Privacy Policy

1. Controller

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Bastian John
John Tech
Lübsche Straße 115
23966 Wismar, Germany
Email: privacy@friendsync.app

2. Data We Collect

We collect the following categories of personal data:

  • Account data: your name, email address, and profile picture when you create an account (via email, Google, or Apple Sign-In).
  • Availability data: free days and times you enter for group scheduling.
  • Group data: group memberships and participation history.
  • Calendar sync data: availability information only (no appointment details) when you connect your calendar.
  • Device tokens: for push notifications (optional).
  • Usage data: anonymized technical information such as page views and interaction patterns, collected via Azure Application Insights (EU servers).

3. Legal Basis for Processing

We process your personal data on the following legal bases under Art. 6 GDPR:

  • Consent (Art. 6(1)(a)) — for push notifications and optional calendar synchronization. You may withdraw consent at any time.
  • Contract performance (Art. 6(1)(b)) — to provide the FriendSync service, manage your account, and calculate group meetup proposals.
  • Legitimate interest (Art. 6(1)(f)) — for anonymized usage analytics, service improvement, and security.

4. How We Use Your Data

Your data is used exclusively to provide and improve FriendSync’s group scheduling services:

  • Calculate optimal meeting proposals for your groups
  • Send notifications about group activities and meetup updates
  • Make restaurant reservations (when using the AI reservation feature)
  • Run the fairness algorithm for equal participation distribution

We never sell your personal data to third parties.

5. Third-Party Processors

We use the following third-party service providers to operate FriendSync:

  • Microsoft Azure (North Europe, Ireland) — hosting, database, and infrastructure. Microsoft processes data under Standard Contractual Clauses (SCCs) and the EU Data Boundary.
  • Resend (USA) — transactional email delivery. Data is processed under SCCs and the EU-US Data Privacy Framework.
  • Google (USA) — Google Fonts (font delivery), Google Places API (restaurant search), Firebase Cloud Messaging (push notifications). Google Privacy Policy
  • Apple (USA) — Apple Push Notification Service (push notifications on iOS). Apple Privacy Policy
  • Google & Apple Sign-In — OAuth authentication. We receive only your name and email; no password is transmitted to us. Data remains with the respective provider.

6. Cookies and Tracking

This marketing website does not use tracking cookies. The FriendSync app uses only technically necessary cookies required for authentication (session cookies). We do not use advertising cookies or third-party tracking tools. No consent banner is required for technically necessary cookies under the GDPR and TTDSG.

7. Data Retention

We retain your personal data only as long as necessary:

  • Account data is retained for the duration of your account plus 30 days after deletion.
  • Calendar sync data is deleted immediately upon disconnecting your calendar or closing your account.
  • Availability data is deleted when the associated meetup is completed or your account is closed.
  • Push notification tokens are deleted when you disable notifications or close your account.

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent at any time without affecting the lawfulness of prior processing

9. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for us is:

Der Landesbeauftragte für Datenschutz und Informationsfreiheit Mecklenburg-Vorpommern
Werderstraße 74a
19055 Schwerin, Germany

10. Data Security

We use industry-standard security measures to protect your data, including encryption in transit (TLS 1.2+) and at rest, access controls restricted to authorized personnel, and regular security reviews of our infrastructure.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the service. The current version is always available at this URL.

12. Contact

For privacy-related inquiries, please contact:

Bastian John, John Tech
Lübsche Straße 115, 23966 Wismar, Germany
Email: privacy@friendsync.app

Last updated: April 2026