PibeChorro

Privacy Policy for DASH

Last Updated: Mai 27, 2026

Developer Contact: Vincent Plikat Email: vin.pli@posteo.de Location: Tübingen, Germany

1. Introduction

This Privacy Policy explains how DASH (“the App,” “we,” “us,” or “our”) collects, uses, stores, and protects your personal information. By using DASH, you agree to the collection and use of information as described in this policy.

DASH is an event-based messenger platform that helps you coordinate social events with friends. We take your privacy seriously and are committed to protecting your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

2. Information We Collect

2.1 Information You Provide Directly

When you create an account and use DASH, we collect:

Username: A display name you choose for your account
Email Address: Used for account creation and authentication
Password: Stored in encrypted form for account security
Phone Number: Used to identify and connect you with contacts who also use the App

2.2 Information We Collect Automatically

When you use the App, we automatically collect:

Phone Contacts: Access to your phone’s contact list to help you find and connect with friends who use DASH. Phone numbers from contact lists are transmitted to our server solely to identify which contacts are also DASH users. They are not stored.
Photos and Media: Access to your device’s camera and gallery when you choose to upload photos to events or your profile
Device Information: Device tokens for push notifications (iOS and Android), device type, and operating system

2.3 Chat and Event Data

Messages: Content of messages you send in event-based group chats
Event Information: Events you create or attend, including event names, descriptions, dates, times, and locations (text description of where to meet - e.g., “in the park”)

3. How We Use Your Information

We use your personal information solely for the operation of the App. We do NOT use your data for commercial purposes, advertising, or any other purpose beyond providing the App’s functionality.

Specifically, we use your information to:

Authenticate Your Account: Verify your identity and secure your account
Connect You with Friends: Match you with contacts in your phone who also use DASH
Enable Event Coordination: Allow you to create, host, and attend social events
Facilitate Communication: Enable group chats for events you’re participating in
Send Notifications: Deliver push notifications about events, invitations, and messages
Build Your Social Network: Create connections between users based on accepted event invitations
Maintain Security: Protect your account and data from unauthorized access

We do not sell, rent, trade, or share your personal information with third parties for their marketing or commercial purposes.

4.2 Service Providers (Data Processors)

To operate the App, we use trusted third-party service providers that process data solely on our behalf to provide infrastructure services:

Railway: Hosts our backend server, PostgreSQL database (user credentials and chat history), Redis (real-time chat infrastructure) and Neo4j (graph database that stores user relationships and event information)
Firebase Cloud Messaging (FCM): Google’s service that delivers push notifications to your device

These service providers:

Only process data as instructed by us
Are contractually obligated to protect your data
Do not use your data for their own purposes
Comply with GDPR and other privacy regulations

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if necessary to:

Protect the rights, property, or safety of DASH, our users, or the public
Enforce our Terms of Service
Respond to legal claims or investigations

5. Data Storage and Security

5.1 Where Your Data is Stored

Your data is stored in:

PostgreSQL Database: User credentials (username, email, encrypted password) and chat messages
Neo4j Graph Database: User relationships, events, and social network connections
Redis Cache: Temporary data for real-time chat functionality

All databases are hosted in secure cloud infrastructure (Railway) with industry-standard security measures.

5.2 Security Measures

We implement appropriate technical and organizational measures to protect your data, including:

Encryption: Passwords are encrypted using industry-standard hashing algorithms
Secure Transmission: Data transmitted between your device and our servers uses HTTPS/TLS encryption
Access Controls: Limited access to data, restricted to necessary operations only
Authentication Tokens: JWT (JSON Web Tokens) for secure session management

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Data Retention

6.1 Account Data

We retain your account information (username, email, password, phone number) until you delete your account. When you delete your account, this data is permanently removed immediately.

6.2 Chat Data

Chat messages and conversations are stored until the associated event is deleted. Events and their chat data are automatically deleted:

When a user manually deletes the event

6.3 No Personal Data Retained After Deletion

We do not retain any personal data after account deletion or event deletion. All associated data is permanently removed from our databases.

As a user in the European Union (Germany), you have the following rights:

7.1 Right to Access

You have the right to request access to the personal data we hold about you.

7.2 Right to Deletion (Right to be Forgotten)

You have the right to request deletion of your personal data. You can delete your account directly through the App, which will immediately remove all your data.

7.3 Right to Rectification

You have the right to correct inaccurate or incomplete personal data.

7.4 Right to Data Portability

You have the right to request a copy of your data in a structured, machine-readable format.

7.5 Right to Object

You have the right to object to the processing of your personal data under certain circumstances.

You may withdraw your consent to data processing at any time by deleting your account.

To exercise any of these rights, please contact us at vin.pli@posteo.de

8. Cookies and Tracking

We do not use cookies or tracking technologies for advertising or analytics purposes.

We only use:

Authentication Tokens (JWT): To keep you logged in and verify your identity when you use the App
Session Management: To maintain your active session while using the App

These tokens are necessary for the App to function and are not used for tracking or advertising.

9. Children’s Privacy

DASH is not intended for users younger than 13 years, since real time messaging with people they may only know through another person is possible.

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us at vin.pli@posteo.de, and we will promptly delete such information.

10. International Data Transfers

Your data is primarily processed and stored within the European Union and regions with adequate data protection standards. When data is processed outside the EU (such as through Firebase Cloud Messaging), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) and compliance with GDPR requirements.

11. Third-Party Services

DASH uses the following third-party service providers to operate the app. Each provider is bound by a data processing agreement and may only process your data for the purposes described below.

Railway (railway.app)
Hosts our backend infrastructure, including the application server, PostgreSQL database, Redis cache, and Neo4j graph database. User account data, chat messages, and event data are stored on Railway’s servers in the EU.
Privacy Policy: https://railway.app/legal/privacy

Google Firebase Cloud Messaging
Used to deliver push notifications to your device. Your device token is transmitted to Firebase solely for notification delivery.
Privacy Policy: https://policies.google.com/privacy

Sentry (sentry.io)
Used for backend error monitoring and crash reporting. Sentry captures technical error data including stack traces, request URLs, and performance metrics. No personally identifiable information is transmitted to Sentry. This data is used exclusively for debugging and improving app stability.
Privacy Policy: https://sentry.io/privacy/

Mailtrap Used to deliver transactional emails such as password reset links. Only your email address is transmitted for this purpose.
Privacy Policy: (https://mailtrap.io/privacy/)

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will:

Update the “Last Updated” date at the top of this policy
Notify you through the App or via email (if applicable)
Request your consent if required by law

Your continued use of the App after changes are posted constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Vincent Plikat Email: vin.pli@posteo.de Location: Tübingen, Germany

For GDPR-related inquiries, data deletion requests, or to exercise your privacy rights, please email vin.pli@posteo.de with the subject line “Privacy Request.”

14. Data Controller

The data controller responsible for your personal information is:

Vincent Plikat Tübingen, Germany Email: vin.pli@posteo.de

By using DASH, you acknowledge that you have read and understood this Privacy Policy.