Privacy Policy

Rally ("we," "our," or "us") is operated by Zatty LLC. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Rally application and website (collectively, the "Service"). Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

We collect only the minimum information necessary to provide the Service:

• Account information: Display name and email address (provided during sign-up or via OAuth).
• Availability data: The weekends you mark as free or busy within the app.
• Group data: Groups you create or join, including group names and membership.
• Usage data: Anonymous analytics events (page views, feature interactions) to improve the product. No personally identifiable information is included in analytics.
• Device data: Browser type, operating system, and timezone (auto-detected for scheduling accuracy).

We do not collect: phone numbers (unless you voluntarily provide one), location data, contacts, calendar content, or any data beyond what is listed above.

We use the information we collect to:

• Provide, operate, and maintain the Rally Service.
• Match availability across group members and generate AI proposals.
• Send transactional notifications (new proposals, confirmed rallies, nudges).
• Improve and personalize your experience.
• Respond to your comments and questions.
• Comply with legal obligations.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

We share your information only in the following limited circumstances:

• Within your groups: Your display name and availability status are visible to other members of groups you join. This is core to the Service's functionality.
• Service providers: We use trusted third-party services (database hosting, analytics) that process data on our behalf under strict data processing agreements.
• Legal requirements: We may disclose your information if required by law or in response to valid legal process.
• Business transfers: In the event of a merger or acquisition, your information may be transferred as a business asset.

We retain your personal data for as long as your account is active. If you delete your account:

• Your account is soft-deleted immediately.
• All personal data is permanently deleted within 30 days.
• Your availability data is anonymized (not deleted) to preserve group history integrity.
• You are removed from all group memberships immediately.

We implement industry-standard security measures to protect your information:

• AES-256 encryption at rest for all stored data.
• TLS 1.3 encryption for all data in transit.
• No personally identifiable information in server logs.
• JWT-based session management with 30-day expiry and rotation.
• Rate limiting on all authentication endpoints.

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security but commit to industry best practices.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of all personal data we hold about you.
• Correction: Request correction of inaccurate data.
• Deletion: Request deletion of your account and all associated data.
• Portability: Request your data in a machine-readable format (JSON). We fulfill data export requests within 48 hours.
• Opt-out: Opt out of non-essential communications at any time via Settings > Notifications.
• Do Not Sell: We do not sell personal information. California residents may still submit a "Do Not Sell" request via the contact information below.

To exercise any of these rights, contact us at [email protected].

Rally uses the following cookies:

• Session cookie: A secure, HTTP-only cookie used to maintain your authenticated session. This cookie is strictly necessary and cannot be disabled.
• Analytics: Anonymous usage analytics via Umami (self-hosted, GDPR-compliant, no cross-site tracking).

We do not use advertising cookies or third-party tracking pixels.

Rally is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or your personal data, please contact us:

• Email: [email protected]
• Company: Zatty LLC
• Website: rallycrew.lol