Privacy Policy

Effective February 2026 · Last updated February 2026

Plain language summary: We collect the minimum information needed to run this service: your name, email, phone number, and activity history. We encrypt your phone number. We don't sell your data. You can delete your account at any time.

1. What We Collect

Information you give us: name, email address, password (hashed), phone number (for verification), and profile info.

Information generated by your use: activities created and joined, attendance records, reliability score, chat messages (ephemeral), and activity timestamps.

Technical data: IP address, browser/device type, pages viewed, and error logs. Used to keep the app running and detect abuse — not for advertising profiles.

2. Why We Collect It

Account login, phone verification, activity coordination, reliability scoring, safety and abuse prevention, service communications, and app improvement. We do not use your data to serve advertisements or sell to data brokers.

3. Phone Numbers

Your phone number is encrypted at rest, never displayed in full, and used only to send a one-time verification code and enforce one-account-per-number limits. It is not sold or shared with third parties except our SMS provider (to deliver the verification message).

4. Chat Messages

Chat is only available during the active window of an activity. Messages are stored for a short period after the window closes for safety review, then treated as transient. We do not guarantee deletion at a specific moment.

5. Who We Share Data With

We keep your data within Gawafa. Limited exceptions: our SMS provider (verification codes), our email delivery provider (transactional emails), and legal requests if required by law. We do not sell your data.

6. How We Protect Your Data

Phone numbers are encrypted at rest. Passwords are hashed with bcrypt. HTTPS is enforced for all connections. OTP codes are stored as one-way hashed digests. Access to production systems is limited to a small team.

7. Data Retention

Account data is kept until you delete your account. Technical logs are kept up to 90 days. OTP records are purged automatically within hours to days. When you delete your account, your personal data is deleted or anonymized within a reasonable period.

8. Your Choices

You can update your name and email from profile settings. You can delete your account at any time from settings. You can request a copy of your personal data by emailing us — we aim to respond within 30 days.

9. Children's Privacy

Gawafa is not intended for anyone under 18. We do not knowingly collect data from minors. If you believe a minor has created an account, please contact us.

10. Contact

Privacy questions or data requests: privacy@gawafa.app. We aim to respond within 5 business days.

Last updated February 2026. · Terms of Service →