Privacy Policy
Last updated: December 26, 2025
Introduction
This privacy policy describes how Groopa collects, uses, and protects your personal data when you use our progressive web application (PWA) for group and event management.
Data Controller:
Uroš Trstenjak s.p., computer programming
Tovarniška cesta 5, 2325 Kidričevo
Slovenia
Contact: app.groopa@gmail.com
Data We Collect
To provide Groopa services, we collect the following data:
Account Data
- Email address - for login, account verification, and communication
- Full name - for identification within groups
- Password - stored in encrypted form (hash), never in plain text
- Timezone - for correct display of event dates and times
Usage Data
- Group membership - groups you've joined and your role (owner/admin/member)
- Events - events you create or respond to
- Attendance - your responses to events (yes/no/maybe)
- Announcements - announcements you create as an administrator
- Custom fields - additional member information defined by group administrators
Technical Data
- Push notification token - for sending notifications to your device (Firebase Cloud Messaging)
- Device information - browser type for device identification
Purpose of Data Processing
We use your data for the following purposes:
- Account management - account creation, login, email verification, password reset
- Service provision - managing groups, events, attendance, and announcements
- Notifications - sending event reminders and group notifications (with your consent)
- Communication - sending system messages and responding to your inquiries
Legal Basis for Processing
We process your data based on:
- Contract performance - to provide the services you requested by registering
- Consent - for sending notifications (you can withdraw it at any time)
- Legitimate interests - for improving the service and ensuring security
Data Retention Period
We retain your data for the following periods:
- Account data - until you request account deletion
- Events and attendance - permanently as a historical group record
- Push tokens - 90 days of inactivity, then automatically deleted
- Verification tokens - 24 hours
- Password reset tokens - 1 hour
Your Rights
Under GDPR, you have the following rights:
- Right of access - you can request a copy of your data
- Right to rectification - you can correct incorrect data in settings
- Right to erasure - you can request deletion of your account
- Right to data portability - you can request your data in a structured format
- Right to withdraw consent - you can disable notifications at any time in settings
- Right to lodge a complaint - you can file a complaint with your local data protection authority
To exercise your rights, contact us at the email address below.
Data Security
We use the following measures to protect your data:
- Passwords are encrypted with bcrypt algorithm (never stored in plain text)
- All communication occurs over encrypted HTTPS connection
- Verification tokens are time-limited and single-use
- Authentication cookies are protected with HTTPOnly, Secure, and SameSite flags
International Data Transfers
Your data may be processed outside the EU through Firebase (Google) services, which provide appropriate safeguards in accordance with GDPR.
Children's Data
Groopa is not intended for children under 16 years of age. If you believe a child has provided personal data without parental consent, please contact us immediately.
Changes to Privacy Policy
We may update this privacy policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use of the application means you agree to the updated policy.
Contact
If you have questions about this privacy policy or the processing of your data, contact us: