GRRRLHOOD ("we", "us") runs a community app for women navigating life's transitions. This policy explains what personal data we process, why, the legal basis for it, how long we keep it, and the rights you have under the EU/UK General Data Protection Regulation (GDPR). We are the data controller for the data described here. Questions or requests: privacy@grrrlhood.com.
1. Data we collect
Account & profile
- Email address and a password (we never store your password in plain text — it is kept only in securely hashed form).
- Display name, the country and city you choose, the "chapter"/moodboard you're in, and the interests you select.
- A shareable connect code and your end-to-end encryption public key.
Content you create
- Messages you send. Direct messages are end-to-end encrypted — they are stored only as ciphertext we cannot read.
- Media you upload (images, GIFs, short video) to share in chats.
- Reports you file, and (only if you choose to attach it) the content you include as evidence.
Technical data
- Your IP address (processed by our CDN/security provider, Cloudflare, and used for rate-limiting and abuse prevention) and basic device/app information.
- Limited error and security logs (auto-deleted after 30 days).
Waitlist
- If you join the waitlist on our website, we store your email to notify you about launch.
2. Why we use it & legal basis
- To provide the service (accounts, matching, messaging, community rooms) — performance of a contract.
- Safety & abuse prevention (moderation, reports, rate-limiting, bans) — legitimate interests in keeping the community safe.
- Waitlist & launch updates — consent, which you can withdraw at any time.
- Legal compliance where we must keep certain records — legal obligation.
We do not sell your data, and we do not use third-party advertising or cross-app tracking SDKs.
3. Who we share it with
We share data only with processors that help us run the service under contract: our hosting provider and Cloudflare (CDN, TLS, security/WAF). Admins on our team can see account metadata and reported content for moderation only — they cannot read your encrypted messages. We may disclose data if legally required.
4. International transfers
Our infrastructure and Cloudflare may process data outside your country. Where required, such transfers rely on appropriate safeguards (e.g. Standard Contractual Clauses).
5. How long we keep it
- Account data: until you delete your account.
- Error logs: 30 days. Moderation/audit records: up to 12 months.
- Waitlist email: until you ask us to remove it or you join the app.
- Messages: encrypted community content may remain after your account is deleted, but it is keyed to an anonymous identifier and contains no readable personal data we can access.
6. Your rights
Under the GDPR you have the right to access, rectify, erase, restrict, and object to the processing of your data, and the right to data portability and to withdraw consent. You can:
- Export your data in-app (Settings → Export my data) or via privacy@grrrlhood.com.
- Delete your account and data in-app (Settings → Delete account). This erases your profile, memberships, connections, reports, and removes you from others' block lists.
You also have the right to lodge a complaint with your local data protection authority.
7. Security
We protect your data with industry-standard safeguards: traffic is encrypted in transit, passwords are stored only in securely hashed form, direct messages are end-to-end encrypted, and access to internal admin tools is restricted and audited.
8. Children
GRRRLHOOD is for adults (17+). We do not knowingly collect data from anyone under that age; if you believe a minor has registered, contact us and we will remove the account.
9. Changes
We may update this policy; we will revise the "last updated" date and, for material changes, notify you in-app.
10. Contact
Privacy requests and questions: privacy@grrrlhood.com. See also our Terms of Service.