Privacy Policy

Effective Date: 18 June 2025

1. Introduction

Your privacy is important to us. This Privacy Policy explains how Let's Spontan (company in formation) ("Let's Spontan", "we", "our" or "us") collects, uses, discloses and protects your information when you use the Let's Spontan mobile application, website (www.letspontan.com) and related services (collectively, the "Service").

This Policy is drafted in accordance with:

Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR");
The Polish Personal Data Protection Act of 10 May 2018 (Journal of Laws 2019, item 1781) ("PDPA");
The Polish Telecommunications Law (Journal of Laws 2004, No. 171, item 1800, as amended).

Note: This Privacy Policy is provided solely for the purposes of mobile app store submission. Real data processing will not commence until company incorporation is finalized and legal entity details are added.

2. Data Controller

Let’s Spontan (company in formation)
Registered address: [to be updated upon incorporation]
Company registration number (KRS) / Tax ID (NIP): [pending]
Email: lets.spontan@gmail.com

Until incorporation is complete, any personal data provided for test or demo purposes is processed under the joint responsibility of the app’s founders, in accordance with Article 26 GDPR.

3. What Personal Data We Collect

Category	Examples	Source
Account & Profile Data	Name, username, password, email, phone number, date of birth, gender, profile photos, short bio	Provided by you
User‑Generated Content	Photos you voluntarily upload (no video support)	Provided by you
Usage Data	Feature usage metrics, event RSVPs, log files, crash reports	Automatically
Device & Technical Data	Device identifiers, OS, language, IP address, app version, browser, cookies	Automatically
Location Data (Approx.)	Country or city inferred from IP address	Inferred
Marketing & Survey Data	Preferences, survey/promo responses	Provided by you

We do not intentionally process special categories of personal data (Art. 9 GDPR), unless you voluntarily provide it and we obtain your explicit consent.

4. Legal Bases for Processing

Legal Basis (Art. 6 GDPR)	Examples of Processing
Contract	Creating and maintaining your account; providing event discovery and core features
Consent	Sending marketing emails; push notifications; using optional analytics cookies
Legitimate Interests	Fraud prevention; analytics; feature development (after balancing your rights)
Legal Obligation	Complying with tax, accounting and consumer-protection law
Vital Interests	Emergency alerts via in-app safety tools

For processing based on legitimate interests, we perform a balancing test to ensure your rights are not overridden.

5. Purposes of Processing

We process your data to:

Provide, maintain and improve the Service and event discovery tools;
Personalize content and suggestions;
Develop new features and safety tools;
Communicate updates, promotions or changes;
Prevent fraud and abuse, and ensure safety;
Comply with law and protect our rights and those of others.

6. Sharing & Disclosure

We only share personal data with third-party processors essential to operating the Service, under written data processing agreements. Examples:

Recipient Type	Purpose
Cloud infrastructure providers	To host the platform
Payment processors	To process purchases (we receive token only)
Analytics & crash-reporting tools	To improve stability and performance

We do not sell your personal data or share it with advertising networks or affiliates for their own use.

Public profile content is visible to other users only if you choose to publish it.

7. International Data Transfers

Some processors may be located outside the EEA. Transfers rely on:

Adequacy decisions, or
Standard Contractual Clauses (SCCs) approved by the EU Commission, or
Another lawful basis under Art. 44–49 GDPR.

8. Cookies & Similar Technologies

We use only strictly necessary and performance cookies (and SDKs) to:

Keep you signed in;
Remember preferences;
Measure performance.

No cookies are used for personalised advertising. You can control cookies in your device/browser settings or via in-app privacy settings.

A cookie consent mechanism will be implemented before real user data is collected.

9. Data Retention

Data Type	Retention Period
Account data	Deleted or anonymised within 30 days of account deletion
Logs & analytics	Retained for up to 12 months
Financial records	Retained for 6 years (legal obligation)
Consent & ban logs	Retained for up to 6 years (compliance)

10. Security

We implement technical and organizational measures including:

TLS encryption for all data in transit
Bcrypt password hashing
Role-based access control
Periodic penetration testing
Policies aligned with ISO 27001

No system is 100% secure, but we actively work to minimize risks and vulnerabilities.

11. Your Rights

You have the right to:

Access your personal data
Correct or delete data
Restrict or object to processing
Withdraw consent at any time
Receive your data (portability)
Not be subject to solely automated decisions
File a complaint with a supervisory authority

12. Exercising Your Rights

You can exercise your rights via:

Settings → Privacy in the app
Email: lets.spontan@gmail.com
Post: [Address to be added before production]

Supervisory Authority:
Urząd Ochrony Danych Osobowych (UODO)
ul. Stawki 2, 00‑193 Warszawa, Poland
Tel: +48 606 950 000
Email: kancelaria@uodo.gov.pl

13. Children’s Privacy

Our Service is not intended for children under 16 years old.
We use age input fields to prevent underage use.
We do not knowingly collect data from minors and will delete any such data and accounts found.

14. Changes to This Policy

We may update this Policy to reflect changes in law or our services. You will be notified 30 days before any material change. Continued use after the effective date means acceptance.

15. Contact Us

Let’s Spontan (company in formation)
Email: lets.spontan@gmail.com

Last reviewed: 18 June 2025