Back

Privacy Policy

Last Updated: December 25, 2026 (updated - GDPR compliant)

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations (GDPR) and this privacy policy.

1. Controller

Responsible for data processing are Burak Hafizoglu & Furkan Bacak (see Legal Notice at the end of this document).

Data protection inquiries: support@clubius.app

2. Registration & Authentication

A user account is required to use the app. Authentication is handled via the service provider Supabase Inc.

IMPORTANT: We do not store your passwords. Your credentials are processed securely and encrypted directly by Supabase. We do not have access to your plain text password at any time.

3. Location Data & Map

The app has a map function to show clubs near you. For this, we require access to your location.

No Storage: We use your location data exclusively temporarily in real-time for display on the map. There is NO permanent storage or creation of movement profiles on our servers.

Location access can be revoked at any time in device settings.

4. Categories of Personal Data We Collect

We process the following categories of personal data:

  • Account Data: Email address, password (encrypted by Supabase)
  • Profile Data: Age (for 18+ verification), music preferences (Preference 1-5)
  • Interaction Data: Saved favorites, club ratings (1-5 stars), visited events
  • Location Data: GPS coordinates (temporary only during use, no permanent storage)
  • Technical Data: IP address, device identifiers (e.g., push token) (automatically logged by servers and infrastructure providers)
  • Usage Data: App interactions, push notification preferences

4a. Club Ratings

When you mark a club as “visited”, you may optionally provide a rating of 1–5 stars. These ratings are stored linked to your user ID to calculate the average rating of each club.

  • Your individual ratings are linked to your account and treated as personal data.
  • Average ratings are publicly visible but contain no personal information.
  • You can modify or delete your ratings at any time.
  • When you delete your account, all your ratings are automatically deleted (GDPR: Right to be Forgotten).
  • Ratings are voluntary – you can skip this feature.

4b. Automated Decision Making & Profiling

The app uses automated algorithms to categorize events based on your music preferences and provide you with matching suggestions.

How it works: The algorithm compares your music preferences (Preference 1-5) with the music styles of DJs at events and calculates a match score (0-100%).

Purpose: This automated processing helps you find events that match your music preferences.

Your rights: You have the right to understand this automated processing and can change or delete your preferences at any time, which affects the suggestions.

No solely automated decision-making: The app does not make decisions that significantly affect you legally. The suggestions are recommendations that you can ignore at any time.

The classifications and match scores are non-binding estimations.

5. Legal Basis

We process your data based on the following legal bases:

  • Art. 6(1)(b) GDPR (Contract Performance):
    • Email address and password (necessary for account creation and app usage)
    • Music preferences (necessary for core app functionality)
    • Age (necessary for age verification)
  • Art. 6(1)(a) GDPR (Consent):
    • Location data (only during active use of map function)
    • Push notifications (optional)
    • Voluntary club ratings
  • Art. 6(1)(f) GDPR (Legitimate Interest):
    • IP address and device identifiers (for security, fraud prevention, and error analysis)
    • Technical logs (for app stability and debugging)
    • Event recommendation optimization

6. Data Sharing With Third Parties

We only share your personal data with the following third parties:

Service Providers:

  • Supabase Inc. (Database, Authentication, Hosting)
  • Expo (App Services, Push Notifications, Build Infrastructure)

These service providers process data only on our behalf and according to our instructions.

Legal Authorities:

We may share data with authorities if legally required (e.g., court orders).

No Sharing with Advertisers:

We do NOT sell or rent your data to advertisers, data brokers, or other commercial third parties.

Data Transfer to Third Countries:

Some of our service providers (Supabase, Expo) have servers in the USA. Data transfer is secured by Standard Contractual Clauses (SCC) according to GDPR Art. 46.

6a. Third-Party Metadata Sources

We use third-party APIs (e.g., Spotify Web API) solely to analyze publicly available artist information.

All retrieved data is processed outside the app and converted into internally derived classifications and scores.

No raw Spotify data or identifiers are stored.

Clubius is not affiliated with or endorsed by Spotify.

7. App Permissions

  • Location: Required for map view (only while using).
  • Notifications: Optional for event updates.

7a. Cookies, Tracking & Analytics

The app collects technical data for functionality and stability:

What is collected:

  • IP address (automatically logged by servers)
  • Device identifiers (for push notifications and app functionality)
  • Technical logs (for error analysis and app improvement)

Why it is collected:

  • Security and fraud prevention
  • Error analysis and app stability
  • Delivery of push notifications
  • Improvement of app performance

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) for security and stability.

Opt-out: You can disable push notifications in app settings. Technical logs are necessary for app functionality and cannot be disabled.

No browser cookies: Since this is a mobile app, we do not use browser cookies. Technical data is only used for the purposes listed above.

No third-party analytics: No third-party analytics or tracking SDKs are used.

8. Your Rights & Data Export

You have the right to access, rectification, erasure, and restriction of processing of your personal data, as well as the right to data portability, the right to object under Art. 21 GDPR, and to lodge a complaint with a supervisory authority.

Data Export: Since we do not have an automatic "download my data" button, you can request your data as a JSON/CSV file at any time via email: support@clubius.app.

8a. Rights of Organizers, Club Owners, Bar Owners & DJs

Organizers, club owners, bar owners, or DJs can contact us to correct or remove information, and we will act within 24 hours.

This applies to publicly listed professional information only.

8b. Data Retention Periods

Personal data is stored only as long as necessary for the stated purposes.

  • Account data: until account deletion
  • Ratings & preferences: until deletion
  • Event data: deleted after event date
  • Technical logs: limited retention

9. Delete Account

You can permanently remove your account at any time directly in the app under “Settings > Delete Account”. All linked data will be deleted immediately, including your ratings and preferences.

Legal Notice

Information according to § 5 TMG

Clubius

Operators:
Burak Hafizoglu
Furkan Bacak

Address:
Pardemannstraße 5
14109 Berlin
Germany

Contact:
Email: support@clubius.app

Authorized Representatives:
Burak Hafizoglu
Furkan Bacak

© 2026 Clubius Berlin. All rights reserved.