WhereU

Privacy Policy

Last updated: 9 May 2026

This Privacy Policy explains how DPA Tech Solutions SRL ("we", "us", "our") collects, uses and protects your personal data when you use the WhereU mobile and web application and the website at whereu.fun (the "Service"). We act as the data controller for your personal data under the EU General Data Protection Regulation (GDPR) and Romanian Law no. 190/2018.

1. Who we are

DPA Tech Solutions SRL, a company registered in Romania. For any privacy request you can contact us at privacy@whereu.fun.

2. Data we collect

  • Account data: email address, display name, avatar, language preference.
  • Profile data: bio, interests, optional social links you choose to add.
  • Location data: live GPS coordinates when you enable location sharing or "Live" mode. Sharing can be paused at any time (Ghost Mode) or set to expire automatically.
  • Social graph: friends, RSVPs, pings and events you create or join.
  • Payment data: handled by Stripe; we never store full card details.
  • Technical data: device type, browser, IP address, log data, crash reports.

3. Why we use your data (legal bases)

  • Performance of a contract — to provide the Service, your account and the social features.
  • Consent — for sharing your live location, push notifications and optional analytics.
  • Legitimate interests — to keep the Service safe, prevent abuse and improve features.
  • Legal obligation — accounting, tax and responding to lawful requests.

4. Sharing your data

We share data only with processors needed to run the Service:

  • Supabase (database, authentication, storage).
  • Stripe (payments and subscriptions).
  • Map and geocoding providers for displaying maps.
  • Hosting and email delivery providers.

We never sell your personal data. Some of these providers may transfer data outside the EEA; in those cases we rely on Standard Contractual Clauses approved by the European Commission.

5. How long we keep your data

  • Account data — until you delete your account.
  • Live location pings — automatically deleted after the sharing window expires.
  • Invoices and payment records — 10 years (Romanian fiscal law).
  • Logs — up to 90 days.

6. Your rights

Under GDPR you have the right to access, rectify, erase, restrict or port your data, to object to processing and to withdraw consent at any time. You can exercise any of these rights from the in-app settings or by emailing privacy@whereu.fun. You may also lodge a complaint with the Romanian Data Protection Authority (ANSPDCP, dataprotection.ro).

7. Security

We use encryption in transit (HTTPS/TLS), encryption at rest, row-level security on our database, and least-privilege access controls. No system is 100% secure, but we work hard to keep yours safe.

8. Children

WhereU is not intended for users under 16. If you believe a minor has registered, please contact us and we will remove the account.

9. Changes

We will notify you of material changes to this Policy via the app or by email. Continued use of the Service after changes take effect means you accept the updated Policy.