Privacy Policy

This page is also available in English: English.

Last updated: 2 June 2026

Brunchie helps people coordinate real-world events — guest lists, RSVPs, polls, itineraries, expense splitting, seating, photo sharing, and group messaging. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the choices and rights you have. It applies to our website, our iOS and Android apps, and the related services (together, the "Service"). Brunchie is operated by the Brunchie team, a Canadian-based company.

By using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service. This policy works alongside our Terms of Service and SMS Terms & Consent.

Information We Collect

We collect the following categories of information:

• Account information. When you create an account, we collect your email address (required), name, username, country, currency, and timezone. You may optionally add and verify a phone number.
• Authentication information. Brunchie is passwordless — we do not store passwords. We sign you in using email one-time codes, and optionally phone one-time codes (OTP) sent by SMS or voice, passkeys, or single sign-on (SSO) with a provider you choose. We process the information needed to deliver and verify these codes and credentials.
• Device and security information. Each time you sign in, we collect a limited device and network profile for account-security purposes. See the dedicated Device & Security section below.
• Content you create (user content). When you use the Service, we store the content you create or upload — events, expenses, polls, itineraries, seating arrangements, and the photos, videos, guestbook messages, and comments you add. By design, content you contribute to an event is visible to the other guests and organisers of that event. Photos and videos are uploaded only when you choose to add them.
• Push and device identifiers (mobile apps). To deliver push notifications, the Brunchie iOS and Android apps collect a push registration token (Apple Push Notification service on iOS, Firebase Cloud Messaging on Android) and a randomly generated device identifier. See the Mobile Apps section below.
• Guest participation. Guests can RSVP, vote in polls, and view event details through a shared link without creating an account. When a guest participates this way, we process the information they submit (such as an RSVP response or a poll vote) to operate the event.
• Cookies and analytics. We use cookies and product analytics (PostHog) to understand how the Service is used and to improve it. We deny-list analytics IP addresses and device identifiers out of the analytics pipeline, so this data is not used to track you across the internet. Product analytics run within the web experience (including inside the apps' web views); the apps add no separate native advertising or analytics SDK. See Cookies & Analytics below.
• Diagnostics. Basic technical data needed to operate and troubleshoot the Service, such as error and connectivity logs.
• Communications. If you contact us for support, we keep the messages you send so we can help you.

Device and Security

When you sign in, we collect a limited device and network profile for the sole purpose of protecting your account. This includes:

• Device type
• Operating system and version
• Browser and version
• App platform (web, iOS, or Android)
• IP address
• Approximate country, derived from your IP address by our content-delivery provider (Cloudflare)

Purpose: account security only. We use this information to detect unauthorised access and to make a risk-based decision about whether to challenge a particular sign-in attempt (for example, asking for an additional verification step) before we send a verification code. We track up to approximately ten recent devices per account so that a device you have used before can be recognised.

Automated processing. This risk-based step-up is an automated process: software evaluates the device and network signals above to decide whether a sign-in looks routine or warrants an extra challenge. It does not produce legal or similarly significant effects about you — at most it may ask you to complete an additional verification step. You can contact us at privacy@brunchie.app with questions about this processing.

Legal basis. Where the GDPR or similar laws apply, we rely on our legitimate interest in keeping accounts secure and preventing unauthorised access.

Retention. We retain the raw IP address in your security login history for at most 90 days, after which it is irreversibly removed. We keep a one-way salted hash (HMAC-SHA256) of the IP permanently so that a returning device can be recognised without us storing the raw IP. The raw IP address cannot be recovered from the hash.

Strictly for security. This device and security telemetry is used strictly for authentication and account-security risk. It is never fed into product analytics or advertising, and we never sell it.

Mobile Apps (iOS and Android)

The Brunchie iOS and Android apps are mobile clients for the Brunchie service. In addition to the information described above, the apps involve the following:

Push and device identifiers. To send you push notifications (for example, a new RSVP or an event update), the app collects a push registration token — from Apple Push Notification service (APNs) on iOS or Firebase Cloud Messaging (FCM) on Android — together with a randomly generated device identifier. These are sent to our servers and to Apple or Google so the notification can be routed to your device, and are associated with your account. Push notifications respect your notification preferences; you can turn them off in the app or in your device settings. Deleting the app removes the local device identifier but does not by itself delete your server-side account (see Your Rights).

Device permissions. The apps request the following permissions in context — only when you use the related feature — and you can decline or revoke them at any time in your device settings:

• Camera and microphone — for the in-app photobooth (photos and videos), the guestbook, and scanning check-in QR codes. Capture happens on your device; media is uploaded only when you choose to add it to an event.
• Photo library — to let you choose existing photos or videos to add to an event.
• Location — used when you set an event's location or when the app suggests your time zone. We do not track your location in the background.
• Notifications — to show you the event updates you've enabled.

We follow the principle of data minimisation and only request the permissions needed for features you use.

How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service, including your events and the participation of your guests.
• Sign you in and keep your account secure (passwordless authentication and the device/security checks described above).
• Send transactional and event communications — verification codes, RSVP confirmations, event updates you opted into, and service notices.
• Process payments for host paid features through our payment processor (Stripe).
• Provide customer support and respond to your requests.
• Understand and improve how the Service is used through privacy-preserving product analytics.
• Comply with legal obligations and enforce our Terms of Service.

Legal Bases for Processing (GDPR)

Where the EU/UK General Data Protection Regulation applies, we process your personal information on these legal bases:

• Contract — to provide the Service you sign up for, including your account, events, and guest participation.
• Legitimate interests — to keep accounts secure (the device/security processing above), prevent abuse, and improve the Service, balanced against your rights.
• Consent — for optional features such as adding a phone number and opting into event-update SMS. You may withdraw consent at any time.
• Legal obligation — to comply with applicable laws and respond to lawful requests.

Sub-Processors

We share personal information with the following third-party service providers ("sub-processors"), each acting on our behalf and only as needed for the role described:

• Twilio — sends SMS and voice verification codes and event-update texts, and verifies phone numbers. Used for recipients in the United States and Canada only.
• Meta Platforms / WhatsApp Business — may be used in the future to deliver WhatsApp event updates (planned; not yet active).
• Cloudflare — content delivery for our website and an approximate-country geolocation signal used for sign-in risk evaluation.
• Stripe — payment processing for host paid features (currently limited).
• Mailgun — delivery of transactional and event email.
• Google Cloud Platform — application hosting and infrastructure.
• Apple (Apple Push Notification service) — delivers push notifications to iOS devices.
• Google (Firebase Cloud Messaging) — delivers push notifications to Android devices.
• PostHog — product analytics.

These providers are permitted to use your information only to perform services for us and are bound by obligations to protect it.

Sharing — We Do Not Sell Your Information

We do not sell your personal information, and we do not share it for cross-context behavioural advertising. We share information only:

• With the sub-processors listed above, to operate the Service.
• With other participants in your events as part of how the Service works — for example, an RSVP, a poll vote, a shared photo, or a message is visible to the relevant event participants.
• When required by law, legal process, or a lawful government request, or to protect the rights, safety, and security of our users, the public, or Brunchie.
• In connection with a merger, acquisition, or sale of assets, in which case we will provide notice before your information becomes subject to a different privacy policy.

International Transfers

Brunchie is operated from Canada and uses infrastructure and providers that may process information in other countries, including the United States. When we transfer personal information across borders, we rely on appropriate safeguards (such as standard contractual clauses where required) to protect it consistent with this policy and applicable law.

Data Retention

We keep personal information only as long as needed for the purposes described in this policy:

• Account and content data is retained while your account is active.
• Raw IP addresses in your security login history are retained for at most 90 days, then irreversibly removed; a one-way salted hash is kept permanently to recognise returning devices, as described in Device & Security.
• On account deletion, we delete or anonymise your account data, which also purges your phone number, consent records, conversations, and message-delivery logs.

We may retain limited information where necessary to comply with legal obligations or resolve disputes.

Your Rights

Depending on where you live, you may have rights under laws such as the GDPR, the California Consumer Privacy Act (CCPA/CPRA), and Canada's PIPEDA, including the right to:

• Access the personal information we hold about you.
• Correct inaccurate or incomplete information.
• Delete your personal information.
• Restrict or object to certain processing.
• Portability — receive your information in a portable format.
• Withdraw consent at any time where we rely on consent (such as for SMS or an optional phone number).

To exercise any of these rights, contact us at privacy@brunchie.app. We will respond within the timeframes required by applicable law and may need to verify your identity first. We will not discriminate against you for exercising your privacy rights. If you are in the EU/UK, you also have the right to lodge a complaint with your local data protection authority.

Deleting your account. You can delete your account and its associated data directly in Brunchie — in the app or on the web, in your account settings under delete account — or by emailing privacy@brunchie.app. Deletion removes your account data and also purges your phone number, consent records, conversations, message-delivery logs, and registered device identifiers and push tokens. Note that deleting the mobile app from your device alone does not delete your server-side account.

Cookies & Analytics

We use cookies and similar technologies to operate the Service, remember your preferences, and analyse usage. For product analytics we use PostHog. To protect your privacy, analytics IP addresses and device identifiers are deny-listed out of the analytics pipeline. You can control cookies through your browser settings; disabling some cookies may affect how the Service works.

SMS

If you add and verify a phone number and opt in, we send text messages in two categories only: account verification codes and event updates you choose to receive. We do not send marketing or promotional texts. SMS is available to recipients in the United States and Canada. For full details — including how to opt in, how to stop (reply STOP), and how to get help (reply HELP) — see our SMS Terms & Consent.

Security

We use appropriate technical and organisational measures to protect your personal information, including encryption in transit (HTTPS) for data exchanged between your device and our servers, access controls, and the account-security measures described in Device & Security. On mobile devices, the push registration token is stored using the operating system's secure storage. No method of transmission or storage is completely secure, but we work to protect your information and to limit access to it.

Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us personal information, please contact privacy@brunchie.app and we will take steps to delete it.

Quebec Residents and Law 25

If you are in Quebec, additional protections under Quebec's privacy law (Law 25) apply:

• Privacy officer. You may reach the person responsible for protecting personal information at Brunchie at privacy@brunchie.app.
• Breach notification. If a confidentiality incident creates a risk of serious harm, we are committed to notifying affected individuals and the relevant authority as required by law, and to keeping a record of such incidents.
• Automated decisions. As described in Device & Security, we use an automated process to assess sign-in risk. On request, you have the right to be informed of (a) the personal information used to make the decision, (b) the principal factors and reasons that led to it, and (c) your right to have that information corrected and to submit observations to a member of our team who can review the decision. Contact our privacy officer at privacy@brunchie.app.
• Processing outside Quebec. Some personal information is processed outside Quebec and Canada (notably in the United States, by the sub-processors listed above). Before such transfers we assess that the information receives adequate protection, consistent with applicable law.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice. Your continued use of the Service after an update means you accept the revised policy.

Contact

If you have questions about this Privacy Policy or how we handle your information, contact us at privacy@brunchie.app or through our contact page.

Language

This document is published in English and translated into other languages for your convenience. If there is any conflict or inconsistency between the English version and a translation, the English version prevails — except where applicable law requires the local-language version to govern. In particular, for residents of Québec, Canada, the French version applies to the extent Québec law requires.