Privacy Policy

The short version

MidRally is designed to ask for as little as possible. Members share only a ZIP — never a street address — which we use to place them in a broad metro area and to compute aggregate results for the organizer. We don’t sell your data, and we don’t use advertising or tracking cookies.

Who we are

MidRally (“we”, “us”) operates MidRally. For any privacy question or request, contact us at [email protected].

What we collect

• Account data. Your email address, an optional display name, and the identifier from the sign-in provider you use (e.g. Google). A password hash only if you use a local password.
• Response data (members). When you respond to a community, you share a ZIP or pick a metro. We use it to derive a broad metro area and to compute the organizer’s results, which can include showing response points on a map. A ZIP is far coarser than a street address — we never ask for one.
• Community data (organizers). The communities you create and their settings (name, description, join rules, privacy threshold, optional event dates).
• Operational data. A server-side session (so you stay signed in), a CSRF token, and minimal request metadata (IP address and user-agent on the session row) used for security and abuse prevention.
• Aggregate analytics. We keep first-party, non-identifying pageview counts — the page visited and, if you followed a link from another site, that site’s domain — to understand which pages are useful. These rows hold no IP address, no device or user-agent, no cookie, and nothing that ties a view back to you; known bots are excluded and only daily totals are retained long-term.
• Marketing attribution. If you arrive through a marketing link that carries campaign tags (e.g. utm_source, utm_medium, utm_campaign), we record just those tags on your account when you sign up, so we can see which efforts bring people in. They’re first-party labels from the link itself — no third party, no cross-site tracking, and no behavioural profile.
• Billing data. If you subscribe to a paid plan, our payment processor handles your card details; we store only your plan, billing interval, status, and the processor’s customer/subscription identifiers. We never see or store full card numbers.

What we deliberately do not collect

• Street addresses, or your device’s GPS / precise location.
• Advertising identifiers, or any third-party / cross-site tracking. Our pageview analytics is first-party, cookieless, and aggregate — never shared and never tied to your identity.
• Payment card numbers (handled entirely by our payment processor).

What organizers and we can see

Results are presented in aggregate by default — host-city clusters (with small clusters grouped under a minimum-size threshold) and a fair central point computed from everyone’s ZIPs. Depending on a community’s settings, an organizer may also view more granular detail, such as individual response points on a map. Our staff may access underlying data where necessary to operate, support, and secure the service. We don’t sell your data or share it for advertising.

Cookies

We use a single, first-party, strictly necessary cookie to keep you signed in and to protect against cross-site request forgery. We do not use advertising, analytics, or cross-site tracking cookies — our pageview analytics is cookieless and measured on our own server — so there is no tracking consent banner to click through.

Third parties we share with

We don’t sell your data or share it for advertising. We rely on a small set of processors strictly to run the service:

• Map tiles (OpenStreetMap / CARTO). Maps load tiles from these providers. For venue suggestions, only the aggregate central point — never any member’s location — is sent to look up nearby places.
• Sign-in provider. The identity provider you choose (e.g. Google) authenticates you; we receive only your basic profile and email.
• Payment processor. If you subscribe, a PCI-compliant processor handles payment; we store only non-sensitive subscription references.
• Hosting. Our infrastructure provider stores the application database on our behalf.
• Flight pricing (optional). If enabled, only candidate city pairs and dates — never member data — are sent to validate prices.

Retention

Account data is kept while your account is open. Responses are kept while the relevant community exists; you can edit or withdraw your own response at any time. When you close your account we erase your personal information as described below.

Your rights & choices

• Access & portability. Email [email protected] to request a copy of your data.
• Correction. Update your display name on your account page.
• Withdraw a response. Remove your answer from any community at any time; it stops counting immediately.
• Erasure. Close your account from your account page. We null your email and display name, delete your sign-in identities, revoke your sessions, and tombstone the account so it can’t be signed into again. (If you hold a paid subscription, cancel it first.)

Depending on where you live, you may have additional rights under laws such as the GDPR or CCPA, including the right to object or to lodge a complaint with a supervisory authority.

Security

Sessions live server-side behind a signed, HTTP-only cookie; join passphrases and any local passwords are stored only as hashes; and traffic is served over HTTPS in production. No system is perfectly secure, but we limit what we ask for in the first place — a ZIP, never a street address.

Children

MidRally is not directed to children and is not intended for use by anyone under 13 (or the minimum age in your jurisdiction).

Changes

We may update this policy; we’ll revise the “last updated” date above and, for material changes, take reasonable steps to notify you.

Contact

Questions or requests: [email protected].