offline
Legal

Privacy Policy

What data we collect, why, who processes it, and your rights.

DRAFT — legal review before official launch.

Who we are

The data controller is offline (the "Operator"). Contact: support@beoffline.app.

What data we collect

• Identification: name, email, date of birth, age, and whether the user is under 18 (`isUnder18`) for adult-content filtering.

• Gender: female/male/other. Not publicly shown on your profile — used solely to gate access to the "Women only" safety feature for private events. Processed on the basis of legitimate interest (Art. 6(1)(f) GDPR) and in accordance with Slovak Anti-Discrimination Act 365/2004, which permits differential treatment based on gender if it pursues a legitimate aim (here: women's safety at offline meetups). The value cannot be changed in the app after first setting — corrections are handled via support.

• Profile: photos, bio, interests, preferred search radius, home location (if you set one).

• Activity: created events, attendance (with GPS verification), swipes (Yes/No after event — kept only to enable the post-event match window; auto-deleted 90 days after the event), bookmarks, reviews, messages.

• No automated decision-making under Art. 22 GDPR. Matches are purely mechanical (mutual Yes) — no algorithmic decisioning or profiling.

• Affiliate: unique code and the inviter's code (`affiliateReferredBy`) — stored permanently for the affiliate program. The code is invisible to third parties except the operator.

• Communication behavior: list of muted chats, pinned chats, notification preferences. Processed for app functionality (Art. 6(1)(b) GDPR).

• Notification token (Expo Push) — used solely to deliver notifications. Explicitly nulled before cascade on account deletion.

• Technical: device model, logs, anonymized errors.

• Payment: via Stripe. The Operator does not see card numbers — they are processed only by Stripe.

Why we process data (legal basis)

• Performance of contract (Art. 6(1)(b) GDPR) — without this the App cannot function.

• Consent (Art. 6(1)(a) GDPR) — for marketing notifications and optional extensions.

• Legitimate interest (Art. 6(1)(f) GDPR) — security, fraud prevention, analytics.

• Legal obligation (Art. 6(1)(c) GDPR) — accounting and tax obligations.

Retention period

• Account and profile: during account lifetime.

• Group chats: kept 1 month after event end, then automatically deleted. After account deletion, your messages in group chats remain with an anonymized signature "Deleted account" — based on the legitimate interest of other participants (Art. 6(1)(f) GDPR).

• Direct chats: until deleted by one of the participants or until account deletion.

• Payment records: 10 years (statutory accounting obligation — Slovak Act 431/2002). This data is also retained by our processor Stripe.

• Application error logs: 30 days (TTL set in database; legitimate interest — diagnostics and service stability). We do not collect IP addresses.

• Swipes (Yes/No after event): auto-deleted 90 days after event end (legitimate interest — match window functionality; not usable beyond that window).

• Firebase backup window (Point-in-Time Recovery): 7 days.

Processors (third parties)

Selected personal data is processed by our processors, contractually bound under Art. 28 GDPR (DPA). Transfer of data outside the EEA is covered by Standard Contractual Clauses (SCC) per EC Decision 2021/914 or by an adequacy decision.

• Google Ireland Ltd. (Firebase) — authentication, Firestore database, Storage, Cloud Functions, hosting. Data held in europe-west1 region (Belgium, EEA). Safeguard: DPA + standard GDPR clauses.

• Stripe Payments Europe Ltd. (Ireland) — payment processing, KYC for business accounts (Stripe Connect), refunds, dispute management. Some technical data may be processed by Stripe Inc. (USA) — covered by SCC. Safeguard: Stripe DPA, PCI-DSS Level 1.

• Expo (Pollux Labs Inc., USA) — push notification infrastructure (Expo Push API). Push token + notification body (title + message preview) pass through US infrastructure. Safeguard: SCC.

• Apple Inc. (USA) and Google LLC (USA) — APNs and FCM delivery infrastructure for push (via Expo). Safeguard: SCC.

Retention in backups: Firebase Firestore has system backups (Point-in-Time Recovery) with max 7-day retention. After account deletion, personal data may persist in backups for max 7 days, during which they are not actively used.

The current list of processors may change — we will update this policy and version-tag the change when a new processor is added.

Your rights

• Right to access your data.

• Right to rectification of inaccurate data. Some data (date of birth, gender, affiliate code) is immutable after setting in the app to preserve integrity of safety features and the program; corrections via email to support@beoffline.app.

• Right to erasure ("right to be forgotten"). On account deletion the following is retained: (a) your group chat messages with an anonymized "Deleted account" signature (legitimate interest of other participants, Art. 6(1)(f)), (b) payment records for 10 years in accounting archives (statutory obligation — Slovak Act 431/2002), (c) Firebase backups max 7 days.

• Right to restriction of processing.

• Right to data portability (JSON export via the app, max 1× per 24h per Art. 12(5) — proportionate to cost).

• Right to object to processing.

• Right to lodge a complaint with the Slovak Office for Personal Data Protection.

To exercise your rights, contact us at support@beoffline.app.

Geolocation

The App uses device location to show nearby events and verify attendance. You may disable location anytime in OS settings — the App will then use your set home location or the default (Bratislava).

Push notifications and cookies

We send push notifications only if you allow them. Disable anytime in App or OS settings.

The mobile App does not use classic HTTP cookies — it runs as a native app.

The website beoffline.app uses minimal client-side storage (sessionStorage) to temporarily store an invite code from the `?ref=...` URL parameter — this storage is automatically cleared when the browser tab/window is closed. We do not use third-party tracking or analytics cookies. When signing into the business portal (`/ucet/*`), Firebase Auth stores its authentication token locally (IndexedDB), which is "strictly necessary" within the meaning of the ePrivacy Directive (Art. 5(3) exception) — without it you couldn't sign in.

Children

The App is not intended for persons under 16. If we learn of such an account, we will remove it.

Changes to the policy

For material changes we will notify you in the App. We retain older versions.