Legal
Privacy Policy
Effective May 5, 2026
Blockwalk is a place to organize and join walks in your city. We collect the minimum we need to make that work, and we do not sell, trade, or rent it. There are no ads here, no third-party trackers, no analytics SDKs, and no algorithmic feed grading what you see by what keeps you scrolling. This page explains what we hold, who can see it, what we do with it, and how you get rid of it. If anything below is unclear, email hello@blockwalk.org and we will answer.
What we collect
We collect what you give us and nothing else. When you sign up: your email address, an age attestation that you are 18 or older, and the username and display name you choose. When you fill out your profile: your avatar image, a short bio, your Instagram handle, and a personal website link — all optional. When you host a walk: the title, city, date, meeting point, waypoints, and any notes you write. When you RSVP to a walk: a record that links your account to that event so the host knows you are coming. After a walk: any safety signal you choose to submit. That is the full list. We do not collect anything you have not typed in or uploaded yourself.
What we do not collect
We do not fingerprint your device. We do not track which pages you visit before or after Blockwalk. We do not embed ad-tech identifiers, conversion pixels, social-share trackers, or session replay tools. We do not pull your contacts, calendar, or photo library. We do not record your location in the background. We do not collect a photo of you — the avatar on your profile is one you uploaded. There is no analytics SDK in the app. There is no third-party JavaScript loading from someone else's domain on any page that handles your data.
What's public, what's gated, what's private
Public — visible to anyone on the internet without an account: your username, display name, avatar, bio, Instagram handle, website link, the public walks you host (title, city, date, and the general area shown on the map), and the date you joined Blockwalk. RSVP-gated — visible only after you RSVP to a specific walk: the exact meeting-point coordinates, the full waypoint route, any photo tips or notes the host attached, and the attendee roster for that walk. Private — visible only to you (and to Blockwalk staff when strictly necessary to operate the service): your email address, your age attestation, your account creation timestamp, the list of walks you have RSVP'd to, and any safety signals you have submitted. Hosts can see who has RSVP'd to their own walks, but never attendee email addresses.
Hosts and attendee privacy
Hosts never see attendee email addresses. When a host needs to message attendees — for example, to send a weather update or a meeting-point change — Blockwalk relays the message through our system, so the host writes once and we deliver it to each attendee's inbox without exposing their address. Attendees can choose to opt in to direct contact with a specific host on a per-walk basis; until they do, the relay is the only channel. Hosts who try to scrape, export, or otherwise circumvent the relay are subject to account suspension.
Cookies and tracking
Blockwalk sets one cookie: the Supabase authentication session cookie that keeps you signed in. That is it. No tracking cookies, no advertising cookies, no third-party cookies, no consent banner because there is nothing to consent to beyond making the site work. We do not use Google Analytics, Mixpanel, Segment, Amplitude, Posthog, Hotjar, or any equivalent product. We do not have a Facebook Pixel, a TikTok Pixel, a LinkedIn Insight Tag, or any other ad-network identifier. If we ever add lightweight server-side request logging for debugging, it will be aggregate and unattributed, and we will say so here before turning it on.
We send three kinds of email and no others. (1) Magic-link sign-in codes, sent through Postmark when you ask to log in; the link expires within one hour. (2) Waitlist confirmations, sent through Postmark if you joined the waitlist. (3) Walk-related messages from a host you have RSVP'd to, relayed through Postmark — you can opt out of any host's relay at any time from your event page, and you can opt out of all host relays from your account settings. We never send marketing email. We never sell your address to a newsletter. Our outbound mailbox (hello@blockwalk.org) is hosted at Fastmail.
Third-party processors
Running Blockwalk requires a small number of vendors. We use Vercel to host the application, Supabase to store the database and handle authentication, Postmark to send transactional email, Cloudflare for DNS and CDN, and Fastmail for the hello@blockwalk.org mailbox. Each of these processors handles your data only as needed to deliver their part of the service, under their own privacy policies, and only on our instructions. We do not share data with anyone outside this list. We do not have advertising partners, data brokers, affiliate networks, or marketing analytics vendors. If we add a processor, this section will be updated and the effective date will move.
Your rights (GDPR, CCPA, and equivalents)
Wherever you live, you can ask us for a copy of the data we hold about you, ask us to correct anything that is wrong, ask us to export it in a portable format, and ask us to delete your account and the data tied to it. Email hello@blockwalk.org with the request and the email address on your account. We will respond within 30 days, usually faster. We will never charge you a fee for a reasonable request, and we will never make you jump through hoops to exercise a right the law already gives you. If you are in the EU/UK and we cannot resolve a complaint to your satisfaction, you have the right to escalate to your local data protection authority.
Data retention and deletion
Your account stays active until you delete it. When you delete it, we wipe your profile, your email address, your age attestation, and your private records within 30 days. Walks you have hosted may stay visible — past events are part of the public record of what happened in a city — but we will replace your name with an anonymized handle on request. Walks you have RSVP'd to are anonymized in the host's roster on deletion, so the host's count stays accurate but you are no longer identifiable. Magic-link tokens expire automatically within one hour of issue. Server logs are kept for short rolling windows for operational debugging and are not used to profile you.
Subpoenas and law enforcement
We will comply with valid US legal process — a subpoena, court order, or warrant served on Blockwalk by a US authority with jurisdiction. We will not voluntarily share your data with law enforcement without legal process, and we will not proactively monitor your activity for the benefit of any government, agency, or private investigator. When we receive a legal request, we evaluate it for validity and scope and push back on overreach. We publish an annual transparency report covering the requests we received, the requests we complied with, and the requests we resisted — see /transparency. If you are notified of a request that names you, that notification comes from us unless a court has gagged us from telling you.
Children
Blockwalk is an 18+ platform. We require an age attestation at signup and we do not knowingly collect data from anyone under 18. If you are under 18, do not use Blockwalk. If you are a parent, guardian, or other adult who has reason to believe a minor has created an account, email hello@blockwalk.org with the username and we will close the account and delete the data within 30 days, faster if we can confirm the report quickly.
International users
Blockwalk is operated from the United States and our infrastructure (Vercel, Supabase, Postmark, Cloudflare, Fastmail) is primarily US-based. If you use Blockwalk from outside the United States, you are agreeing that your data will be transferred to and stored in the US, where data protection law differs from your home jurisdiction. The rights described above (access, correction, export, deletion) apply regardless of where you live.
Changes to this policy
If we change this policy, we will update the effective date at the top of the page and, for material changes, post a notice in the app for at least 30 days before the change takes effect. We will not retroactively reduce protections on data we already hold. The history of this policy lives in the public Git repository for this codebase, so you can read every word that has ever appeared here.
Contact
Privacy questions, data requests, complaints, corrections, and reports of suspected minor accounts all go to hello@blockwalk.org. A human reads every message and we aim to reply within a few days.
Annual transparency report: government requests, takedowns, and what we held the line on. See /transparency.
Privacy questions or data requests: hello@blockwalk.org.