← Back to Tribe
Privacy Policy
Last updated: March 12, 2026
Tribe ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we
collect, use, disclose, and safeguard your personal data when you use our mobile application and related
services (the "Service"), in compliance with the General Data Protection Regulation (GDPR)
and applicable Austrian and EU data protection laws.
1. Data Controller
Tribe
Danylo Merezhko
josef-fritsch-weg 1
1020 Wien, Austria
Email: [email protected]
2. Data We Collect
We collect the following categories of personal data:
- Account data: Name, email address, profile photo, date of birth, gender, nationality,
city, country (provided voluntarily by the user)
- Profile data: Bio, interests, languages spoken
- Usage data: Events created, events joined, event check-ins, chat messages, saved events
- Device data: FCM push notification tokens, device type (for notifications only)
- Authentication data: Google Sign-In or Apple Sign-In identifiers (we do not store your
google/apple password)
3. Device Permissions
To provide certain features, the Service may request access to your device's features:
- Camera and Photo Library: Used exclusively for capturing and uploading your profile
photo or event cover photos. This access is only used at your request.
4. Location Data
The Service does not collect your precise location via GPS or background location services. Your location
information ("City, country") is provided voluntarily by you when setting up your profile or creating an
event, to help show you relevant local content.
5. Legal Basis for Processing (GDPR Art. 6)
- Contract performance (Art. 6(1)(b)): Processing necessary to provide the Service
(account management, event participation, messaging)
- Legitimate interest (Art. 6(1)(f)): Analytics to improve the Service, fraud prevention,
and UGC moderation
- Consent (Art. 6(1)(a)): Push notifications, error reporting (Crashlytics), usage
analytics,
and optional profile information
6. How We Use Your Data
- Provide and maintain the Service
- Enable you to create, join, and manage events
- Facilitate in-app messaging between event participants
- Send push notifications (event reminders, updates, post-event prompts)
- Display "familiar faces" indicators based on co-attendance history
- Improve and personalize the Service
- Content Moderation: We may moderate User-Generated Content (UGC), such as event details
and chat messages, to detect and prevent abuse, spam, harassment, or other violations of our terms.
7. Data Sharing & Third-Party Processors
We use the following third-party services that may process your data:
- Google Firebase (Google LLC, USA) — Authentication, Firestore database, Cloud Storage,
Cloud Functions, Cloud Messaging. Firebase
Privacy
- Google Firebase Crashlytics & Analytics — Used to collect error logs and usage
statistics to improve reliability. Note: Collection of these metrics requires your explicit consent
via
the in-app prompt/banner.
- Google Cloud Platform — Infrastructure hosting (data stored in EU region
eur3)
Legal Disclosure: We may disclose your personal data to law enforcement or other
authorities if required by a valid legal request or if necessary to comply with a legal obligation.
Data transfers to the USA are covered by the EU-U.S. Data Privacy Framework. We do not sell your personal
data.
8. Data Retention
- Account data: Retained until you delete your account
- Event data: Retained for 12 months after the event date, then automatically archived
- Chat messages: Retained as long as the associated event exists. Upon account deletion,
your messages remain visible to other participants but are anonymized and attributed to a "Deleted
User."
9. Your Rights (GDPR Art. 15–22)
You have the following rights regarding your personal data:
- Access (Art. 15): Request a copy of your personal data
- Rectification (Art. 16): Correct inaccurate data via Edit Profile
- Erasure (Art. 17): Delete your account and all associated data via Profile → Legal →
Delete Account or by submitting a request via our Data Deletion page
- Data portability (Art. 20): Export your data in JSON format via Profile → Legal →
Export My Data
- Restriction (Art. 18): Request restriction of processing
- Object (Art. 21): Object to processing based on legitimate interest
- Withdraw consent: Withdraw consent at any time (e.g., disable notifications in device
settings)
To exercise any of these rights, contact us at [email protected].
10. Data Security
We implement appropriate technical and organizational measures to protect your data, including encryption in
transit (TLS), Firebase Security Rules, and authenticated Cloud Functions.
11. Children's Privacy
The Service is not intended for users under 16 years of age. We do not knowingly collect data from children
under 16.
12. Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with
the Austrian Data Protection Authority:
Österreichische Datenschutzbehörde
Barichgasse 40–42, 1030 Wien
www.dsb.gv.at
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via the app or
email. Continued use of the Service after changes constitutes acceptance.
14. Contact
For questions about this Privacy Policy, contact us at [email protected].