Privacy Policy
Effective Date: April 8, 2026 Version: 2026.02
This Privacy Policy explains what information Gather Media collects, how we use it, and your choices. Gather Media is operated by Open Civic Systems ("OCS"), a California 501(c)(3) nonprofit organization.
1. Our Approach to Privacy
Gather Media is built with privacy as a core value. We do not use advertising, third-party analytics, algorithmic recommendations, or cross-collection user tracking. We collect only what is necessary to operate the platform and serve the communities that use it.
2. What We Collect
2.1 From Anonymous Contributors (Share Link Uploads)
When you upload media through a share link without an account:
| Information | How It Is Stored | Retention |
|---|---|---|
| Uploaded media files | Cloud storage (re-encoded as WebP for images; original format not retained) | Life of the collection |
| GPS coordinates | Extracted from file metadata, stored in database | Life of the collection (only if collection policy permits) |
| Capture date and time | Extracted from file metadata, stored in database | Life of the collection (only if collection policy permits) |
| Compass direction | Extracted from file metadata, stored in database | Life of the collection (only if collection policy permits) |
| Device make and model | Extracted from file metadata, used for direction correction | Life of the collection (only if collection policy permits) |
| Original filename | Stored in database | Life of the asset (used as fallback display title; may appear publicly if no title is assigned) |
| IP address | Hashed using SHA-256 | Removed from active systems within 60 days |
| Upload timestamp | Stored in database | Life of the asset |
What we do NOT collect from anonymous contributors:
- Name, email, or any contact information
- Browser fingerprints or device identifiers
- Cookies (the upload page works without login)
- Advertising or tracking data of any kind
2.2 From Authenticated Users
When you create an account and use Gather Media:
| Information | Who Can See It | Purpose |
|---|---|---|
| Email address | Collection administrators, OCS | Account management, notifications |
| Display name | Other collection members, public (in public collections) | Attribution (you control this) |
| Google profile information | OCS only | Authentication (if using Google sign-in) |
| Upload history | Collection administrators | Collection management |
| Activity (comments, edits) | Collection team | Accountability |
| Policy acceptance record | OCS only | Compliance (version and timestamp) |
2.3 From All Visitors
| Information | Retention | Purpose |
|---|---|---|
| IP address (access logs) | Masked, removed from active systems within 60 days | Platform operations |
| IP address (error logs) | Full, 48 hours | Debugging |
| Session cookie | Session duration | Login state |
| CSRF token | Session duration | Security |
3. How We Handle Your Photos and Videos
3.1 Hidden Metadata in Your Files
Photos and videos contain hidden metadata called EXIF data. This is embedded automatically by your camera or phone, often without you realizing it. It can include your exact GPS location, the time a photo was taken, your device's serial number, camera model, editing software, and more.
3.2 What We Do With Metadata
When you upload files to Gather Media, we automatically remove identifying metadata and re-encode the file. The stored and served versions of your files contain no embedded metadata.
If the collection you are contributing to has opted to collect certain information — such as location, timestamps, or compass direction — that specific data is extracted and stored separately in the database before the rest of the metadata is deleted. You are informed of what data the collection requests before you upload.
This extracted data powers features like placing your photo on a map or timeline, or showing the direction you were facing when the photo was taken.
3.3 What Gets Permanently Deleted
All other metadata is permanently deleted during processing: camera serial numbers, software versions, device identifiers, editing history, and any other embedded information. There is no way to recover this data after processing.
3.4 The Original File
The original file is not retained in its original format. Images are re-encoded as WebP. This means even the full-size stored version contains no embedded metadata and is not in the original file format.
4. File Storage and URL Privacy
- Files are stored in Backblaze B2 cloud storage with unique, unpredictable URLs (long random identifiers)
- URLs cannot be guessed, enumerated, or crawled
- Collection visibility controls (public, unlisted, draft) determine who can browse the gallery; file URLs are a separate layer
- File access can be revoked by the collection team through the platform's content management tools, which hide or permanently delete the file from storage
5. What We Do Not Do
- No advertising. We do not serve ads or use ad tracking.
- No third-party analytics. We do not use Google Analytics or similar services.
- No data sales. We do not sell or share personal data with third parties for their own purposes.
- No algorithmic recommendations. Content is organized by the collection team, not by algorithms.
- No cross-collection tracking. Your activity in one collection is not visible to administrators of another collection. Your collection memberships are fully siloed.
6. Who We Share Data With
| Recipient | What We Share | Why |
|---|---|---|
| Backblaze (B2) | Media files | Cloud storage provider |
| Amazon Web Services (SES) | Email addresses | Sending transactional emails (account verification, notifications) |
| Collection administrators | Member information, upload history | Collection management (within their own collection only) |
| Authorized OCS reviewers | Collection content, member records, activity logs | Support, moderation, security investigations, and platform operations (see Terms of Service §8) |
| Law enforcement | Only if legally compelled | We cannot identify anonymous contributors even if asked — no personal data is collected from them |
7. Account Deletion and Data Retention
If you delete your account:
- Your personal information (name, email, profile) is removed
- Your user ID is retained in anonymized form for referential integrity of collection records
- Media you uploaded remains part of the collection under the license granted at upload (see Terms of Service)
- Your comments are attributed to "deleted user"
For anonymous contributors: no personal data is collected, so there is nothing to delete. Hashed IP addresses are removed from active systems within 60 days.
8. Data Retention and Backups
Data described as "removed from active systems" is deleted from the production database within the stated timeframe. However, database backups may retain data for a limited additional period consistent with our backup retention schedule. Recovering data from backups would require restoring a backup and querying it — this is not part of normal operations and would only occur in disaster recovery scenarios.
9. Children
Gather Media requires all users and contributors to be at least 16 years old. We do not knowingly collect information from anyone under 16. If we become aware that a user is under 16, we will take steps to remove their account and contributions.
10. Your Choices
- Metadata sharing: When uploading to a collection, you are informed of what metadata the collection requests. You choose what to share.
- Display name: You control your display name and can change it at any time.
- Account deletion: You can request deletion of your account and personal information.
- Collection membership: You can leave a collection at any time.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Authenticated users will be prompted to review and accept updated policies on their next login. The effective date at the top of this page indicates when the policy was last revised.
12. Contact
For questions about this Privacy Policy, contact us at privacy@opencivicsystems.org.