Privacy Policy

Last Modified on: 28 August 2025

1. Introduction

This Privacy Policy explains how Places (“we”, “us”, “our”) collects, uses, shares, and protects your information when you use our mobile apps, website, and related services (the “Service”). We operate under the EU General Data Protection Regulation (“GDPR”) and applicable Romanian law. We follow privacy-by-design principles, minimize data collection, and apply strong security controls. Using the Service means you agree to this Policy.

If you have questions or want to exercise your privacy rights, please contact us anytime (see Section 11).

1.1. Definitions

  • Account — your personal profile in Places.

  • Website — any site we operate that links to this Policy.

  • Personal Data — information that identifies or can reasonably be linked to an individual (e.g., phone number, device identifiers, precise location if enabled).

  • Service Provider — a third party that processes data for us under contract (e.g., cloud hosting, analytics, crash reporting).

  • Usage Data — diagnostic, performance, and interaction data collected automatically when you use the Service.

  • Third-party Social Media Service — services such as Google or Facebook that you may use to log in or connect your account.

2. What Data We Collect

We collect only the information needed to operate and improve Places.

2.1. Information you provide to us

Account & Profile: mobile phone number (for login/verification), optional email address, name or display name, profile photo, interests, status, and any biography information you choose to share. You can edit these at any time in the app.
Content: messages, comments, event interactions (attending/saved/created), photos, and other material you upload.
Support: information you provide when you contact us (e.g., email address, message content).

  • Phone login uses secure verification codes — we do not require or store a password for this flow.

  • This version of Places does not sell tickets or process payments, and we do not collect any financial information.

  • Please avoid sharing sensitive personal data. If you choose to do so in your profile or content, you provide it voluntarily.

2.2. Automatic data collection

We collect Usage Data such as device model, operating system, app version, language, IP address, device identifiers, pages/screens viewed, features used, engagement metrics, crash logs, and diagnostics. With your permission, we may collect approximate or precise location to suggest nearby events or features. You can disable location at any time in your device settings.

2.3. User comments and content

Content you post (e.g., messages, photos, event info) is shared according to the visibility you select within the app. We may moderate or remove content that violates our Terms or community guidelines.

  • We analyze content for safety, spam prevention, and policy enforcement.

  • We create aggregated or de-identified analytics from content and usage to improve the Service. Aggregated data cannot reasonably identify you.

2.4. Information from other sources (social login)

If you choose to connect a Third-party Social Media Service (e.g., Google, Facebook), we may receive basic account information such as name, verified email, profile photo, and — where the provider makes it available and you grant permission — age, sex, and phone number. We use this data to pre-fill the registration form and store it in your profile so you can manage it in the app at any time.

3. Types of Information

For transparency, we group Personal Data we process into these types:

  • Identifiers: phone number, device or advertising identifiers, IP address, account ID.

  • Profile & Content: name, photo, interests, status, messages, posts, event activity, and (if provided) age and sex.

  • Location Data: city/region, or precise GPS if you grant permission.

  • Usage & Diagnostics: app interactions, crash data, performance metrics.

  • Inferences: non-sensitive preferences derived from your interactions (e.g., event categories you like).

  • Not collected: payment card details or other financial information.

We do not sell Personal Data. We do not share your content for third-party advertising.

4. How We Use Personal Information (GDPR)

We use your information to: (a) operate and secure the Service; (b) create and manage your account; (c) personalize recommendations and search results; (d) enable social features such as messaging, invites, and peer suggestions; (e) communicate with you about updates, security alerts, and support; (f) perform analytics, debug, and improve performance; and (g) comply with law and enforce our Terms. This version of Places does not process payments or ticket purchases.

4.1. Legal bases for processing (EEA/UK)

  • Consent — e.g., location, certain analytics, social-login sharing (age/sex/phone if provided by the provider).

  • Contract — to provide the Service and core features you request.

  • Legitimate interests — fraud prevention, service security, product improvement, non-intrusive analytics.

  • Legal obligation — responding to lawful requests and enforcing our Terms.

4.2. In mails and contact forms

If you email us or submit a form, we process the data you provide (e.g., name, email, message) to respond and keep records for troubleshooting and compliance. We may send service-related messages (e.g., verification codes, security notices). You can opt out of non-essential communications at any time.

5. Your Rights and Choices

You control your profile and how others discover you. In the mobile app, you can:

  • Edit profile data (name, photo, interests) and set or update your email and phone.

  • Choose profile visibility (e.g., public/limited/private) and control whether your phone or email is visible to others.

  • Block friend requests from new people or limit who can reach you.

  • Manage notifications — turn on/off alerts about new people nearby and new events, or mute specific conversations.

  • Grant or revoke location permissions at any time in your device settings.

  • Access/Portability, Rectification, Erasure, Restriction, Objection, Withdraw Consent — request these by contacting us (Section 11). We honor applicable regional rights (EEA/UK). You also have the right to lodge a complaint with your supervisory authority (see Section 11.3).

5.1. Cookies & Similar Technologies (Romania/EU)

We use cookies, SDKs, and similar technologies for authentication, security, preferences, and analytics. Under Romanian Law no. 506/2004 and the ePrivacy framework, non-essential cookies require prior consent. Our cookie banner lets you accept or reject non-essential cookies and manage preferences. You can change your choices at any time via “Cookie Settings” or your browser/device controls. Essential cookies do not require consent.

6. Data Retention

We retain Personal Data only for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. When we no longer need data, we delete or de-identify it in accordance with our retention schedules.

7. Children’s Privacy (EU age of digital consent)

Places is not directed to children under 16. Where information society services are offered directly to a child under 16, parental or guardian consent is required under the GDPR. We do not knowingly collect data from children under 16 without such authorization. Parents/guardians who believe a child has provided Personal Data may contact us (Section 11) to request deletion.

8. Data Shared with Third Parties

We share data only as necessary to provide the Service:

  • Service Providers for hosting, storage, analytics, crash reporting, messaging, customer support, and security — bound by contract to protect your data and use it only on our instructions.

  • Social Login Providers (e.g., Google, Facebook) when you choose to log in or connect your account.

  • Legal & Safety when required by law, court order, or to protect rights, safety, and security of users or the public.

  • Business Transfers in connection with a merger, acquisition, or asset sale; we will provide notice of material changes.

We do not share data with payment processors or ticketing providers in this version of Places. International transfers: where Personal Data is transferred outside the EEA, we apply appropriate safeguards (e.g., Standard Contractual Clauses) where required by law.

9. Security Measures

We use a defense-in-depth approach: TLS in transit, encryption at rest, role-based access control, least-privilege access, logging and monitoring, secure development practices, and periodic security reviews. Access to Personal Data is limited to authorized personnel and vetted providers.

No system is perfectly secure, and we cannot guarantee absolute security. If we become aware of a breach affecting your data, we will notify you and regulators as required by applicable law.

10. Changes in the Privacy Policy

We may update this Policy to reflect changes to our practices or for legal, technical, or regulatory reasons. If we make material changes, we will provide prominent notice (e.g., in-app notification or email) and update the “Last Modified” date above. Your continued use of the Service after changes take effect means you accept the revised Policy.

  • Review this Policy periodically to stay informed about how we protect your information.

  • If you do not agree to an update, you should stop using the Service and may request account deletion.

11. How to Contact Us & Your Supervisory Authority

If you have questions, concerns, or requests regarding this Privacy Policy or your Personal Data, please contact us at contact@placesapp.com.

Data Controller: Byte Unit SRL cu sediul in STR. RAPSODIEI NR. 24 BL. D11 SC. C ET. 4 AP. 18,RAMNICU VALCEA - 240248.

11.1. EU/EEA rights

Under GDPR, you may have the right to access, rectify, erase, restrict, port, and object to processing, and withdraw consent at any time. We will respond to verified requests in accordance with GDPR timelines.

11.2. Romania – ANSPDCP

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)

Bd. General Gheorghe Magheru nr. 28–30, Sector 1, 010336, București, România

Tel: +40 31 805 9211  |  Fax: +40 31 805 9602

Email: anspdcp@dataprotection.ro  |  Website: www.dataprotection.ro

11.3. Right to lodge a complaint

You have the right to lodge a complaint with ANSPDCP or your local supervisory authority if you believe we have not handled your Personal Data lawfully. We encourage you to contact us first so we can address your concerns directly.