# Privacy Policy - Genau
**Last Updated:** December 24, 2025
**Effective Date:** December 24, 2025
## Introduction
Welcome to Genau ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy in accordance with the EU General Data Protection Regulation (GDPR) and German data protection laws (BDSG).
This privacy policy explains how we collect, use, store, and protect your information when you use our mobile application.
**Data Controller:**
Yasin Toy
Berlin, Germany
Email: getgenauapp@gmail.com
## Legal Basis for Processing (GDPR Article 6)
We process your personal data based on the following legal grounds:
| Data Type | Legal Basis |
| ------------------- | --------------------------------------------- |
| Account information | Contract performance (to provide the service) |
| Location data | Consent (you grant permission) |
| Check-in data | Contract performance |
| Push notifications | Consent (you can opt-out anytime) |
| Payment data | Contract performance |
| Usage analytics | Legitimate interest (improving the app) |
| Moderation data | Legitimate interest (platform safety) |
## Information We Collect
### 1. Account Information
When you sign up using Apple Sign In, we collect:
- Full name (from Apple or entered by you)
- Apple ID (anonymized relay identifier)
- Email address (optional, may be hidden by Apple)
- Username (chosen by you)
- Profile photo (optional, uploaded by you)
### 2. Location Data
- **While Using the App:** We collect your location only when the app is open and active to show nearby places, enable check-ins, and display your position to mutual friends
- **No Background Location:** We do NOT collect your location when the app is closed or in the background
- **Check-in Locations:** We store the locations where you check in
- **Purpose:** Location data is used solely to provide core app features
**You can disable location access anytime in your device Settings.**
### 3. Check-In Data
- Place name and address
- Photos you upload with check-ins
- Date and time of check-ins
- Associated place coordinates
### 4. Social Data
- Your followers and following relationships
- Mutual friend connections
- Conversations and messages with other users
### 5. Payment Information
- Purchase history for conversation credits
- Transaction IDs from Apple App Store
- **Note:** We do NOT store credit card numbers or payment details. All payments are processed securely by Apple.
### 6. Device & Technical Data
- Device model and operating system version
- Push notification tokens (for sending notifications)
- App version
- Crash reports and performance data
### 7. Communication Data
- Messages sent through the app
- Notification preferences
### 8. Moderation & Safety Data
To maintain a safe community, we collect:
- **User Reports:** When you report another user or content, we store the report reason, any details you provide, and timestamps
- **Block Records:** When you block another user, we record this to enforce the block
- **Moderation Actions:** Records of any moderation actions taken on your account (warnings, suspensions, etc.)
This data is used to:
- Review and act on reported violations
- Enforce blocks between users
- Maintain platform safety
- Comply with legal obligations
## How We Use Your Information
We use the collected data to:
- **Provide Core Features:** Enable check-ins, show nearby places, display friend locations while app is active
- **Enable Messaging:** Allow conversations between users who have unlocked messaging
- **Send Notifications:** Notify you about messages, friend activity (with your consent)
- **Process Payments:** Handle in-app purchase transactions
- **Personalize Experience:** Show your check-in history and profile
- **Improve the App:** Analyze usage patterns, fix bugs, enhance features
- **Ensure Security:** Prevent fraud, abuse, and protect user accounts
## Data Storage and Security
### Where We Store Your Data
- **Primary Backend:** Supabase (servers located in EU - Frankfurt, Germany)
- **Photo Storage:** Supabase Storage (EU region)
- **Payment Processing:** Apple App Store (Apple's infrastructure)
### Security Measures
- All data transmitted via HTTPS/TLS encryption
- Database encrypted at rest
- Row-level security policies (you can only access your own data and data shared by friends)
- Secure authentication via Apple Sign In
- Regular security updates and monitoring
## Data Sharing
### We DO NOT:
- Sell your personal data to third parties
- Share your location with advertisers
- Use your photos for marketing without explicit consent
- Share your data with data brokers
### We MAY Share Data With:
| Recipient | Purpose | Data Shared |
| --------------------- | ------------------------- | ----------------------------------------------- |
| Mutual Friends | Social features | Profile, location (while app active), check-ins |
| Other Users at Places | Place discovery | Check-in photos at shared locations |
| Supabase (Processor) | Backend services | All app data (under Data Processing Agreement) |
| Apple | Authentication & Payments | Sign-in tokens, purchase transactions |
| Legal Authorities | Legal obligation | As required by German/EU law |
### Moderation Data Confidentiality:
- **Reports are confidential:** Reported users are NOT notified who reported them
- **Block records are private:** Only you can see who you've blocked
- **Moderation team access:** Only our moderation team reviews reports
## Data Retention
| Data Type | Retention Period |
| ------------------ | -------------------------------------------------------------------- |
| Account data | Until account deletion |
| Check-ins & photos | Until account deletion or manual deletion |
| Messages | Until account deletion |
| Location data | Not stored persistently (only used in real-time while app is active) |
| Payment history | 10 years (German tax law requirement) |
| User reports | 2 years (for safety and legal compliance) |
| Block records | Until unblocked or account deletion |
| Moderation actions | Account lifetime (for safety enforcement) |
| Deleted accounts | Permanently erased within 30 days |
## Your Rights Under GDPR
As an EU/German resident, you have the following rights:
### Right to Access (Art. 15)
Request a copy of all personal data we hold about you.
### Right to Rectification (Art. 16)
Correct inaccurate or incomplete personal data.
### Right to Erasure / "Right to be Forgotten" (Art. 17)
Request deletion of your personal data. Use Settings → Delete Account in the app, or contact us.
### Right to Restrict Processing (Art. 18)
Request limitation of how we process your data.
### Right to Data Portability (Art. 20)
Receive your data in a structured, machine-readable format.
### Right to Object (Art. 21)
Object to processing based on legitimate interests.
### Right to Withdraw Consent (Art. 7)
Withdraw consent at any time (e.g., disable location, notifications).
### Right to Lodge a Complaint
You may file a complaint with:
- **German Data Protection Authority (BfDI):** bfdi.bund.de
- **Berlin Data Protection Authority:** datenschutz-berlin.de
**To exercise your rights, contact us at:** getgenauapp@gmail.com
We will respond within **30 days** as required by GDPR.
## Your Privacy Controls
### Location
- Location is ONLY used while the app is open
- Disable in: iOS Settings → Genau → Location → Never
### Push Notifications
- Enable/disable in: App Settings → Notifications
- Or: iOS Settings → Genau → Notifications
### Profile Visibility
- Only mutual friends can see your location
- Control your profile photo and information in Profile settings
### Messages
- You control who can message you (requires mutual connection or credit purchase)
### Account Deletion
- Settings → Delete Account
- This permanently removes ALL your data within 30 days
## Third-Party Services
### Supabase (Data Processor)
- **Purpose:** Backend database, authentication, file storage
- **Location:** EU (Frankfurt, Germany)
- **Data Processing Agreement:** In place per GDPR Art. 28
- **Privacy Policy:** <https://supabase.com/privacy>
### Apple Services
- **Apple Sign In:** Authentication
- **App Store:** Payment processing
- **APNs:** Push notification delivery
- **Privacy Policy:** <https://apple.com/privacy>
## Push Notifications
We send push notifications for:
- New messages from other users
- Friend activity (optional)
**You can disable notifications anytime** in app Settings or iOS Settings.
We store device tokens securely and delete them when you:
- Disable notifications
- Delete your account
- Uninstall the app
## In-App Purchases
- Conversation credits are processed through Apple App Store
- We receive transaction confirmations but NO payment card details
- Purchase history retained for legal/tax compliance
- Refunds handled through Apple per their policies
## Children's Privacy
Genau is **not intended for users under 16 years of age** (GDPR age of consent in Germany). We do not knowingly collect data from children under 16. If you believe a child has provided us with personal data, contact us immediately at getgenauapp@gmail.com.
## International Data Transfers
Your data is primarily stored within the EU (Germany). If any data is transferred outside the EU/EEA, we ensure appropriate safeguards:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions by the EU Commission
## Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within **72 hours**
- Notify affected users without undue delay
- Document all breaches and remediation steps
## Changes to This Policy
We may update this privacy policy periodically. For significant changes, we will:
- Update the "Last Updated" date at the top
- Show an in-app notification
- Request renewed consent if required
Your continued use after changes constitutes acceptance, unless consent is required.
## Contact Us
**Data Controller:**
Yasin Toy
Email: getgenauapp@gmail.com
**For privacy inquiries, data requests, or complaints:**
Email: getgenauapp@gmail.com
We aim to respond to all requests within **30 days**.
---
## Quick Summary
| Topic | Summary |
| --------------------- | --------------------------------------------------------------- |
| **What we collect** | Profile, location (while app open), check-ins, photos, messages |
| **Location tracking** | Only while app is active - NO background tracking |
| **Data storage** | EU servers (Frankfurt, Germany) |
| **Data sharing** | Only with mutual friends, never sold to advertisers |
| **Moderation data** | Reports & blocks stored securely, reports are confidential |
| **Your rights** | Full GDPR rights: access, delete, port, object |
| **Payments** | Processed by Apple, we don't see card details |
| **Delete account** | Settings → Delete Account (permanent within 30 days) |
---
_Genau is committed to transparency, privacy, and GDPR compliance. Questions? Contact getgenauapp@gmail.com_