Privacy Policy

Last updated: March 5, 2026

Catch ("we," "us," "our") operates the Catch mobile application (the "App"). This Privacy Policy explains what information we collect, how we use it, and your choices.

1. Information We Collect

Information You Provide

• Account information: Phone number, display name, username, email (optional), profile photo, bio, university, location.
• Event content: Event titles, descriptions, cover photos, comments, and chat messages you create.
• RSVP data: Your attendance status (going, interested, can't go) for events.
• Photos: Images you upload to event photo albums.

Information We Collect Automatically

• Device information: Device type, operating system version, unique device identifiers (for push notifications only).
• Usage data: App interactions (events viewed, features used) for product improvement. We track event types, not content.
• Error reports: Crash logs via Sentry to fix bugs. These include device/OS info and stack traces, not personal content.

Information We DO NOT Collect

• We do not store your contacts. When you use "Find Friends," your phone numbers are hashed (SHA-256) on your device before being sent to our server. We only receive cryptographic hashes — never raw phone numbers. These hashes are used for one-time matching and are not stored.
• We do not sell your data. Ever. To anyone.
• We do not use your data for advertising. Catch has no ads.

2. How We Use Your Information

• To provide the service: Show you events from people you follow, send push notifications about events you're attending, and connect you with friends.
• To improve the app: Aggregate, anonymous analytics (daily active users, feature usage) help us build a better product.
• To keep the platform safe: Detect spam, abuse, and policy violations.
• To communicate with you: Event reminders via SMS (if you opt in) and push notifications (if you opt in).

3. How We Share Your Information

• With other users: Your profile (display name, username, photo, bio) and public event activity are visible to other users based on your privacy settings. Private and close-friends events are only visible to intended audiences.
• With service providers: Render (hosting), Cloudflare R2 (photo storage), Twilio (SMS reminders), Expo (push notifications), Sentry (error tracking).
• We do not share data with data brokers, advertisers, or any third parties for marketing purposes.

4. Your Privacy Controls

• Visibility settings: Control who sees your events (public, followers, close friends, private).
• RSVP visibility: Choose who can see your attendance.
• Block users: Blocked users cannot see your events, profile, or activity.
• Delete your account: Contact us at privacy@getcatch.app and we will delete all your data within 30 days.

5. Data Retention

• Account data: Retained as long as your account is active.
• Event chat messages: Automatically deleted 48 hours after the event ends.
• Analytics events: Retained for 90 days, then purged.
• Push tokens: Removed when you log out or uninstall.

6. Security

We use industry-standard security measures:

• All data transmitted over HTTPS/TLS.
• Passwords hashed with bcrypt (never stored in plain text).
• Phone numbers hashed with SHA-256 for contact matching.
• Database access restricted to authenticated, authorized users.

7. Children's Privacy

Catch is not intended for children under 13. We do not knowingly collect information from children under 13. If you believe a child under 13 has provided us with personal information, contact us at privacy@getcatch.app.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via push notification or in-app notice.

9. Contact Us

Email: privacy@getcatch.app

This policy is designed to be read by humans, not lawyers. If something isn't clear, email us and we'll explain it.