Privacy Policy
Introduction
Effective 12 June 2026 Frendis is operated from Barcelona, Spain. This Privacy Policy explains what personal data we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR) and Spanish data protection law (LOPDGDD).
DATA CONTROLLER
Frendis · Barcelona, Spain · hello@frendis.app
1. DATA WE COLLECT
Account data — your name, email address, and profile photo, received from Google when you sign in via Google OAuth. Profile data — display name, bio, interests, languages, goals, and profile photo that you add to your Frendis profile. Location — the city you select (currently Barcelona). We do not collect your GPS coordinates. Activity venues are stored but are shared only with approved participants; other users see only the approximate neighbourhood until they join and are approved. Activity data — activities you create or join, RSVP and attendance records, chat messages, and reviews you write. Technical logs — server logs including IP addresses, request identifiers, and timestamps, retained for up to 90 days for security and debugging purposes.
2. HOW WE USE YOUR DATA
To operate the Service — matching you with activities and people nearby in Barcelona. To send notifications — in-app, by email, and optionally via Telegram. To keep the platform safe — moderating content and investigating reports of abuse. To comply with legal obligations — under Spanish and EU law. We do not sell your data, share it with advertisers, or use it for profiling beyond operating the Service.
3. DATA SHARING
Other Frendis users see your public profile (display name, photo, interests, rating, and year of joining). Exact venue addresses are shown only to approved participants. We engage the following processors under data processing agreements: — Supabase (database and authentication, EU-based servers) — Resend (transactional email delivery) No other third parties receive your personal data except where required by law.
4. YOUR RIGHTS
Under GDPR you have the right to: — Access the personal data we hold about you — Correct inaccurate or incomplete data — Delete your account and all associated personal data (Profile → Settings → Delete account) — we process deletion requests within 30 days — Receive a copy of your data in a portable format — Object to or restrict certain processing — Withdraw consent at any time (where processing is based on consent) — Lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es To exercise any right, contact us at hello@frendis.app. We will respond within 30 days.
5. DATA RETENTION
Personal data is kept for as long as your account is active. After account deletion, all personal data is permanently and irreversibly removed within 30 days. Anonymised aggregate statistics that cannot be linked to you may be retained indefinitely.
6. COOKIES
We use one strictly necessary session cookie to keep you signed in. This cookie is essential for the Service to function and does not require your consent. We do not use advertising, tracking, or analytics cookies.
7. CHILDREN
Frendis is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has registered, contact us at hello@frendis.app and we will delete their account.
8. SECURITY
We use industry-standard measures to protect your data, including encrypted connections (HTTPS), access controls, and row-level security on our database. No method of transmission is 100% secure; we cannot guarantee absolute security.
9. CHANGES TO THIS POLICY
We will notify you of material changes to this Policy by email or in-app notice at least 14 days before they take effect.
10. CONTACT
Privacy questions: hello@frendis.app Data protection supervisory authority: Agencia Española de Protección de Datos (AEPD) · www.aepd.es
Language
In case of any discrepancy between this translation and the Spanish original, the Spanish version prevails.