Legal
Privacy Policy
Last updated: April 12, 2026
TheLobby is built on a single principle: your data is yours. We collect only what is necessary to run a private, trusted residential community — and we will never sell it, advertise against it, or share it outside your building except when you explicitly ask us to or the law requires it.
1. Who we are
TheLobby ("we," "us," "our") is a residential community platform operated by TheLobby Inc. If you have questions about this policy, contact us at hello@lobbyapp.co.
2. What data we collect
We collect the minimum necessary to operate the platform:
- Account data: phone number or email used for verification, display name, unit number, and profile photo if you add one.
- Building verification data: onboarding may use a one-time location check, lease roster match, or manager approval to verify that you belong in the building. We do not continuously track your location after onboarding.
- Community content: posts, comments, reactions, event RSVPs, group memberships, marketplace listings, maintenance requests, issue reports, and direct messages you create inside the app.
- Device and media permissions: camera and photo-library access only when you choose to add a profile photo or attach media to content you are creating.
- Usage data: operational analytics such as feature usage, session activity, and failure telemetry, used to improve the product and monitor pilot health. We report this in aggregate where possible and de-identify it when an account is deleted.
- Device token: a push notification token to deliver alerts you opt into. You can disable this at any time in Settings.
3. What we do not collect
- We do not collect your legal name, government ID, or financial information.
- We do not track your location after sign-up.
- We do not read or index your direct messages.
- We do not build advertising profiles.
- We do not use third-party ad networks.
Your data never leaves your building community. Residents in your building can see your display name, unit number, and public posts. No one outside your building — including TheLobby staff — can browse your community content without a specific, documented reason (e.g. a flagged content review).
4. How we use your data
- To create, authenticate, and verify your account against the building.
- To display your profile and posts to other verified residents of your building.
- To deliver push notifications you have opted into.
- To enforce community trust and moderation policies as described in our community guidelines.
- To provide property managers with aggregate, anonymised community health metrics (e.g. "post volume this month"). Individual resident data is never surfaced to managers in identifiable form beyond what residents post publicly.
- To improve the platform using anonymised usage analytics.
5. Data sharing
We do not sell your data. We share data only with:
- Supabase: our database and authentication infrastructure provider, operating under strict data processing agreements.
- Expo / Apple / Google: for push notification delivery only. Notification content is encrypted in transit.
- Law enforcement: only when required by a valid legal order, and only to the minimum extent required.
6. Data retention
Your data is retained for as long as your account is active. If you leave a building community without deleting your account, building-specific visibility may change but your account remains available for future verification.
You can permanently delete your account in the app under Settings → Privacy → Delete my account. That flow removes your profile, memberships, posts, messages, marketplace listings, maintenance requests, issue reports, and uploaded media from active systems.
We may retain minimal de-identified analytics, audit trails, and records required to comply with legal, security, fraud-prevention, or financial obligations. If you no longer have access to the app, you can also start a deletion request at lobbyapp.co/account-deletion.html.
7. Security
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Access to production systems is restricted to TheLobby engineers on a need-to-know basis with audit logging enabled. We conduct regular security reviews and adhere to OWASP guidelines.
8. Children's privacy
TheLobby is intended for residents aged 18 and older. We do not knowingly collect data from minors. If you believe a minor has created an account, please contact us immediately.
9. Your rights
Depending on your location, you may have rights to access, correct, port, or delete your personal data. You can delete your account in-app, request a copy of your data from the app, or contact hello@lobbyapp.co with the subject line "Data Request." We will respond within 30 days.
10. Changes to this policy
If we make material changes to this policy, we will notify active users via the app at least 14 days before the changes take effect. Continued use of the platform after that date constitutes acceptance of the updated policy.
11. Contact
Questions about this policy or how your data is handled: hello@lobbyapp.co