← Back to Home

Privacy Policy

1. Introduction

Stammtisch ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our event management platform, including our mobile applications, web applications, and website (collectively, the "Service").

This policy applies to all users worldwide and complies with applicable privacy laws including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant privacy regulations.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Email address, display name, password (encrypted)
• Profile Information: Optional profile details, preferences, and settings
• Event Data: Event details, RSVPs, location preferences, and voting data
• Communications: Messages, invitations, and notifications you send through our Service
• Email Subscriptions: Email addresses submitted for product updates and newsletters

2.2 Information Collected Automatically

• Usage Data: App interactions, feature usage, and session information
• Device Information: Device type, operating system, app version
• Log Data: IP addresses, access times, error logs (anonymized where possible)
• Analytics Data: Aggregated usage statistics and performance metrics

2.3 Information from Third Parties

• Authentication Services: If you sign in through third-party providers
• Payment Processors: Billing information processed by Stripe (we do not store payment details)

3. How We Use Your Information

3.1 Service Provision

• Create and manage your account
• Facilitate event creation, invitations, and RSVPs
• Process voting and location preferences
• Send service-related notifications and communications
• Provide customer support

3.2 Service Improvement

• Analyze usage patterns to improve features
• Monitor and maintain service performance
• Develop new features and functionality
• Conduct security monitoring and fraud prevention

3.3 Marketing Communications

• Send product updates and newsletters (with consent)
• Notify about new features and improvements
• Share relevant event management tips and best practices

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Contract Performance: To provide our Service as agreed
• Legitimate Interest: To improve our Service, ensure security, and provide support
• Consent: For marketing communications and optional features
• Legal Obligation: To comply with applicable laws and regulations

5. Information Sharing and Disclosure

5.1 We Share Information:

• Within Your Stammtisch Groups: Event details and RSVPs with group members
• Service Providers: Third-party services that help us operate (Firebase, Stripe, email services)
• Legal Requirements: When required by law, court order, or to protect rights and safety
• Business Transfers: In connection with mergers, acquisitions, or asset sales

5.2 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit and at rest
• Access controls and authentication
• Regular security assessments and monitoring
• Secure cloud infrastructure (Firebase/Google Cloud)
• Employee training on data protection

7. Data Retention

• Account Data: Retained while your account is active and for 30 days after deletion
• Event Data: Retained for 2 years after event completion for historical purposes
• Email Subscriptions: Until you unsubscribe
• Log Data: Retained for 90 days for security and debugging purposes
• Backup Data: May be retained for up to 1 year in encrypted backups

8. Your Rights (GDPR & CCPA)

You have the following rights regarding your personal data:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Limit how we process your data
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for consent-based processing
• Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at privacy@stammtisch.pro

9. International Data Transfers

Your data may be processed in countries outside your residence, including the United States. We ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Other appropriate safeguards as required by law

10. Children's Privacy

Our Service is not intended for children under 16 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If we become aware of such collection, we will delete the information promptly.

11. Cookies and Tracking

We use essential cookies and similar technologies to:

• Maintain your session and preferences
• Ensure security and prevent fraud
• Analyze usage patterns (with anonymized data)
• Improve service performance

You can control cookies through your browser settings, though this may affect service functionality.

12. Third-Party Services

Our Service integrates with third-party services:

• Firebase/Google Cloud: Data hosting and authentication
• Stripe: Payment processing (we don't store payment details)
• Email Services: Transactional and marketing emails

These services have their own privacy policies and terms of service.

13. California Privacy Rights (CCPA)

California residents have additional rights:

• Right to know what personal information is collected and how it's used
• Right to delete personal information
• Right to opt-out of the sale of personal information (we don't sell data)
• Right to non-discrimination for exercising privacy rights

14. Updates to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes through:

• Email notification to registered users
• In-app notifications
• Website announcements

Continued use of our Service after changes constitutes acceptance of the updated policy.

15. Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection Officer at dpo@stammtisch.pro

16. Contact Information

For privacy-related questions, concerns, or to exercise your rights, contact us:

• Email: privacy@stammtisch.pro
• Data Protection Officer: dpo@stammtisch.pro
• Address: [Your Business Address]

EU Representative (if applicable):

If you are in the European Union and we do not have an establishment there, our EU representative can be contacted at: eu-representative@stammtisch.pro

Supervisory Authority:

You have the right to lodge a complaint with your local data protection authority if you believe we have not addressed your concerns adequately.

17. Definitions

• Personal Data: Any information relating to an identified or identifiable natural person
• Processing: Any operation performed on personal data, including collection, storage, use, and deletion
• Controller: Stammtisch, as the entity determining the purposes and means of processing
• Processor: Third-party services that process data on our behalf