Skip to content

About

About Prowl

Prowl is a map-based discovery app for queer men. Every app in this space has gone the same way. Corporate acquisition. Data harvesting. Basic features locked behind a paywall. The alternatives are either sold out or falling apart. So this got built instead.

Prowl is not trying to be Grindr. It is not trying to be Sniffies. It is trying to be honest.

The map

The map is the interface. See who is nearby. Signal interest. Chat. Meet. That is the core loop, and it works without paying a cent. You can browse, message, signal, and find people on the free tier. The paid tiers add luxury features. They do not add access.

Privacy

Your location is fuzzed by default. Other users see an approximate position, not your coordinates. You control the radius. Your identity is yours to reveal on your terms, or not at all. No real name required. No phone number. No email.

Data is not sold. Ad networks do not run here. Prowl is a private company owned by queer people. It will never go public, never sell your data, never paywall basic functionality.

Spots

Spots on the map are community-submitted and community-moderated. The people who use them maintain them.

How we keep your data safe

Row-level security

Every database table is locked — users can only access their own data. Admin tables are blocked entirely from client access.

Location fuzzing

Your position is randomized within a radius you choose (100m–2km). Other users see an approximate area, never your actual coordinates.

Zero tracking

No third-party ad networks, no cross-site tracking, no analytics that follow you. Prowl makes money from subscriptions — not from your data.

Separate admin auth

The admin panel uses cryptographically signed tokens completely separate from user accounts. They expire after 24 hours.

Native + web

Prowl is available as a PWA in your browser and a native iOS app. Both share the same secure Supabase backend with identical privacy protections.

Automated audits

Security audits check for exposed secrets, missing auth guards, XSS vectors, and database gaps. Every API route requires authentication.

Rate limiting

Login attempts and content creation are rate-limited per user, blocking brute force and spam attacks before they start.

CSP headers

Content Security Policy headers prevent cross-site scripting and block unauthorized scripts from running in your browser.

Your data rights

Export all your data or delete your account permanently at any time. We comply with GDPR and CCPA.

Audit logging

Every admin action is logged with timestamps and operator identity. Nothing happens behind the scenes without a paper trail.

Session timeout

Sessions auto-expire after 2 hours of inactivity. If you walk away, your session locks itself.

Encrypted calls

Audio and video calls use LiveKit with end-to-end encryption. Calls are never recorded. Only call metadata (duration, participants) is stored for billing.

State compliance

Age verification enforced for 20+ US states. Government ID photos are reviewed by an admin and permanently deleted after review — never stored, copied, or shared.

How it is built

Next.js, MapLibre, Supabase. Deployed on Vercel.

Support & FAQsHow to use ProwlChangelogTerms of ServicePrivacy PolicyContact

© 2026 Prowl. All rights reserved.