Privacy Policy

Last updated: April 2026

1. Introduction and Scope

Gilld ("we," "us," or "our") operates the Gilld mobile application and the gilld.app website. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

By using Gilld, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.

2. Information We Collect

Account information. When you create an account we collect your email address, a display name, an optional username, an optional avatar image, your date of birth (for age-gating), and — if you sign up with Apple or Google — the identifier returned by that provider. Passwords are never stored by us; authentication is handled by our auth provider (Supabase).

Gaming identity. You may optionally supply information about your play style, preferred schedule, gaming intensity, genres, and vibe. This is used for friend matchmaking and is visible to friends and, if you opt in, to other users in the discovery feed.

Connected gaming platforms. If you connect Steam, PlayStation Network, or Nintendo, we store the access and refresh tokens returned by those providers in encrypted form, along with your public profile handle, game library metadata, play sessions, and achievements that those platforms expose. We do not receive your platform password and we do not post, purchase, or modify anything on your behalf. You can disconnect any platform at any time; disconnecting revokes the stored tokens.

Game library and activity. We store the games in your library, their status (playing, backlog, completed), your ratings and notes, and session timestamps. When you are actively playing a game we publish a "now playing" signal to your friends.

Friendships and social graph. We store friend requests, accepted friendships, close-friend designations, blocks, and per-friend relationship health metrics derived from your in-app activity together.

Chat content. Direct messages, group-chat messages, and game-room messages are stored on our servers so they can be delivered to recipients and appear in conversation history. Message content, reactions, replies, edits, and read receipts are retained for as long as the conversation exists. We do not read or scan your private messages except when responding to a report of a Terms of Service violation or when required by law.

Photos, videos, and files in chat. If you share an image, video, or file in a conversation, the file is uploaded to our private storage bucket and delivered to the other conversation members. Files inherit the lifetime of the containing message.

Voice calls. Voice calls are routed through LiveKit, our real-time audio provider. Audio is transmitted end-to-host (encrypted in transit between your device and the LiveKit server) and is not recorded by default. We retain call metadata — participants, start and end times, duration, and quality signals — for billing, abuse investigation, and service reliability.

Activity feed comments and reactions. When you comment on, or add an emoji reaction to, a friend's activity post ("now playing", milestone, etc.), we store the comment body or emoji, your user ID, and a timestamp. These are visible only to the post's author and to friends of that author. Edits and soft-deletes are retained as metadata.

Events and RSVPs. If you create or RSVP to an in-person or online event, we store the event details (title, venue, time, optional cover image) and your RSVP status.

Push notification tokens. If you permit push notifications, we store the Apple or Google push token issued to your device so that we can deliver notifications for friend requests, messages, voice calls, and activity-feed engagement.

Approximate location. We do not collect precise GPS location from your device. If you create or search for in-person events, we store the latitude and longitude of the event (not your own location) to power geographic search.

Device and diagnostic data. We collect device type, operating system version, app version, language, IP address (for security rate-limiting and abuse prevention), and basic diagnostic logs such as crash reports and API error rates.

Reports and safety signals. When you report another user or block them, we retain the report category, an optional description, and the identifiers of the reporter and the reported user. This information is used solely for Trust and Safety review.

3. How We Use Your Information

We use the information we collect to:

  • Authenticate you and keep your account secure.
  • Render your feed, friends list, conversations, and the full set of social features.
  • Deliver messages, voice calls, notifications, and real-time presence to the friends you choose.
  • Surface gameplay overlap, matchmaking suggestions, and friend recommendations.
  • Prevent abuse, enforce rate limits, detect fraud, and respond to Terms of Service violations and legal requests.
  • Diagnose crashes, measure reliability, and improve the product.

We do not use your chat content, voice call audio, or private gaming library to train generative AI models.

4. How We Share Your Information

With other users. Your display name, avatar, online status, and opt-in activity are visible to your friends. Your activity feed may also be visible to the broader user base if you enable "show on global feed" in your privacy settings. Comments and emoji reactions you add to a post are visible to the post's author and to friends of that author.

Service providers. We share the minimum information necessary with:

  • Supabase — database, authentication, file storage, and real-time subscriptions.
  • LiveKit — voice-call media routing.
  • Apple Push Notification service and Firebase Cloud Messaging — delivering push notifications to your device.
  • IGDB / Twitch — game metadata enrichment; only game identifiers (not your personal data) are sent.
  • Steam, PlayStation Network, Nintendo — if you connect those accounts, we call the official platform APIs with the tokens you authorized.

Legal and safety. We may disclose information in response to a valid legal request, to protect the rights or safety of our users, or to investigate suspected fraud, harassment, or abuse.

Business transfers. If Gilld is involved in a merger, acquisition, or asset sale, user information may be transferred as part of that transaction. We will provide notice before any such transfer becomes subject to a different privacy policy.

We do not sell your personal data.

5. Data Retention and Deletion

We retain account data for the life of your account. Messages and voice-call metadata persist until the containing conversation is deleted by all participants or until you delete your account. Diagnostic logs are retained for 30 days. Reports and associated moderation records are retained for at least 12 months after resolution for audit purposes.

You can delete your account at any time from Settings → Account → Delete Account, or by emailing privacy@gilld.app. Deletion removes your profile, library, activity, comments, reactions, messages you sent, and push tokens within 30 days. Copies of messages you sent to other users remain in those users' conversation histories; the senders become anonymized.

6. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, port, or restrict processing of your personal data, and to object to certain uses. You also have the right to withdraw consent at any time for processing that relies on consent. To exercise these rights, contact us at privacy@gilld.app. We will respond within 30 days.

You may adjust visibility of your activity feed, friendship health, online status, and library in-app under Settings → Privacy. You may block any user from their profile or from inside a conversation; blocks are enforced server-side and cannot be circumvented.

7. International Data Transfers

Gilld is operated from the United States. If you access the service from outside the United States, your information may be transferred to, stored, and processed in the United States and other jurisdictions where our service providers operate. Where required, we rely on Standard Contractual Clauses or equivalent safeguards for transfers of personal data out of the European Economic Area, United Kingdom, or Switzerland.

8. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA/CPRA), including the right to know what personal information we collect, the right to request deletion, the right to correct inaccurate information, and the right to opt out of the sale or sharing of personal information. We do not sell personal information and do not share personal information for cross-context behavioral advertising. To exercise your California rights, email privacy@gilld.app.

9. Children's Privacy

Gilld is not intended for children under 13, and we do not knowingly collect personal information from children under 13. Users between 13 and 17 may use Gilld with parental consent where required by local law. If we learn we have collected information from a child under 13, we will delete it promptly. Parents or guardians may contact us at privacy@gilld.app to review or delete their child's information.

10. Cookies and Tracking Technologies

Our marketing website (gilld.app) uses a minimal set of first-party cookies for session continuity and aggregate analytics. We do not use third-party advertising cookies, and the Gilld mobile app does not use tracking cookies or cross-app identifiers such as IDFA for advertising. You can manage cookie preferences in your browser settings.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date above and, for material changes affecting how we use your personal data, by posting an in-app notice before the change takes effect.

12. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us at privacy@gilld.app.