TAGZ Privacy Policy

Last updated: May 2026

1. Controller

TAGZ Social
John Brandauer
Buchbrunn 21
9141 Eberndorf
office@tagz-social.com

This privacy policy explains how we process your personal data when you use the TAGZ app, in accordance with the EU General Data Protection Regulation (GDPR/DSGVO).

2. Data We Collect and Legal Basis (DSGVO Art 13)

Account Data

• Email address, display name, profile photo, and account identifiers
• Legal basis: Contract performance (Art 6(1)(b)) — necessary to provide the TAGZ service

Event and Social Content

• Events you create, join, or view; event titles, descriptions, comments, guest activity, report notes, and event locations
• Content you share into TAGZ from the system share sheet may be used to prefill event text, links, or media before you submit it
• Event chat messages and other in-app messages you send to participants
• Legal basis: Contract performance (Art 6(1)(b)) — core app functionality

Media Data

• Photos and videos you upload to profiles, events, or shared event albums
• Audio contained in user-recorded videos, such as voice or ambient sound captured with the video
• Legal basis: Contract performance (Art 6(1)(b)) — sharing event media you choose to submit

Location Data

• GPS coordinates when creating events or using map features
• Legal basis: Consent (Art 6(1)(a)) — via device location permission; revocable at any time in device settings

Calendar Data

• Optional on-device calendar writes when you choose to add a joined event to your device calendar
• TAGZ checks your device calendar list locally only to find a writable calendar for that action
• TAGZ does not upload or sync your existing calendar events or calendar lists to TAGZ servers
• Legal basis: Consent (Art 6(1)(a)) — via device calendar permission and your optional action

Contact Import Data

• Optional contact phone numbers are normalized and hashed on your device before friend matching
• Hashed contact values are sent under your signed-in account to find friends and prevent abuse; raw contact names and phone numbers are not stored on TAGZ servers
• Legal basis: Consent (Art 6(1)(a)) — via device contacts permission and your optional contact import action

Purchase Data

• Subscription product identifiers, purchase status, transaction references, and entitlement state from official app marketplace billing
• Legal basis: Contract performance (Art 6(1)(b)) — activating paid organization features and purchase support

Device and Technical Data

• Device type, OS version, app version, crash reports
• Legal basis: Legitimate interest (Art 6(1)(f)) — maintaining app stability and security

Usage Analytics (PostHog)

• Opt-in interaction data linked to your TAGZ account, such as screens viewed and features used
• Featured event view and tap counts are aggregate counters and do not store who saw or tapped the featured card
• Legal basis: Consent (Art 6(1)(a)) — opt-in only; you can enable or disable this in Privacy Settings at any time

Push Notifications

• Device push tokens used to deliver notifications
• Legal basis: Consent (Art 6(1)(a)) — via device notification permission

3. Third-Party Processors and Data Transfers

We use the following third-party service providers to operate TAGZ. Some process data in the United States under the EU-US Data Privacy Framework (DPF):

• Firebase / Google Cloud (US) — Account authentication, app database, file storage, and push-notification delivery. Transfer basis: EU-US Data Privacy Framework.
• Sentry (US) — Error tracking and crash reporting. TAGZ may send a pseudonymous account identifier for support and reliability correlation; no email, name, or username is sent by default. Transfer basis: EU-US Data Privacy Framework.
• PostHog (US) — Usage analytics (opt-in only). Transfer basis: EU-US Data Privacy Framework.
• Official app marketplace billing (US/EU as applicable) — In-app purchase and subscription processing. Transfer basis: platform privacy terms and applicable data-transfer safeguards.

We never sell your personal data. Data is shared with processors only as necessary to provide the service.

4. Data Retention

We retain your data while your account is active. When you delete your account, we delete your personal data within 30 days, except where retention is required by law (e.g., tax or accounting obligations under Austrian law).

5. Your Rights (DSGVO Art 15–21)

Under the GDPR/DSGVO, you have the right to:

• Access your personal data (Art 15)
• Rectify inaccurate data (Art 16)
• Erase your data / “right to be forgotten” (Art 17)
• Restrict processing (Art 18)
• Data portability (Art 20)
• Object to processing based on legitimate interest (Art 21)
• Withdraw consent at any time without affecting lawfulness of prior processing

To exercise any of these rights, contact us at office@tagz-social.com.

6. Right to Complain

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Austrian Data Protection Authority:

Datenschutzbehörde
Barichgasse 40-42
1030 Vienna, Austria
dsb@dsb.gv.at
https://www.dsb.gv.at

7. Contact Import

If you choose to import contacts, phone numbers are hashed on your device before any server matching. We do not store raw contact names or phone numbers on our servers, and account deletion removes TAGZ phone-hash records associated with your account.

8. Children’s Privacy

TAGZ is not intended for users under 14 years of age (in accordance with Austrian DSGVO provisions). We do not knowingly collect information from users under 14. If we learn we have collected such information, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via the app or email.

10. Contact Us

For privacy questions or to exercise your rights, contact us at: office@tagz-social.com