Privacy Policy
This policy explains what information Rendezspot handles, how it's used, and the choices you have. It covers the Rendezspot iOS app, published by İlter Aksoy ("we," "us").
1. What information Rendezspot handles
Rendezspot is a meet-up coordination app. To do its job it processes the following on your device and — with your participants — in your iCloud private database:
| Category | What it is | Who can read it |
|---|---|---|
| Meeting metadata | Meet-point name, time, organizer's display name | You + invited participants |
| Live location (optional) | Coordinates or a computed ETA, depending on your privacy mode | You + participants in that meeting |
| Memories | Photos and notes you choose to add | You + participants in that meeting |
| Display name | A name you choose so participants know who's who | You + participants |
| Crash diagnostics (opt-in) | Anonymized log snapshots, never any coordinates | You — only if you export and send them |
We do not collect: your contacts, calendar, photos other than those you add to a meeting, browsing history, advertising IDs, financial data, health data, or biometrics.
2. Where your data is stored
On your device. A small local store holds your copy of meetings, your privacy settings, and your display name. Deleting the app removes it.
In your iCloud. Each meeting is its own end-to-end encrypted CloudKit zone inside the host's private iCloud database, readable only by the host and the iCloud accounts they invite. Rendezspot runs no servers of its own and never sees your meeting content.
Offline (Bluetooth & local network). When you're offline, Rendezspot syncs with people physically near you over Bluetooth and Apple's Multipeer Connectivity. Each meeting has a shared secret that encrypts the stream end-to-end. Nothing is sent to a server.
3. Privacy modes — you decide what to share
Rendezspot ships four location-sharing modes. You can switch between them with one tap, mid-meeting, any time:
- Ghost — nothing. You appear as joined, but share no location and no ETA.
- ETA-only — your computed minutes-to-arrival. Never your coordinates.
- Near-meeting — your map dot, only when you're within walking distance of the meet-point.
- Full Map — your live position throughout the meeting.
Switching to Ghost or ETA-only mid-meeting immediately overwrites any coordinates you'd previously shared — they cannot be re-derived.
4. How long location data lasts
Rendezspot enforces a roughly 10-minute time-to-live on every location update through three independent mechanisms: a cleanup on every write that removes your records older than 10 minutes; a background sweep of active meetings; and, when the host ends the meeting, atomic destruction of the entire CloudKit zone — locations, memories, and attendance all disappear at once. There is no location-history view, no replay, and no analytics derived from your movement.
5. What we do not do
- We do not sell your data, and we do not share it with third parties.
- We do not show ads or embed advertising SDKs or measurement frameworks.
- We do not enrich your profile with data from other sources.
- We do not contact you outside the app — there is no email list, push-marketing, or newsletter.
6. Third parties Rendezspot relies on
Rendezspot relies only on Apple-owned platform services as transports — never on our own servers. These run under Apple's privacy terms:
- iCloud (CloudKit, CKShare) — end-to-end encrypted per-meeting storage.
- Apple Push Notification service — silent pushes that deliver real-time updates (never marketing).
- MapKit + Apple Maps — routing, directions, and venue suggestions.
- Multipeer Connectivity / Core Bluetooth — offline mesh sync, local-only.
We do not integrate Google Maps, Mapbox, Firebase, Amplitude, Mixpanel, Sentry, Crashlytics, or any third-party SDK that would send data outside Apple's ecosystem.
7. Children
Rendezspot is intended for users aged 13 and older. We do not knowingly process data from children under 13. If you believe a child has used Rendezspot, contact us and we'll help delete any associated data.
8. Your rights
Because we don't run our own servers and don't hold your data, most data-rights requests resolve trivially — deleting the app erases everything we'd ever have. More specifically:
- Access — every meeting you're in is visible inside the app; iCloud also gives you full access via Settings → Apple Account → iCloud.
- Deletion — leaving a meeting wipes your local copy; the host ending a meeting wipes the cloud copy; deleting the app wipes everything left.
- Portability — a diagnostic export is available in Settings → Diagnostics. Meeting content is intentionally not portable to third-party tools (privacy by design).
- Object — there is no marketing channel to unsubscribe from.
For California residents, this policy together with Apple's iCloud disclosures satisfies the CCPA's data-category requirements; Rendezspot does not sell or share personal information for cross-context behavioral advertising. For EU/UK residents, Apple is the data processor for iCloud-stored content under GDPR Art. 28, and Rendezspot is the data controller for the metadata stored on your device.
9. Security
Rendezspot uses AES-256-GCM to encrypt meeting content over Bluetooth/Multipeer, CloudKit's built-in end-to-end encryption for iCloud-backed meeting zones, and an HMAC-based proof-of-possession during peer pairing to prevent man-in-the-middle attacks on offline sync. Location coordinates are never written to logs. If you discover a vulnerability, please email [email protected].
10. Changes to this policy
If we materially change this policy, we'll update the "Last updated" date above and post a notice in the app's Settings → About → Privacy section before the change takes effect.
11. Contact
| Topic | |
|---|---|
| Privacy questions / data deletion | [email protected] |
| Security disclosure | [email protected] |
| General support | [email protected] |
| Legal / terms | [email protected] |
İlter Aksoy · Istanbul, Türkiye