Privacy Policy
Effective July 16, 2026
Halo.LGBT ("Halo", "we") is a directory of LGBTQ+ events (parties, pride parades, drag shows, community meetups, queer film festivals, activism, and culture) available at halolgbt.com. Right now, the events listed on the platform are limited to Spain, but account creation is open to anyone, in any country — there's no geographic restriction on signing up. If you create an account from outside Spain or the EU, this Privacy Policy still applies to you, and depending on where you live, other local data protection laws may also apply alongside it.
This Privacy Policy explains what personal data we collect, what we use it for, who we share it with, and what rights you have over it.
We take protecting your data especially seriously because, for many of our users, the information we handle — including LGBTQ+ event attendance — can reveal sexual orientation or gender identity, a specially protected category of data. In some countries, that information could expose someone to real risk. We designed this policy, and the product, with that in mind.
1. Data controller
Sara Moreno da Silva
Contact: contact@halolgbt.com
2. Data we collect
We collect the following data, either directly from you or generated by your use of Halo:
- Account data: email address, name or nickname, profile photo (optional).
- Pronouns: an optional field you can set on your profile.
- Preferred language: to show you the interface in your language.
- Phone number: optional, only if you choose to provide it.
- Saved events and attendance ("tap-in"): which events you save, which ones you confirm attendance to, and that history.
- Organization memberships: whether you belong to an organization that publishes events on Halo, and in what role (member, collaborator, admin, owner).
- Content you publish: event descriptions, event/poster photos, and any other content you upload as an organizer.
- Reports you submit: if you use the "Report" feature on an event or organization, we store the reason (illegal, fraud, unsafe, other), any details you add, and which event or organization it concerns, tied to your account.
- Technical data: IP address, device/browser type, and basic usage data, mainly through authentication (Auth0) and error monitoring (GlitchTip).
About your email versus other users: by design, we don't show your full email address to other users — where your name isn't available, we show only the part before the @ (e.g. ana instead of ana@example.com). Your full email is only ever shown to you, never to other users.
3. Purposes and lawful basis for processing
| Purpose | Data involved | Lawful basis (GDPR) |
|---|---|---|
| Create and manage your account, authenticate you | Email, name, password/session (via Auth0) | Art. 6.1(b) — performance of a contract (Halo's terms of use) |
| Show you relevant events and let you save/confirm attendance | Saved events, city, language | Art. 6.1(b) — performance of a contract |
| Pronouns and LGBTQ+ event attendance ("tap-in") | Pronouns, events you confirm attendance to | Art. 9.2(a) — explicit consent. We treat attending LGBTQ+ events as capable of revealing sexual orientation or gender identity, even if you never state that expressly, so we handle it with the same care as special-category data. That's why we don't rely on legitimate interest for this, but on your explicit, freely revocable consent. |
| Manage organizations and event-publishing roles | Organization memberships, role | Art. 6.1(b) — performance of a contract |
| Communicate with you about your account or events | Email, phone (if provided) | Art. 6.1(b) — performance of a contract |
| Respond to reports you submit about an event or organization, and send you confirmation of receipt and the outcome | Email, report reason and detail, the reported item | Art. 6.1(f) — legitimate interest (keeping the platform safe and responding to people who report content). You can turn off confirmation/outcome emails from your account preferences without affecting your ability to submit reports; see Section 5 and Section 7. |
| Security, fraud prevention, and technical maintenance | Technical data, error logs | Art. 6.1(f) — legitimate interest (keeping the platform secure and operational) |
| Complying with legal obligations (e.g. responding to a competent authority) | Only the data strictly necessary in each case | Art. 6.1(c) — legal obligation |
How consent for pronouns and event attendance works: account setup is the one mandatory step every new user passes through before reaching the rest of the app, and it shows an unchecked, not-preselected checkbox ("I agree to Halo processing my pronouns, if provided, and my event attendance to run the service, as described in our Privacy Policy") that must be explicitly ticked to continue. This is enforced on our servers too, not just in the web form, so there's no way to create an account by bypassing it. The date and time of your consent is stored and never overwritten by later profile edits.
A known, unresolved gap: accounts created before July 15, 2026 never went through this checkbox, so there's no explicit consent on record for those specific accounts in relation to their pronouns or already-saved event-attendance history. We're stating this plainly so this policy doesn't overclaim consent coverage that doesn't yet exist for every account — we'll revisit this as our user base grows.
4. Data retention
We keep your data only as long as necessary for the purposes described, and for at most the periods below:
- Account data (profile, pronouns, saved events): for as long as your account is active, plus 30 additional days after a deletion request, to allow account recovery in case of error and to meet any residual legal obligations.
- Technical and error-monitoring logs (GlitchTip): 90 days, after which they're automatically deleted. This is the fixed default of the hosted plan we use, which isn't self-service adjustable at our current scale.
- Event content published by organizations: 90 days after the organization or event itself is deleted, to leave room for handling moderation disputes.
- Database backups: 6 hours. Our database provider (Neon) uses a 6-hour instant-restore window, meaning already-deleted data could technically still be recovered through this mechanism for up to 6 hours.
- Reports you submit and the associated moderation log: unlike account and event/organization data, reports and moderation records don't yet have a defined retention period or automatic deletion — they persist until we manually review and clear them. If your account is deleted, your reports aren't deleted with it, since they stay linked to your (by then anonymized) account rather than to your identity. This is a real gap we know about and intend to close by setting a retention period and building the corresponding automated cleanup.
Given the sensitive nature of this data, we prioritize account-deletion requests highly. In practice, the "30 additional days" figure above is the same window described in Section 7: your account is locked immediately on request but stays recoverable for 30 days, after which an hourly automated process anonymizes and deletes the data.
5. Recipients and processors
We do not sell your personal data. We share data only with the following providers, who act as processors under our instructions, to the extent necessary to run the service:
- Auth0 (Okta) — handles authentication and login. Receives your email and session credentials, processed in the United States. The transfer relies on Okta, Inc.'s active self-certification under the EU-U.S. Data Privacy Framework (next renewal September 23, 2026), backed by Standard Contractual Clauses as an additional mechanism.
- Neon (Postgres database) — stores the platform's data (accounts, events, organizations). Hosted in the European Union (Frankfurt, Germany).
- Cloudflare R2 — storage for images you or organizations upload (event posters, profile photos). Hosted in the European Union (Western Europe).
- GlitchTip (error monitoring) — receives technical information about application failures to help us fix them. By design, our system only sends the names of a form's fields when an error occurs, never their values, specifically to avoid sending personal data to this tool. GlitchTip is operated by Burke Software and Consulting LLC (New York, USA) and hosts data in the United States. Its data processing agreement uses the EEA Standard Contractual Clauses (Module 2) plus the UK Addendum as its international-transfer mechanism — however, our own signature/acceptance of that agreement's Cover Page is still outstanding, so this mechanism isn't yet formally in force for our relationship with GlitchTip. We're working to complete that step.
- Google Maps — used to display event location maps. The transfer to Google LLC (USA) relies on its active self-certification under the EU-U.S. Data Privacy Framework (next renewal September 13, 2026).
- Google Tag Manager / Google Analytics 4 — our container fires exactly one tag, a native GA4 tag, with no advertising pixels of any kind. It only loads after you accept optional cookies via our cookie banner (see our Cookie Policy). We've turned off Google Signals, ad personalization, and granular location data collection in our Google Analytics settings, and shortened user-level data retention to 2 months.
- Resend — transactional email provider (Plus Five Five, Inc., San Francisco, USA), used exclusively for two emails tied to the report feature: confirming we received your report, and letting you know it's been resolved. Not used for marketing email. You can turn this off from your account preferences at any time. Resend holds active self-certification under the EU-U.S. Data Privacy Framework and its UK Extension, plus Standard Contractual Clauses and a UK Addendum as additional mechanisms.
We may also share data where the law requires it (for example, in response to a valid court order), or to protect the rights, safety, or property of Halo or our users.
6. International data transfers
Several of our providers process data outside the European Economic Area (EEA), in the United States. Where that happens, we rely on one of the mechanisms recognized under the GDPR (Chapter V): the provider's adherence to the EU-U.S. Data Privacy Framework, Standard Contractual Clauses, or both:
- Auth0/Okta and Google (Maps, and Analytics via Google Tag Manager) each hold active, independently verified self-certification under the Data Privacy Framework.
- Resend holds active self-certification under the Data Privacy Framework and its UK Extension, plus Standard Contractual Clauses.
- GlitchTip's data processing agreement specifies the EEA Standard Contractual Clauses (Module 2) and a UK Addendum as its mechanism, but as noted in Section 5, our formal acceptance of that agreement is still pending, so this transfer isn't yet governed by a fully executed agreement.
Because account signup is open globally while events are currently Spain-only, we may already process personal data of people registered outside the EU. Depending on where you live, other data protection laws besides the GDPR may also apply to how we handle your data.
7. Your rights
As a data subject, you have the right to:
- Access: know what data of yours we process.
- Rectification: correct inaccurate or incomplete data.
- Erasure ("right to be forgotten"): request deletion of your data when it's no longer necessary or you withdraw your consent.
- Portability: receive your data in a structured, commonly used format, or request that it be transmitted directly to another controller where technically feasible.
- Objection: object to processing based on legitimate interest.
- Restriction of processing: request that we restrict use of your data in certain circumstances.
- Withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal, in particular regarding your pronouns and event attendance (Section 3).
For access and erasure (GDPR Arts. 15 and 17), Halo offers a self-service mechanism within the platform itself:
- Data export (Art. 15): from your account settings ("Your data"), you can immediately download a file with your profile, saved events, organization memberships, organizations you own, and events you've created.
- Account deletion (Art. 17), in two phases: when you request deletion from those same settings, your account is locked immediately, but stays recoverable for 30 days via a cancel action on the same screen. If you don't cancel, an automated process anonymizes your profile and deletes associated data (saved events, organization invitations) after that window, and also attempts to delete your avatar and your login identity. If you're the sole owner of an organization, you'll need to transfer its ownership to someone else before you can complete your deletion request.
For the rest of the rights on this list (rectification, portability, objection, restriction), or for any question about the above, write to us at contact@halolgbt.com.
Control over email notifications: from your account preferences you can turn off email notifications, which includes the two report-related emails described in Section 5 — turning them off doesn't affect your ability to keep submitting reports or using the rest of the platform.
8. Complaints to the Spanish Data Protection Agency (AEPD)
If you believe we haven't handled your data in line with applicable law, you can file a complaint with the Agencia Española de Protección de Datos (AEPD):
- Website: https://www.aepd.es
- Address: C/ Jorge Juan, 6, 28001 Madrid, Spain
- Online: through the form available on their website
This is independent of, and doesn't replace, your right to go directly to the courts.
9. Changes to this policy
We may update this Privacy Policy to reflect changes to the product, to the providers we use, or to applicable law. If a change is material, we'll notify you by email or through a visible notice on the platform before it takes effect. The "Effective" date at the top of this document indicates which version is in effect.
10. Contact
For any question about this Privacy Policy or about how we handle your data, write to us at: