vicinto ← Back to site

Privacy policy

Last updated: June 2026

Vicinto is a map-based community app. Privacy isn’t a checkbox for us — it’s the core design constraint of a product that puts people on a map. This policy explains what we collect, what we deliberately don’t, and what we do with it.

What we collect

Account: your email address (for sign-in links) and the profile information you choose to add — name, what you do, bio, category, convention attendance, social handles, and an optional photo.

Location — approximate only. When you set your map location, your device’s coordinates are blurred on your device to a random point within the radius you choose (about a block to a neighborhood) before anything is sent to us. Your exact coordinates are never transmitted to or stored on our servers. You are invisible on the map by default and appear only while your visibility toggle is on.

Content & media: messages, and any photos or images you upload, in community chat, group chats, event chats, and direct messages; events you create and RSVP to. Direct messages are access-controlled so only the participants can read them. A message from someone you haven’t added arrives as a message request and stays separate from your direct messages until you accept it. Don’t upload media you don’t have the rights to.

Profile views: we record when a signed-in member opens your profile so we can show you who viewed you (a paid feature). You can’t be viewed anonymously by other members through this feature.

Connected accounts (optional): if you connect a source like LinkedIn, Apple Contacts, HubSpot, Salesforce, or Mesh, we access your contacts or connections only to match them against Vicinto members and show you who’s nearby. We never post, message, or take any action on those accounts, we don’t share your contact list with other users, and you can disconnect a source at any time to stop the matching.

Purchases & tickets: when you buy an event ticket, a paid plan, or promotion for an event you host (a boost or sponsor slot), we record the transaction — what you bought, the amount, the date, and an order/ticket reference. We do not collect or store your full card number; card details are entered directly with our payment processors (see below) and never touch our servers. For event tickets we generate a unique QR code tied to your ticket; when an event organizer scans it at the door, we record that the ticket was checked in (and when), which is visible to that event’s organizer for entry management.

What we don’t do

We don’t sell your data. We don’t share it with advertisers. We don’t track your location in the background — there is no background tracking at all. Your location updates only while you’re using the app (it refreshes to your current, blurred location when you open it), never when the app is closed.

Who can see what

Your profile and approximate pin are visible to signed-in members only, and only when your visibility toggle is on. Your profile also shows the upcoming events you’re attending or hosting; for any single event you can choose not to appear on its public guest list. Community chat is visible to members. Group messages are visible to that group’s members. DMs are visible only to you and the recipient.

Where your data lives

Data is stored with Supabase (database and authentication) and served via Vercel, both with industry-standard encryption in transit and at rest.

Payments & processors

Vicinto uses two separate payment paths, and we share only the information each one needs to process your purchase:

Event tickets are processed by Stripe. When you buy a ticket, your payment details go directly to Stripe, who acts as our payment processor and the organizer’s payout provider. We receive a confirmation, the amount, and a transaction reference — not your card number. Stripe handles your payment data under its own privacy policy.

Paid plans and boosts are processed through the app store you installed Vicinto from — Apple In-App Purchase on iOS — and managed with RevenueCat, which records your subscription status so we can unlock features. Apple processes the payment under its own privacy policy; we receive your subscription status, not your card details.

These processors act as our service providers (sub-processors). We don’t sell or share this information with advertisers.

Cookies

We use a small number of strictly-necessary cookies to keep you signed in and remember your settings (these can’t be turned off without breaking the app). Any non-essential cookies — for example analytics — load only after you accept them in the cookie banner. You can decline non-essential cookies and still use Vicinto normally, and change your choice at any time.

Your rights

Depending on where you live (including the EU/UK under GDPR and California under the CCPA/CPRA), you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can exercise most of these directly in the app, or email privacy@vicinto.com and we’ll respond within the time the law requires. We don’t sell your personal information.

Data retention

We keep your data only while your account is active. When you delete your account we remove your profile, pins, messages, events, and RSVPs, except where we’re legally required to retain limited records. Backups are purged on a rolling schedule.

Your controls

You can edit or clear any profile field, turn visibility off at any time, change your location radius, or ask us to delete your account and all associated data by emailing privacy@vicinto.com. Deletion removes your profile, pins, messages, events, and RSVPs.

Age

Vicinto is for people 18 and older.

Changes

If this policy changes materially, we’ll notify members by email before the change takes effect.