Privacy Policy

1. Who We Are

Gibbet is a social platform operated by Studio Gibbet. When you use Gibbet, Studio Gibbet acts as the data controller for information stored in our systems. Authentication services are provided by Clerk, Inc., which operates as a data processor for account credentials.

2. Information We Collect

Category	Examples	Stored By
Account credentials	Email address, password (hashed), OAuth tokens	Clerk
Phone number (optional)	Mobile number provided for account recovery or two-factor authentication	Clerk
Profile information	Username, display name, avatar, bio	Gibbet (Supabase)
Content you create	Posts, comments, community wiki edits, direct messages	Gibbet (Supabase)
Usage data	Communities joined, interactions, reputation, currency	Gibbet (Supabase)
Device & log data	IP address, device type, crash reports (via app)	Clerk / Vercel

Phone numbers: Providing a phone number is optional. If you add one, it is used solely for account recovery and/or two-factor authentication. Phone numbers are stored and managed by Clerk and are not copied into Gibbet's own database. You can remove your phone number at any time from your account settings.

3. How We Use Your Information

To create and manage your account and authenticate you securely
To enable platform features (communities, messaging, voice chat, etc.)
To send account-related notifications (security alerts, recovery codes)
To moderate content and enforce our community guidelines
To detect and prevent fraud, abuse, and violations of our Terms of Service
To comply with legal obligations

We do not sell your personal information to third parties. We do not use your data for targeted advertising.

4. Third-Party Services

Gibbet uses the following third-party services that may process your data:

Clerk (clerk.com) — Authentication and account management, including optional phone number storage for 2FA/recovery. Governed by Clerk's Privacy Policy.
Supabase — Database and real-time features. Data is stored in secure, encrypted databases.
Agora — Real-time voice communication for live voice chat sessions.
Vercel — Web hosting and edge infrastructure.

5. Data Retention

We retain your personal data for as long as your account is active. When you delete your account, your data is handled as described in our Delete Account page. Some limited data may be retained for up to 90 days post-deletion for legal compliance and fraud prevention purposes.

Phone numbers stored by Clerk are deleted in accordance with Clerk's data retention policies when your Clerk account is removed.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal information we hold about you
Correct inaccurate information
Request deletion of your account and associated data
Remove your phone number from your account at any time via account settings
Object to or restrict certain processing of your data
Data portability (receive a copy of your data in a structured format)

To exercise these rights, contact us at privacy@gibbet.app or use the in-app account deletion flow.

7. Children's Privacy

Gibbet is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with their information, please contact us and we will promptly delete it.

8. Security

We implement industry-standard security measures including encrypted data storage, HTTPS-only connections, and role-based access controls. Account credentials (including passwords and phone numbers) are managed by Clerk using enterprise-grade security practices.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the app or by email. The “Last updated” date at the top of this page indicates when it was last revised. Continued use of Gibbet after changes constitutes acceptance of the updated policy.

10. Contact Us

Questions or concerns about this Privacy Policy or your personal data?

privacy@gibbet.app