App Privacy Policy

Effective date: March 12, 2026
Applies To: All users of the voor mobile app and voorsocial.com web platform.

Voor, operated by Voor Social ("we", "us", "our"), provides a mobile application and related services that help users discover and join real-world sports activities, events, and tournaments, register and pay for participation, communicate with other participants, and manage their account.

This Privacy Policy explains what personal data we collect, how we use it, who we share it with, how long we keep it, and what rights you have. This Policy is designed to be consistent with our Google Play Data Safety declarations.

1. Scope

This Policy applies to:

• The Voor mobile application (Android package: com.voorsocial.app)
• Related web services and APIs used by the app (including api.voorsocial.com and voorsocial.com)
• Account creation, authentication, payments, chat, notifications, referrals, and support workflows

It does not apply to third-party services that have their own privacy policies (listed in Appendix A), except as described in this Policy.

2. Data Controller

The data controller for data processed through the Voor app is Voor Social. For contact details, see Section 19.

3. Data We Collect

Depending on which features you use, we may collect the following categories of data:

A. Account and Identity Data

• Email address (provided at signup or via Google Sign-In)
• Name (first and last name, provided at signup/profile or received from your Google account)
• User and account identifiers (including Firebase UID and internal account ID)
• Profile photo (uploaded from camera or gallery, or received from your Google account during Google Sign-In)
• Authentication credentials and tokens (password hash via Firebase Auth; Firebase auth tokens; Google Sign-In credential data)

B. Profile and Registration Data

• Phone number (required to complete your profile)
• Date of birth
• Gender (required to complete your profile)
• T-shirt size (required to complete your profile)
• Activity registration details (registration type, team or group name, team captain status, registration status)

C. Team and Group Registration Data

When you register as part of a team or group, you or a team captain may provide personal data about other participants, including their name, email address, gender, and t-shirt size. If you submit personal data about others, you confirm you have their permission to do so.

D. Payment and Transaction Data

• Payment and order metadata (order code, status, amount, currency, payment method, timestamps, failure reasons)
• Purchase and payment history displayed in your account
• Coupon or discount codes you apply

Important: cardholder payment details (card number, CVV, expiry) are collected and processed entirely by Viva Wallet in their own payment interface. We do not collect, see, or store full payment card numbers.

E. Location Data

• Approximate and precise device location, only when you actively use location-enabled features (venue search, map view)
• Location is accessed only while the app is in the foreground and the feature is in use; we do not track your location in the background

F. Communications and User Content

• Chat messages and related metadata (stored in Firebase Realtime Database)
• Support and contact form submissions (name, email, subject, message)

G. Referral Data

• If you use the referral feature, we process referral codes and related identifiers to attribute referrals

H. Device, Technical, and Diagnostics Data

• Device and app identifiers (including Firebase installation ID, push notification token / FCM token)
• IP address (collected automatically by Firebase and Sentry as part of network requests)
• Crash logs, error traces, stack traces, and diagnostics (collected by Sentry only when technical logs are enabled in your app consent/preferences; sensitive fields are scrubbed before transmission)
• Basic app interaction data needed for functionality and stability monitoring
• App version information

I. On-Device / Local Storage Data

• Authentication tokens and session data (stored securely on your device)
• Language preference (English or Greek)
• Notification preference settings
• Other user preferences stored locally

This data stays on your device and is not transmitted to us unless it is part of an API request.

J. Data You Provide Voluntarily

• Any additional information you submit in forms, profile fields, or communications with us

4. Data We Do Not Collect

• We do not serve advertising and do not collect data for advertising purposes
• We do not collect or store full payment card numbers, CVV, or card expiry dates
• We do not track your location in the background
• We do not collect data from users under 18 (see Section 15)

5. Permissions We Request (Android)

The app may request the following permissions, each tied to a specific feature:

• Location (ACCESS_COARSE_LOCATION and ACCESS_FINE_LOCATION): requested only when you open the venue map or search for nearby venues. Used to show nearby sports venues and activities on a map.
• Camera: requested only when you tap the option to take or change your profile photo. Used to capture profile photos.
• Notifications (POST_NOTIFICATIONS, Android 13+): requested when you enable notifications in app settings or at an appropriate point after onboarding. Used to send activity updates, registration confirmations, and chat message notifications.
• Internet (INTERNET): required for all app features that connect to our services.

Permissions are requested contextually at the time the relevant feature is used. You can revoke any permission at any time in your device settings; doing so may limit the related feature.

6. How We Use Your Data

We use personal data for the following purposes:

• Account creation, authentication, and session management (email/password and Google Sign-In)
• Sending transactional and security communications (email verification, password reset)
• Providing core app features: browsing and searching activities, registering for activities, processing payments for real-world activity participation, team and group management, viewing registration history
• Enabling chat between registered activity participants (messages stored in Firebase Realtime Database)
• Enabling map and venue discovery using your location
• Delivering push notifications that you have enabled
• Processing referrals
• Displaying your payment and registration history
• Preventing abuse, fraud, and unauthorized access to accounts and services
• Monitoring app reliability, diagnosing crashes, and improving app stability and performance
• Responding to support requests
• Complying with legal obligations and enforcing our terms

7. Legal Bases (EEA/UK Users)

Where GDPR or UK GDPR applies, we process data under one or more of:

• Performance of a contract: to provide the app features and services you request, including registration, payment, and chat.
• Legitimate interests: to secure, maintain, monitor, and improve our services; to prevent fraud.
• Consent: where required, including for permission-based features (location, camera, notifications) and marketing communications if applicable.
• Legal obligation: where processing is required by applicable law.

You can withdraw consent for permission-based processing at any time by changing your device or app settings.

8. How and When We Share Data

We do not sell personal data. We do not share personal data for advertising purposes.

We may share data with:

• Service providers and processors that help us operate the app and its features:
  • Firebase by Google (authentication, push messaging, realtime database for chat, app identifiers)
  • Google Maps Platform (map rendering and venue search using your location)
  • Sentry (crash reporting, diagnostics, and performance monitoring)
  • Viva Wallet (payment processing for activity registrations)
• Our backend API and hosting providers that support app operations
• Authorities, regulators, or law enforcement where required by applicable law or valid legal process
• Professional advisors (legal, accounting) under confidentiality obligations
• A successor entity in the event of a merger, acquisition, or business transfer, subject to legal safeguards and notice to affected users

We require service providers to process personal data only as instructed, under appropriate contractual, security, and confidentiality controls.

9. Payments

Voor facilitates payments for registration in real-world sports activities, events, and tournaments. These are real-world services, not digital goods consumed within the app.

Payments are processed through Viva Wallet. When you make a payment, you are redirected to a Viva Wallet-hosted payment interface.

We receive and store payment metadata (order code, amount, status, timestamps) to confirm your registration, display payment history, and handle support inquiries.

Viva Wallet collects and processes your payment card details under their own privacy policy and PCI compliance.

Refund and dispute handling follows applicable payment regulations and our terms of service.

10. Chat and User-Generated Content

Chat features allow registered users to communicate in the context of activities they participate in.

• Chat messages and metadata are stored in Firebase Realtime Database.
• Chat is available only to authenticated, registered users.
• You are responsible for the content you submit in chat.
• Users may report inappropriate content or behavior through available reporting mechanisms and block other users.
• Moderators may remove specific reported messages when policy violations are confirmed.
• We may moderate, restrict, anonymize, or remove content to enforce our terms, protect users, or comply with law.

What happens to chat data when you delete your account

• Private chats (one-to-one): private chat rooms that include your account are deleted.
• Team chats: messages authored by your account are anonymized (for example sender identity fields are removed and deleted markers are added).
• Chat cleanup is processed as a background task after account deletion so account deletion is not blocked by chat operations.

11. Email Communications

We send the following types of emails through our backend services:

• Email verification after account creation
• Password reset emails
• Transactional emails related to registrations or account changes

We do not send marketing emails unless you separately consent.

12. Account Deletion and Your Choices

You can request deletion of your account:

• In-app: Profile -> Delete Account
• On the web (without signing in): https://www.voorsocial.com/data-removal, or by emailing support@voorsocial.com from your account email

When deletion is requested:

• We delete or anonymize your account data from active systems within 30 days.
• Some records may be retained beyond this period where required for legal compliance, tax or accounting obligations, fraud prevention, dispute resolution, or backup integrity.

Notification controls

You can control notifications at two levels in the app:

• Push notifications (device-level delivery): in Privacy / Notifications settings, disabling push removes your FCM token and stops mobile push delivery.
• Category preferences (content-level): in Notification Settings, you can toggle categories such as chat, activities, promotions, and games.

Important behavior details:

• Chat opt-out: when chat notifications are disabled, chat notifications are not sent to that user.
• Push opt-out: disabling push stops FCM delivery, but in-app notification center entries may still be available for applicable events.
• Service / transactional notices: certain account, registration, payment, security, or operational notifications may still appear in-app or email where necessary to provide the service.
• After account deletion: private chat rooms are deleted; team chat messages may remain in timeline context but are anonymized so they are no longer linked to an active account.
• After deletion, you will no longer be able to sign in or access account features.

You can also control the following at any time:

• Notification permissions (device settings or app preferences)
• Location permissions (device settings)
• Camera permissions (device settings)
• Language preference (app settings)

13. Data Retention

We retain personal data only as long as needed for the purposes described in this Policy or as required by law.

• Account and profile data: retained while the account is active. Deleted or anonymized within 30 days of account deletion, unless legal retention applies.
• Payment and transaction records: retained for up to 7 years as required for tax, accounting, and legal compliance.
• Chat messages: retained while the associated activity or conversation is active. Private chat rooms involving deleted accounts are removed; team chat messages from deleted accounts are anonymized and retained only as needed for conversation continuity, moderation, or legal obligations.
• Crash and diagnostic logs: retained for up to 90 days, then deleted or aggregated.
• Security and audit logs: retained for up to 12 months for incident response and legal purposes.
• Backups: may persist for a limited backup cycle (typically up to 30 days) before automatic overwrite or deletion.

14. Security Measures

We use administrative, technical, and organizational safeguards to protect personal data, including:

• Encryption of all data in transit (HTTPS/TLS for all API and service connections)
• Cleartext traffic is disabled in the app (usesCleartextTraffic is set to false)
• Secure on-device storage for authentication tokens
• Access controls and role-based permissions on backend systems
• Sensitive data scrubbing in crash reports (personal data is removed before transmission to Sentry)
• Logging and monitoring for suspicious or unauthorized activity
• Regular security review and incident response practices

No system can guarantee absolute security. If we become aware of a security breach affecting your personal data, we will notify you and relevant authorities as required by law.

15. Children's Privacy

Voor is not directed to children under 18. We do not knowingly collect personal data from children under 18. Our target audience is users aged 18 and older.

If we learn that we have collected personal data from a child under 18 without appropriate consent, we will delete that data promptly.

16. International Data Transfers

Your data may be processed in countries outside your country of residence, depending on where our service providers operate (including the United States and European Economic Area).

Where required by applicable law, we rely on lawful data transfer mechanisms such as Standard Contractual Clauses or adequacy decisions.

17. Your Privacy Rights

Depending on your location, applicable law may give you the following rights:

• Right to access: obtain a copy of your personal data
• Right to rectification: correct inaccurate or incomplete data
• Right to erasure: request deletion of your data (see Section 12)
• Right to restriction: limit how we process your data in certain circumstances
• Right to object: object to processing based on legitimate interests
• Right to data portability: receive your data in a structured, commonly used format
• Right to withdraw consent: where processing is based on consent, withdraw at any time
• Right to lodge a complaint: file a complaint with your local data protection authority

To exercise any of these rights, contact us using the details in Section 19. We will respond within the timeframe required by applicable law (typically 30 days under GDPR).

18. Data Safety Declaration Alignment

This Policy covers all data types declared in our Google Play Data Safety form:

• Personal information (name, email, user IDs, phone number, date of birth, gender, t-shirt size)
• Financial information (purchase history, payment metadata)
• Location (approximate and precise, foreground only)
• Messages (in-app chat messages — text only; email addresses stored in Firebase as part of chat participant data)
• Photos (profile photo)
• Other user-generated content (team names, group names, team member data submitted by team captain)
• App info and performance (crash logs, diagnostics — collected by Sentry only when user opts in via Technical Logs preference)
• Device or other identifiers (Firebase installation ID, FCM token)

We do not collect app interaction or behavioural analytics data. All collected data is encrypted in transit. Users can request data deletion both in-app and through a web-based request path described in Section 12. We do not share data for advertising. We do not serve ads.

19. Contact Us

For privacy questions, data requests, or complaints:

• Email: support@voorsocial.com
• Website: voorsocial.com/contact-us

Please include enough detail for us to verify your identity and process your request. We aim to respond within 30 days.

20. Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will notify you through the app or by other reasonable means before the changes take effect. The "Last updated" date at the top reflects the most recent revision.

Appendix A - Third-Party Services

The app uses the following third-party services, each with their own privacy policy:

• Firebase by Google (Authentication, Cloud Messaging, Realtime Database) — Privacy: firebase.google.com/support/privacy
• Google Maps Platform — Terms: cloud.google.com/maps-platform/terms, Privacy: policies.google.com/privacy
• Sentry (crash and error monitoring) — Privacy: sentry.io/privacy/
• Viva Wallet (payment processing) — Privacy: vivawallet.com/privacy-policy

Please review each provider's policy for details of their own data processing activities.