Privacy Policy

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Gregor Brilla (Sole Proprietor / Einzelunternehmer)
Ahornallee 37A
16547 Birkenwerder
Germany
Email: support@streazy.app

A data protection officer has not been appointed, as the legal requirements according to Art. 37 GDPR are not met.

2. Subject Matter and Scope of the Privacy Policy

(1) This Privacy Policy applies to the use of the mobile app STREAZY, which is offered for devices with the Android and iOS operating systems.

(2) It informs about the type, scope, and purpose of the processing of personal data when using the app, as well as the rights of the data subjects under the General Data Protection Regulation (GDPR).

(3) This Privacy Policy applies to the use of the STREAZY app. STREAZY is provided worldwide. For users outside the European Union, the provisions in the section 'Additional Information for Users Outside the European Union' at the end of this policy apply supplementarily.

(4) The STREAZY app may contain links or references to external websites, services, or third-party content (e.g., app store pages, support or help pages of external providers, or Google Maps for location sharing). When accessing such content, you leave the area of responsibility of STREAZY.

(5) For data processing by these third-party providers, only their own privacy policies apply. The provider has no influence on the type, scope, and purpose of data processing by third parties and assumes no responsibility for this.

3. Processed Personal Data

(1) Within the scope of using the STREAZY app, the following categories of personal data are processed – depending on the type and scope of use:

a) Registration and Account Data

The provision of the following personal data is necessary for the conclusion and performance of the user agreement:

• Email address
• Username
• Password (stored in a secure, non-plaintext format)
• Date of birth
• Gender specification

Without this data, it is not possible to use the STREAZY app. The provision of further data (e.g., profile information) is voluntary.

b) Profile Data (Voluntary Information)

• Description text
• Interests
• Relationship status
• Profile pictures
• Information on life situation

The provision of this data is voluntary. Profile data may – depending on the settings and the use of the app – be visible to other users.

c) Location Data

The provision of location data is mandatory for the use of the core functions of STREAZY, as the app is based on location-based matching and the display of users in physical proximity. Use of the app is not possible without sharing the location. Location data is used exclusively to provide location-based functions within the app. Details on the processing, storage, and duration of use of location data are regulated in Section 7 of this Privacy Policy.

d) Communication Data

This data is processed to provide the communication and contact functions of the app. Details on the processing, storage, and erasure of communication data are regulated in Section 8 of this Privacy Policy.

e) Usage and Interaction Data

This data is required to provide the core functions of the app, improve the user experience, and prevent abuse.

f) Device and Technical Data

This data is processed exclusively for technical purposes, to ensure security, stability, and for error analysis. Further information on push notifications can be found in Section 10 of this Privacy Policy.

g) Payment and Subscription Information

When concluding a paid premium subscription (e.g., Streazy Plus), payment data is processed exclusively by the respective app store (Google Play Store or Apple App Store). For the management of subscriptions and the technical connection to the app stores, we use the service "RevenueCat" (RevenueCat, Inc., USA). RevenueCat processes subscription and device identifiers (e.g., anonymous App User ID, Store Product ID, purchase status), but no full payment data or credit card information.

The provider does not receive full payment or credit card data, but only information about the status of the subscription (e.g., active or inactive) to the extent necessary to provide the premium functions.

h) Special Categories of Personal Data

Processing of special categories of personal data within the meaning of Art. 9 GDPR (e.g., health data, biometric data, or comparable sensitive information) does not take place. Insofar as users voluntarily provide information in profile descriptions, messages, or other free-text fields from which special categories of personal data within the meaning of Art. 9 GDPR could emerge, no targeted processing, evaluation, or categorization of this information is carried out by the provider. This content serves exclusively for user-side communication and representation and is not used for profiling, matching, or advertising purposes.

4. Purposes of Processing Personal Data

The processing of personal data within the scope of using the STREAZY app takes place exclusively for the following purposes:

Processing of personal data for purposes other than those mentioned above does not take place.

5. Legal Bases for Processing

The processing of personal data within the scope of using the STREAZY app takes place exclusively on the basis of the following legal bases of the General Data Protection Regulation (GDPR):

a) Art. 6(1)(b) GDPR – Performance of Contract

The processing of personal data is necessary to establish, perform, and terminate the user agreement between the user and the provider, as well as to implement pre-contractual measures. This applies in particular to:

• the registration and management of the user account,
• the authentication of users,
• the implementation of search, matching, and communication functions,
• the display of users in the local environment after a preceding location query,
• the provision of basic app functions,
• the management and assignment of premium subscriptions.

Without this processing, it is not possible to use the STREAZY app.

b) Art. 6(1)(a) GDPR – Consent

Insofar as consent is required for certain functions of the app, the processing of personal data is based on a voluntarily granted consent of the user. This applies in particular to the processing of personal data in connection with receiving push notifications and the use of location-based functions. Consent granted can be revoked at any time with effect for the future. Details on revocation are regulated in Section 17 of this Privacy Policy.

c) Art. 6(1)(f) GDPR – Legitimate Interest

The provider processes personal data insofar as this is necessary to safeguard legitimate interests and no overriding interests or fundamental rights of the data subject stand in the way. Legitimate interests exist in particular in:

• ensuring the technical operation, stability, and security of the app,
• abuse, fraud, and spam prevention,
• enforcing the terms of use,
• error analysis and system optimization,
• defense as well as enforcement of legal claims.

d) Art. 6(1)(c) GDPR – Legal Obligation

Insofar as the provider is legally obliged to process or store personal data (e.g., due to commercial or tax regulations), the processing takes place on the basis of legal obligations.

(2) Automated Decision-Making

Automated decision-making within the meaning of Art. 22 GDPR does not take place. In particular, no decisions with legal effect or comparably significant impairment are made exclusively automatically. Search, matching, and filter functions serve exclusively to display potentially relevant content and have no legal impact for the affected users.

6. Registration and User Account

(1) The use of the STREAZY app requires the creation of a user account. Registration is necessary for this. The provision of certain personal data (e.g., email address, age, gender, location sharing for certain functions) is required for the conclusion and performance of the user agreement. Without this information, no user account can be created and the app cannot be used.

(2) Registration and login take place via Firebase Authentication. The provider processes the data required for authentication exclusively for the purpose of account creation, login, and securing the user account.

(3) Users can delete their user account at any time using the functions provided in the app. Deleting the user account ends further use of the app.

(4) After deleting the user account, personal data is erased, provided that no legal retention obligations or legitimate interests of the provider (e.g., abuse prevention or legal enforcement) stand in the way of immediate erasure. Further information on this is contained in Section 14 of this Privacy Policy.

7. Location Data

(1) STREAZY processes location data only if the user has expressly consented to access to their location via the authorization settings of the terminal device.

(2) The user's location is recorded once each time the app is started or opened. Continuous, permanent, or ongoing location tracking does not take place.

(3) To provide location-based functions, the user's last recorded location within the scope of an active use or search is stored. This storage takes place exclusively to enable functions such as the display of users in physical proximity or the aggregated display on the activity map.

(4) The processing of location data takes place exclusively for the following purposes:

• Display of users in physical proximity,
• Conducting solo and group searches,
• Provision of location-based functions,
• Creation of an aggregated activity map.

(5) The aggregated activity map is based on statistically summarized location data from several users and serves exclusively for the anonymized representation of user activity in an area. It is not possible to draw conclusions about the exact location of individual users or live tracking.

(6) Users can optionally voluntarily share their exact location in a chat with one of their contacts. For security reasons, this is also not a live location and is only possible with saved contacts and not in a group compiled through search. The exact location is sent as a Google Maps link. By opening such a link, the user leaves the scope of this Privacy Policy.

(7) Location data is not used for advertising purposes, tracking, or profiling outside of the app functions.

(8) The legal basis for processing location data is: Art. 6(1)(a) GDPR (user consent via device settings), and Art. 6(1)(b) GDPR, insofar as the location data is required for the provision of the contractually owed functions.

(9) Users can revoke or restrict location sharing at any time via the settings of their terminal device. In this case, location-based functions of the app will no longer be available in whole or in part.

8. Chat and Communication Functions

(1) STREAZY enables registered users to communicate via integrated chat and contact functions.

(2) Within the scope of using the chat functions, personal data is processed, in particular: chat messages, contact requests, system messages within the app.

(3) Chat messages are processed and stored on the server side to provide the communication function. Continuous local storage of full chat histories on the terminal device does not take place.

(4) The number of messages per chat is limited. Older messages may be automatically deleted.

(5) Users have the option to completely delete chat histories. In this case, the corresponding messages are also removed for the respective communication partners involved, as far as technically possible and no legal retention obligations stand in the way.

(6) The processing of communication data takes place exclusively for the purpose of providing the chat and contact functions, as well as for ensuring proper app operation and abuse prevention.

(7) The provider uses automated mechanisms and user-based reporting systems to detect and prevent abusive use of the communication functions, without automated decision-making within the meaning of Art. 22 GDPR taking place. The filter mechanisms used serve exclusively to detect obviously inadmissible content and have no legal effect on users.

(8) The provider assumes no responsibility for the content of messages or content transmitted by users.

9. User-Generated Content and Filter Mechanisms

(1) Users have the option to provide content within the STREAZY app, in particular texts, images, profile information, and messages ("user-generated content").

(2) Responsibility for the content provided by users lies exclusively with the respective user. The provider does not adopt this content as its own.

(3) To support compliance with the terms of use and for abuse and security prevention, the provider uses automated filter mechanisms. These may include, in particular, word filters (e.g., blacklists), image-based checking mechanisms, and user-based reporting systems.

(4) The filter mechanisms used serve to detect potentially inadmissible or abusive content. They do not serve to evaluate the personality or behavior of users. There is no claim to complete, error-free, or final detection of such content.

(5) A continuous or full manual pre-check of all user-generated content does not take place.

(6) The provider reserves the right to block, remove, or restrict the visibility of user-generated content in the event of violations of legal requirements or the terms of use.

(7) Users can report content or user profiles via the functions provided in the app. Such reports are checked and, if necessary, appropriate measures are taken.

(8) The processing of user-generated content takes place exclusively for the purpose of operating the app, providing its functions, and maintaining the security and integrity of the platform.

10. Notifications

a) Push Notifications

(1) The STREAZY app can send push notifications to the user's terminal device.

(2) Push notifications serve in particular to inform about new messages or contact requests, successful and unsuccessful searches, reminders to use the app during high user traffic, system- or function-related notices, and important information about the operation of the app.

(3) Receiving push notifications requires a corresponding authorization by the user.

(4) Additionally, users can specify within the app which types of push notifications they wish to receive or disable push notifications entirely.

(5) Push notifications are not used for advertising purposes or to promote third-party offers.

(6) For sending push notifications, technical services of the respective platform providers (Firebase Cloud Messaging, Apple Push Notification Service) are used.

(7) The processing of the data required for this takes place on the basis of Art. 6(1)(a) GDPR (user consent) and Art. 6(1)(b) GDPR, insofar as push notifications are required for the use of certain app functions.

(8) Consent to receive push notifications can be revoked at any time with effect for the future.

b) Support Inbox and App Information

(1) The STREAZY app has an integrated inbox through which users can communicate with the provider.

(2) Through this inbox, answers to support inquiries, security-related notices, information on app operation, and notices on new functions, updates, or achieved milestones are transmitted to users.

(3) The information provided through the inbox serves exclusively to inform about the use, operation, and further development of the app. Use of the inbox for advertising purposes or to promote third-party offers does not take place.

(4) The processing of the personal data required for this takes place on the basis of Art. 6(1)(b) GDPR (performance of contract) and Art. 6(1)(f) GDPR (legitimate interest in transparent user communication).

(5) System- and app-related messages via the inbox are part of the app use and cannot be unsubscribed separately as long as a user account exists.

11. Premium Subscriptions and Payment Processing

(1) The STREAZY app optionally offers paid premium functions that expand the range of functions of the app.

(2) The conclusion of premium subscriptions (e.g., Streazy Plus), billing, and payment processing take place exclusively via the respective app store: Google Play Store (Android) or Apple App Store (iOS).

(3) The contractual partner for payment processing and billing is exclusively the respective app store operator. The provider of STREAZY does not become a contractual partner for payment services.

(4) Within the scope of payment processing, the provider does not process full payment data (e.g., credit card or account data). The provider only receives information about the status of the subscription (e.g., active, cancelled, expired) to the extent necessary to provide the premium functions.

(5) For technical management, validation, and synchronization of subscription statuses between the app and the app store, the provider uses the service RevenueCat (RevenueCat, Inc., USA). RevenueCat processes, in particular, anonymous internal app user IDs, store product identifiers, subscription status and term information, and technical device identifiers. RevenueCat receives no payment or credit card data.

(6) The processing of subscription status data takes place exclusively for the activation and management of premium functions, technical assignment of the subscription status to the respective user account, and ensuring correct billing and fraud prevention.

(7) The legal basis for this processing is Art. 6(1)(b) GDPR (performance of the user agreement).

(8) RevenueCat is used as a processor according to Art. 28 GDPR. A corresponding data processing agreement has been concluded with RevenueCat.

(9) For data processing by the respective app store operators, their own privacy policies apply. The app store operators act as independent controllers within the meaning of the GDPR in this respect. The provider has no influence on the type, scope, and purpose of data processing by the app store operators.

12. Data Protection for Minors

The STREAZY app is directed exclusively at persons of legal age. Use of the app is only permitted to persons who have completed their 18th year. The provider does not knowingly collect personal data from minors. If the provider becomes aware that personal data of a minor has been processed, it will be erased immediately, provided that no legal retention obligations stand in the way. Parents and guardians are requested to monitor the online activities of minors and ensure that they do not use age-restricted services.

13. Use of Firebase and Third-Party Providers

(1) To provide, operate, and secure the STREAZY app, the provider uses services from the Google Firebase platform, an offer from Google LLC.

(2) Through Firebase, the following services in particular are used: Firebase Authentication, Firestore Database, Firebase Storage, Cloud Functions, Firebase App Check, Firebase Crashlytics.

(3) The processing of personal data takes place exclusively on behalf of the provider as a processor within the meaning of Art. 28 GDPR and only for the purposes described in this Privacy Policy.

(4) To improve the stability and error-free operation of the app, the provider uses the service Firebase Crashlytics. Only technical information regarding app crashes and malfunctions is processed here. Profiling, cross-user tracking, or use for advertising or marketing purposes does not take place.

(5) Firebase processes data on servers within the European Union and – depending on the service used and the technical infrastructure – also in third countries, in particular the USA.

(6) For data transfers to third countries, Google ensures appropriate data protection guarantees according to Art. 44 et seq. GDPR. In particular, data transfer takes place on the basis of the standard contractual clauses approved by the European Commission (Art. 46 GDPR).

(7) Data processing agreements according to Art. 28 GDPR have been concluded with all service providers used (in particular Google and RevenueCat).

(8) The processing of personal data by Firebase takes place on the basis of Art. 6(1)(b) GDPR (performance of contract), Art. 6(1)(f) GDPR (legitimate interest in secure, stable, and high-performance operation of the app), and – as far as required – Art. 6(1)(a) GDPR (consent).

(9) Furthermore, other technical service providers may be used insofar as this is required for the operation of the app (e.g., hosting, infrastructure, security services). These service providers are carefully selected, contractually bound, and process personal data exclusively according to the instructions of the provider.

(10) No use of tracking, analysis, or marketing services (e.g., Firebase Analytics, Google Analytics, ad tracking) takes place.

14. Retention Period

(1) The provider generally processes and stores personal data of users only as long as this is required to fulfill the respective purposes for which the data was collected, or as long as legal retention obligations exist.

(2) Personal data processed within the scope of registration and use of the app (e.g., user account, profile data, contacts, matches) is stored for the duration of the existing user account.

(3) User account data is erased as soon as the user deletes their user account via the app, unless legal retention obligations or legitimate interests of the provider prevent this.

(4) Chat messages and other communication content are only stored as long as required to provide the chat function. Older messages may be automatically deleted.

(5) User-generated content (e.g., profile texts or images) is removed upon deletion of the user account, unless it must be temporarily stored for legal reasons or for the enforcement or defense of legal claims. To save the platform's IT resources, we also reserve the right to automatically delete profile pictures of users who have been inactive (no app login) for a continuous period of more than three months. The user account as such, as well as text-based profile data or chats, remains unaffected by this.

(6) Location data is stored to provide location-based functions within the app. Continuous or live location tracking does not take place.

(7) Log, device, and security data is stored for a limited period for security and abuse prevention reasons and subsequently erased or anonymized.

(8) Billing- and transaction-relevant data is stored according to legal retention obligations.

(9) After expiry of the respective retention periods, the personal data is regularly erased or anonymized.

15. Disclosure of Personal Data

(1) Disclosure of personal data to third parties generally only takes place as far as this is required to provide and operate the app, a legal obligation exists, or the user has expressly consented.

(2) For the technical provision of the app, the provider uses external processors who process data exclusively on behalf of the provider.

(3) Within the scope of app use, personal data may be visible to other users (e.g., profile data, messages).

(4) Disclosure of personal data to government agencies only takes place in the case of a legal obligation.

(5) The provider reserves the right to disclose data for legal enforcement or abuse prevention.

(6) In the event of a company restructuring, data may be transferred to the legal successor.

(7) Disclosure for advertising or marketing purposes does not take place.

(8) The provider has no influence on users sharing content (e.g., via screenshots) outside of the app.

16. Rights of the Data Subjects

Users have the following rights under the GDPR:

a) Right of Access (Art. 15 GDPR)

The user has the right to request information about whether and which personal data is processed about them.

b) Right to Rectification (Art. 16 GDPR)

The user has the right to request the immediate rectification of incorrect or completion of incomplete personal data.

c) Right to Erasure ("Right to be Forgotten", Art. 17 GDPR)

The user has the right to request the erasure of their data, provided the purpose of the processing no longer applies, consent has been revoked, or the processing is unlawful.

d) Right to Restriction of Processing (Art. 18 GDPR)

The user can request that their data temporarily no longer be processed, e.g., if the accuracy is contested.

e) Right to Data Portability (Art. 20 GDPR)

The user has the right to receive their data in a machine-readable format or to have it transferred to another controller.

f) Right to Object (Art. 21 GDPR)

The user has the right to object at any time, on grounds relating to their particular situation, to the processing of their data, insofar as this is based on legitimate interests.

Exercise of Rights

To exercise the aforementioned rights, the user can contact the provider at any time: Email: support@streazy.app. The provider reserves the right to request suitable proof of identity.

17. Withdrawal of Consent

(1) Insofar as the processing is based on consent, this can be revoked at any time with effect for the future.

(2) Revocation can be carried out by adjusting the settings in the app or in the operating system.

(3) Revocation does not affect the lawfulness of the processing carried out until the revocation.

(4) Revocation may lead to certain functions no longer being usable.

18. Right to Lodge a Complaint with a Supervisory Authority

(1) Users have the right to lodge a complaint with a data protection supervisory authority.

(2) The right to lodge a complaint exists with the authority of the place of residence, the place of work, or the place of the violation.

(3) For users in Germany, this is the authority of the respective federal state.

(4) For the provider based in Brandenburg, this is in particular:

Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht Brandenburg (LDA Brandenburg)
Stahnsdorfer Damm 77
14532 Kleinmachnow
Germany

(5) Regardless of this, the user can contact the provider at any time.

19. Data Security

The provider takes appropriate technical and organizational measures according to Art. 32 GDPR to protect personal data.

20. Changes to this Privacy Policy

(1) The provider reserves the right to adapt this Privacy Policy. Reasons may include changes in law, technical changes to the app, or new functions.

(2) The current version is accessible at any time via the app or this website.

(3) In the event of significant changes, users will be informed in an appropriate manner.

(4) Insofar as consent is required, this will be obtained separately.

21. Governing Version of the Privacy Policy

This Privacy Policy is provided in several languages. The German version is governing. Translations are for better understanding only. In the case of discrepancies or questions of interpretation, the German version is decisive.

22. Additional Information for Users Outside the EU

These notices supplement our Privacy Policy for users in the respective regions, to the extent that local data protection laws apply. Data protection inquiries, complaints, or requests to exercise legal data protection rights can be sent at any time to the following contact address:

Email: support@streazy.app