Privacy Policy
Last updated: 28 May 2026 · Effective: from launch
This policy explains what data Gavera collects, why, and what rights you have over it. We've tried to write it in plain English. If anything's unclear, email us at hello@gavera.uk and we'll explain it properly.
Who we are
Gavera is a product of ServiceBook Ltd, a company registered in England and Wales (Company No. 17111350) with registered office at 3rd Floor, 86-90 Paul Street, London, EC2A 4NE. For the purposes of UK GDPR, ServiceBook Ltd is the data controller for all personal data processed through the Gavera app and website. Contact: hello@gavera.uk.
What we collect and why
Account information
- Email and name — provided by Apple or Google when you sign in. Needed to identify your account.
- Username, display name, profile photo, bio — chosen by you. Visible to friends you've connected with on Gavera.
Preferences
- Preference swipes — the food and activity tags you've marked as interested / not interested / strongly interested. Used to find venues your group will enjoy.
Location
- Precise location — only when you actively use the app to plan a meet-up, and only with your explicit permission via iOS. Used to find nearby venues. Not stored permanently — only the centroid of the group event you create.
- Optional home location — if you set one in Settings, used as a default for event creation.
Social graph
- Your friends list — the Gavera users you've added as friends. Visible only to you.
- Group event participation — events you've created or been added to.
What your friends can see about you
When someone is on your accepted-friends list, they can see:
- Your display name, username, avatar, and bio.
- The group events you've created or been invited to that they're also part of.
They cannot see:
- Your home location (only used server-side as a default centroid for events you create).
- Your phone number (used only to match you when a contact is imported on someone else's device — match returns your username, not your number).
- Your push notification token.
- Your email address.
Device and diagnostic data
- Push notification token — to send you alerts when friends invite you to events.
- Crash logs and performance data — via Sentry, to fix bugs. Personally identifying information is scrubbed before upload.
- Anonymous usage analytics — via PostHog, to understand which features are actually used. No precise location or message contents.
Lawful basis
We process your personal data on three legal bases under UK GDPR:
- Contract necessity — for the data needed to actually provide the service (your account, preferences, friends, events).
- Consent — for analytics, optional features like contacts-based friend discovery, and any future marketing communications. You can withdraw consent at any time in Settings.
- Legitimate interest — for improving the service, security and fraud prevention, and producing the anonymised aggregated insights described below. Where we rely on legitimate interest, we've balanced our interests against yours and you can object to this processing at any time by emailing hello@gavera.uk.
Who we share data with (subprocessors)
We use a small number of third-party services to run Gavera. Each handles your data only on our instructions and under a Data Processing Agreement.
| Subprocessor | What they do | Where |
|---|---|---|
| Supabase | Database, authentication, server functions, file storage | EU (eu-west) |
| Apple | Sign in with Apple, push notifications | Global |
| Sign-In, Places API for venue search | Global | |
| Foursquare | Venue search and details | USA |
| Ticketmaster | Public events search | USA / UK |
| Sentry | Crash reporting (PII-scrubbed) | EU |
| PostHog | Anonymous product analytics | EU |
We do not sell your individual personal data to advertisers, data brokers, or other third parties. We do not run third-party advertising inside Gavera. We do not share data that identifies you with anyone outside the subprocessors listed above.
Aggregated and anonymised insights
Separately from your personal data, we may combine usage data across our user base into anonymised, aggregated statistics — for example, what kinds of venue are popular in different parts of the country, broad seasonal patterns in group meet-ups, or which preferences tend to appear together. Anonymisation removes any information that could identify an individual user. Under UK GDPR, irreversibly anonymised data is no longer personal data, and we may use such aggregated insights for product development, research, analytics, and to inform partnerships — for example with venue partners, hospitality groups, local authorities, or academic researchers. Aggregated insights never contain identifiers, contact details, or information that can be traced back to a specific person.
How long we keep data
- Profile, preferences, friends, events — until you delete your account.
- Cached venue data (from Google Places, Foursquare, and Ticketmaster) — up to 30 days.
- Server logs — 30 days.
- Analytics events — up to 13 months.
- Backups — up to 30 days after deletion before being permanently purged.
Your rights
Under UK GDPR you have the right to:
- Access — request a copy of your data. Settings → "Download my data" (or email us).
- Erasure — delete your account. Settings → "Delete account" cascades immediately. Backups containing your data are purged within 30 days.
- Rectification — fix inaccurate data. Edit in Settings or email us.
- Portability — get your data in a machine-readable format (JSON).
- Restriction and objection — limit how we use your data, or object to processing.
- Withdraw consent — turn off analytics or revoke any consent at any time in Settings.
To exercise any of these rights, email hello@gavera.uk. We respond within 30 days.
If you're unhappy with how we've handled your data, you can complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.
Children
Gavera is not intended for users under 16. We don't knowingly collect data from anyone under 16. If you believe a minor has signed up, contact us and we'll delete the account.
International transfers
Most of your data stays in the EU. Some of our subprocessors (notably Apple, Google, Foursquare, and Ticketmaster) operate globally and may transfer data to other regions including the USA. Where this happens, transfers rely on UK-approved safeguards including the UK International Data Transfer Agreement and the EU Standard Contractual Clauses.
Changes to this policy
If we make material changes, we'll notify you in the app and update the "Last updated" date above. Continued use of Gavera means you accept the updated policy.
Contact
For anything — general questions, privacy or data requests, security issues — email hello@gavera.uk.