Skip to main content
Get the app

Privacy Policy

Effective date: 13 June 2026
Last updated: 13 June 2026

This Privacy Policy explains how [YOUR REGISTERED COMPANY NAME] Ltd (“Waypoint”, “we”, “us”, or “our”) collects, uses, shares, and protects your personal information when you use the Waypoint mobile application (the “App”) and the website at usewaypoint.app (the “Site”, and together with the App and our related services, the “Service”).

Waypoint is a social app for meeting people and joining real-world activities in your city and while you travel. By its nature, parts of your profile and the content you post are shared with other people. Please read Section 4 (Your profile and content are visible to others) carefully so you understand what is public.

📌 The short version

  • We collect what you give us (account details, profile, photos, messages, trips, plans) and a little technical data needed to run the Service.
  • We store your city, not your precise GPS location — your exact coordinates are used on your device and are not saved to your profile or shown to others. The one exception: the venue you choose for a plan is shown, with its precise location and time, to everyone who can see that plan.
  • Your profile is public to other signed-in users by default, and profile/plan photos are served from public links. Messages are not end-to-end encrypted.
  • We do not sell your personal information.
  • Payments are handled by Apple, Google, and RevenueCat — we never see your card details.
  • You can edit your profile, change your privacy settings, or delete your account at any time. See Your rights.

This summary is for convenience only and does not replace the full policy below.

1. Who we are and how to contact us

The data controller responsible for your personal information is [YOUR REGISTERED COMPANY NAME] Ltd, a company registered in England and Wales (company number [COMPANY NUMBER]), with its registered office at [REGISTERED OFFICE ADDRESS, United Kingdom].

For any privacy question, or to exercise your rights, contact us at privacy@usewaypoint.app.

2. Information we collect

2.1 Information you provide to us

  • Account information. When you sign up, we (through our authentication provider, Supabase) collect your email address and password, or — if you sign in with Apple or Google — the identity token and basic profile details (such as your name and, where you allow it, email) that Apple or Google share with us. If you use Sign in with Apple, Apple may give us a private relay email instead of your real address.
  • Profile information. During onboarding and whenever you edit your profile, you may provide: your name and (optionally) a username; your date of birth (used to confirm you meet our minimum age and to show your age); your gender and the gender of people you want to meet; your nationality/background; the languages you speak; your interests; a free-text bio; how you like to meet people; up to three profile photos; and links to your Instagram, TikTok, or YouTube.
  • Location (city). Your current city, country, and country code, which are derived from your device location as described in Section 2.2.
  • Trips and plans. Cities and dates for trips you add, and the activities/plans you create or join — including the public venue (and its map coordinates) you choose for a plan.
  • Messages and content. The direct messages and group-chat messages you send, and any content, photos, or information you include in them or in your profile, bio, and plans.
  • Connections. Friend requests you send or accept, users you block, and reports you submit about other users or content.
  • Purchases. If you buy a subscription (for example Waypoint Premium or Founder), we receive your subscription status and a store transaction identifier from RevenueCat / the app stores. We do not receive or store your card or payment details — see Section 2.3.
  • Communications with us. Messages you send to our support or other email addresses, and the contents of those messages.
  • Waitlist (Site). If you join our waitlist on the Site, the email and any other details you submit through our waitlist form provider (Tally).

2.2 Information collected automatically

  • Approximate location. With your permission, the App reads your device’s location while you are using it (foreground only — we never track your location in the background). Your device converts that reading into a city name on the device, and we store only the resulting city, country, and country code on your profile. We do not store your precise latitude/longitude as part of your profile, and other users never see your exact coordinates — only your city. Note that the venue you pick when creating a plan does include precise map coordinates, which are stored with the plan and shown to others who can see the plan.
  • Device and technical data. When you use the Service, our infrastructure providers automatically receive technical data needed to deliver it, including your IP address and general request information. The App reads your device platform (iOS or Android) to function correctly. We do not currently run any third-party analytics, advertising, or crash-reporting SDK inside the App.
  • Notifications. If you enable notifications, the App schedules reminder notifications on your device. These are generated locally on your device; we do not currently operate a remote push-notification service or store a device push token.
  • Cookies and analytics (Site only). The Site uses Vercel Analytics and Vercel Speed Insights, which are privacy-friendly and do not use cookies, to understand page views and performance. Where Google Analytics is enabled, it uses cookies and processes your IP address and device/browser information; where consent is required, we will ask for it before those cookies are set. The Site also loads our waitlist form from Tally and web fonts from Google. The App itself does not use any of these.

2.3 Information from third parties

  • Apple and Google (sign-in). If you use Sign in with Apple or Google, they provide us with the identity information described in Section 2.1.
  • RevenueCat and the app stores (subscriptions). When you purchase a subscription, Apple App Store or Google Play processes the payment, and RevenueCat manages the subscription. We receive your subscription tier, entitlement, start/expiry dates, and an opaque store transaction identifier — never your card number or payment instrument.
  • Mapbox and device geocoders. When you search for cities or venues, or when the App turns a location into a place name, the relevant query may be sent to Mapbox and/or your device’s operating-system geocoder (Apple on iOS, Google on Android) to return results.

3. Sensitive information

Some information we ask for can be considered sensitive, including your date of birth/age, gender, and nationality/background. We collect these so the Service can function as a social-discovery app (for example, to confirm you are 18 or over, show your age, or help you find people). To the extent any of this is treated as “special category” data under UK/EU law, our condition for processing it is that you have chosen to provide and display it on your public profile (information you have manifestly made public) and, where required, your explicit consent. You can control how much of your profile is visible to others in the App’s privacy settings.

You may also choose to reveal additional information about yourself in your bio, photos, messages, or plans. Please think carefully before sharing anything sensitive (such as health, religious, political, or sexual-orientation information) in free-text fields, because other users can see it. We do not ask you for that information.

4. Your profile and content are visible to others

Please read this section so there are no surprises about what other people can see.

  • Your profile is public by default. By default, other signed-in users can find and view your profile — including your name, age, photos, city, nationality, bio, interests, languages, and social links — through discovery, search, the map, city and trip views, and the people you interact with. You can narrow this in the App’s privacy settings (for example, to “friends only” or “private”), and you can block specific users.
  • Your photos are served from public links. Profile and plan images are stored with our hosting provider and delivered over public content URLs. This means that anyone who has an image’s link can view that image, even without logging in. Do not upload images you would not want to be publicly accessible.
  • Messages are not end-to-end encrypted. Direct messages and group chats are protected in transit and at rest by our infrastructure providers, but they are not end-to-end encrypted. That means we (and our hosting provider) are technically able to access message content — for example to operate the Service, respond to reports, enforce our Terms, or comply with the law. Anyone in a group chat (which, for a plan, includes everyone who joins that plan) can read messages in it.
  • Plans reveal a place and time. When you create a plan, its venue — including the venue’s precise location on the map — and its time are shown, alongside your profile, to everyone who can see that plan. Choose public venues, and remember that anyone who can view a plan can see where and when to find you.
  • Premium/Founder status. If you subscribe, a badge indicating Premium/Founder status may be shown on your profile to other users.

5. How we use your information, and our legal bases

We use your information to:

  • create and manage your account and profile, and authenticate you;
  • operate the core Service — discovery, the map, trips, plans, friend connections, and messaging;
  • show your profile and content to other users as described above;
  • process subscriptions and manage entitlements;
  • send you service communications and the notifications you enable;
  • keep the Service safe — including reviewing reports, enforcing our Terms and community guidelines, and preventing fraud, abuse, and harm;
  • provide support and respond to your requests;
  • understand and improve the Service (mainly via Site analytics); and
  • comply with our legal obligations.

If you are in the UK or EEA, the “legal bases” we rely on under the UK GDPR and EU GDPR are:

  • Performance of a contract with you (our Terms) — to create your account, run the Service, and process your subscriptions;
  • Your consent — for location access, notifications, special-category profile data, Site analytics cookies, and the waitlist (you can withdraw consent at any time);
  • Our legitimate interests — to keep the Service secure, prevent abuse, respond to reports, and improve the Service, balanced against your rights; and
  • Legal obligation — where we must process data to comply with the law.

6. When we share your information

We share personal information only as described here:

  • With other users — as described in Section 4.
  • With service providers (sub-processors) who process data on our behalf to run the Service. These are:
ProviderPurposeData involved
SupabaseAuthentication, database, file storage, realtime (our core backend)Account, profile, photos, messages, social graph, subscription records
MapboxMaps, place/venue search, geocodingCity/venue search text and venue map coordinates (precise for plan venues; only your city is stored for your own profile)
Apple, GoogleSign-in, payments, device geocodingIdentity tokens, purchase transactions, location-to-place lookups
RevenueCatSubscription managementYour user ID, subscription status, store transaction IDs
Vercel, Google, Tally (Site only)Website hosting, analytics, fonts, waitlist formPage views, IP/device data, waitlist submissions
  • For legal and safety reasons — we may disclose information if we reasonably believe it is necessary to comply with a law, regulation, legal process, or governmental request; to enforce our Terms; to detect, prevent, or address fraud, security, or safety issues; or to protect the rights, property, or safety of our users, the public, or us.
  • In a business transfer — if we are involved in a merger, acquisition, financing, reorganisation, or sale of assets, your information may be transferred as part of that transaction. We will require the recipient to honour this Policy.

We do not sell your personal information, and we do not share it for cross-context behavioural advertising, as those terms are defined under California law.

7. International data transfers

We and our service providers may store and process your information in countries outside the UK and the European Economic Area, including the United States. Where we transfer personal data outside the UK/EEA, we rely on appropriate safeguards such as the UK International Data Transfer Agreement / Addendum or the EU Standard Contractual Clauses, or transfers to countries the UK/EU has deemed adequate. You can contact us for more information about these safeguards.

8. How long we keep your information

We keep your personal information for as long as your account is active and as long as we need it for the purposes set out in this Policy. When you delete your account in the App, we delete your account data from our active database immediately (email requests are actioned within 30 days; see our Account Deletion page for exactly what happens). Some information may persist for a limited period in our hosting provider’s encrypted disaster-recovery backups, which age out under the provider’s retention schedule and are not used to restore deleted accounts, and content other people created (for example messages they sent in a shared chat) is not removed when you delete your account.

Our service providers retain data according to their own policies (for example, Apple, Google, and RevenueCat keep their own records of your purchases). Waitlist entries are kept until you unsubscribe or until they are no longer needed. We may retain limited information where we are required to by law, or where we need it to resolve disputes, enforce our agreements, or for safety reasons (for example, a record that an account was removed for a serious violation).

9. How we protect your information

We use technical and organisational measures designed to protect your information, including encryption in transit (HTTPS/TLS) and encryption at rest provided by our hosting provider, access controls, and database-level security rules that restrict who can read and write data.

However, you should understand the limits of this protection: messages are not end-to-end encrypted; profile and plan photos are served from public links; and no method of transmission or storage is 100% secure. We cannot guarantee the absolute security of your information, and you share information with other users and upload content at your own risk.

10. Your rights and choices

You can edit your profile, change your privacy and notification settings, block users, or delete your account at any time within the App.

UK and EEA users. You have the right to access, correct, delete, restrict, or object to the processing of your personal information; the right to data portability; and the right to withdraw consent at any time (without affecting processing already carried out). To exercise these rights, email privacy@usewaypoint.app. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) (ico.org.uk) or your local data-protection authority, though we hope you will contact us first.

California users. Subject to the CCPA/CPRA, you have the right to know what personal information we collect and how we use and disclose it; to request access to and deletion of your personal information; to correct inaccurate information; and not to be discriminated against for exercising your rights. We do not sell or “share” your personal information for cross-context behavioural advertising. To make a request, email privacy@usewaypoint.app.

We will verify your request (usually via the email address on your account) and respond within the time required by applicable law. You may use an authorised agent where the law allows.

11. Children

Waypoint is intended only for adults aged 18 and over. It is not directed to children, and we do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, please contact privacy@usewaypoint.app and we will take steps to delete it and close the account.

12. Third-party services and links

The Service relies on the third-party providers named above and may contain links to third-party websites or services (for example, the social links on a user’s profile). Their handling of your information is governed by their own privacy policies, not this one. We encourage you to review them.

13. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you in the App or by email. Your continued use of the Service after an update means you accept the revised Policy.

14. Contact us

[YOUR REGISTERED COMPANY NAME] Ltd

[REGISTERED OFFICE ADDRESS, United Kingdom]

Registered in England and Wales, company no. [COMPANY NUMBER]

Privacy: privacy@usewaypoint.app

General: hello@usewaypoint.app

← Back to Home