Skip to content
Legal

Privacy Policy

We are GDPR-first by design: EU data residency, data minimisation, and real, self-serve control over your information.

Last updated · EU·social is operated from the European Union under EU law.

TermsPrivacyCookiesRefunds

1. Controller & contact

The data controller is the EU·social operating entity established in the European Union. For any privacy request contact our Data Protection Officer at dpo@eu-platform.local. You also have the right to lodge a complaint with your national supervisory authority.

2. What we collect

  • Account data: email, handle, display name, and authentication identifiers (we use passwordless magic links and OAuth — we do not store passwords for magic-link accounts).
  • Profile & content: bio, avatar, posts, stories, comments, highlights, and dating preferences you choose to provide.
  • Transactional data: wallet ledger entries, tips, subscriptions, boosts. Card data is handled by our payment processor, not by us.
  • Technical data: device, IP-derived coarse region, and a risk score used to fight fraud and abuse.
  • Location: collected only if you explicitly opt in under Settings → Privacy → Location Sharing (used for the dating “nearby” feature).

3. Why we use it (legal bases)

  • Contract: to provide the Service you signed up for.
  • Legitimate interests: security, fraud prevention, and product analytics in aggregate.
  • Consent: location sharing, non-essential cookies, and marketing email — each opt-in and revocable.
  • Legal obligation: tax, anti-money-laundering, and DSA record-keeping.

4. Sharing

We do not sell personal data. We share data only with processors strictly necessary to run the Service (hosting, payments, email delivery), each bound by a data-processing agreement and EU-adequate safeguards. We never federate your private highlights, drafts, or wallet to third parties.

5. Data residency & retention

Primary data is stored in the EU (Frankfurt region). We keep account data for as long as your account is active. On deletion we purge personal data within 30 days and anonymise immutable financial ledger entries (legally required to retain transaction records, but de-linked from your identity). Backups roll off within 90 days.

6. Your rights

Under the GDPR you can, at any time:

  • Access & portability: export your data from Settings → Data & Privacy.
  • Rectification: edit your profile and content in-app.
  • Erasure: delete your account, which triggers the purge described above.
  • Restriction & objection: contact the DPO to limit specific processing.
  • Withdraw consent: toggle location, cookies, and marketing off without affecting prior lawful processing.

7. Security

Transport encryption, hashed and salted secrets, scoped session cookies, rate limiting on sensitive endpoints, audit logging of administrative actions, and least-privilege access. No system is perfectly secure, but security is engineered in, not bolted on.

8. Children

The Service is not directed at children under 16. Dating features require users to be 18+. We remove under-age accounts when identified.

9. Changes

Material changes are announced in-app and by email before taking effect. The “last updated” date above always reflects the current version.

Questions about this document? Email legal@eu-platform.local or use the in-app support flow.