Legal
Privacy Policy.
Last updated — February 27, 2026
Introduction
Evoe (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Notice explains how we collect, use, share, and safeguard your personal data when you use our mobile application (“App”), in accordance with the EU General Data Protection Regulation (GDPR). Evoe is operated from Graz, Austria.
What information we collect
We collect the following categories of personal data only as necessary to provide and improve the App: • Account Data: Name, email address, password (if not using social login) — for account creation and authentication (Art. 6(1)(b) GDPR). • Social Login Data: Google or Apple ID profile information when you choose “Sign in with Google/Apple” — for account creation and authentication (Art. 6(1)(b)). • Profile Information: Date of birth and gender — for personalization of content and event recommendations (Art. 6(1)(b)). • Usage & Device Data: IP address, device identifiers, technical logs, and crash reports (e.g., via Crashlytics if enabled) — for app functionality, diagnostics, and quality improvement (Art. 6(1)(a) consent or Art. 6(1)(f) legitimate interest, where applicable). • Location Data: Precise device location only if you grant permission — for personalized local event suggestions (Art. 6(1)(a) consent). • Event Content: User-created events, chat messages, and uploaded images — for service fulfillment and hosting functionality (Art. 6(1)(b)). • Interests & Preferences: Event categories or topics you select — for personalized recommendations (Art. 6(1)(b)). • Newsletter Subscription: Email address stored in a separate mailing list outside the App — for sending newsletters and marketing communications (Art. 6(1)(a) consent).
How we use your information
We use your personal data to: Provide & Improve the App: – Create, authenticate, and manage your account (Art. 6(1)(b)). – Diagnose crashes and technical errors (Art. 6(1)(a) consent or Art. 6(1)(f)). – Deliver push notifications (e.g., via Firebase Cloud Messaging). Personalize Your Experience: – Recommend events based on your interests, location, and past interactions using our in-house recommender system (Art. 6(1)(b); Recital 71 GDPR). Communicate with You: – Respond to support inquiries. – Send transactional or service-related messages. Marketing & Newsletters: – Send marketing emails and event updates only if you opt in (Art. 6(1)(a) consent). – Deliver periodic newsletters via our separate mailing list (Art. 6(1)(a) consent).
Third-party services & processors
To operate and improve the App, we share limited data with trusted service providers acting as data processors under GDPR-compliant agreements: • Supabase — hosting, database infrastructure, and authentication services. • Crashlytics (Firebase) — crash reporting and quality monitoring. • Firebase Cloud Messaging — push notification delivery. • Resend (or similar email platform) — transactional emails and opt-in newsletters. Each provider processes data only on our documented instructions and under appropriate data processing agreements.
Sharing & disclosures
We do not sell or rent your personal data. We may share personal data only with: • Trusted processors listed above. • Legal authorities, courts, or regulators where required by law or to protect rights, safety, or prevent fraud. • Successors in the event of a merger, acquisition, or asset sale, subject to appropriate safeguards.
Automated decision-making & profiling
Our recommender system automatically analyzes your event history, preferences, and (if permitted) location to suggest relevant events. This profiling is designed to enhance your experience and is necessary for providing personalized recommendations (Art. 6(1)(b)). You may object to profiling or request human review by contacting us via the App or at [email protected].
Data retention & deletion
We retain personal data only as long as necessary to provide the App and comply with legal obligations: • Active users: Data retained while your account remains active. • Inactive users: If no login occurs for 6 months, personal identifiers may be anonymized. • Account deletion: Upon request, we delete or irreversibly anonymize personal data within 30 days, unless retention is required by law (e.g., tax or legal obligations). • Diagnostic data from test builds may be retained for up to 90 days before aggregation or deletion.
Security measures
We implement appropriate technical and organizational safeguards, including: • Encrypted communications (HTTPS/TLS). • Access controls and authentication safeguards. • Secure storage of crash reports and logs. • Periodic internal reviews of security practices. While we strive to protect your data, no system can guarantee absolute security.
Children's data
The App is intended only for individuals aged 18 or older. We do not knowingly collect personal data from minors. If we become aware that data from a person under 18 has been collected, we will delete it without undue delay.
Your GDPR rights
Under the GDPR, you have the right to: • Access your personal data. • Rectify inaccurate data. • Request erasure (“right to be forgotten”). • Restrict or object to processing. • Data portability. • Withdraw consent at any time (without affecting prior lawful processing). You may exercise your rights through the in-app settings or by contacting [email protected]. We may request identity verification before fulfilling certain requests.
Policy updates
We may update this Privacy Notice from time to time. Material changes will be communicated via email and/or in-app notification before they take effect. The updated version will always be available within the App or at https://evoe.at.
Contact & supervisory authority
Data Controller: Julian Kienzl, Graz, Austria. Email: [email protected] Website: https://evoe.at If you believe your data protection rights have been violated, you may lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde), Wickenburggasse 8, 1080 Vienna, Austria — https://www.dsb.gv.at.