Privacy Policy
Last updated: April 20, 2026
1. Introduction Welcome to Doubl. We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Doubl mobile application, website, and related services (the “Services”). This policy is designed to comply with: The General Data Protection Regulation (GDPR) The California Privacy Rights Act and California Consumer Privacy Act Other applicable U.S. state privacy laws (e.g., Virginia, Colorado, Texas) By using Doubl, you agree to this Privacy Policy.
2. Data Controller The entity responsible for processing your personal data: Doubl Donnerbrink 3 33619 Bielefeld, Germany Email:
[email protected] (“Doubl”, “we”, “us”)
3. Information We Collect We collect the following categories of personal data: 3.1 Information You Provide Name Email address Profile picture Account credentials Event participation and activity Messages sent within the platform Optional profile details (e.g., interests, age, gender, affiliations) 3.2 Automatically Collected Information Device information (device type, OS, identifiers) IP address and approximate location App usage data (features used, interactions, session duration) Log data and diagnostics 3.3 Location Data Approximate location (based on IP or device settings) Optional precise location (if enabled by you) 3.4 Communications Messages between users (may be encrypted depending on feature) Support requests and communication with us 3.5 Analytics and Tracking Data We use third-party tools such as: Google Analytics Sentry These tools collect usage data and technical information.
4. How We Use Your Data We process your data for the following purposes: Service Provision: operate and maintain the app Matching & Discovery: suggest relevant events, users, and content Communication: enable messaging and notifications Safety & Security: detect fraud, abuse, and violations Product Improvement: analyze usage and improve features Legal Compliance: fulfill legal obligations
5. Legal Bases (EU Users) Under the GDPR, we rely on: Consent (Art. 6(1)(a)) – e.g., cookies, marketing Contractual necessity (Art. 6(1)(b)) – to provide Services Legitimate interests (Art. 6(1)(f)) – security, improvement Legal obligations (Art. 6(1)(c))
6. Sharing of Personal Data We may share your data with: 6.1 Service Providers Cloud infrastructure (e.g., AWS) Database/authentication providers (e.g., Supabase) Analytics providers (e.g., Google Analytics, Sentry) These providers process data on our behalf under contractual agreements. 6.2 Legal Requirements We may disclose data if required to: Comply with laws or regulations Respond to legal requests Protect rights and safety 6.3 Business Transfers In case of merger, acquisition, or sale of assets.
7. International Data Transfers Your data may be transferred outside your country, including to the United States. Where required, we use: Standard Contractual Clauses (SCCs) Other legally approved safeguards
8. Data Retention We retain personal data only as long as necessary: Active account: retained while account exists After deletion: erased within 30 days (unless legally required otherwise)
9. Security We implement appropriate technical and organizational measures, including: Encryption in transit and at rest Access controls Monitoring and audits
10. Cookies & Tracking Technologies We use cookies and similar technologies for: Essential functionality Analytics Performance improvements EU Users You can manage consent via our cookie banner. US Users You can opt out of tracking where required.
11. Your Rights 11.1 EU / EEA Users You have the right to: Access your data Rectify inaccuracies Request deletion Restrict processing Data portability Object to processing Withdraw consent You may also lodge a complaint with your local data protection authority. 11.2 US Users (including California) Under CPRA/CCPA and other laws, you may: Request access to your data Request deletion Request correction Opt out of “sale” or “sharing” of personal data Limit use of sensitive personal information We do not sell your personal data. To exercise your rights: 📧
[email protected]12. Do Not Sell or Share (US Residents) Doubl does not sell personal data. If required by law, you may request to opt out of data sharing for advertising or analytics purposes by contacting us.
13. Children’s Privacy Doubl is not intended for: Users under 16 in the EU Users under 13 in the US We do not knowingly collect data from children.
14. Automated Decision-Making We may use algorithms to: Recommend events or users Personalize content These do not produce legal or similarly significant effects.
15. Data Breach Notification In the event of a data breach, we will: Notify authorities where required Inform affected users
16. Changes to This Policy We may update this Privacy Policy. Material changes will be communicated via: App notifications Email Website notice