──────────────────────────────────────────────────── PLACEFLOW – PRIVACY POLICY Effective Date: [06 July 2025] ────────────────────────────────────────────────────
- WHO WE ARE
PlaceFlow (“App”) is operated by Tomáš Pařízek, business 07054912, a sole trader registered in the Czech Republic (collectively, “PlaceFlow”, “we”, “our”, “us”). Contact: hello@placeflow.app
- SUMMARY
We collect only the data needed to let you create bucket lists, share visits and use subscriptions. We never sell your data, and you can delete your account at any time inside the App.
- WHAT PERSONAL DATA WE COLLECT
• Account data: e‑mail / username, display name, hashed credentials (via Firebase Auth), device ID, PlaceFlow user ID.
• Profile data (optional): bio text, external links, avatar image.
• User‑generated content (“UGC”): places, visits (photos, notes, dates), bucket lists, tags, friendships, blocks, reports.
• Diagnostics & analytics: crash reports, anonymised event data, purchase receipts (RevenueCat).
We do not knowingly collect data from children; see §11.
- WHY & HOW WE USE YOUR DATA (LEGAL BASES – GDPR Art. 6)
| Purpose | Data | Legal Basis |
|---|---|---|
| Account creation & login | Account data | Contract |
| Displaying UGC & social feed | UGC, friendships | Contract |
| In‑app purchases & subscription management | Purchase receipts | Contract |
| Crash/usage analytics | Diagnostics & analytics | Legitimate interest |
| Handling abuse, blocks & reports | UGC, user IDs | Legitimate interest / Legal obligation |
| Responding to enquiries | Contact details | Legitimate interest |
- SHARING & DISCLOSURE
• Firebase (Google LLC) – authentication, realtime database / Firestore, Analytics, Crashlytics, Cloud Messaging.
• RevenueCat, Inc. – subscription receipts and status.
Both providers act as processors under GDPR. Your public UGC is shared with other PlaceFlow users by design. We disclose data to authorities only when legally required.
- DATA RETENTION
We keep your data while your account is active. On account deletion all personal data and UGC are permanently erased from production backups within 30 days, except data we must keep for legal or accounting reasons.
- SECURITY
All traffic is encrypted (TLS 1.2/1.3). Data at rest is secured using industry‑standard encryption. Access to production systems is protected by MFA and logged.
- YOUR RIGHTS
Under EU GDPR you can: access, correct, export, erase, restrict or object to processing of your personal data, and lodge a complaint with your supervisory authority. Contact hello@placeflow.app to exercise any right.
- ACCOUNT DELETION
Use Settings → Delete Account inside the App. Deletion is irrevocable and removes all personal data and UGC after the 30‑day backup window (§6).
- USER‑GENERATED CONTENT
By submitting UGC you grant PlaceFlow a worldwide, non‑exclusive, royalty‑free licence to host, display and distribute that content within the App to other users. You must have all rights necessary for any content you upload.
- CHILDREN’S PRIVACY
PlaceFlow is not directed to children under 16 years. We do not knowingly process their data. If you believe a child has provided personal data, contact us immediately.
- CHANGES TO THIS POLICY
We may update this Policy. Material changes will be announced in‑app or by e‑mail 14 days before they take effect.
- CONTACT
Questions? hello@placeflow.app
────────────────────────────────────────────────────