Last updated: 24 June 2026
Effective date: 24 June 2026
This Privacy Policy explains how ALY ("we", "us", "our") collects, uses, and protects your personal data when you use OUT, our iOS app for discovering queer events, venues, places and spaces.
We built OUT for our community, and we treat your data with the care that subject matter deserves. Some of the information you can choose to share with us β your sexual orientation, gender identity, and pronouns β is among the most sensitive personal data the law recognises. We only ever collect it with your explicit, separate consent, and you can withdraw that consent at any time.
Please read this policy carefully. If anything here is unclear, email us at padraig@aly.lgbt and we'll explain.
1. Who we are (the data controller)
The data controller for OUT is ALY, based in Ireland. We act as the data controller for your personal data under the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.
ALY is not yet registered as a company, so there is no company registration number or registered postal address to give you. You can always reach us by email:
Email: padraig@aly.lgbt
We have not appointed a Data Protection Officer (DPO), because our processing does not meet the legal threshold that would require one. The person responsible for privacy questions is reachable at the email address above.
OUT is offered to people in Ireland and the EU. We are not targeting users in the United Kingdom, and we have not appointed a UK representative.
2. Who this app is for (18+)
OUT is for adults only. You must be 18 or older to use it. We enforce this at onboarding: if the date of birth you give us indicates you are under 18, your account is rejected. We do not knowingly collect data from anyone under 18. If you believe a person under 18 has somehow created an account, please contact us at padraig@aly.lgbt and we will delete it.
3. The personal data we collect
We only collect what we need to run the features described below. Here is the complete inventory for this version of OUT.
3.1 Before you have an account β the invite / waitlist
Access to OUT is gated by an invite/waitlist. Before you have an account, when you join the waitlist we collect:
your email address;
your phone number (optional);
a referral code you can share with others, the code of whoever referred you, and your referral count;
your queue position, status, and invite code.
A note on referrals: if you share your referral code and someone signs up using it, that creates a link in our system between your account and theirs (so we can credit your referral count and record who referred whom). We use this only to operate the waitlist and referral mechanic β not to make either of your profiles visible to the other.
We send waitlist and invite emails to your email address (see our email provider, Resend, in Section 6). Every one of those emails contains an unsubscribe link. Your phone number, if you give it, is never sent to our email provider or to any other third party.
3.2 Signing in β Sign in with Apple
The only way to sign in to OUT is Sign in with Apple. There are no passwords. When you sign in, Apple shares with us:
your name (Apple shares this only the first time you sign in);
an email address or Apple private relay address;
a stable user identifier that lets us recognise your account.
We also store an Apple authorisation token. We use this token for one purpose only: to revoke the Sign in with Apple connection if you delete your account. The name Apple gives us is used only to pre-fill your display name β you can change it.
3.3 Your profile
You build your profile during onboarding and can edit most of it later. It includes:
display name (pre-filled from Apple, editable);
an auto-generated username;
date of birth β only your age is ever shown on your profile. The date of birth itself is stored in a separate, restricted, owner-only table, cannot be changed after you set it, and is never shown to anyone;
pronouns;
gender identity;
sexual orientation;
bio;
profile photo;
city;
interest tags.
Your gender identity and sexual orientation are also copied into a combined "tags" field that we use to surface events and venues relevant to you.
Special-category data. Your sexual orientation, gender identity, and pronouns are "special category" personal data under Article 9 of the GDPR. We collect these fields only with your explicit, separate consent β this consent is requested on its own and is not bundled into accepting our Terms. You can withdraw your consent at any time by editing or clearing those fields, or by deleting your account (see Sections 8 and 9).
3.4 When you use the app
Saved items. When you bookmark an event or venue, we store it on your personal saved list.
AI "Ask" / search. When you use the Ask feature, the text of your query and your city are sent to our AI providers to generate results (see Sections 5 and 6). Please do not type sensitive personal details into the search box β that text is processed by third-party AI providers based outside the EEA. Any answer the AI returns is a starting point, not advice, and may be inaccurate (see Section 12).
Location (optional). If you grant location permission, we use your device location only to show nearby venues and events on the map. Your location is not stored against your profile and is not shared with anyone. You can turn it off in your device settings at any time.
3.5 What we do not do
OUT contains no advertising SDKs, no third-party analytics, and no cross-app or cross-site tracking. We do not use the device advertising identifier (IDFA). Our app's tracking flag (NSPrivacyTracking) is set to false. We do not build advertising profiles about you, and we do not sell your data.
4. Why we use your data, and our lawful bases
Under the GDPR we must have a lawful basis for each use of your personal data. Here they are.
What we do Why Lawful basis (GDPR) Run the waitlist and send invite/referral emails To manage access and let you refer friends Performance of a contract / steps taken at your request (Art. 6(1)(b)); legitimate interests in operating the waitlist (Art. 6(1)(f)) Authenticate you via Sign in with Apple and keep the Apple token To create and secure your account, and to revoke the Apple connection on deletion Performance of a contract (Art. 6(1)(b)) Store and display your profile (display name, username, age, bio, photo, city, tags) To give you an account and personalise discovery Performance of a contract (Art. 6(1)(b)) Verify you are 18+ via date of birth To meet our 18+ requirement Performance of a contract (Art. 6(1)(b)) and our legitimate interests in operating an adults-only service (Art. 6(1)(f)) Store your sexual orientation, gender identity, and pronouns To personalise events/venues and let you express yourself Your explicit consent (Art. 6(1)(a) and Art. 9(2)(a)) Power discovery, saved items, and the map To deliver the core app Performance of a contract (Art. 6(1)(b)) Process your "Ask" queries via AI providers To generate search results you asked for Performance of a contract (Art. 6(1)(b)) Keep safety/abuse records To protect the service and our community Legitimate interests (Art. 6(1)(f)) Use optional location To show nearby results Your consent, given through the iOS location permission (Art. 6(1)(a))
Where we rely on consent (special-category data, location, marketing-style emails), you can withdraw it at any time without affecting the lawfulness of processing before you withdrew it. Where we rely on legitimate interests, you can object (see Section 9).
5. How your data is hosted and shared
5.1 EU hosting
Our backend runs on Supabase, hosted in the EU (Frankfurt, Germany). Essentially all of your personal data β including your special-category data β is stored in the EU and stays there.
5.2 Transfers outside the EEA
A small number of features rely on providers based in the United States. The transfers of personal data outside the European Economic Area (EEA) are:
the AI providers that power the "Ask"/search feature β Anthropic (Claude), Google (Gemini), and Voyage AI β which receive the text of your query and your city;
Resend, our email provider, which receives your email address to send waitlist and invite emails; and
Apple, for Sign in with Apple.
For each of these transfers we rely on the European Commission's Standard Contractual Clauses (SCCs) together with a transfer impact assessment to ensure your data receives an essentially equivalent level of protection. You can request more information about these safeguards by emailing padraig@aly.lgbt.
Our venue and map provider, Google Places, is also US-based, but it receives only venue and city look-up queries β no profile data and no special-category data β so no personal data about you is transferred to it.
5.3 Apple Maps
When you ask for directions, OUT opens Apple Maps via a standard device link. Apple's own privacy terms apply once you're in Apple Maps.
6. The third parties we work with
We use a small set of trusted service providers to run OUT. Each receives only the data it needs.
Our processors (sub-processors) act on our instructions under a data-processing agreement: Supabase, Resend, Anthropic, Google (Gemini), Voyage AI, and Google Places. Apple is different β for Sign in with Apple, Apple acts as an independent data controller in its own right, deciding how it handles the sign-in data under Apple's own privacy policy, rather than purely on our instructions.
Provider Role What they do for us What they receive Location Apple Independent controller Sign in with Apple Your name (once), email/relay address, stable user identifier US Supabase Processor Backend, database, file storage, authentication Essentially all of your personal data, including special-category data EU (Frankfurt) Resend Processor Sends waitlist/invite emails Your email address (every email has an unsubscribe link) US Anthropic (Claude) Processor AI "Ask"/search Your query text + your city US Google (Gemini) Processor AI "Ask"/search Your query text + your city US Voyage AI Processor AI "Ask"/search Your query text + your city US Google Places Processor Venue and map data Venue/city look-up queries only β no profile data and no special-category data US
Apple Maps opens through a device link for directions; it is not a sub-processor handling your account data.
7. How long we keep your data
We keep your data only as long as we need it:
Account data (profile, profile photo, saved items, etc.) β for as long as your account exists. When you delete your account, we delete it from our live database immediately (via a database cascade), and residual copies are removed from our encrypted backups within 30 days.
Waitlist / referral data β deleted 12 months after the waitlist entry is redeemed or expires, or sooner if you ask us.
Safety / abuse records β kept for up to 12 months.
If you ask us to delete your data sooner, we will, unless we have a legal reason to keep it.
8. Deleting your account
You can delete your account at any time in the app: Settings β Delete Account.
When you do this, we:
Delete your data from our backend via a database cascade; and
Attempt to revoke the Sign in with Apple authorisation using the Apple token we hold. This is best-effort.
If the automatic revocation cannot complete, you can revoke it yourself on your device:
Settings β [your name] β Sign in with Apple β OUT β Stop Using Apple ID.
Residual copies in encrypted backups are removed within 30 days (see Section 7).
9. Your rights
Under the GDPR and the Irish Data Protection Act 2018, you have the right to:
access the personal data we hold about you;
rectify inaccurate or incomplete data;
erase your data ("right to be forgotten");
restrict our processing in certain circumstances;
data portability β receive your data in a portable format;
object to processing based on our legitimate interests;
withdraw consent at any time, including for your special-category data (sexual orientation, gender identity, pronouns) β just edit or clear those fields, or delete your account.
To exercise any of these rights, email padraig@aly.lgbt. We will respond within one month. Many rights are also exercisable directly in the app (editing your profile, clearing sensitive fields, deleting your account).
Complaints
If you are unhappy with how we handle your data, you can complain to the Irish supervisory authority:
Data Protection Commission (DPC)
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
www.dataprotection.ie
We'd appreciate the chance to put things right first β please reach out to us before you do.
10. How we protect your data
We take security seriously:
Encryption in transit β all data moves over TLS.
Row-Level Security β our database enforces row-level access controls so users can only reach their own data.
Restricted date of birth β your date of birth lives in a separate, owner-only table that is locked down so only you can access it; the rest of the app sees only your age.
No stored passwords β authentication is handled entirely by Apple, so we never hold a password.
No system is perfectly secure, but we work to protect your data using appropriate technical and organisational measures.
11. Automated decisions and profiling
We do not make decisions that produce legal or similarly significant effects about you using solely automated processing. The "tags" we derive from your gender identity and sexual orientation are used only to surface relevant events and venues β they do not affect your rights.
12. Listings, AI results, and acceptable use
Third-party listings and AI results
The events, venues, places, opening hours, links, tickets, organiser details, and aggregated venue ratings and reviews shown in OUT come from third-party and public sources β you do not submit them. We work to keep them useful, but we cannot guarantee they are accurate, complete, or up to date. Always check directly with the venue or organiser before you rely on a listing, and attend at your own risk. Results from the AI "Ask"/search feature are generated by third-party AI and are a starting point, not professional advice β they may be wrong or out of date, so verify anything important.
Acceptable use
When you use OUT, you agree not to:
use the app for any unlawful purpose, or in any way that breaches applicable law;
misuse, abuse, disrupt, or interfere with the app or its security;
scrape, harvest, or systematically extract data from the app, or reverse-engineer, decompile, or attempt to derive its source code, except where the law expressly permits;
infringe our intellectual property or that of any third party.
Your own content
You keep ownership of the content you add to your own profile (such as your display name, bio, and profile photo). You grant us a non-exclusive, worldwide, royalty-free licence to host, store, and display that content for the sole purpose of operating OUT for you β for example, showing your profile back to you within the app. This licence ends when you delete the content or your account, except for residual backup copies removed on the schedule in Section 7.
Report a problem
If something in the app looks wrong, broken, or inappropriate, please tell us at padraig@aly.lgbt and we'll look into it.
13. App Store terms
You downloaded OUT from the Apple App Store. The following applies:
This policy and our Terms form an agreement between you and ALY, not between you and Apple. ALY β not Apple β is solely responsible for OUT and its content.
Apple has no obligation to provide any maintenance or support for OUT. Any support questions go to us at padraig@aly.lgbt.
To the extent permitted by law, Apple has no warranty obligation for OUT, and any claims relating to the app are between you and ALY.
Apple is not responsible for addressing any claims you or a third party may have relating to OUT, including product-liability, legal-or-regulatory-compliance, and consumer-protection claims.
You confirm you are not located in a country subject to a US Government embargo or designated as "terrorist-supporting", and you are not on any US Government list of prohibited or restricted parties.
Apple and its subsidiaries are third-party beneficiaries of these terms and may enforce them against you.
14. Data protection impact assessment
Because OUT processes special-category data, we will complete a Data Protection Impact Assessment (DPIA) before launch.
15. Governing law
This policy and your use of OUT are governed by the laws of Ireland, and the courts of Ireland have jurisdiction, without prejudice to any mandatory consumer-protection rights you have under the law of your country of residence.
16. Changes to this policy
If we change this policy, we'll update the "Last updated" date at the top and, where the change is significant, let you know in the app or by email. The current version will be made available within the app and, when published, at www.aly.lgbt/privacy.
17. Contact us
Questions, requests, or concerns about your privacy?
Email: padraig@aly.lgbt
We're a small team building for our community, and we're always happy to hear from you.