Picnic is operated from the United States. If you are located in the European Union, EEA, or United Kingdom, please read Section 13 for your GDPR rights. If you are located in California, please read Section 14 for your CCPA rights.
1 Information We Collect
1.1 Information You Provide Directly
When you create an account and use the Service, you provide us with:
- Identity information: Your name, profile photo, and date of birth (to verify you are 18 or older)
- Contact information: Your email address and phone number
- Profile information: Your bio, professional work status, and interest tags you select from our provided categories
- Authentication credentials: Passwords (stored in hashed form) or third-party authentication tokens from Apple, Google, or LinkedIn
- Event content: Event titles, descriptions, conversation topics, locations, and group settings you create
- Reviews and ratings: Written reviews and ratings you submit about events or hosts
- Communications: Messages you send through the in-app messaging features
- Reports: Information you provide when reporting another user or content
1.2 Information We Collect Automatically
When you use the Service, we automatically collect:
- Location information: Your device location when you are actively using the app and have granted location permission. We do not collect location data when the app is not in use (no background location tracking).
- Device information: Device type, operating system version, unique device identifiers, and mobile network information
- Usage data: Features you interact with, events you browse or join, how you navigate the app, and timestamps of your activity
- App performance data: Crash reports, error logs, and performance diagnostics
1.3 Behavioral and Reputation Data
Because Picnic is a trust-based social platform, we collect and maintain data about your behavior within the Service, including:
Events you have registered for, attended, cancelled, or failed to attend (no-shows)
A calculated score reflecting your attendance reliability over time
Whether you have completed phone verification and the number of peer attestations received
Ratings submitted by other users about events you have hosted
This behavioral data forms part of your public profile and is visible to other users of the Service. We collect it because the safety and reliability of in-person social dining depends on it.
1.4 Information from Third Parties
If you sign in using a third-party authentication provider, we receive basic profile information from that provider (such as your name, email address, and profile photo) as permitted by your settings with that provider. We do not receive your password from any third party. We also receive platform-level analytics and device data from Apple (App Store Connect) and Google (Play Console) as a result of distributing the app through their platforms.
2 How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service, including creating your account, matching you with relevant Events, and facilitating communication between users
- Verify your identity and age, and maintain the safety and integrity of the platform
- Calculate and display reputation metrics including your show rate and verification status
- Process Premium subscription purchases and manage your subscription status
- Send you notifications about Events you have joined or hosted, platform updates, and safety alerts
- Respond to your questions, reports, and support requests
- Enforce our Terms of Service and Community Guidelines, including investigating potential violations
- Analyze usage patterns and improve the Service
- Comply with our legal obligations
🚫 What we don't do
- We do not use your personal information to serve you third-party advertisements
- We do not sell your personal information to third parties
3 How We Share Your Information
3.1 With Other Users
Picnic is a social platform. Certain information on your profile is visible to other users:
- Public profile: Your name, profile photo, bio, interest tags, work status (if provided), show rate, events hosted, events attended, no-show count, host rating, and verification status are visible to all users
- Event attendance: When you register for or host an Event, your name, photo, and verification status are visible to other attendees and the host
- Reviews: Reviews you write about Events or hosts are publicly attributed to you
Exact location information for Events is only disclosed to confirmed attendees and the host.
3.2 With Service Providers
We share information with third-party vendors who help us operate the Service, including:
- Amazon Web Services — cloud hosting, data storage, and computing
- Google Maps API — venue search and location services
- Email service providers — transactional notifications
- Apple & Google — app distribution and in-app purchases
These service providers are contractually obligated to use your information only to perform services for us and not for their own purposes.
3.3 For Legal Reasons
We may disclose your information if we believe in good faith that such disclosure is necessary to: comply with a legal obligation or court order; protect the rights, property, or safety of Picnic, our users, or the public; detect, prevent, or address fraud, security, or technical issues; or enforce our Terms of Service.
3.4 Business Transfers
If Picnic is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership and your choices regarding your information.
3.5 With Your Consent
We may share your information with third parties when you have given us explicit consent to do so.
4 Data Retention
We retain your personal information for as long as your account is active or as needed to provide you the Service. If you delete your account, we will delete your personal data within 30 days, except:
- Where we are required to retain it for legal, regulatory, or contractual reasons
- Anonymized or aggregated data derived from your information, which does not identify you, may be retained indefinitely for analytics and product improvement purposes
- Information that has been incorporated into reviews, event records, or other content visible to other users may be retained in anonymized or de-identified form after account deletion
Attendance records associated with events you hosted or attended may be retained in anonymized form to preserve the integrity of the historical event record for other participants.
5 Location Data
We access your device's location only when you are actively using the app and only if you have granted location permission. We use location data to show you nearby Events, allow you to set Event locations, and display Event maps to confirmed attendees.
📍 No background location tracking
- We do not track your location when the app is not open
- You can withdraw location permission at any time through your device settings
- Doing so will limit certain features (like nearby event discovery) but won't prevent you from using the app
6 Data Security
We implement industry-standard technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:
- Encrypted data transmission (TLS)
- Encrypted data storage
- Access controls limiting who can access personal data
- Regular security assessments
However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security. In the event of a data breach affecting your rights, we will notify you in accordance with applicable law.
7 Children's Privacy
The Service is intended for users who are 18 years of age or older. We do not knowingly collect personal information from individuals under 18. If we become aware that we have inadvertently collected information from a user under 18, we will take steps to delete that information promptly. If you believe a user under 18 has created an account, please contact us at [email protected].
8 Your Choices and Controls
8.1 Account Information
You can review and update your profile information at any time through the app settings.
8.2 Location Permissions
You can enable or disable location access through your device settings at any time.
8.3 Push Notifications
You can manage push notification preferences through the app settings or your device's notification settings.
8.4 Account Deletion
You can delete your account at any time through the app settings. Deletion is permanent and cannot be undone. Upon deletion, your personal data will be removed within 30 days as described in Section 4.
9 Third-Party Links and Services
The Service may contain links to third-party websites or services, including restaurant websites and venue pages. This Privacy Policy does not apply to third-party services. We encourage you to review the privacy policies of any third-party services you access through the Service.
10 International Data Transfers
Picnic is operated in the United States, and your information may be stored and processed in the United States or any other country where we or our service providers operate. If you are located outside the United States, please be aware that your information will be transferred to and processed in countries that may have different data protection laws than your country of residence. Where required by applicable law, we implement appropriate safeguards for international transfers, such as Standard Contractual Clauses approved by the European Commission.
11 Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the app or by email before the changes take effect. The "Last Updated" date at the top of this policy reflects when the most recent changes were made. Your continued use of the Service after changes take effect constitutes your acceptance of the revised policy.
12 Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please reach out — we're happy to explain our practices in plain language.
13 Additional Rights for EEA, UK, and Swiss Users (GDPR)
If you are located in the European Economic Area, United Kingdom, or Switzerland, the following additional terms apply to you under the General Data Protection Regulation (GDPR) and applicable local law.
13.1 Legal Basis for Processing
We process your personal data on the following legal bases:
- Performance of a contract: Processing necessary to provide you the Service, including account creation, event management, and premium subscription features
- Legitimate interests: Processing for safety and trust purposes (show rate tracking, verification, reporting), analytics and product improvement, and fraud prevention, where our interests are not overridden by your rights
- Legal obligation: Processing required to comply with applicable laws
- Consent: Where we have obtained your explicit consent, such as for certain optional profile features or marketing communications
13.2 Your Rights
You have the following rights regarding your personal data:
Request a copy of the personal data we hold about you
Request correction of inaccurate or incomplete personal data
Request deletion of your personal data, subject to certain legal exceptions
Request that we restrict processing of your data in certain circumstances
Request a machine-readable copy of personal data you have provided to us
Object to processing based on legitimate interests, including for direct marketing
Withdraw consent at any time without affecting lawfulness of prior processing
To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
13.3 Data Controller
Picnic acts as the data controller for personal data processed through the Service. Our contact information is listed in Section 12.
14 Additional Rights for California Residents (CCPA)
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with the following rights:
14.1 Right to Know
You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, our business purpose for collecting it, and the categories of third parties with whom we share it.
14.2 Right to Delete
You have the right to request that we delete personal information we have collected from you, subject to certain exceptions.
14.3 Right to Correct
You have the right to request correction of inaccurate personal information we maintain about you.
14.4 Right to Opt-Out of Sale or Sharing
✅ No opt-out required
- Picnic does not sell or share personal information for cross-context behavioral advertising purposes
14.5 Right to Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights.
14.6 Exercising Your Rights
To exercise your rights, please contact us at [email protected]. We will verify your identity before processing your request and will respond within 45 days. You may designate an authorized agent to make requests on your behalf.
14.7 Categories of Personal Information Collected
In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:
- Identifiers (name, email, phone, device ID)
- Personal characteristics (age)
- Commercial information (subscription records)
- Internet or electronic network activity (usage data)
- Geolocation data
- Audio/visual data (profile photos)
- Inferences drawn from the above to create a profile (show rate, verification status)