← Back to Potluck Planner

Privacy Policy

Plan a potluck, not a marketing funnel.

1. Our Privacy Philosophy

We believe in helping you organize a meal with friends, not in building a profile on you. Potluck Planner collects only the information needed to host your event and let guests sign up. We use Google Analytics to understand aggregate usage of the site (page views, rough traffic patterns), but we run no advertising and do not sell or share your data.

2. Data We Collect

To run the service, we store:

• Your email address, obtained from Google when you sign in, so we can show you the events you own and prevent other people from editing them. Your email is visible to anyone who opens an event you created (so guests know who's hosting).
• Event details you provide: title, date/time, location, description, theme color, and any image you upload.
• Guest sign-ups: the name and dish that anyone (signed in or not) types into a slot on your event.

All of this is stored in Google Cloud Storage in our project, readable only by this application. We do not sell, share, or license this data to anyone.

3. Data We Do Not Collect

• We do not log your IP address beyond what Google Cloud Run captures for basic request routing and what Google Analytics collects for aggregate traffic measurement.
• We do not run advertising or use ad networks.
• We do not sell or share your personal data.
• We do not collect device identifiers, precise location data, or contacts.

4. Cookies and Local Storage

We set two first-party cookies when you sign in:

• A session cookie (cryptographically signed) that remembers you're signed in for 30 days. It holds your email and an expiration time — nothing else.
• A short-lived OAuth state cookie used during the sign-in flow to prevent cross-site request forgery. It expires within minutes.

Guests who never sign in get no cookies from us at all. We do not use local storage to track you.

5. Third-Party Services

We rely on a few Google services to operate the site:

• Google Sign-In handles the authentication flow. Google's own privacy policy governs that interaction.
• Google Cloud hosts our application (Cloud Run) and stores event data (Cloud Storage).
• Google Analytics (gtag.js) collects aggregate usage data — page views, referrers, approximate location (country/region), and basic device/browser info — so we can see how the site is being used. Google's own privacy policy governs this data. You can opt out by installing the Google Analytics Opt-out Browser Add-on or by blocking analytics scripts in your browser.

Event location links open Google Maps in a new tab when clicked. Doing so will send the address you typed to Google. We do not embed the map directly — nothing is sent to Google Maps until you click the link.

6. Your Data, Your Control

You can delete any event you created at any time from its event page; this removes the event JSON and any uploaded image from our storage. To delete your account entirely (all events you own), delete each event and then email us at the address below and we'll purge any remaining residual data. You can also revoke this application's access to your Google account at myaccount.google.com/permissions.

For users in the EU, UK, or California: you have the right to access, correct, delete, and port the personal data we hold about you. Contact us via the email below to exercise any of these rights.

7. Changes & Contact

If we ever change this policy in a material way, we will update this page. For any privacy question, reach out to contact@linearmotionjunctionbox.com.