DriftHangoutDriftHangout
Legal

Privacy Policy

Version v1.0 · Effective 12 April 2026

DriftHangout — Privacy Policy

Effective Date: 12 April 2026 · Version: v1.0

1. Information We Collect

  • Account data: name, email, phone, WhatsApp number, Instagram handle, city
  • Organizer-only: CNIC (for verification, encrypted at rest)
  • Vehicle data: make, model, year, modifications, photos
  • Event data: registrations, attendance history, ratings
  • Payment data: transaction history and method (we do NOT store card numbers — handled by payment processors)
  • Location data: GPS coordinates ONLY when you actively drop a live location or use "nearby events." No background tracking.
  • Device data: device type, OS, app version, IP address
  • Usage data: pages viewed, features used, session duration

2. How We Use Your Data

To provide the Platform; process registrations and payments; verify organizers; send notifications; display your public profile; calculate leaderboards; improve the Platform; comply with legal obligations; prevent fraud. We do not sell your personal data. We do not use your data for third-party targeted advertising.

3. Data Sharing

  • With event organizers you register for — name, vehicle info, registration details
  • With payment processors (JazzCash, EasyPaisa, Stripe) — only what's needed to process transactions
  • With service providers — Clerk (auth), Supabase (hosting), Resend (email), Vercel (web hosting)
  • With law enforcement — when required by Pakistani law, court order, or legal process
  • In anonymized form — aggregate analytics may be shared that cannot identify individuals

4. Storage and Security

Data is stored on Supabase cloud infrastructure. Servers may be located outside Pakistan — by using the Platform you consent to cross-border transfer for service provision. We use TLS 1.3 in transit, encryption at rest, access controls, and regular audits. Payment card data is never stored on our servers.

5. Retention

Active accounts: retained while your account is active. After deletion: personal data deleted within 90 days, except where retention is legally required (tax records: 6 years; legal disputes: duration + 1 year). Event chat messages: auto-deleted 24 hours after event end. Anonymized data: retained indefinitely.

6. Your Rights

  • Access — request a copy of your data
  • Correction — fix inaccurate data
  • Deletion — delete your account and personal data (subject to legal retention)
  • Portability — receive your data in machine-readable format
  • Objection — object to specific processing
  • Withdraw consent — note this may limit your ability to use features

Email privacy@drifthangout.com. We respond within 30 days.

7. Children

The Platform is not intended for event participation by users under 18. Users 16–17 may create spectator-only accounts with parental consent. We do not knowingly collect data from users under 16.

8. Cookies

See our Cookie Policy for details.

9. Changes

We may update this Policy. Material changes are notified 30 days in advance.

10. Pakistani Compliance

Built for compliance with the Electronic Transactions Ordinance 2002, the Prevention of Electronic Crimes Act 2016, and the Personal Data Protection Bill 2023 (draft — we build to its standard now).

11. Contact

Data Controller: DriftHangout — privacy@drifthangout.com