Privacy

How location works

Your exact GPS coordinates never leave the server. Other users see a fuzzed position, randomly offset within a radius you control (100m–2km / ~330ft–1.2mi). No one on Prowl can pinpoint where you are. Your fuzz radius and map visibility preference are saved to your account in Supabase and sync across devices.

Identity

You do not need a phone number, a real name, or an email address to use Prowl. Anonymous access works fully. If you create an account, your email is used only for login and password recovery — never shared.

Data collection

We collect: your profile information (what you choose to share), your fuzzed location (so the map works), your messages (so chat works), and basic activity logs (page views, errors) to maintain the service.

Device fingerprinting

We save an anonymous device identifier (a hashed combination of browser and hardware signals) to prevent harassment and protect community safety. This identifier persists even if you delete your account. We do not store raw hardware data — only a one-way hash. Raw signals (IP address, user agent) are purged after 90 days. The hash itself is retained indefinitely as a safety record. This is disclosed here and during account creation.

Verification

Prowl runs automated checks (device signals, location consistency, usage patterns) to verify accounts. If your account is flagged, you can submit a selfie for manual review. Verification selfies are used only for identity confirmation, reviewed by an admin, and deleted after the review is complete. Verified status is shown as a badge — it indicates a photo match, not an identity guarantee.

Events

When you create or attend an event, event details (title, description, date, attendee list) are stored. Event addresses are hidden until a time set by the organizer. Group chat messages within events are visible to accepted attendees only.

Payments

Subscriptions are processed through Stripe. Prowl does not store credit card numbers. Stripe handles all payment data under PCI compliance. If a payment fails, your account drops to the free tier — your data is preserved, and your plan restores when payment is resolved.

Data sales

There are none. Not to advertisers. Not to data brokers. Not to anyone. There are no third-party ad tracking networks in the app.

Photos

Photos are stored in Supabase Storage. Private albums are visible only to the people you share them with.

Voice messages

Audio messages are recorded on your device and uploaded to Supabase Storage. They are accessible only to the conversation participants (sender and recipient). Audio files are retained for moderation and safety review purposes. If a message has an ephemeral timer, the audio file is deleted from storage when the message expires. Prowl does not transcribe voice messages.

Audio & video calls

Calls are routed through LiveKit, a WebRTC media server. Calls are never recorded by Prowl or LiveKit. When end-to-end encryption is enabled, call media is encrypted on your device and decrypted only on the other person's device — LiveKit's servers cannot access the audio or video stream. We store only call metadata (who called whom, duration, date) for billing and safety reporting purposes. IP addresses used during calls are not logged or retained.

Age verification

Users in US states that require age verification to access explicit content are asked to confirm their date of birth or, in states that require it (TX, LA), to upload a photo of a government-issued ID (driver's license). Your ID photo is uploaded to a private, admin-only storage bucket. An admin reviews it manually. After review — whether approved or rejected — the ID photo is permanently deleted from our servers. We never store, copy, extract data from, or share your ID. Only the verification result (pass/fail) and timestamp are retained on your account.

State detection

To determine which content regulations apply, Prowl detects your approximate location using browser geolocation (with your permission) and reverse geocoding. The detected US state code is stored on your profile. If you use a VPN, state detection may be inaccurate — Prowl makes good-faith compliance efforts but cannot guarantee detection accuracy when location is masked.

Blocking

When you block someone, they cannot see you, contact you, or know they have been blocked. If they create a new account from the same device, the block follows the device.

Cookies

Session management only. No tracking cookies. No analytics cookies.

Accessibility data

Accessibility preferences (dyslexic font, reduce motion, high contrast, large text) are stored in your browser's local storage. They are never sent to our servers.

Session security

Sessions auto-expire after 2 hours of inactivity. If you walk away from an open session, it locks itself automatically.

Your data rights

You can export a copy of all your data at any time from Settings > Export my data. We comply with GDPR and CCPA data rights.

Deleting your account

You can delete your account and all associated data at any time from Settings. When you delete, your profile, messages, photos, and personal data are removed. Device fingerprint hashes and abuse reports are retained as safety records (they contain no personal information).

Law enforcement

If law enforcement requests your data, you will be notified unless a court order prohibits it.

The company

Prowl is a private company owned by queer people. It will never go public, never sell your data, and never paywall basic functionality.

Contact

Questions about privacy: privacy@getprowl.app