Privacy Policy
Privacy Policy
Version: 2026-05-04 Last updated: 2026-05-04
Data controller
Ouail El Fida (operating as PlaceStory) Address: [to be filled in before App Store submission] Trade register (KvK): 81253613 Email: ouailelfida@hotmail.com
1. Scope
This privacy policy explains how PlaceStory processes personal data when you use the mobile app or website.
2. Data we process
Account and profile:
- Email address and hashed password (via Supabase Auth)
- Display name, handle, optional avatar
- Optional bio and city
Location:
- Most recent GPS position (latitude/longitude + timestamp) when you use the app
- Used to show posts near you and to send relevant push notifications
Content you post:
- Title, description, optional photo, location, category, timestamp of your posts
- Whether the post was published anonymously
- Comments and updates you add
Interactions:
- Likes, confirmations, and comments you make
- Users you have blocked
- Reports you submit
Device and notifications:
- Push token (Expo)
- Platform (iOS/Android)
- Your notification preferences
We do not collect advertising identifiers, tracking data for advertisers, or sensitive categories of data (such as ethnicity, health, or political opinion).
3. Why we process this data
- Account creation and sign-in
- Showing posts in your feed and on the map
- Sending push notifications about activity nearby and on your own posts
- Community moderation (handling reports, blocking)
- Aggregate, anonymized statistics (such as active-user count). No individual tracking.
4. Legal basis (GDPR)
- Performance of contract (the Terms): account, posts, interactions
- Consent: location and push notifications. Revocable via Settings → Notifications and iOS Settings → PlaceStory → Location.
- Legitimate interest: moderation, security, fraud prevention
5. Sharing with third parties
| Party | Purpose | Location |
|---|---|---|
| Supabase | Backend (database, storage, auth, edge functions) | EU region + United States |
| Expo | Push notification delivery via Expo Push API | United States |
| Apple | App Store distribution | United States / EU |
We do not share your data with advertisers, analytics providers, or data brokers. Data Processing Agreements are in place with our processors.
6. International transfers
For processing in the United States, Standard Contractual Clauses (SCC) issued by the European Commission apply.
7. Retention periods
| Data category | Retention |
|---|---|
| Account data (email, profile) | Until account deletion. Removed immediately on deletion. |
| Posts you created | Remain visible to the community after account deletion, with your name removed (anonymous) |
| Likes, confirmations, comments, blocks | Removed immediately on account deletion |
| Push tokens | Removed when push notifications are disabled or account is deleted |
| Reports and moderation logs | Up to 90 days, then anonymized or deleted |
8. Your rights
Under GDPR you have the right to:
- Access your data (in-app via Profile + Settings, or by email)
- Rectify inaccurate data
- Delete your account and data (in-app: Settings → Delete account)
- Withdraw consent for location and push notifications
- Object to processing
- Lodge a complaint with the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl) or your local supervisory authority
Send requests to ouailelfida@hotmail.com. We respond within 30 days.
9. Minors
PlaceStory is not intended for users under 16. By creating an account you confirm that you are at least 16 years old. If we learn that a user is under 16, we will delete the account.
10. Security
We use industry-standard security:
- TLS encryption in transit
- Encryption at rest (Supabase Postgres)
- Hashed passwords
- Row-Level Security per user
11. Changes to this policy
We may update this policy. Material changes will be announced in-app at least 14 days before they take effect.
12. Contact
For privacy questions or data requests: ouailelfida@hotmail.com.