Privacy policy
As of: 2026-03-10
Note: This is a courtesy English summary. The legally binding version is the German privacy policy. In case of any discrepancy the German version prevails.
1. Controller
Sebastian Hümmecke (Flind)
Address: see imprint
Contact: info@flubr.app
2. Data protection officer
Not currently appointed.
Contact: info@flubr.app
3. Purposes and legal bases (Art. 6 GDPR)
- Provision of app features (account, profile, matching, chat, event check-in): Art. 6(1)(b) GDPR.
- Push notifications, camera, and location (only with your permission): Art. 6(1)(a) GDPR.
- IT security, abuse prevention, moderation, and operations: Art. 6(1)(f) GDPR.
- Statutory obligations (where applicable): Art. 6(1)(c) GDPR.
4. Data we process
- Personal data: name/display name, date of birth or age, gender, profile pictures, interests, bio, email, optionally phone number.
- Technical data: IP address, device information, app usage, session/presence data, security logs.
- Location data: location (with permission), distance checks, club position (GeoPoint), event check-in/check-out.
- Communication: matches, chats, images in chat, reports, blocks.
- Event/club data: event context, check-in times, organizer-side club/event data.
5. Sources of data
Data comes from your input in the app, from your usage of features, from device permissions, and from connected login providers (when used).
6. Recipients and processors
- Google Firebase / Google Cloud (Google Ireland Ltd., where applicable Google LLC): Firebase Authentication, Firebase Firestore, Firebase Storage, Firebase Cloud Messaging, Firebase Cloud Functions, Firebase App Check.
- IONOS (website hosting for flubr.app): operation of the homepage including technical server log processing.
- Google Maps Platform (Places API), where used.
- Apple and Google login services for social sign-in.
Data processing agreements under Art. 28 GDPR are concluded with processors where required.
7. Transfers to third countries
When using individual Google/Apple services and technical website infrastructure, transfers to third countries (in particular the USA) may take place. Appropriate safeguards are provided in particular via standard contractual clauses (Art. 46 GDPR), where applicable.
8. Retention and deletion
- Account data and profile content: until account deletion or earlier deletion by you.
- Communication data: until account deletion or feature-driven deletion.
- Raw check-in data with personal reference: only as long as required for operation and traceability.
- Aggregated metrics without personal reference may be retained indefinitely (e.g., total check-ins, age groups, gender distribution, new guests, returning rate).
On account deletion, personal data is deleted or anonymized, unless statutory retention obligations require otherwise.
9. Data security
We use technical and organizational measures to protect personal data against loss, manipulation, and unauthorized access.
10. Your rights
- Access (Art. 15 GDPR)
- Rectification (Art. 16 GDPR)
- Erasure (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Objection (Art. 21 GDPR)
- Withdrawal of consent with effect for the future (Art. 7(3) GDPR)
To exercise your rights: info@flubr.app
11. Account deletion
You can delete your account in the app under Settings → Delete account. Personal data is deleted or anonymized in the process. Aggregated statistics without personal reference are retained.
12. Right to lodge a complaint
You have the right to lodge a complaint with a data protection supervisory authority.
13. Changes to this privacy policy
We update this privacy policy when features, data processing, or legal requirements change.
14. Tracking and cookie notice
We currently do not use advertising trackers in the app. On the website we currently use only strictly necessary cookies.
The legal basis for technically necessary storage and access on your device is § 25(2)(2) TDDDG. Where personal data is processed, this is based on Art. 6(1)(f) GDPR (legitimate interest in secure and stable operation).
Tracking or marketing cookies are not currently active. If we use non-essential cookies in the future, we will obtain prior consent under § 25(1) TDDDG and Art. 6(1)(a) GDPR.