Privacy Policy
gryd.app | Last updated: June 2026
1. Who We Are
GRYD Group Limited (“we”, “us”, “our”) is the data controller for personal data processed through the GRYD mobile application, website, events platform, community tools, messaging features, payment flows, and related services.
Company name: GRYD Group Limited
Company number: 16950107
Registered in: England and Wales
Data protection contact: support@gryd.app
2. Personal Data We Collect
2.1 Account and authentication data
- Name, preferred name, email address, username, and contact details
- Authentication identifiers, session information, and login status
- Account approval, rejection, ban, role, and admin status
- Support, deletion, and account-management requests
2.2 Profile and community data
- Profile text, profile image, location, interests, and optional bio
- Club memberships, join requests, roles, follows, and preferences
- Event registrations, attendance, QR check-in, and no-show records
- Notification preferences and device push-token ownership records
2.3 Content and moderation data
- Club descriptions, event details, images, and uploaded media
- Chat messages, replies, reactions, pins, and moderation actions
- User reports, report reasons, report notes, and admin decisions
- Audit records for privileged account, approval, ban, and deletion actions
2.4 Payment and transaction data
- Payment status, amounts, currency, discounts, fees, and refunds
- Stripe PaymentIntent, charge, refund, and webhook identifiers
- Event registration reservations and payment audit records
We do not store full card numbers. Payment card processing is handled by Stripe.
2.5 Device, usage, and technical data
- Device type, operating system, app version, and runtime environment
- Approximate location or place data you enter for profiles or events
- Google Places and maps data needed for location search and display
- Push notification tokens and delivery or queue status
- Cookie consent, browser data, page views, and analytics data where enabled
- Logs needed for security, diagnostics, abuse prevention, and reliability
2.6 Special category data
GRYD serves LGBTQ+ communities. Information you choose to provide, make visible, or generate through club membership, event participation, profile text, reports, or messages may reveal special category data, including sexual orientation or other sensitive information. We process this data only where you choose to provide it, where it is needed to provide and protect the community features you use, where you make it public in the product, where we need to establish or defend legal claims, or where another UK GDPR condition applies.
3. How We Use Personal Data
- Create, authenticate, secure, and administer accounts
- Review profiles, manage approvals, and enforce access gates
- Provide clubs, memberships, events, registrations, and check-in
- Process paid event registrations, discounts, refunds, and disputes
- Enable chat, notifications, reports, moderation, and admin tools
- Store and display user, club, event, and media content
- Respond to support, deletion, safety, and legal requests
- Prevent fraud, abuse, harassment, unauthorised access, and misuse
- Improve reliability, performance, product quality, and user experience
- Send service messages, launch updates, and optional marketing communications
- Meet legal, tax, accounting, payment, app-store, and regulatory obligations
4. Legal Basis For Processing
Under UK data protection law, our legal bases may include:
- Contract: To provide accounts, clubs, events, registration, payments, support, and other requested services.
- Consent: For optional marketing, analytics cookies, push notification permissions, and optional information you choose to provide where consent is the appropriate basis.
- Legitimate interests: To secure the platform, prevent abuse, improve GRYD, support communities, moderate content, understand usage, and operate the business, where those interests are not overridden by your rights.
- Legal obligation: To meet tax, accounting, consumer, regulatory, payment, safety, or law-enforcement obligations.
- Vital interests: Where processing is necessary to protect someone in an emergency.
Where special category data is processed, we also rely on an Article 9 condition where required, such as explicit consent, data you have manifestly made public, legal claims, substantial public interest, or another applicable condition.
5. Who We Share Personal Data With
We do not sell personal data. We may share personal data with:
- Authentication providers, including Clerk
- Backend, database, storage, and hosting providers, including Convex and Vercel
- Payment processors and financial providers, including Stripe
- Push notification, app distribution, diagnostics, and analytics providers
- Maps and location providers, including Google Maps and Google Places
- Email, support, and communication providers
- Club owners, hosts, admins, and members where product features require it
- Professional advisers, insurers, auditors, and business operations providers
- Regulators, law enforcement, courts, or other authorities where required or permitted by law
Service providers must process personal data under appropriate contractual safeguards. Some data is visible to other users by design, such as profile content, club membership, event attendance, or chat content, depending on your settings and the product feature.
6. International Transfers
Some providers may process personal data outside the United Kingdom. Where this happens, we use appropriate safeguards such as UK adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to EU Standard Contractual Clauses, or other lawful transfer mechanisms.
7. Cookies, Analytics, And Push Notifications
The website uses essential cookies needed for basic operation and cookie preference storage. Analytics cookies are used only where you accept them. You can change browser cookie preferences through your browser and site cookie settings.
Mobile push notifications require device permission. If you enable push notifications, we process the Expo push token and related device data needed to send service and community notifications. You can change push permissions in your device settings.
8. How Long We Keep Data
- Account and profile data: Kept while your account is active, then deleted, anonymised, or retained only where needed for legal, safety, payment, audit, or dispute purposes.
- Event, payment, and refund records: Kept as needed for event administration, accounting, tax, fraud prevention, disputes, and legal obligations.
- Moderation, report, ban, and audit records: Kept as needed to protect users, enforce rules, prevent repeat abuse, and evidence decisions.
- Chat and user content: Kept while needed for the feature, community context, safety, moderation, or legal purposes, or until deleted where deletion is available and lawful.
- Push tokens: Kept while associated with an active device/account and removed or replaced when no longer valid or when account deletion requires it.
- Analytics and cookies: Kept according to provider and cookie retention periods, typically no longer than necessary for the stated analytics purpose.
9. Your Rights
Under UK data protection law, you may have rights to access, rectify, erase, restrict, object to processing, request portability, withdraw consent, and complain to a supervisory authority.
To exercise your rights, contact support@gryd.app. We may need to verify your identity before acting on a request. Some rights are subject to legal limits, including where we need to retain records for safety, fraud prevention, payment, audit, legal claims, or legal obligations.
You can request deletion of your GRYD account and associated app data through the in-app account deletion flow or through our account deletion page.
You can complain to the Information Commissioner's Office:
- Website: ico.org.uk
- Phone: 0303 123 1113
10. Security
We use technical and organisational measures designed to protect personal data, including HTTPS, access controls, provider security controls, authentication, role-based access, audit records, and operational monitoring. No system is completely secure, and you are responsible for keeping your account credentials and devices safe.
11. Children
GRYD is not intended for anyone under 18. We do not knowingly collect personal data from children. If we learn that a child has provided personal data, we will take appropriate steps to delete it.
12. Changes To This Policy
We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date. Where required, we will notify registered users or ask them to accept updated terms before continuing to use GRYD.
13. Contact
If you have questions about this Privacy Policy or how we handle personal data, contact us at support@gryd.app.
GRYD Group Limited
Registered in England and Wales
Company number: 16950107