TERRACE.
TürkçeEnglishDeutsch

Privacy Policy

Terrace privacy terms are tied to the actual iOS data flows.

This draft covers the current Terrace product surface and is meant to be publicly accessible from the App Store listing, the app, and the web. Have local counsel review jurisdiction-specific points before launch.

Last updated: April 19, 2026Contact: hello@getterrace.app

1. What this policy covers

This Privacy Policy explains how Terrace collects, uses, stores, shares, and deletes personal information when people use the Terrace iOS app, Terrace invite links, and related web pages.

It is written to match the current product flows in the app: supporter onboarding, match attendance, meetup coordination, chat, memory sharing, widgets, subscription status, moderation, and account deletion.

The public production version of this policy should identify the relevant Terrace data controller or operator by full legal name, registered address, country of establishment, and working contact details. If the operator is not established in the EEA or the UK but targets users there, the published version should also identify any legally required EU or UK representative.

2. Data we collect

  • Account and identity data: Sign in with Apple account identifiers, email relay address if provided by Apple, display name, and account creation timestamps.
  • Profile and preference data: selected country, league, club, onboarding completion, team-change status, and visible supporter profile details.
  • Activity data: match attendance state, meetup participation, squad invites, chat messages, reactions, reports, moderation flags, and memory posts.
  • User content: chat text, emojis, uploaded photos, meetup titles/topics, meetup locations, and post-match memory entries.
  • Location data: one-time when-in-use device location for stadium verification and optional meetup-location assistance.
  • Commerce data: App Store subscription product identifiers, purchase status, and restore events for Terrace Plus. Payment processing itself is handled by Apple.
  • Notification and device service data: push notification tokens, notification preferences, and widget feed data needed to render Terrace widgets.
  • Support and safety data: abuse reports, block records, rate-limit records, deletion logs, and moderation audit records.

3. How we collect data

  • Directly from the user when they sign in, pick a club, mark attendance, create or join meetups, chat, upload images, report abuse, or buy a subscription.
  • From device permissions only when the user grants them, including location, camera, photo library, and notification permissions.
  • From Apple and App Store services for authentication and subscription verification.
  • From our infrastructure providers when operating authentication, databases, storage, messaging, and security controls.

4. Why we use data

  • To authenticate users and keep their account and team identity consistent across sessions.
  • To show match attendance, supporter density, meetup participation, and squad coordination features.
  • To power match chat, meetup chat, photo memories, invite links, widgets, and notifications.
  • To verify stadium presence when a user chooses to use that feature.
  • To enforce safety controls such as moderation, reporting, rate limits, and abuse prevention.
  • To manage subscriptions, restore purchases, and enforce premium entitlements.
  • To comply with legal obligations, investigate misuse, and keep internal records required for security and dispute handling.

5. Legal bases and user expectations

For users in the EEA, including Germany, Terrace generally relies on GDPR Article 6(1)(b) for account, meetup, chat, invite, and subscription operations; Article 6(1)(f) for security, moderation, fraud prevention, and product integrity where those interests are not overridden by user rights; Article 6(1)(c) where processing is required by law; and consent for optional permissions or other processing that requires it.

For users in the United Kingdom, Terrace generally relies on the equivalent lawful bases under the UK GDPR and the Data Protection Act 2018: contract, legitimate interests, legal obligation, and consent where applicable.

For users in Turkey, Terrace should rely on one of the processing conditions under Law No. 6698, including where processing is necessary for establishment or performance of the user relationship, necessary for the establishment, exercise, or protection of a right, necessary for legitimate interests provided fundamental rights and freedoms are not harmed, or based on explicit consent where required. Optional permissions and some cross-border transfers may require explicit consent unless another valid legal basis or transfer mechanism applies.

If a user does not grant location, camera, or photo access, Terrace should still offer non-permission alternatives where reasonably possible, such as manual meetup location entry.

6. When we share data

  • With other Terrace users when the product requires it, such as displaying profile identity, attendance state, meetup participation, chat content, or memory posts.
  • With service providers acting on our behalf, including hosting, authentication, storage, messaging, moderation, analytics, and customer-support infrastructure.
  • With Apple where required for Sign in with Apple and App Store purchase flows.
  • With law enforcement, regulators, courts, or advisers when legally required or reasonably necessary to protect rights, safety, or the service.
  • We do not claim to sell personal data. If this changes, Terrace should add a separate public privacy-choices workflow before launch.

7. Data retention and deletion

Terrace keeps account, meetup, chat, memory, moderation, and operational records only for as long as needed to run the service, enforce safety controls, resolve disputes, and satisfy legal obligations.

The iOS app includes in-app account deletion. When a user deletes their account, Terrace triggers deletion of the account record and associated content unless a narrower retention duty applies under law, security, fraud prevention, tax, or dispute rules.

  • Chat, meetup participation, attendance records, squad links, and uploaded storage objects are queued for deletion as part of the backend deletion flow.
  • Moderation and compliance records may be retained longer where needed to document abuse handling, legal obligations, or platform-review issues.

8. International transfers and storage

Terrace may use providers that store or access data outside the user's country.

For users in the EEA, including Germany, transfers outside the EEA should comply with GDPR Chapter V, including adequacy decisions or appropriate safeguards such as the European Commission's standard contractual clauses together with supplementary technical and organizational measures where needed.

For users in the United Kingdom, transfers outside the UK should comply with the UK GDPR and applicable UK transfer mechanisms.

For users in Turkey, cross-border transfers should follow Article 9 of Law No. 6698 and the secondary legislation in force at the time of transfer, including adequacy decisions, standard contracts, binding corporate rules, or another permitted transfer ground where applicable.

9. Security

  • Authentication, access control, moderation filters, reporting tools, rate limits, and deletion tooling are used to reduce misuse.
  • No system is perfectly secure. Users should avoid posting sensitive personal information in chat, meetups, or memory uploads.
  • Users should not publish special category or other high-risk personal data, such as health data, biometric data, government identifiers, precise travel plans, political opinions, or data about another person without a clear legal basis and permission to share it.

10. User rights and requests

  • Users in the EEA, including Germany, may have rights to be informed, access, rectification, erasure, restriction, portability, objection, and to lodge a complaint with a supervisory authority.
  • Users in the United Kingdom may have equivalent rights under the UK GDPR, including the right to complain to the Information Commissioner's Office.
  • Users in Turkey may exercise the rights listed in Article 11 of Law No. 6698, including learning whether data is processed, requesting correction or deletion where conditions are met, learning transfer recipients, objecting to certain automated outcomes, and seeking compensation where the law allows. Where Turkish law applies, Terrace should answer valid requests as soon as possible and no later than 30 days.
  • Users may revoke app permissions in iOS settings at any time.
  • Privacy and data requests can be sent to hello@getterrace.app.

11. Children

Terrace is designed for football supporters coordinating real-world social activity. It should not be intentionally directed to children below the minimum age required by local law to use this type of service independently.

12. Policy changes

Terrace may update this policy as the product, legal requirements, or platform rules evolve. Material changes should be reflected on this page with a new last-updated date and, where required, additional notice inside the app.