PEAVO

Privacy Policy

Effective Date: 10 March 2026

This Privacy Policy explains how Martin Minárik, operating as Peavo (“Peavo”, “we”, “us”, “our”), collects, uses, shares, and protects personal data when you use the Peavo mobile application and related services (the “Service”). It also describes your rights under the General Data Protection Regulation (GDPR) and applicable EU/Czech law.

We are committed to handling your data transparently, collecting only what is necessary, and ensuring that your experience on Peavo is safe — especially for younger users.

1. Data Controller

The data controller responsible for your personal data is:

Martin Minárik
Velehradská 1735/28, Prague, Czech Republic
Email: hello@peavo.me

2. Data We Collect

We collect only the personal data that is necessary to provide and improve the Service. This includes:

2.1 Information You Provide

• Name and date of birth (required for age verification and profile)
• Profile photo (optional)
• Phone number (used for account verification via SMS)
• Event descriptions, messages, and other content you create or share

2.2 Information Collected Automatically

• Device information (device type, operating system, app version)
• IP address and approximate location (used for event discovery)
• Precise location — only shared with event members after you are accepted into an event
• Usage data (features used, events joined, session duration)
• Crash reports and performance diagnostics

2.3 Information from Third Parties

• If you sign in via a third-party identity provider (e.g. Apple, Google), we receive a unique identifier and, optionally, your name and email address
• Payment information is processed directly by Apple App Store or Google Play — we do not store payment card data

3. How and Why We Use Your Data

We process your personal data on the following legal bases under GDPR Article 6 (and Article 9 where applicable):

Contractual necessity (Art. 6(1)(b)):

• Creating and managing your account
• Enabling event creation, discovery, and participation
• Facilitating in-app messaging between event members
• Processing subscription purchases and event promotions

Legitimate interests (Art. 6(1)(f)):

• Improving app performance, stability, and features
• Detecting and preventing fraud, abuse, and safety violations
• Enforcing our Terms of Service and Community Guidelines

Legal obligation (Art. 6(1)(c)):

• Retaining certain records as required by Czech or EU law
• Responding to lawful requests from law enforcement or regulatory authorities

Consent (Art. 6(1)(a)) — where applicable:

• Sending you marketing communications (you can withdraw consent at any time)
• Processing data of users under 16 years of age, where verifiable parental consent is obtained

4. Data Sharing and Processors

We do not sell your personal data. We share data only as described below:

4.1 Other Users

When you join an event, your name, photo, and approximate age become visible to other event members. Your precise location is only shared with members of events you have been accepted into, and only while the event is active.

Your identity is not visible to non-members of events you have not joined, in line with our anonymization features.

4.2 Third-Party Service Providers

We use the following categories of processors under Data Processing Agreements (DPAs):

• Cloud infrastructure and database hosting (Supabase)
• Real-time messaging infrastructure (Stream Chat)
• Phone number verification / SMS (Twilio)
• Analytics and crash reporting
• Payment processing (Apple / Google — governed by their own privacy policies)

4.3 Legal Requirements

We may disclose your data if required by law, court order, or to protect the rights, safety, or property of Peavo, our users, or the public.

5. Data Retention

We retain your personal data only for as long as necessary for the purposes described in this Policy or as required by law:

• Account data: retained for the duration of your account, then deleted or anonymized within 30 days of account deletion
• Event and message content: deleted or anonymized 90 days after event completion, unless retained as part of an ongoing moderation or legal matter
• Phone verification data: deleted immediately after successful verification
• Usage and diagnostic data: retained in aggregated, anonymized form for up to 24 months
• Legal hold data: retained for the duration required by applicable law

6. Your Rights Under GDPR

If you are located in the European Economic Area, you have the following rights regarding your personal data:

• Right of access (Art. 15): Request a copy of the data we hold about you
• Right to rectification (Art. 16): Ask us to correct inaccurate or incomplete data
• Right to erasure (Art. 17): Request deletion of your data ('right to be forgotten')
• Right to restriction (Art. 18): Ask us to pause processing of your data
• Right to data portability (Art. 20): Receive your data in a structured, machine-readable format
• Right to object (Art. 21): Object to processing based on legitimate interests
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at hello@peavo.me. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Czech data protection authority (ÚOOÚ) at www.uoou.cz.

7. Minors and Parental Consent

Peavo is designed for users aged 16 and above. Users between 16 and 18 are considered minors under certain jurisdictions; by registering, their legal guardian is deemed to have reviewed and consented to these Terms and this Privacy Policy.

We do not knowingly collect personal data from children under 16. If we become aware that a user is under 16, we will promptly delete their account and associated data. If you believe a child under 16 has registered, please contact us at hello@peavo.me.

For users in countries where the age of digital consent is lower than 16, we apply the higher threshold to ensure the broadest protection.

8. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. These include:

• Encrypted data transmission (TLS/HTTPS)
• Encrypted data storage at rest
• Access controls limiting data access to authorized personnel only
• Regular security reviews and dependency updates

No method of transmission over the internet is 100% secure. In the event of a personal data breach that is likely to result in high risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by GDPR Article 34.

9. International Data Transfers

Peavo is operated from the Czech Republic (EU). Some of our third-party service providers may process data outside the EU/EEA. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or we rely on adequacy decisions where applicable.

10. Cookies and Tracking

The Peavo mobile app does not use cookies. We use functional analytics SDKs embedded in the app to collect anonymized usage and performance data. You can opt out of analytics data collection in the app settings.

If you access Peavo via our website (peavo.me), we may use essential cookies necessary for the site to function. Non-essential cookies are only placed with your consent.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via in-app notification or email at least 30 days before the changes take effect. The updated Policy will be accessible in the app and on our website.

Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

12. Contact Us

For any questions, requests, or concerns about this Privacy Policy or how we handle your data, please contact:

Martin Minárik (Peavo)
Velehradská 1735/28, Prague, Czech Republic
Email: hello@peavo.me

Download Privacy Policy (.docx)