COMMONSPACE USER PRIVACY POLICY
Last Updated: March 26, 2026
1. Introduction
Welcome to Commonspace. This Privacy Policy explains how Commonspace Platforms, Inc., a Delaware corporation ("Commonspace," "Company," "we," "us," or "our"), collects, uses, discloses, and protects your personal information when you use our websites (including common.space and all related subdomains), our mobile applications for iOS and Android (the "Mobile App"), our APIs, and any related services (collectively, the "Services").
Commonspace is a community platform and social network that enables you to create a Profile, post content, follow other users, join community Spaces, and connect with others. This Privacy Policy applies to all users of our Services.
BY USING THE SERVICES, YOU CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR INFORMATION AS DESCRIBED IN THIS PRIVACY POLICY. IF YOU DO NOT AGREE, PLEASE DO NOT USE THE SERVICES.
This Privacy Policy is incorporated into and subject to our User Terms of Service.
2. Information We Collect
The information we may collect in the course of you using the Services may include, but is not limited to, the following:
2.1 Information You Provide
Account Registration:
Email address (required, for login and communications)
First name and last name (required)
Birthdate (required, not publicly displayed on your Profile, used for age verification and regulatory compliance. Shared with Space Owners when you join their Space as a Member, as described in Section 4.1)
City (required, not publicly displayed on your Profile, used for regulatory compliance. Shared with Space Owners when you join their Space as a Member, as described in Section 4.1)
Password (stored securely using industry-standard encryption)
Preferred language
Social Login: You may register or log in using a third-party account from Google, Facebook, Apple, or X (Twitter). When you authenticate via social login, we receive only the minimum information needed to create or verify your account — typically your email address and name. We do not import or store your profile photo, contacts, or other profile data from the social login provider. After initial authentication, you may disconnect your social login at any time. Each provider's privacy policy governs their handling of your data:
Google — https://policies.google.com/privacy
Facebook (Meta) — https://www.facebook.com/privacy/policy/
X (Twitter) — https://x.com/en/privacy
Profile Information:
@username (unique identifier, publicly visible)
Profile image and background image
Display name and pronouns
Bio and about section
Social media links (X/Twitter, Instagram, Facebook, TikTok, LinkedIn, Twitch, website)
Featured links and "Top 8" connections
Content You Create:
Profile Posts you publish to your Profile
Posts, comments, and messages in Space Channels
Images, videos, documents, and media you upload (up to 128MB per file)
Space Membership Information:
Answers to Member Questions created by Space Owners
Your Membership and Item purchase history
Transaction Information:
Purchase history and Membership status
Payment method details (processed and stored by Stripe, NOT by Commonspace)
Billing address
Communications:
Support requests and correspondence with us
Feedback and survey responses
2.2 Information Collected Automatically
When you use our Services, including the Mobile App, we automatically collect at least the following:
Device and Browser Information:
Device type, operating system, and version
Browser type (for web access)
IP address
Device identifiers (including mobile advertising identifiers)
Screen resolution and language settings
App version (for Mobile App)
Usage Information:
Pages and features accessed
Time spent on pages and interaction patterns
Posts viewed and engaged with in your Feed
Spaces visited and joined
Users you follow and interact with
Search queries within the platform
Referring URLs and exit pages
Location Information:
General location derived from IP address
Timezone information
The Mobile App does not collect precise GPS location. We may use general or approximate location information derived from your IP address or city setting for regulatory compliance and service delivery.
Mobile Advertising Identifiers and App Tracking Transparency:
On iOS devices, this includes your Identifier for Advertisers (IDFA). In accordance with Apple's App Tracking Transparency (ATT) framework, we will request your permission before using your IDFA for tracking purposes. You can change this preference at any time under Settings → Privacy & Security → Tracking on your iOS device.
On Android devices, this includes your Google Advertising ID (GAID). You can reset or opt out at any time under Settings → Google → Ads on your Android device.
We do not sell your mobile advertising identifier to third parties. We may share it with analytics providers solely to measure app performance and improve your experience.
Security and Fraud Prevention Data:
We use Google reCAPTCHA Enterprise to protect the Services from automated abuse. reCAPTCHA may collect and analyze interaction data (such as mouse movements, scrolling behavior, and typing patterns), your IP address, and browser information to determine whether you are a human user.
Two-Factor Authentication:
If you enable SMS-based two-factor authentication, we collect and share your phone number with Twilio, Inc. for the purpose of sending verification codes. Your phone number is used solely for authentication and is not used for marketing purposes.
Local Storage on Mobile Devices:
The Mobile App stores authentication tokens and user session data locally on your device using encrypted secure storage (Keychain on iOS, Keystore on Android). This data is only accessible to the Commonspace app and is used to maintain your login session. If you uninstall the Mobile App, this locally stored data is removed.
2.3 Information from Third Parties
We may receive information from:
Stripe: Payment and identity verification information
Social media platforms: If you link accounts
Space Owners: Information about your membership and activity in their Spaces
App stores: Basic installation and crash data
3. How We Use Your Information
We use your information to provide, operate, maintain, and improve the Services, including in connection with customer support, security, and legal compliance.
Providing and Operating the Services:
Creating and managing your Account
Displaying your Profile and Content
Generating your Feed of posts from users you follow and Spaces you've joined
Processing transactions and facilitating payments
Enabling community features (following, Channels, Member Directories)
Delivering experiences including on the Mobile App
Improving and developing new features
Media Processing:
When you upload images or videos, we process them on our servers to optimize quality and performance. This includes resizing images and converting videos to standardized formats (MP4). Original files may contain embedded metadata such as timestamps, device information, and location data (e.g., EXIF GPS coordinates). We recommend removing sensitive metadata before uploading if you do not wish it to be stored.
Communications:
Sending account-related emails (verification, security alerts)
Delivering push notifications through the Mobile App
Notifying you about activity (new followers, posts, etc.)
Enabling Space Owners to communicate with Members
Responding to support requests
Safety and Security:
Detecting and preventing fraud, abuse, and security threats
Enforcing our Terms of Service and Community Guidelines
Age verification for age-appropriate content
Legal and Compliance:
Complying with legal obligations
Responding to legal requests
4. How We Share Your Information
We do not sell your personal information.
4.1 With Space Owners
When you join a Space, the Space Owner receives:
Your name and email address
Your Profile information (based on your settings)
Your city/location and birthdate (for regulatory compliance and age verification)
Your answers to Member Questions
Your purchase history and activity within their Space
Space Owners must protect your data per our Space Owner Agreement. When you leave a Space, the Space Owner no longer has access to your current data. If you delete your Account, Space Owners cannot access your previous data.
4.2 With Other Users
Based on your settings:
Your Profile and Profile Posts may be publicly visible
Your posts appear in the Feeds of your followers
Your posts in Space Channels are visible to other Members
You may appear in Member Directories (based on Space settings)
4.3 With Service Providers
We share Personal Data with the following categories of service providers in order to operate and improve the Services:
Payments and Identity Verification:
Stripe, Inc.: Payment processing and identity verification for Space Owners (KYC). We do not store payment card information on our systems. See https://stripe.com/privacy
Cloud Infrastructure:
Amazon Web Services (AWS): Cloud hosting, data storage (Amazon S3), and database infrastructure. All uploaded content and platform data is stored on AWS in the United States (us-west-1 region). See https://aws.amazon.com/privacy/
Content Accessibility: Publicly accessible content is served via direct URLs. Access-controlled content (paid downloads, Member-only media) is served via time-limited, authenticated URLs that expire automatically.
Communications:
SendGrid (Twilio Inc.): Transactional and marketing email delivery. See https://www.twilio.com/legal/privacy
Twilio, Inc.: SMS-based two-factor authentication. See https://www.twilio.com/legal/privacy
Push Notifications:
Expo (650 Industries, Inc.): Push notification SDK and token management. See https://expo.dev/privacy
Google Firebase Cloud Messaging: Android push notification delivery. See https://policies.google.com/privacy
Apple Push Notification Service: iOS push notification delivery. See https://www.apple.com/legal/privacy/
You may disable push notifications at any time in the Mobile App settings or your device settings.
Security and Fraud Prevention:
Google reCAPTCHA Enterprise: Bot and fraud prevention. See https://policies.google.com/privacy
Analytics:
Google Analytics: Usage analytics and performance improvement. You can opt out at tools.google.com/dlpage/gaoptout.
Other Google Services:
Google Fonts: Font files loaded from Google servers when rendering Space themes.
Google Maps: Location autocomplete during account setup.
4.4 With Third-Party Integrations (Space Plugins)
Space Owners may enable optional third-party integrations ("Plugins") within their Spaces. Your data is only shared with a Plugin service after you opt in. Currently known or planned Plugins include:
Zoom Video Communications — Video conferencing. See https://explore.zoom.us/en/privacy/
Discord — Community chat integration. See https://discord.com/privacy
Shopify — E-commerce integration. See https://www.shopify.com/legal/privacy
WhatsApp (Meta Platforms) — Messaging integration. See https://www.whatsapp.com/legal/privacy-policy
The list of available Plugins is maintained at https://common.space/legal/plugins.
4.5 For Legal Reasons
We may disclose information to comply with law, respond to government requests, protect our rights, or prevent harm.
4.6 Business Transfers
In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity. If you are located in the EEA, UK, or Switzerland, we will ensure any such transfer complies with applicable data protection law.
5. Data Retention
We keep your information only for as long as needed:
Account information: deleted or anonymized within 90 days of account closure
Transaction records: kept for 7 years as required by tax and financial regulations
Content: kept until you delete it or close your account, then removed within 90 days
Usage and log data: kept for up to 12 months, then aggregated or anonymized
When you delete your account, we begin the deletion process promptly. Some information may be retained longer where required by law or needed to resolve an active dispute.
For questions about your data, contact us at [email protected].
6. Your Rights and Choices
You can update your personal information at any time through your Commonspace account settings. Depending on your location, you may have certain rights regarding your personal information, including:
Access the personal information we hold about you
Correct inaccurate or incomplete information
Request deletion of your personal information
Request a copy of your information in a portable format
Object to or restrict certain processing
Withdraw consent where processing is based on consent
To exercise these rights, contact us at [email protected]. We will respond within 30 days of receipt.
7. Additional Rights for EEA, UK, and Swiss Users
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the following additional terms apply under GDPR and applicable local law.
7.1 Lawful Bases for Processing
Performance of a contract (Article 6(1)(b)): to provide you with our Services and fulfill our obligations to you.
Legitimate interests (Article 6(1)(f)): to operate and improve the platform, prevent fraud, and ensure security.
Consent (Article 6(1)(a)): for optional features such as marketing communications and non-essential cookies.
Legal obligation (Article 6(1)(c)): where processing is necessary to comply with applicable law.
7.2 Your Data Subject Rights
Right of access (Article 15)
Right to rectification (Article 16)
Right to erasure (Article 17)
Right to restriction of processing (Article 18)
Right to data portability (Article 20)
Right to object (Article 21)
7.3 How to Exercise Your Rights
Submit a written request to [email protected]. We will respond within 30 days.
7.4 Right to Lodge a Complaint
You have the right to lodge a complaint with your local data protection supervisory authority. EEA supervisory authorities are listed at https://edpb.europa.eu. UK users may contact the ICO at ico.org.uk.
7.5 International Data Transfers
When we transfer your personal data outside the EEA or UK, we do so on the basis of Standard Contractual Clauses or another valid transfer mechanism under Article 46 GDPR. Contact [email protected] for more information.
8. Information for California Residents (CCPA/CPRA)
If you are a California resident, you have specific rights under the CCPA and CPRA. Categories of personal information we collect include: Identifiers, Personal information under Cal. Civ. Code § 1798.80, Commercial information, Internet or network activity information, General geolocation information, and Inferences.
Your California Privacy Rights:
Know what personal information we collect and how we use it
Request deletion of your personal information
Request correction of inaccurate personal information
Opt out of the sale or sharing of personal information (we do not sell personal information)
Not be discriminated against for exercising your privacy rights
Limit the use of your sensitive personal information
To exercise any of these rights, contact us at [email protected].
8A. Information for Users in Japan (APPI)
If you are located in Japan, the following additional terms apply under the Act on the Protection of Personal Information (APPI).
Business Operator: Commonspace Platforms, Inc. Contact [email protected] for personal information inquiries.
Purpose of Use: We use your personal information for the purposes set forth in Section 3 of this Privacy Policy. We will not use your personal information beyond the scope necessary without your prior consent.
Provision to Third Parties: We may provide your personal information to third parties as described in Section 4. By using the Services, you consent to such provision.
Cross-Border Transfer: Your personal information is transferred to and processed in the United States. By using the Services, you consent to this cross-border transfer.
Your Rights Under APPI: You have the right to request notification, disclosure, correction, suspension of use, and suspension of third-party provision of your personal information. Contact [email protected] to exercise these rights.
Complaints: You may contact the Personal Information Protection Commission (PPC) of Japan at https://www.ppc.go.jp/en/.
9. Cookies and Tracking
We use cookies and similar technologies to operate and improve the Services.
Essential cookies — Strictly necessary for authentication, session management, and security. Cannot be disabled without impairing the Services.
Functional cookies — Remember your preferences and settings for a more personalized experience.
Analytics cookies — Help us understand how users interact with the Services. We use Google Analytics.
Your Cookie Choices: You can manage or delete cookies through your browser settings. EEA, UK, and Swiss users: we will obtain your consent before placing non-essential cookies, in accordance with the ePrivacy Directive.
Do Not Track: We currently do not respond to DNT signals, as no uniform standard has been adopted.
10. Children's Privacy
The Services are intended for users who are at least 18 years of age (in the United States) or the age of majority in their jurisdiction. We do not knowingly collect personal information from anyone who does not meet these age requirements. If you believe someone below the applicable age has provided personal information to us, please contact us at [email protected].
11. Data Security
We implement reasonable administrative, technical, and physical safeguards including:
Encryption of data in transit (TLS) and at rest
Secure password hashing
Access controls limiting access to personal information
Regular security assessments and monitoring
Ongoing employee training on data protection
We do not store sensitive payment information on our systems. While we work to protect your information, no method of transmission over the internet is completely secure.
Data Breach Notification: In the event of a security breach, we will notify you without undue delay and in accordance with applicable law, including notifying relevant supervisory authorities within 72 hours where required under GDPR Article 33.
Automated Decision-Making: We do not use automated decision-making that produces legal or similarly significant effects on you. Our content Feed is chronological and not driven by algorithmic profiling.
12. International Users
Commonspace is operated from the United States and currently supports users in the United States and Japan. If you access the Services from outside the United States, your personal information may be transferred to, stored in, and processed in the United States.
13. Third-Party Links
Our Services may include links to third-party websites or services. We do not control these third parties, and this Privacy Policy does not apply to their practices.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes, we will update the "Last Updated" date. If we make material changes, we may also provide additional notice by email or through the Services.
15. Contact Us
Commonspace Platforms, Inc.
Privacy Inquiries: [email protected]
General Legal: [email protected]
Security Issues: [email protected]
Website: https://common.space
Help Center: https://help.common.space
Address: 6121 Sunset Blvd, Los Angeles, CA 90028, United States
16. Summary of Key Points
Your birthdate and city are collected for regulatory purposes and are kept private
We do not sell your personal information
Your Feed is chronological and not driven by advertising algorithms
When you join a Space, certain information is shared with the Space Owner as described above
Payments are processed securely by Stripe; we do not store your payment details
You can manage, update, or delete your information through your Account settings
We comply with applicable privacy laws, including GDPR and CCPA
BY USING THE SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY.