1. Personal data controller
The personal data controller is the operator of the Vanzee app:
- Name: Antonín Vrbický
- Registered office: Teplice, Czech Republic
- Company ID: 09102060
- Data protection contact: support@vanzee.app
- Data Protection Officer: not appointed unless stated otherwise.
This policy explains how we process personal data of Vanzee app users and website visitors. Personal data means any information relating to an identified or identifiable person.
2. What data Vanzee processes
3. Purposes and legal bases of processing
We process personal data mainly so the service can work: account creation, map display, saving contributions, visit verification, reputation, trips, membership, notifications, moderation and support. The legal bases are primarily performance of a contract, legitimate interest in safe and honest service operation, compliance with legal obligations and, in some cases, the user's consent.
We use consent especially where the device or platform requires it: location, camera, photos, push notifications or similar optional features. Consent can usually be changed in the phone settings or in the app. Without some permissions, not all parts of Vanzee may work.
4. Location and verified visits
Location is important for Vanzee, but we use it purposefully. The app needs it to display the nearby map, verify whether the user is at a place, record a visit, record a peak visit, add a point in the field and run a live trip if the user activates it. During normal use, location is used for the current function. During an active live trip, the app may process location continuously so the route and stops can be recorded.
For contributions and visits, we also store verification data, such as distance from the target, signal accuracy, check time and whether it was a verified visit. This data protects the map from fake contributions and improves community trust.
5. Public content, profile and private points
Public map contributions may be visible to other users, including nickname, public reputation, membership, photos, text, experiences, comments and time of submission. The user can control some public profile elements in the app according to available privacy settings.
Private points and non-public trips are intended for the individual user. If the user publishes a trip or its travel card, selected data will appear on the public profile. When publishing, the user is responsible for not publishing sensitive data or content they do not want to share.
6. Processors and third-party services
We use technical suppliers to operate Vanzee. These typically include services for databases, authentication, photo storage, cloud functions, push notifications, map tiles, in-app purchases, subscription management, e-mail support, hosting and development infrastructure.
These services may include Google Firebase, Google Cloud, Expo, Mapbox, RevenueCat, Apple App Store, Google Play and an e-mail or hosting provider. Some suppliers may process data outside the European Union. In such cases, appropriate legal mechanisms are used, such as standard contractual clauses or other safeguards under GDPR.
7. Retention period
We store data for the duration of the account and then for the period necessary to operate the service, protect rights, ensure security, meet accounting and legal obligations or resolve disputes. Public map contributions may remain after account deletion if they are appropriately anonymized or if their retention is necessary for the credibility of the community map.
Push tokens are stored while they are usable for sending notifications. Technical and security records are stored for a period proportionate to service protection. Backups may contain data for a limited period after deletion from the production database until overwritten according to infrastructure settings.
8. User rights under GDPR
The user has the right to request access to personal data, correction of inaccurate data, deletion, restriction of processing, data portability and to object to processing based on legitimate interest. If processing is based on consent, the user has the right to withdraw consent at any time.
Requests can be sent to support@vanzee.app. To protect the account, we may request reasonable identity verification. If the user is not satisfied with the handling of the request, they may contact the Czech Office for Personal Data Protection.
9. Website, cookies and analytics
This website is designed as a simple static website. It does not use advertising cookies or tracking scripts by itself. Technical hosting may process standard server logs, such as IP address, request time, visited URL and technical data for website security and operation.
If we add analytics, campaign measurement or marketing cookies in the future, we will add a cookie banner or another solution according to applicable rules and update this policy.
10. Contact
For questions about personal data processing, GDPR requests or security reports, write to support@vanzee.app.