Last updated: 2026-06-22

Privacy Policy

Welcome to betogether. We know your data matters to you — it matters to us, too. This Privacy Policy explains, in plain language, which personal data we process, why we process it, and what rights you have. We follow the EU General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG).

betogether is a small, private, closed app for tight-knit groups ("Tische"). We do not sell your data, we do not show ads, and we do not profile you for marketing networks.

1. Controller

The controller for the processing of your personal data within the meaning of Art. 4 No. 7 GDPR is the entity named in the Imprint. You can find the full contact details in the in-app Imprint (§ 5 ECG / § 25 MedienG).

For data protection requests, you can reach us at:

• Email: hello@betogether.at
• Postal address: Manuel Kirchebner, Schnapfen 11, 6361 Hopfgarten, Austria

You can contact us at any time — we usually respond within 30 days.

2. What data we collect

We only collect what betogether needs in order to work. Here is the full overview.

2.1 Account data

• Sign-in data: you can register/sign in in several ways — we only process the data needed for the method you choose:
• Phone number (international E.164 format) + one-time codes (OTP) sent by SMS. The codes are only briefly hashed and stored temporarily, never long-term.
• Email address + password (we store the password only as a secure hash, never in plain text).
• Sign in with Apple or Sign in with Google — we receive a unique identifier and, if you allow it, your email address.
• Display name (free choice, no real name required).
• Avatar (optional).

2.2 Content you create

• SNAP posts: photos and short videos you record with the camera or select from your gallery.
• VOICE posts: voice notes you record with the microphone.
• THOUGHT posts: short text posts.
• STATUS posts: a free-form location text (e.g. "At Café Hawelka"). We do not use GPS — only what you type.
• Plans: title, location (free text), notes, and RSVPs from other members.
• Wall items: quotes, photos, or notes you pin in your Tisch.
• Reactions and comments on other members' posts.
• Chat messages: text messages in a Tisch's real-time chat (including replies and reactions), visible only to the members of that Tisch.
• Memberships: which Tische you belong to and your role in each.

2.3 Device permissions

Some features require permissions on your device. We only access them when you actively start an action:

• Photo library: only when you actively pick an image. betogether does not scan your library in the background.
• Camera: only when you start a recording. Preview and editing happen locally; uploads only happen when you tap "Post".
• Microphone: same as the camera — only during active recording, upload only after you confirm.
• Contacts: only when you open the invite picker. Phone numbers are shown on your device; only the contacts you explicitly select are sent to our server as invitations.

2.4 Technical data

• Push device tokens from Apple (APNs) and Google (FCM), so we can send you notifications.
• App and device version (for troubleshooting).
• Anonymized crash reports via Sentry if the app crashes (see Section 6).

3. Why we process this data

We follow the principle of purpose limitation. Each processing operation has a clear purpose:

4. Legal bases

We process your data on the following legal bases:

• Art. 6(1)(b) GDPR (performance of a contract): for all features you actively use — account, posts, plans, memberships.
• Art. 6(1)(a) GDPR (consent): for optional features such as Spotify connection, push notifications, contact import, and marketing communications. You can withdraw consent at any time in settings.
• Art. 6(1)(f) GDPR (legitimate interests): for error diagnostics with Sentry, abuse protection, and IT security. You can disable Sentry in settings.
• Art. 6(1)(c) GDPR (legal obligation): for retaining anonymized audit-log entries under commercial and tax law obligations.

5. How long we store data

We store data only as long as needed for the relevant purpose:

• OTP codes: maximum 10 minutes, then automatically deleted.
• Push device tokens: until you unregister the device or uninstall the app.
• Spotify tokens (encrypted): until you disconnect or after 90 days of inactivity.
• Soft-deleted accounts: 30-day grace period, so you can undo accidental deletion.
• Hard-deleted accounts: posts, chat messages, plans, wall items, and memberships are cascade-deleted. An anonymized audit-log entry is kept for up to 6 years (commercial and tax law retention obligations under § 212 UGB, § 132 BAO).
• Sentry crash reports: under Sentry's standard retention windows, typically 30–90 days.

6. Recipients and processors

We share data only with carefully selected service providers under Art. 28 GDPR data processing agreements:

• Twilio Inc. — OTP SMS delivery. We share the recipient phone number and the OTP body. Twilio operates servers in the US; the transfer is safeguarded by EU Standard Contractual Clauses (SCCs).
• Spotify AB — only when you connect your Spotify account. We exchange OAuth tokens (which we store encrypted). We never see your password. "Currently playing" data is only fetched at your request.
• Own media storage (no external service): your uploaded media (photos, videos, voice notes) is stored via self-hosted MinIO exclusively on our own servers — no external cloud storage provider is involved. Server location: see Hosting (Hetzner, Germany/EU).
• Sentry — crash and error reporting. Message bodies are not transmitted; phone numbers are redacted server-side via pino-redact. You can disable Sentry in settings.
• Apple Inc. (APNs) and Google LLC (FCM) — push notification delivery. We send an anonymous device token plus the notification content. Both services also process in the US; SCCs apply.
• Apple Inc. or Google LLC — only when you use "Sign in with Apple/Google": we verify the identity token issued by Apple/Google (OAuth) for authentication. Both providers also process in the US; SCCs apply.
• Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany — operation of our backend and media servers. All data is held in Germany (EU).

We will provide an up-to-date sub-processor list on request.

7. International transfers

Where data is transferred outside the European Economic Area (in particular to the US for Twilio, Sentry, APNs, FCM), this is done on the basis of EU Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework. We regularly review our providers.

8. Your rights

You have extensive rights under the GDPR. Here is how to exercise them:

• Right of access (Art. 15 GDPR): request a full data copy as a JSON export at any time. Tap "Export data" in settings or call `/v1/users/me/export`.
• Right to rectification (Art. 16 GDPR): edit your display name and avatar directly in profile settings.
• Right to erasure (Art. 17 GDPR): "Delete account" in settings starts the 30-day grace period, after which deletion is irreversible.
• Right to restriction (Art. 18 GDPR): by email request.
• Right to data portability (Art. 20 GDPR): via the same JSON export as the access right.
• Right to object (Art. 21 GDPR): you can disable push notifications and Sentry. Where processing is based on legitimate interest, you can object at any time.
• Right to withdraw consent (Art. 7(3) GDPR): consents (Spotify, contacts, marketing) can be withdrawn in settings. Because phone number and Terms of Service are required for performance of the contract, withdrawal in those areas leads to account closure.
• Right to lodge a complaint (Art. 77 GDPR): see Section 12.

9. Children's data

betogether may only be used from the age of 14. In Austria, the digital-consent age under § 4(4) DSG is 14 (Art. 8 GDPR). Persons under 14 may not use betogether; we do not knowingly collect data from children below that age. If you are a parent or guardian and have reason to believe your child under 14 has created an account, please contact us — we will delete the account promptly.

10. Cookies and local storage

betogether does not use cookies in the classical sense. On your device, we use MMKV (an encrypted key-value store) to keep:

• your session token, so you stay logged in,
• a cache of betogether and user data for faster loading,
• your UI preferences (theme, language).

This data lives only on your device. Uninstall the app and it is gone.

11. Security

We use technical and organizational measures to protect your data:

• TLS encryption for all transfers between app and server.
• Encrypted storage of sensitive tokens (e.g. Spotify) in the database.
• Principle of least privilege in our backend.
• Regular dependency updates and security patches.
• Rate limits and abuse detection on OTP and API endpoints.

We make no formal compliance attestations (e.g. ISO 27001) and we do not promise absolute security — but we do our best.

12. Data Protection Officer

As a startup with fewer than 250 employees and no large-scale processing of special categories of data, we are currently not required to appoint a Data Protection Officer (Art. 37 GDPR, § 38 BDSG). Should this change, we will update this Policy.

For all privacy matters, the central contact is: hello@betogether.at.

13. Supervisory authority

You have the right to lodge a complaint with a supervisory authority:

• Austria: Datenschutzbehörde, Barichgasse 40–42, 1030 Vienna, https://www.dsb.gv.at
• Germany: the State Data Protection Commissioner responsible for your place of residence; at federal level, the Federal Commissioner for Data Protection and Freedom of Information (BfDI), https://www.bfdi.bund.de

14. Changes to this Policy

We may update this Policy when features, providers, or the legal environment change. For material changes, we will notify you in the app and, where required, ask for renewed consent. The current version is always available in the app under "Privacy".

15. Contact

Questions, requests, complaints? Write to us:

• Email: hello@betogether.at
• Postal address: Manuel Kirchebner, Schnapfen 11, 6361 Hopfgarten, Austria

We look forward to hearing from you.