GDPR Compliance Statement
Last updated May 2026
Commitment
queer.bar is built privacy-first: the current public site stores personal data only on the user's own device and processes geolocation transiently with consent.
Lawful bases
Consent for local storage and geolocation; legitimate interests for security logging.
Data subject requests
Self-service export and erasure are available on the Privacy Settings page for device-held data. For any host-side logs, email privacy@queer.bar.
DPO
A Data Protection Officer is not currently mandatory given the minimal processing, but one should be appointed before launching accounts or large-scale profiling.
Roadmap
When user accounts, performer claiming, and server-stored reports launch, this statement will be updated with the new processing, a Record of Processing Activities (ROPA), and DPIAs where required.
These documents are provided in good faith and describe how queer.bar currently works. They are drafts and not legal advice; have them reviewed by a qualified lawyer before relying on them. Compliance with GDPR, the UK Data Protection Act 2018, and US/EU privacy laws is an ongoing organisational responsibility, not something software alone establishes.