Guild

Guild · Privacy

Privacy Policy.

What personal data Guild collects, why, how long we keep it, and your rights under the EU General Data Protection Regulation (GDPR). This policy covers both the marketing website at guild.guide and the Guild app.

Controller

The controller responsible for processing personal data described here is:

Matt Robinson
Berlinexperiences DMC UG
Gotlandstraße 10
10439 Berlin, Germany
Email: hello@guild.guide

For DSA matters specifically, see our Notice & Action procedure.

What data we collect, and why

1. Application form (guild.guide/apply)

When you submit an application to join Guild, we collect:

  • Email address (required, used to contact you).
  • First and last name, base city.
  • Years of experience guiding, website, prior employers, tours offered, specialties, and any additional information you choose to share.

Legal basis: Art. 6(1)(b) GDPR — processing is necessary to take steps at your request prior to entering into a contract (your application to join).

Recipients: the city admin responsible for your stated base city, who reviews applications.

Retention: approved applications merge into your profile and are kept for the lifetime of your account. Rejected applications are deleted within 90 days. See our Data Retention Policy for the full schedule.

2. Profile and account (in-app)

Once you are approved, we hold the following profile data:

  • Display name, base city, profile photo (optional), bio, languages, specialties, years of experience, current and past employers (optional), website, availability note.
  • Member tier (Guide, Operator, admin role where applicable) and subscription status.
  • The list of other members you have blocked.
  • Your notification preferences and selected theme.

Legal basis: Art. 6(1)(b) GDPR (performance of the membership contract).

3. Direct messages

Messages exchanged with other members are stored on our servers in encrypted form. The plaintext key never leaves the participants' devices, so Guild staff cannot read your messages. We store message metadata (sender, recipient, timestamp, read state) needed to deliver and order messages.

Retention: 24 months. See Data Retention Policy §4.

4. Forum posts, replies, and job posts

Posts, replies, and job listings you create are visible to other members in your city by design. We store the content, timestamps, and your authorship for as long as the content is online.

Legal basis: Art. 6(1)(b) and 6(1)(f) GDPR. When you delete your account, forum-post authorship is replaced with an anonymous tombstone but the content may remain visible for community continuity.

5. Authentication, security, and device data

  • Sign-in events, including approximate timestamp and IP address.
  • Push-notification tokens issued by Apple Push or Firebase Cloud Messaging.
  • Standard HTTP access logs on the website and API (IP, user-agent, request URL).

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in operating the service securely and preventing abuse.

Retention: 90 days (server logs, sign-in events). Push tokens persist until you sign out, uninstall, or the OS rotates them.

6. Subscriptions, payments, and invoices

Subscription payments are processed by Stripe Payments Europe Ltd. (Dublin, Ireland) on our behalf. We receive from Stripe a confirmation of payment status, the email used at checkout, and the customer/subscription IDs needed to manage the lifecycle. Full card data is held by Stripe; we do not store it.

In-app one-off purchases (e.g. the "Bump" upgrade) are processed by Apple or Google. We receive a receipt token that we verify with Apple/Google to determine that a purchase was legitimate.

Legal basis: Art. 6(1)(b) (contract), and Art. 6(1)(c) (legal obligation) for invoices retained under German tax law.

Retention: invoice and billing data is retained for ten years from the end of the calendar year of issue, under § 147 of the German Fiscal Code (Abgabenordnung). See Data Retention Policy §9.

7. Moderation and abuse reports

When a member reports content or another member, we store the report, any evidence attached, the moderator decision, and the action taken. Where the report concerns a direct message, only the snippet you choose to share is stored (Guild cannot decrypt your conversations).

Legal basis: Art. 6(1)(c) GDPR (DSA notice-and-action obligations) and 6(1)(f) GDPR (community safety).

Retention: 24 months, longer where required by an active legal hold or where the report led to a permanent ban for serious breach.

8. Support correspondence

Emails you send us at hello@guild.guide, support@guild.guide, reports@guild.guide, appeals@guild.guide, copyright@guild.guide, or legal@guild.guide are retained for 36 months from the last reply, then deleted.

9. No marketing analytics

We do not run Google Analytics, Meta Pixel, or any other third-party analytics on the marketing site. The Guild app uses no third-party trackers. We may collect anonymised aggregate metrics for product improvement; see our Cookie Policy.

Processors we use

Each of the following service providers processes some of your data on our behalf, under a GDPR-compliant data processing agreement (Art. 28 GDPR):

  • Supabase (EU region) — database, authentication, file storage, Edge Functions.
  • Resend — transactional email delivery.
  • Stripe Payments Europe Ltd. — subscriptions and invoicing.
  • Apple Inc. / Google LLC — app distribution and in-app purchases.
  • Firebase Cloud Messaging (Google) — push notification delivery.
  • Hostinger — domain registration and hosting of the marketing website.

Where a processor is established outside the EU/EEA, the transfer is covered either by EU adequacy or by Standard Contractual Clauses (Art. 46 GDPR). The primary data store (Supabase) is in the EU.

Encryption and security

All traffic between your device and our servers is encrypted in transit (TLS). Direct messages are end-to-end encrypted: their content cannot be read by Guild staff or by Supabase. Backups of operational data are encrypted at rest.

In the event of a personal-data breach likely to result in a risk to your rights and freedoms, we will notify the Berlin Commissioner for Data Protection within 72 hours of becoming aware of it (Art. 33 GDPR) and notify affected members without undue delay (Art. 34 GDPR).

Your rights

Under GDPR you have the right to:

  • Access the personal data we hold about you (Art. 15) — use the in-app Settings → Privacy → Export my data action, which emails you a complete JSON dump.
  • Correct inaccurate data (Art. 16) — most fields are editable directly from the profile screen; for fields you cannot edit, email hello@guild.guide.
  • Request erasure of your data (Art. 17) — use the in-app Settings → Privacy → Delete account action, which triggers the process described in our Data Retention Policy.
  • Restrict or object to processing (Art. 18 and 21).
  • Receive your data in a machine-readable format (Art. 20) — same as Access above.
  • Withdraw consent at any time, where applicable.
  • Lodge a complaint with the Berlin Commissioner for Data Protection and Freedom of Information (Art. 77), or with the supervisory authority of your habitual residence.

We will respond to any request within 30 days, as required by GDPR. There is no fee unless requests are manifestly unfounded or excessive.

Children

Guild membership is restricted to adults (18+). We do not knowingly collect personal data about children. If you believe a member is a minor, please report it to reports@guild.guide.

Changes to this Policy

We may update this Policy if our data practices change. Material changes affecting your rights will be communicated to members by email at least 30 days before they take effect.

Last updated: