Privacy Policy

Last updated: March 10, 2026

TheLobby is built on a single principle: your data is yours. We collect only what is necessary to run a private, trusted residential community — and we will never sell it, advertise against it, or share it outside your building without your explicit consent.

1. Who we are

TheLobby ("we," "us," "our") is a residential community platform operated by TheLobby Inc. If you have questions about this policy, contact us at hello@lobbyapp.co.

2. What data we collect

We collect the minimum necessary to operate the platform:

• Account data: phone number, display name, unit number, and profile photo (optional).
• Location data: a one-time GPS check at sign-up to confirm physical presence at the building. We do not store or track your location after onboarding.
• Community content: posts, comments, reactions, event RSVPs, group memberships, and direct messages you create inside the app.
• Usage data: anonymous analytics such as feature usage frequency and session length, used to improve the product. Never linked to your identity.
• Device token: a push notification token to deliver alerts you opt into. You can disable this at any time in Settings.

3. What we do not collect

• We do not collect your legal name, government ID, or financial information.
• We do not track your location after sign-up.
• We do not read or index your direct messages.
• We do not build advertising profiles.
• We do not use third-party ad networks.

4. How we use your data

• To create and authenticate your account.
• To display your profile and posts to other verified residents of your building.
• To deliver push notifications you have opted into.
• To enforce community trust and moderation policies as described in our community guidelines.
• To provide property managers with aggregate, anonymised community health metrics (e.g. "post volume this month"). Individual resident data is never surfaced to managers in identifiable form beyond what residents post publicly.
• To improve the platform using anonymised usage analytics.

5. Data sharing

We do not sell your data. We share data only with:

• Supabase: our database and authentication infrastructure provider, operating under strict data processing agreements.
• Expo / Apple / Google: for push notification delivery only. Notification content is encrypted in transit.
• Law enforcement: only when required by a valid legal order, and only to the minimum extent required.

6. Data retention

Your data is retained for as long as your account is active. If you leave a building community, your posts remain visible to existing members (community continuity) but your profile is de-listed from the resident directory. You may request full deletion of your account and associated data at any time by emailing hello@lobbyapp.co — we will action it within 30 days.

7. Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Access to production systems is restricted to TheLobby engineers on a need-to-know basis with audit logging enabled. We conduct regular security reviews and adhere to OWASP guidelines.

8. Children's privacy

TheLobby is intended for residents aged 18 and older. We do not knowingly collect data from minors. If you believe a minor has created an account, please contact us immediately.

9. Your rights

Depending on your location, you may have rights to access, correct, port, or delete your personal data. To exercise any of these rights, email hello@lobbyapp.co with the subject line "Data Request." We will respond within 30 days.

10. Changes to this policy

If we make material changes to this policy, we will notify active users via the app at least 14 days before the changes take effect. Continued use of the platform after that date constitutes acceptance of the updated policy.

11. Contact

Questions about this policy or how your data is handled: hello@lobbyapp.co