Back to Papilo

Legal

Privacy Policy

Last updated May 11, 2026

We built Papilo to help you find what's happening in New York. We collect what's needed to make that work — and not much else. Here's the full picture.

01

What we collect

Account information.

When you sign up we collect your email address and an encrypted password. You can optionally add a display name, date of birth, and phone number to your profile.

Content you submit.

Events, photos, and venue information you submit through the platform. If you submit anonymously, we may collect a name and email purely so we can contact you about your submission.

Usage data.

Anonymous pageviews, search queries, and feature interactions so we can understand what's working. We use Vercel Analytics for this; no third-party advertising trackers.

Device information.

Standard technical signals (browser, OS, IP address) collected automatically by our hosting infrastructure for security and reliability.

02

How we use it

  • Operate the Papilo platform and your account
  • Send event recommendations and account-related messages
  • Improve discovery based on aggregate usage patterns
  • Detect abuse and enforce our Terms of Service
  • Reply to your support requests and feedback

We do not use your personal data to train AI models, sell to data brokers, or build advertising profiles.

03

Sharing & disclosure

We do not sell personal information. We share data only with:

  • Service providers who help us run the platform — Supabase (database + auth), Vercel (hosting), Railway (API), and similar infrastructure.
  • Law enforcement when required by valid legal process or to protect the rights and safety of Papilo, our users, or the public.
  • An acquirer or successor if Papilo is acquired or merges with another company. Your data is treated as a business asset in that scenario, and we'll notify you.
04

Storage & security

Data is stored in Supabase Postgres with row-level security policies enforced at the database layer. Passwords are hashed with bcrypt. All traffic uses HTTPS. We follow industry-standard practices for backup, access control, and incident response.

No system is perfectly secure. If a breach affects your data, we'll notify you in accordance with applicable law.

05

Cookies

We use essential cookies to keep you signed in and to remember your discovery preferences. We do not use third-party advertising cookies or cross-site tracking.

06

Your rights

You can:

  • Access the personal data we hold about you
  • Correct inaccurate or outdated information
  • Delete your account and associated data
  • Opt out of non-essential communications
  • Export your data in a portable format

To exercise any of these rights, email team@papilonyc.com. We respond within 30 days.

07

Data retention

We keep your account data for as long as your account is active. When you delete your account we remove your personal data within 30 days, except where retention is required by law (e.g. tax records, fraud-prevention logs).

08

Children's privacy

Papilo is intended for users 18 and older. We do not knowingly collect information from minors. If you believe a child has provided us personal data, email team@papilonyc.com and we'll delete it.

09

Changes to this policy

We may update this policy from time to time. For material changes we'll notify you by email or an in-app notice at least 14 days before they take effect. Continued use after the effective date constitutes acceptance.

10

Contact

For any privacy question, reach us at team@papilonyc.com. We read every message.