Privacy Policy

1. Introduction

Welcome to lgbtdb ("we," "our," or "us"). We operate the lgbtdb platform — a community-driven directory and guide for LGBTQ+-friendly venues, events, resources, and community spaces around the world.

We are committed to protecting your privacy and handling your personal data with care, transparency, and respect. This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have over your data.

By using lgbtdb, you agree to the practices described in this policy. If you do not agree, please do not use our platform. If you have questions, contact us at privacy@lgbtdb.com.

2. Information We Collect

2.1 Information You Provide

When you create an account or use our services, you may provide:

• Account information: Username, email address, and password (stored as a secure hash — we never store your plaintext password).
• Profile information: Optional display name, bio, avatar, and location you choose to share.
• Venue submissions: Venue names, addresses, descriptions, categories, and other details you submit.
• Reviews and ratings: Your star ratings, written reviews, and associated venue interactions.
• Community posts: Posts, comments, and other content you publish, including anonymous posts where you have chosen that option.
• Contact messages: Any messages you send to us via email or contact forms.

2.2 Information Collected Automatically

When you visit or use lgbtdb, we automatically collect:

• Log data: IP address, browser type, operating system, referring URL, pages visited, and timestamps.
• Device information: Device type, screen resolution, and browser language.
• Usage data: Pages viewed, searches performed, venues clicked, and features used.
• Cookies and local storage: We use browser storage to maintain your login session and remember your preferences. See Section 7 for details.

2.3 Sensitive Information

lgbtdb is a platform that serves the LGBTQ+ community. We are acutely aware that information about a person's sexual orientation or gender identity is sensitive. We do not ask you to disclose your sexual orientation or gender identity, and we do not require this to use any feature of the platform. Any such information you choose to share voluntarily (e.g., in a community post or profile bio) is your decision alone, and we treat it with the highest level of confidentiality.

3. How We Use Your Information

We use the information we collect to:

• Provide and operate the platform: Create and manage your account, display venue listings and community content, and process venue submissions and reviews.
• Personalize your experience: Remember your preferences, show relevant content, and maintain your session.
• Improve our services: Analyse usage patterns to fix bugs, improve performance, and develop new features.
• Communicate with you: Send account-related emails (e.g., password resets, account verification), and respond to your inquiries.
• Ensure safety and security: Detect and prevent fraudulent, abusive, or illegal activity on the platform.
• Comply with legal obligations: Respond to lawful requests from authorities where legally required.
• Moderate content: Review submitted venues and community posts to ensure compliance with our community guidelines.

We do not sell your personal data. We do not use your data for advertising targeting. We do not build profiles of your sexual orientation or gender identity for any commercial purpose.

4. How We Share Your Information

4.1 Public Information

Certain content you create on lgbtdb is publicly visible by design:

• Your username and public profile (if you create one)
• Reviews and ratings you submit (attributed to your username)
• Community posts (unless you chose the anonymous option)
• Venue submissions after moderation approval

4.2 Service Providers

We work with a limited number of trusted third-party service providers who help us operate the platform. These include hosting infrastructure, email delivery, and analytics services. All providers are contractually bound to use your data only for the purposes we specify and to maintain appropriate security standards.

4.3 Legal Requirements

We may disclose your information if required by law, regulation, or court order — or if we believe in good faith that disclosure is necessary to protect the safety of any person, or to protect our legal rights. In countries where LGBTQ+ identities are criminalized, we will resist and challenge any such requests to the fullest extent permitted by law.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your personal data is subject to a different privacy policy.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide our services. Specifically:

• Account data: Retained until you delete your account, after which it is permanently deleted within 30 days.
• Reviews and community posts: May be retained in anonymised or aggregated form after account deletion to preserve the integrity of community ratings and discussions.
• Log data: Typically retained for 90 days for security and debugging purposes.
• Legal holds: If we are required to preserve data for legal proceedings, we may retain it longer, but only for that specific purpose.

6. Your Rights

Depending on where you are located, you may have the following rights over your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request that we correct inaccurate or incomplete data.
• Deletion: Request that we delete your personal data ("right to be forgotten"). You can also delete your account directly in Settings.
• Portability: Request your data in a structured, machine-readable format.
• Restriction: Request that we restrict processing of your data in certain circumstances.
• Objection: Object to our processing of your data where we rely on legitimate interests.
• Withdraw consent: Where we process data based on your consent, you may withdraw it at any time.

To exercise any of these rights, email us at privacy@lgbtdb.com. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

7. Cookies and Tracking

lgbtdb uses the following types of browser storage:

• Authentication token (localStorage): We store your session token in browser local storage to keep you signed in. This is essential for the platform to function.
• Preference storage: We may store your UI preferences (e.g., language, filter settings) locally in your browser.
• Analytics: We use privacy-respecting analytics to understand aggregate usage patterns. No individual user profiling is performed.

We do not use third-party advertising cookies. We do not use tracking pixels from social media platforms. You can clear your browser's local storage at any time to remove stored data, though this will sign you out.

8. Security

We take security seriously and implement appropriate technical and organisational measures to protect your data, including:

• All data in transit is encrypted using TLS (HTTPS).
• Passwords are hashed using bcrypt with a strong cost factor — we never store or transmit plaintext passwords.
• Authentication tokens use signed JWTs with expiry limits.
• Our servers are hosted in secure data centers with restricted access.
• We conduct regular security reviews of our codebase and infrastructure.

No system is completely secure. If you believe your account has been compromised, please contact us immediately at security@lgbtdb.com.

9. International Data Transfers

lgbtdb serves users globally. Your data may be processed and stored in countries other than your own. Where we transfer data internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses or equivalent protections.

Given the sensitive nature of LGBTQ+ identity in certain jurisdictions, we are particularly careful about data sovereignty. We do not knowingly store personally identifiable LGBTQ+ identity data in countries that criminalise same-sex relationships or transgender identity.

10. Children's Privacy

lgbtdb is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us and we will delete it promptly. Users between 13 and 18 should use the platform with the awareness and consent of a parent or guardian.

11. Third-Party Links

Our platform contains links to external websites, venues, and resources. This Privacy Policy applies only to lgbtdb. We are not responsible for the privacy practices of third-party websites. We encourage you to review the privacy policies of any external sites you visit.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, for material changes, notify you by email or via a notice on the platform. Your continued use of lgbtdb after any changes constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: