Join Waitlist

PRIVACY POLICY

PRIVACY POLICY

Version 1 – Effective Date: 29 October, 2025

Data Controller; Acceptance at Sign-Up

Data Controller (GDPR Art. 4(7))
RS Community App UG (haftungsbeschränkt)
Kolonnenstr. 8, 10827 Berlin, Germany
VAT / Tax Number: 13749951197
Primary email: contact@24mitra.com
Additional: raul.simea@24mitra.com, simea_raul@yahoo.com
Phone: +49 1514 0130236

By creating an account or continuing to use MITRA, you confirm that you have read and agree to this Privacy Policy and our Terms of Use, and you consent (where required) to the processing and limited sharing with third-party processors/partners described herein. You may withdraw consent at any time (GDPR Art. 7(3)) without affecting prior lawful processing.

1. INFORMATION WE COLLECT

1.1 Personal Identification Information

Name, phone number, email address, date of birth, gender, nationality, profile photo, and similar identifiers. Sources: you (sign-up, profile), device/app usage, and (where applicable) social sign-in.

1.2 Profile and Activity Information

Interests, skill levels, activity preferences, tags, bio, messages, reviews/ratings; activities you create/join (time, location, attendance, stats). Purpose: matching, discovery, safety features, and platform operations.

1.3 Location Information

Precise geolocation (real-time GPS) and location history to enable matching, map features, and safety. You can disable location at device level and/or in-app; some features will be limited. We never collect location when you have turned off device location services for the app.

1.4 Device and Log Information

Device model, OS, app version, unique device identifiers, browser type, IP address, language, time zone, crash and diagnostic logs, and usage metadata. Used for security, fraud prevention, and performance.

1.5 Communications

Messages between users (end-to-end within our systems), support requests, and email content. We process metadata to operate features and enforce safety/terms. We do not read private messages for advertising; automated tooling may scan for abuse/spam/illegal content per our Terms.

Sensitive Categories (GDPR/US laws): We do not intentionally collect special categories (e.g., health, biometrics) unless you voluntarily disclose them in free-text fields. Precise geolocation is treated as sensitive and requires opt-in.

2. LEGAL BASIS FOR PROCESSING PERSONAL DATA (GDPR Art. 6)

We apply data minimization and purpose limitation (GDPR Art. 5).

3. DATA PROTECTION REPRESENTATIVE

A formal DPO is not required at this time (GDPR Art. 37 assessment). For privacy queries, contact: contact@24mitra.com
Postal: Kolonnenstr. 8, 10827 Berlin, Germany. We review this assessment periodically.

4. HOW WE USE YOUR INFORMATION

We do not use private message content for ad targeting.

5. USER-GENERATED CONTENT (UGC)

Visibility depends on your settings. By posting UGC, you grant us a worldwide, non-exclusive, royalty-free license to host, reproduce, display, and distribute it within MITRA for operational purposes and (with your consent where required) for promotional purposes. You can delete your UGC; cached/backup copies may persist for a limited period for security and legal reasons.

6. THIRD-PARTY SERVICES AND INTEGRATIONS

We integrate with:

Legal Basis for Sharing

We require third parties to use data only for contracted purposes and to protect it via DPAs (GDPR Art. 28).

7. SUBPROCESSORS AND JOINT CONTROLLERS

We work with processors and (where applicable) joint controllers under GDPR Art. 28 with signed DPAs and SCCs (if outside EEA). Examples:

Current list available on request: contact@24mitra.com. We will notify material changes before adding/replacing critical processors.

8. COOKIES AND TRACKING TECHNOLOGIES

Manage preferences anytime via our cookie banner and device/browser settings. We honor Global Privacy Control (GPC) signals for U.S. users (see §18).

9. AUTOMATED DECISION-MAKING AND PROFILING

We use algorithms to recommend activities and connections based on interests, behavior, and (with consent) location. These processes do not produce legal or similarly significant effects as defined by GDPR Art. 22. You may request human review, express your view, or contest outcomes: contact@24mitra.com.

10. SHARING AND DISCLOSURE

We may share:

We do not sell personal data (EU meaning). For U.S. definitions of “sell”/“share,” see §18.

11. YOUR RIGHTS AND CHOICES

How to Exercise Your Rights
Email contact@24mitra.com with subject “Data Request”. We will respond within 30 days (Art. 12) and may verify identity. Export and deletion are available in-app where supported or via email.

Supervisory Authority (Germany/BfDI)
Graurheindorfer Str. 153, 53117 Bonn, Germany – https://www.bfdi.bund.de/

12. DIRECT MARKETING AND CONSENT (GDPR + UWG)

Marketing emails/notifications are sent only with explicit opt-in consent (GDPR Art. 6(1)(a), §7 UWG). Unsubscribe via the link in emails or by contacting contact@24mitra.com. Withdrawal does not affect prior lawful processing.

We do not use dark patterns for consent. Consent requests are granular, freely given, and separable from service terms.

13. DATA RETENTION

We retain data no longer than necessary (GDPR Art. 5(1)(e)):

CategoryTypical RetentionRationale
Account profileUntil deletion + up to 3 yearsLegal/audit/defense
Logs/diagnostics6–12 monthsSecurity, debugging
MessagesUser-controlled; limited backupsSafety/disputes
Marketing consentUntil withdrawalProof of consent
GeolocationShortest feasible windowService functionality
UGCUntil user deletesService continuity

Upon deletion, backups are purged on rolling schedules (max 90 days) unless legal holds apply.

14. CHILDREN’S PRIVACY

MITRA is not intended for under-16s (EU). If we learn we processed data from a minor without valid consent, we will delete it. Age checks are implemented reasonably. For U.S. users under 13, see COPPA in §18.10.

15. INTERNATIONAL DATA TRANSFERS

Where data is transferred outside the EEA/UK, we use Standard Contractual Clauses (SCCs) (and UK IDTA where applicable), and conduct Transfer Impact Assessments. Primary hosting is in the EEA; certain processors may operate in the U.S. We require equivalent protection and challenge unlawful access requests where legally possible.

16. TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES

Data Breach Notification (GDPR Art. 33/34): If a breach likely risks your rights, we will notify affected users and the competent authority without undue delay.

17. CHANGES TO THIS POLICY

We will post updates here and, for material changes, notify you in-app or by email at least 7 days before they take effect (unless urgent for legal/compliance reasons). Archived versions available on request.

18. U.S. STATE PRIVACY NOTICE (CPRA/CA, VCDPA/VA, CPA/CO, CTDPA/CT, UCPA/UT)

This section supplements the Policy for residents of California, Virginia, Colorado, Connecticut, and Utah.

18.1 Categories Collected (Past 12 Months)

18.2 Purposes of Use

Provide services, matching, communications, security/fraud prevention, analytics, debugging, and (with consent) marketing.

18.3 Sources

You (account, in-app), device, analytics tools, and (if enabled) calendar/maps integrations.

18.4 Disclosure for Business Purposes

We disclose to service providers/processors (hosting, analytics, communications) under written contracts restricting use to business purposes.

18.5 “Sale” or “Sharing” (CPRA)

We do not sell your Personal Information for money. We may “share” (CPRA term) limited identifiers for cross-context behavioral advertising only with your consent (cookie banner). You may opt out at any time via “Do Not Sell or Share My Personal Information” in the app/web footer and through Global Privacy Control (GPC) signals, which we honor.

18.6 Targeted Advertising & Profiling (VA/CO/CT/UT)

We engage in targeted advertising only with your consent (where required). You may opt out in settings or via the footer link. We do not use automated decisions producing legal/similarly significant effects without additional safeguards.

18.7 Your U.S. State Rights

Submit requests via contact@24mitra.com (subject: “U.S. Privacy Request”) or in-app (where available). We will verify your identity and respond within the applicable statutory timeframe. Authorized agents may submit requests with proof of authorization.

18.8 Appeals (VA/CO/CT)

If we deny your request, you may appeal by replying to our decision email within 30 days. If unresolved, you may contact your state Attorney General.

18.9 Nondiscrimination

We will not deny services, charge different prices, or degrade quality because you exercised a privacy right. (We currently do not offer financial incentive programs for personal data.)

18.10 Children (COPPA/CPRA)

We do not knowingly collect data from children under 13. If discovered, we will delete it. We do not sell or share data of consumers under 16 without affirmative authorization.

19. CONTACT

RS Community App UG (haftungsbeschränkt)
Kolonnenstr. 8, 10827 Berlin, Germany
Primary: contact@24mitra.com

Raul.Simea@24mitra.com
Phone: +49 1514 0130236

© 2025 MITRA. All rights reserved.

Be Among the First 10,000 Berliners!

Get early access to MITRA and be part of our exclusive launch community.

Sign up now to receive updates, early invites to events, and a chance to shape the future of real-life social connection in Berlin!