Privacy Policy

Introduction

This Privacy Policy outlines our approach to data privacy and protection for our mobile application available on the App Store and Google Play Store.

Data Controller: ASTEKITA. For questions about data processing, please contact us at privacy@astekita.com.

Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

• Contract Performance: Processing necessary to provide our services (authentication, event creation, messaging)
• Legitimate Interests: Service optimization, security, fraud prevention, and analytics
• Consent: For optional features such as profile pictures, preferences, and personalized advertising (where applicable)
• Explicit Consent: For special category data (sensitive information) such as racial/ethnic origin, religious beliefs, political opinions, sexual orientation, etc., as required under GDPR Article 9

You have the right to withdraw your consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal.

Commitment to Privacy

We are committed to:

• Transparency in our data collection and usage practices
• Protection of user privacy and data security
• Compliance with Apple's privacy guidelines and applicable laws
• Regular updates to our privacy practices as our service evolves

Information We Collect

Authentication

We use Sign in with Apple and Sign in with Google for secure authentication.

Essential Information

We collect only the minimum necessary information:

• Email Address:
  • Collected from your authentication provider (Apple or Google) as part of the authentication process
  • If you use Sign in with Apple, your email may be a private relay email address provided by Apple
  • Stored for account identification purposes only
  • Not used for communication or account recovery
  • Not shared with other users or third parties
• Display Name/Nickname:
  • Used for identification within the app
  • May be prepopulated with your first name from your authentication provider (Apple/Google) for convenience, but we do not save your profile name from these services
  • You can change it to any first name or nickname of your choice
  • Only the Display Name you choose is stored in our system
  • Visible to other users
• Profile Picture (Optional):
  • Only collected if you choose to upload one
  • Visible to other users
  • Stored securely on our servers
  • Can be removed or updated at any time
• Birthdate: Collected to determine age for app functionality (filtering and matching). After collection:
  • The month and day are obfuscated, but the year is retained to calculate age
  • The full birthdate is not stored in our database
• Gender: Used for app functionality

Optional Information and Preferences

You may choose to provide additional optional information to enhance your experience:

• Profile Information (Optional): Bio, job/profession, interests, languages, zodiac, and other preferences
• Preferences and Interests: Such as movie preferences, music tastes, hobbies, and other personal interests
• Special Category Data (Sensitive Information): You may optionally provide information such as:
  • Racial or ethnic origin
  • Religious or philosophical beliefs
  • Political opinions
  • Sexual orientation
  • Other special category data as defined under GDPR Article 9

Important Notes About Optional/Sensitive Data:

• All optional information, including sensitive data, is provided voluntarily and at your discretion
• You can add, modify, or remove this information at any time through your profile settings
• This information is used for app functionality (e.g., filtering, matching, recommendations)
• Some of this information (such as interests, job, languages) is visible to other users on your profile
• Special category data (sensitive information) is not visible to other users, but other users can filter based on these criteria
• By providing optional or special category data, you are giving explicit consent for us to process that information for app functionality (filtering, matching, etc.)
• You can remove any optional or sensitive data at any time through your profile settings, which will immediately stop its use for filtering or matching
• All optional data follows the same retention and deletion policies as other user data

User-Generated Content

Our app allows users to create and interact with various types of content:

• Events and Activities:
  • Subject to automatic deletion after completion or expiration
  • Typically retained for 7 days after the event date
  • Historical data may be anonymized for analytics
• Location Data:
  • We collect accurate location data (latitude and longitude) when you create events
  • Location is selected using Google Maps Autocomplete service
  • Location data is stored in our database as part of event information
  • Used to help users find nearby events
  • Location data is automatically deleted when the associated event expires (7 days after the event date)
  • We may access your device's location to help you find nearby events, but this is only used temporarily and not stored unless you create an event
• Chat Messages:
  • Messages are tied to events and are ephemeral
  • Messages are automatically deleted 2 days after the associated event expires
  • Deleted messages are permanently removed and cannot be recovered

Advertising

Our app includes third-party advertising to support our free services. Regarding ad-related data:

• Ad providers may collect:
  • Device identifiers (IDFA on iOS, AAID on Android)
  • General location data (country/region level only)
  • Non-personal usage data for ad optimization
• Users can control ad tracking:
  • iOS: Through App Tracking Transparency prompt
  • Android: Through device settings

Device Information

To improve our service, we collect:

• Basic device type (iOS/Android)
• App performance data
• Error reports

Data Visibility to Other Users

To help you understand what information is visible to other users:

• Public (Visible to Other Users):
  • Display name/nickname
  • Profile picture (if you choose to upload one)
  • Age (calculated from birth year)
  • Gender
  • Bio (if provided)
  • Job/profession (if provided)
  • Interests and preferences (if provided)
  • Languages (if provided)
  • Zodiac (if provided)
  • Events and activities you create (including event location)
• Private (Not Visible to Other Users):
  • Email address
  • Special category data (sensitive information such as racial/ethnic origin, religious beliefs, political opinions, sexual orientation)
  • Chat messages (only visible to participants in the same event chat)

This information is also clearly indicated within the app when you provide it.

Data Minimization and Protection

We follow privacy-by-design principles:

• Display names are limited to appropriate content and length
• Birthdate information is processed for age calculation and immediately obfuscated (month and day removed, year retained)
• No unnecessary personal data collection
• No data sharing with third parties except where required for app functionality and advertising
• Regular data purging of unnecessary information
• Ad tracking limitations based on user preferences and platform guidelines

Third-Party Services

Our app integrates with the following third-party services:

• Authentication providers (Apple, Google)
• Google Maps (for location services and map functionality)
• Advertising networks
• Supabase (for database and backend services)

Each third-party service operates under its own privacy policy. We encourage users to review these policies. We carefully select partners who maintain high privacy standards.

International Data Transfers

Some of our third-party service providers may process your data outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Other appropriate safeguards as required by GDPR

Your Choices

Users have control over their privacy:

• Ad tracking preferences can be managed through device settings
• Users can opt out of personalized advertising
• Age and gender information can be updated by request (right to rectification)
• You can withdraw consent for optional features at any time
• Data deletion requests will be honored within legal requirements

How We Use Information

Your information is used solely for:

• Core app functionality (age, gender, location for event matching, preferences for filtering and matching)
• Service optimization and troubleshooting
• Ensuring app security and preventing misuse

Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal effects or significantly affects you. Event matching based on location and preferences is done to facilitate connections but does not constitute automated decision-making under GDPR.

Data Security

We are implementing industry-standard security measures to protect user data, including:

• Secure data encryption in transit and at rest
• Data obfuscation - user data is stored in coded/encoded formats rather than plain text to enhance security
• Regular security audits
• Secure authentication methods
• Limited data retention periods

Data Retention and Deletion

We implement the following data retention policies:

• Active Data:
  • User profile information (gender, age, optional preferences, and special category data) - retained while account is active
  • Current events and activities (including location data) - until completion or expiration, then retained for 7 days after the event date
  • Chat messages - retained until 2 days after the associated event expires, then permanently deleted
• Automatic Deletion:
  • Expired events are automatically removed after 7 days from the event date
  • Chat messages are permanently deleted 2 days after their associated event expires
  • Inactive accounts may be archived after 12 months of no activity
• Data Recovery:
  • Deleted user-generated content cannot be recovered
  • We do not maintain backups of expired or deleted content
  • System backups are purged according to our retention schedule

Your Rights

Under GDPR and applicable data protection laws, you have the following rights:

• Right of Access: Request access to your personal information
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data (see Account Deletion below)
• Right to Restrict Processing: Request limitation of processing in certain circumstances
• Right to Data Portability: Request a copy of your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us at privacy@astekita.com. We will respond to your request within 30 days.

Account Deletion

We provide two methods for account deletion to ensure you have complete control over your data:

1. In-App Deletion:
   • Access the Settings menu in the app
   • Select "Account" then "Delete Account"
   • Confirm your choice
   • Your account and all associated data will be permanently deleted within 30 days
2. Authentication Provider Deletion:
   • You can revoke app access through your Apple ID or Google Account settings
   • Please contact us to request account deletion
   • Your account and data will be removed within 30 days
   • For Apple users: You can also use "Sign in with Apple" data deletion

Important notes about account deletion:

• Deletion is permanent and cannot be undone
• All your personal data will be removed from our active systems
• Some data may be retained in encrypted backups for up to 90 days
• We may retain certain non-personal information for analytics
• If required by law, some information may be retained for legal compliance

Data Access and Portability

Upon request, we will provide you with a copy of your personal data, which includes:

• Current stored information:
  • Email address (which may be a private relay email if using Sign in with Apple)
  • Display name/nickname
  • Current profile picture (if any)
  • Gender preference
  • Age (calculated from birth year, month and day are not stored)
  • Bio (if provided)
  • Job/profession (if provided)
  • Interests and preferences (if provided)
  • Languages (if provided)
  • Zodiac (if provided)
  • Optional special category data (if provided, such as racial/ethnic origin, religious beliefs, political opinions, sexual orientation, etc.)
  • Active events and activities you created (if any are currently available), including location data (latitude and longitude) for those events
• We do not include in data requests:
  • Original birthdate (as only the year is stored, month and day are not stored)
  • Authentication data (managed by Apple/Google)
  • Advertising data (managed by ad providers)
  • Aggregated or anonymized analytics data
  • Expired or automatically deleted content (events older than 7 days, messages deleted 2 days after event expiration)
  • Chat messages (not included in data exports due to their ephemeral nature)
  • Data related to other users (their profile information, messages they sent, etc.)
  • Content from deleted or deactivated accounts

Important Note About Ephemeral Data

Please be aware that:

• Data export requests only include currently available data
• Chat messages are not included in data exports due to their ephemeral nature
• Expired events and automatically deleted content cannot be included
• The availability of user-generated content depends on when you make the request

How to Request Your Data

You can request your data through:

• The app's settings menu
• Emailing our privacy team at privacy@astekita.com

We will process your request within 30 days and provide the data in a commonly used, machine-readable format (JSON or CSV).

Updates to This Policy

This policy may be updated from time to time. Users will be notified of any significant changes through the app.

Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, and in any event within 72 hours where feasible, in accordance with GDPR requirements.

Right to Lodge a Complaint

If you believe that our processing of your personal data violates GDPR or other applicable data protection laws, you have the right to lodge a complaint with your local data protection supervisory authority. You can find your supervisory authority at https://edpb.europa.eu/about-edpb/board/members_en.

We would appreciate the opportunity to address your concerns first, so please contact us at privacy@astekita.com before filing a complaint.

Contact Us

For questions about this privacy policy, to exercise your data protection rights, or for any privacy-related concerns, please contact us:

• Email: privacy@astekita.com

Data Controller: ASTEKITA