Privacy Policy
This Privacy Policy explains how Caila Ltd ("Caila", "we", "our", or "us") collects, uses, shares, and protects information when you use the caila mobile application (the "App"). Please read this policy carefully. By creating an account or using the App, you agree to the practices described here.
1. Who We Are
Caila Ltd is the data controller responsible for your personal data. We are registered in Ireland and our registered address is available on request at support@caila.social. Our App is designed to help you share real-world plans — events, happenings, trips, and ideas — with friends in a private, controlled way.
2. Information We Collect
2.1 Information you provide directly
- Account information: your name, username, email address, nationality, and current city, which you provide when you register.
- Profile information: interests and preferences you select during onboarding or update later in your profile.
- Content you create: posts (Events, Happenings, Trips, Floats), photos you attach to posts, recommendations (Recs), and reactions or RSVPs to other users' posts.
- Social connections: the friends you add, your Close Friends list, and Crews you create or join.
- Messages: direct messages and group chat messages sent through the App.
2.2 Location information
- City-level location: if you enable "Show my current location", we detect and store the nearest city to your device using your device's GPS. Only city-level data (not precise coordinates) is associated with your profile.
- Automatic visit tracking: if you enable this optional feature, the App uses "Always On" location access to detect when you travel to a new city and automatically logs it to your Been list. You can disable this at any time in Settings > Privacy & Location.
- Photo geotag import: if you use the Photo Geotag Import feature, we read the GPS metadata embedded in your photos to identify cities you have visited. This analysis happens on your device and only the resulting city names are uploaded to our servers.
2.3 Device and usage information
- Device identifiers: device model, operating system version, and a unique device token used to send you push notifications.
- Usage data: features you use, posts you view, and how you interact with the App, collected to improve the service and diagnose issues.
- Log data: IP address, crash reports, and error logs collected automatically when you use the App.
2.4 Calendar information
If you connect your device calendar (optional), we read calendar events to display them alongside your plans in the caila calendar view, and write plan entries to a calendar you select. We do not store your personal calendar events on our servers.
2.5 Photo library access
When you attach photos to posts or use Photo Geotag Import, we request access to your photo library. We only upload photos you explicitly select; we do not scan or upload your full photo library.
2.6 Third-party event data
We use the Ticketmaster Discovery API to surface public events in the App. We do not share your personal data with Ticketmaster unless you independently purchase a ticket through their platform.
3. How We Use Your Information
- Provide the App: create and maintain your account, display your profile and posts to other users according to your privacy settings, and enable social features such as friend connections, Crews, and the World feed.
- Overlaps: match your plans, trips, and city visits against those of your friends to surface "overlaps" — moments when your worlds coincide.
- Notifications: send you push notifications about friend activity, plan updates, overlaps, and event reminders. You can control notification types in Settings > Notifications.
- Calendar sync: export plans you join to your connected device calendar.
- Safety and integrity: detect, investigate, and prevent fraud, abuse, and violations of our Terms of Service.
- Analytics and improvement: understand how users engage with the App to fix bugs, improve features, and plan new functionality.
- Legal compliance: respond to valid legal requests and protect the rights and safety of Caila, our users, and the public.
4. How We Share Your Information
4.1 With other users
The core purpose of caila is social sharing. What other users can see is governed by the privacy settings you choose for each post:
- All Friends: visible to everyone on your friends list.
- Close Friends: visible only to users you have added to your Close Friends list.
- Crews: visible only to members of a specific Crew you select.
- Tagged: visible only to people you tag in the post.
- Only Me: visible only to you.
Your name, username, profile city, and any posts set to a shared visibility level are visible to the relevant users. Your email address is never shown to other users.
4.2 With service providers
- Google Firebase: we use Firebase Authentication, Firestore, Cloud Storage, and Cloud Messaging to operate the App. Google processes data on our behalf under appropriate data processing agreements. For more information, see Google's Privacy Policy at policies.google.com.
- Analytics providers: we may use analytics tools to collect aggregated, anonymised usage data. This data does not identify you personally.
4.3 Legal and safety disclosures
We may disclose your information if we believe in good faith that disclosure is necessary to: (a) comply with applicable law or a valid legal process; (b) protect the safety of any person; (c) prevent fraud or abuse; or (d) protect the rights and property of Caila.
4.4 Business transfers
If Caila is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via in-app notice or email before your data is transferred and becomes subject to a different privacy policy.
4.5 Aggregated and de-identified data
We may share aggregated or de-identified data — information that cannot reasonably be used to identify you — for research, analysis, or business purposes.
5. Your Privacy Controls
Post privacy
You choose who can see each post at the time of creation and can edit the privacy setting at any time. Deleting a post removes it from all users' feeds.
Location
You can turn off "Show my current location" and "Automatic visit tracking" at any time in Settings > Privacy & Location. You can also revoke location permissions in your device Settings > Privacy > Location Services > caila.
Push notifications
You can manage individual notification types in Settings > Notifications, or disable all notifications in your device Settings > Notifications > caila.
Photo and calendar access
You can revoke photo or calendar permissions at any time in your device Settings > Privacy & Security.
Account deletion
You can delete your account from Settings > App & Account > Delete Account. Deletion removes your profile, posts, photos, and messages from our systems within 30 days, except where retention is required by law. Some aggregated or anonymised data may be retained for analytical purposes.
6. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the App. If you delete your account, we delete or anonymise your data within 30 days, except:
- Data we are required to retain by law (e.g. for tax, audit, or fraud prevention purposes) is kept for the period required by applicable law.
- Data in backup systems may persist for up to an additional 90 days before being overwritten.
- Content that has been shared with other users (e.g. a comment or reaction) may remain visible to those users in aggregated or anonymised form.
7. Security
We use industry-standard measures to protect your information, including TLS encryption in transit, server-side encryption at rest via Google Cloud, and access controls that restrict who at Caila can access user data. However, no system is perfectly secure. If we become aware of a data breach that affects your rights, we will notify you as required by law.
8. Children's Privacy
caila is not directed to children under the age of 13, and we do not knowingly collect personal data from children under 13. If we become aware that a user is under 13, we will delete their account and associated data promptly. If you believe a child under 13 has provided us with personal data, please contact us at support@caila.social.
9. International Data Transfers
Caila Ltd is based in Ireland and operates within the European Economic Area (EEA). Your data is stored on Google Cloud servers, which may include locations outside the EEA. Google has agreed to Standard Contractual Clauses approved by the European Commission, ensuring an adequate level of protection. If you are located in the United Kingdom, transfers are covered by the UK International Data Transfer Agreement (IDTA).
10. Your Rights
If you are in the European Economic Area or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR) and UK GDPR:
- Access: request a copy of the personal data we hold about you.
- Rectification: ask us to correct inaccurate data.
- Erasure: ask us to delete your data ("right to be forgotten").
- Restriction: ask us to restrict processing of your data in certain circumstances.
- Portability: receive your data in a structured, machine-readable format.
- Objection: object to processing based on legitimate interests.
- Withdraw consent: where processing is based on consent, withdraw it at any time.
- Lodge a complaint: you have the right to complain to the Irish Data Protection Commission (DPC) at dataprotection.ie, or your local supervisory authority.
To exercise any of these rights, email us at support@caila.social. We will respond within 30 days. We may need to verify your identity before fulfilling your request.
If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and the right to opt out of sale. We do not sell personal information.
11. Cookies and Tracking
The App itself does not use browser cookies. Our analytics providers may use device identifiers and SDKs to collect usage information. You can opt out of analytics tracking by contacting us at support@caila.social.
12. Third-Party Links and Services
The App may contain links to third-party websites or services (for example, event pages on external websites). This Privacy Policy does not apply to those third-party services. We encourage you to read their privacy policies before providing them with any personal data.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the App or by email at least 14 days before the changes take effect. Your continued use of the App after the effective date constitutes acceptance of the updated policy. If you do not agree to the changes, you should delete your account before they take effect.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:
- Email: support@caila.social
- Website: caila.social/privacy
- Caila Ltd, Ireland
We aim to respond to all privacy-related enquiries within 5 business days.