In Confidence

Privacy policy.

Last updated: May 13, 2026

This Privacy Policy explains how Where To LARP (“Where To LARP,” “we,” “us,” or “our”) collects, uses, shares, and protects information about you when you use wheretolarp.com (the “Service”). By using the Service, you agree to the practices described here and in our Terms of Service.

1. Information we collect

We collect the following categories of information:

  • Account information. When you sign up — whether with Google or with an email and password — we receive identifiers such as your name, email address, and (if you sign in with Google) your Google profile picture and account ID. If you create a password, we store it only in hashed form.
  • Profile and user content. Information you choose to add, such as a username, avatar, profile details, spots you submit, plans, friends/follows, leaderboard activity, and messages you send to other users.
  • Payment information. If you purchase a paid feature, our payment processor (Stripe) collects and processes your payment details. We do not receive or store full payment card numbers; we receive limited transaction metadata (e.g., that a payment succeeded).
  • Usage and device data. Standard log and analytics data such as IP address, browser type, pages viewed, and timestamps, collected automatically when you use the Service.
  • Cookies. We use strictly necessary cookies to keep you signed in and to maintain session security. See “Cookies” below.

2. How we use information

  • to provide, operate, maintain, and improve the Service;
  • to create and manage your account and authenticate you;
  • to enable social features such as friends, follows, messaging, plans, and leaderboards;
  • to process payments for optional paid features;
  • to generate certain content features (for example, AI-assisted suggestions), which may involve sending non-identifying prompt text to an AI provider;
  • to communicate with you about the Service, including service-related notices;
  • to detect, prevent, and address fraud, abuse, security issues, and violations of our Terms;
  • to comply with legal obligations.

3. Google user data

If you sign in with Google, we request only basic profile information (your name, email address, profile picture, and Google account identifier) for the sole purpose of creating and authenticating your account. Where To LARP's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising, and we do not sell it.

4. How we share information

We do not sell your personal information. We share it only as follows:

  • Service providers (processors). We use trusted third parties to run the Service, including: Supabase (database and storage), Vercel (hosting), Stripe (payments), Google (authentication), Mapbox and mapping providers (maps), and an AI provider (content features). These providers process data on our behalf under their own terms.
  • Other users. Profile information you make public (such as your username and avatar), spots you submit, and messages you send are visible to other users as part of the Service's social features.
  • Legal and safety. We may disclose information if required by law, legal process, or to protect the rights, property, or safety of Where To LARP, our users, or others.
  • Business transfers. If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Cookies

We use cookies that are strictly necessary for the Service to function — primarily session and authentication cookies set by our login system (NextAuth) — and, where applicable, CSRF protection cookies. We do not use third-party advertising cookies. You can block or delete cookies in your browser settings, but the Service may not work properly without the necessary ones.

6. Data retention

We retain personal information for as long as your account is active or as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. When you delete your account, we delete or anonymize the associated personal information within a reasonable period, except where we are required or permitted by law to retain it.

7. Your rights and choices

  • Access and update. You can view and update much of your information in your account settings.
  • Deletion. You can delete your account at any time from your settings, which removes your personal information as described above. You may also contact us to request deletion.
  • Other rights. Depending on where you live, you may have additional rights under laws such as the GDPR or CCPA — for example, to access, correct, port, restrict, or object to certain processing of your data. Contact us to exercise these rights.

8. Security

We take reasonable technical and organizational measures to protect your information, including encryption in transit, hashed passwords, and access controls. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Children's privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.

10. International users

We and our service providers may process and store your information in countries other than the one in which you live. By using the Service, you consent to the transfer of your information to those countries, which may have different data-protection laws than your own.

11. Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice. Your continued use of the Service after the changes take effect constitutes acceptance of the updated Policy.

12. Contact

Questions or requests regarding this Privacy Policy or your personal information? Contact us at wheretolarp@gmail.com.

See also our Terms of Service.