacy

A-Listed is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

9. Security

We take reasonable technical and organizational measures to protect your data. For more detail, see our Security page. No system is completely secure, and we cannot guarantee absolute security.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date above and, where appropriate, by email. Continued use of the Service after the changes take effect constitutes your acceptance of the updated policy.

11. Contact

Questions, requests, or concerns about this Privacy Policy? Email [email protected] or use our contact form.