Privacy Policy

Last updated: May 29, 2026

This policy explains how Will U Be There ("the App") collects, uses, and protects your personal data, and the rights you have under the EU General Data Protection Regulation (GDPR).

1. Who We Are (Data Controller)

The data controller responsible for your personal data is:

• thatUkrainianGuy (sole proprietorship / eenmanszaak)
• Berlaarstraat 53, 1066 PJ Amsterdam, The Netherlands
• Registered with the Netherlands Chamber of Commerce (KvK no. 98959964)
• Contact: info@willubethere.app

2. Data We Collect

• Account information: Email address (from your Google or Apple sign-in), display name, username
• Location data: Home city name and coordinates, trip destination names and coordinates
• Profile photo: Optional avatar image you upload
• Trip data: Destination city, start date, end date, optional notes
• Friendships: Friend connections you create within the App
• Device tokens: Push notification identifiers (FCM tokens), if you enable notifications
• Technical/diagnostic data: A pseudonymous account identifier and crash/error reports, to keep the App working

3. How We Use Your Data & Legal Bases

We process your data on the following legal bases (GDPR Article 6):

• To provide the core service — authentication, profile display, and matching your trip locations and dates with your friends' to find overlaps ("intersections"). Basis: performance of a contract, Art 6(1)(b).
• Push notifications — alerting you to new intersections, friend requests, and trip reminders. Basis: your consent, Art 6(1)(a); you can disable notifications at any time in your device settings.
• Error and crash diagnostics — keeping the App stable and secure. Basis: our legitimate interest in a functioning, secure service, Art 6(1)(f). We send only a pseudonymous identifier — no IP address, advertising ID, or browsing data.
• Legal compliance — responding to lawful requests and meeting our obligations. Basis: legal obligation, Art 6(1)(c).

We do not use your data for advertising, ad profiling, or tracking across other apps or websites, and we do not sell your personal data.

4. Data Sharing & Sub-Processors

Your trip list is private. Friends only see intersection results (where your paths cross), never your full itinerary. We share data only with the service providers ("processors") needed to operate the App, each under a data-processing agreement:

• Supabase (region EU-West-1, Ireland) — authentication, database, and file storage. Hosts the majority of your personal data, within the EU.
• Google Firebase Cloud Messaging — delivery of push notifications (device token and message content). May process data outside the EU (see Section 5).
• Sentry (EU region / Frankfurt) — crash and error diagnostics, within the EU.
• Geoapify — map tile and city-autocomplete rendering. City search terms are sent to provide suggestions; no account identifier is attached.
• Cloudflare — content delivery, our website, and cached map/profile images at the network edge.

5. International Data Transfers

The core of your data (account, trips, friendships, photos, error diagnostics) is processed inside the European Union (Supabase EU and Sentry EU). Push notification delivery through Google Firebase Cloud Messaging may involve transfer to the United States. Where data leaves the EU, it is protected by appropriate safeguards — the European Commission's Standard Contractual Clauses and/or an adequacy decision (the EU–U.S. Data Privacy Framework).

6. Data Retention & Deletion

We keep your account data for as long as your account is active. You can delete your account at any time from the App's profile screen or at willubethere.app/delete-account. When you request deletion:

• Your account is immediately deactivated, and your push tokens and avatar are removed straight away;
• After a 30-day grace period (during which you can cancel by signing back in), all remaining data is permanently purged — trips, friendships, device tokens, preferences, and profile information;

We also automatically delete transient operational data: notification de-duplication records after 24 hours, and inactive push tokens after 90 days.

7. Your Rights

Under the GDPR you have the right to:

• Access — get a copy of your data. Use "Download my data" in the App's profile screen for a complete machine-readable (JSON) export.
• Rectification — correct inaccurate data by editing your profile in the App.
• Erasure ("right to be forgotten") — delete your account in the App or at the link above.
• Data portability — the same "Download my data" export provides your data in a portable format.
• Restriction and objection — restrict or object to certain processing, including processing based on legitimate interest.
• Withdraw consent — e.g. turn off push notifications at any time.
• Lodge a complaint — with your local supervisory authority. In the Netherlands this is the Autoriteit Persoonsgegevens.

To exercise any right that isn't self-service in the App, email info@willubethere.app. We respond within 30 days.

8. Data Security

All data is transmitted over HTTPS/TLS. Data is stored in Supabase's EU-West-1 region protected by row-level security policies, and sensitive matching logic runs as server-side database functions so that no friend ever receives another user's raw location or itinerary.

9. Children

The App is intended for users aged 16 and over, in line with the minimum age for consent to data processing in the Netherlands. We do not knowingly collect personal data from anyone under 16. If you believe someone under 16 has provided us with personal data, please contact us and we will delete it.

10. Data Protection Officer

Given the nature and scale of our processing, we are not legally required to appoint a Data Protection Officer. For any privacy question, contact us directly at info@willubethere.app.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes through the App or by email.

12. Contact

Email: info@willubethere.app