Privacy Policy

The data controller is YEPPO, reachable at info@yeppo.it.

We collect the following categories of data:

• Voluntarily provided data: email address, venue name, phone number, owner/company name — provided through the sponsor registration form at /business.
• Anonymous session data: a random identifier generated locally (localStorage) to associate swipe sessions. We do not collect names, emails, or other identifying data from regular app users.
• Location data: approximate geographic location (latitude/longitude) is used solely to find nearby places and is never persistently stored linked to the user.
• Payment data: payment data is processed exclusively by Stripe, Inc. and does not transit through or get stored on our servers. We refer to the Stripe Privacy Policy.

• Service provision (Art. 6(1)(b) GDPR): we use data to deliver the requested service.
• Contractual and legal compliance (Art. 6(1)(c) GDPR): for sponsors, data is necessary for contract execution and legal obligations.
• Legitimate interest (Art. 6(1)(f) GDPR): aggregate analysis to improve the service, abuse prevention.

Sponsor data is retained for the duration of the contract and for the subsequent 10 years as required by applicable tax regulations. Anonymous session data is automatically deleted after 90 days of inactivity.

Data is not sold or transferred to third parties. We share it exclusively with:

• Supabase, Inc. — database infrastructure (EU servers).
• Stripe, Inc. — payment processor.
• Vercel, Inc. — web application hosting.
• Google LLC — Google Maps/Places API for nearby place search.

All providers operate as Data Processors under Art. 28 GDPR with adequate contractual safeguards.

Some providers (Stripe, Vercel, Google) may transfer data to third countries. Such transfers occur in compliance with Standard Contractual Clauses approved by the European Commission (Art. 46 GDPR).

Under Articles 15–22 of the GDPR you have the right to:

• Access your personal data
• Rectify inaccurate data
• Request erasure ("right to be forgotten")
• Object to processing or request restriction
• Data portability
• Withdraw consent at any time

To exercise your rights, write to info@yeppo.it. We will respond within 30 days. You also have the right to lodge a complaint with the relevant data protection authority.

We use exclusively:

• localStorage (technical, necessary): to store the anonymous session ID and current room state. This is not a cookie and is not automatically transmitted to the server.

We do not use profiling or marketing cookies. For more information see our Cookie Policy.

We adopt appropriate technical and organisational measures (TLS encryption, role-based access control, monitoring) to protect personal data from unauthorised access, loss or disclosure.

We may update this policy at any time. In case of material changes, active sponsors will be notified by email. The date at the top indicates the last revision.