Privacy Policy
Last updated: February 2026
1. Overview
Third Space Connections ("we", "us", "our") is committed to protecting your privacy. This policy explains what personal data we collect, why we collect it, how long we keep it, and your rights under GDPR and CCPA.
2. Precise Geolocation Collection for Proximity Checks
When you check in to a venue or submit a post, we collect your precise geolocation (latitude and longitude) to perform a proximity check — verifying that you are physically near the venue you are checking in to. This geolocation data is transmitted over an encrypted connection (HTTPS) and is used solely for the proximity verification calculation. We do not display your precise coordinates to other users; only aggregate venue visitor counts are shown publicly.
Retention: Precise geolocation coordinates are stored for a maximum of 30 days from the time of collection, after which they are permanently deleted from our systems. Check-in records themselves expire after 48 hours.
3. Data We Collect
- Account data: email address, display name, avatar (provided at sign-up or via OAuth provider)
- Precise geolocation: latitude and longitude at the time of check-in or post submission, used for proximity verification
- User-generated content: posts you create on venue boards, venue submissions you submit
- Check-in records: which venues you have checked in to and the timestamp (expires after 48 hours)
- Usage data: request logs (IP address, user-agent, timestamps) retained for up to 90 days for security purposes
4. How We Use Your Data
- To authenticate your account and maintain session security
- To perform proximity checks confirming you are near a venue before allowing a check-in or post
- To display community boards and venue information
- To moderate content and enforce our Terms of Service
- To detect and prevent fraud, spam, and abuse
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Precise geolocation (proximity checks) | 30 days |
| Check-in records | 48 hours |
| Posts (active) | 24 hours from creation |
| Request logs (IP, user-agent) | 90 days |
| Account data | Until account deletion |
6. GDPR Rights (EEA Residents)
If you are located in the European Economic Area, you have the right to:
- Access the personal data we hold about you
- Rectification of inaccurate data
- Erasure ("right to be forgotten") — delete your account at any time via Settings → Account → Delete Account
- Data portability — request a copy of your data in a machine-readable format
- Object to processing based on legitimate interests
- Restrict processing in certain circumstances
To exercise these rights, email privacy@thirdspaceconnections.app.
7. CCPA Rights (California Residents)
Under the California Consumer Privacy Act (CCPA) you have the right to:
- Know what personal information we collect and how it is used
- Delete personal information we have collected from you
- Opt out of the sale of your personal information (we do not sell personal data)
- Non-discrimination for exercising your privacy rights
To submit a CCPA request, email privacy@thirdspaceconnections.app with the subject line "CCPA Request".
8. Cookies and Tracking
We use session cookies for authentication only. We do not use third-party tracking cookies or advertising networks.
9. Third Parties
We use Supabase for database and authentication hosting (data stored in the EU/US depending on your region). We use OpenAI for automated content moderation; post text is submitted to OpenAI's moderation API but is not used to train their models. We do not sell personal data to any third party.
10. DMCA
If you believe content on this platform infringes your copyright, see our DMCA contact page.
11. Contact
Privacy questions: privacy@thirdspaceconnections.app