Privacy Policy

Last updated: March 29, 2026

1. Who We Are

CLEVR ("we", "us", "our") is a mobile application operated by CLEVR Social UG (haftungsbeschraenkt). We provide an event planning platform that enables users to create, organize, and participate in social events.

Data Controller: CLEVR Social UG (haftungsbeschraenkt)
Email: support@clevr.social

2. Data We Collect

2.1 Account Data

  • Name, email address (via Google Sign-In or Apple Sign-In)
  • Profile picture (from your Google/Apple account)
  • Unique user identifier

2.2 Event Data

  • Event details you create (title, description, date, location, guest list)
  • Task assignments, expense records, food/drink preferences
  • Party codes generated for event sharing
  • WiFi network names and passwords you choose to share with guests

2.3 Communication Data

  • Messages sent in event group chats
  • Poll votes (food, drinks)
  • Music playlist contributions

2.4 Device & Technical Data

  • Device type, operating system version
  • Firebase Cloud Messaging token (for push notifications)
  • Anonymous usage analytics
  • IP address (processed by our infrastructure providers, not stored by us)

2.5 Optional Data

  • Location data (only when you set an event venue, never tracked in background)
  • Contact list access (only when you explicitly choose to invite contacts, data stays on device)
  • Phone number (only when host enables phone verification for event access)

3. How We Use Your Data

  • Provide the service: Create events, manage guest lists, enable group chat, track expenses
  • Push notifications: Notify you of new messages, join requests, task assignments
  • Improve the app: Anonymous usage patterns to fix bugs and improve features
  • Safety & compliance: Detect and prevent abuse, illegal activity, and violations of our Terms of Service

We do NOT sell your personal data. We do NOT use your data for advertising. We do NOT share your data with third-party advertisers.

4. Legal Basis (GDPR)

  • Contract performance (Art. 6(1)(b) GDPR): Processing necessary to provide our service
  • Legitimate interest (Art. 6(1)(f) GDPR): Analytics, security, fraud prevention
  • Consent (Art. 6(1)(a) GDPR): Push notifications, location access, contact access — you can withdraw consent at any time

5. Data Storage & Security

Your data is stored on:

  • Supabase (PostgreSQL database, hosted in EU) — event data, messages, user profiles
  • Firebase (Google Cloud) — authentication tokens, push notification tokens

All data is encrypted in transit (TLS 1.3) and at rest. We implement row-level security policies to ensure users can only access data they are authorized to see.

6. Data Retention

  • Active events: Data retained while the event is active
  • Past events: Automatically deleted 90 days after the event end date
  • Account data: Retained until you delete your account
  • Chat messages: Retained for the duration of the event + 90 days

7. Your Rights (GDPR)

As an EU/EEA resident, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict processing
  • Data portability — receive your data in a machine-readable format
  • Object to processing based on legitimate interest
  • Withdraw consent at any time

To exercise these rights, contact us at support@clevr.social

You also have the right to lodge a complaint with your local data protection authority.

8. Third-Party Services

9. Children's Privacy

CLEVR is not intended for users under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will delete it immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via in-app notification or email. Continued use of the app after changes constitutes acceptance.

11. Contact

For privacy-related inquiries:
support@clevr.social