Last updated: March 2026
This Privacy Policy explains how CeeU ("we", "us", "our") collects, uses, stores, and protects your personal data when you use the CeeU mobile application and the website ceeu.app (together, the "Service"). We are committed to protecting your privacy in accordance with the European General Data Protection Regulation (GDPR / DSGVO) and applicable German data protection laws.
1. Controller (Verantwortliche Stelle)
[DEIN NAME]
[STRASSE, PLZ STADT]
Deutschland
E-Mail: support@ceeu.app
If you have questions about data protection, please contact us at support@ceeu.app.
2. Data We Collect
We collect and process the following categories of personal data:
2.1 Account Data
- Email address β required for account registration and authentication.
- Display name β a freely chosen name, not required to be your real name.
2.2 Music Preferences
- Selected genres, favorite songs, and favorite artists β used exclusively for the matching algorithm.
2.3 Approximate Location
- City and country derived from your IP address (via ipapi.co). We do not use GPS, precise geolocation, or continuous location tracking.
2.4 Chat Messages
- Messages exchanged between matched users are stored for service delivery (matching experience, reveal mechanics, and chat history).
2.5 Device and Technical Data
- Push notification token (for delivering notifications).
- Anonymized crash reports (via Sentry) β device type, OS version, and app version.
2.6 Optional Data
- Age range and gender β provided voluntarily to improve match relevance. You may skip these fields entirely.
3. Purpose and Legal Basis
We process your personal data for the following purposes under the following legal bases (Art. 6(1) DSGVO):
- Art. 6(1)(b) DSGVO β Contract performance: Account creation, matching, anonymous chat, reveal mechanics, coin and subscription management, push notifications, and customer support.
- Art. 6(1)(a) DSGVO β Consent: Processing of optional data (age range, gender) and approximate location for improved matching. You may withdraw consent at any time.
- Art. 6(1)(f) DSGVO β Legitimate interests: Security (fraud prevention, abuse detection), service improvement, and anonymized crash reporting.
4. Third-Party Processors (Auftragsverarbeiter)
We use the following third-party service providers to operate the Service:
- Google LLC / Firebase (USA) β Authentication, real-time database, cloud functions, push notifications. Data transfer to the USA is governed by Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) DSGVO.
- Supabase Inc. (USA) β File and media storage. Protected by SCCs.
- Spotify AB (Sweden) β Music metadata (song titles, artist names, album art) for the matching experience. No user data is sent to Spotify.
- Sentry (USA) β Anonymized crash and error reporting. No personally identifiable information is transmitted. Protected by SCCs.
- ipapi.co β IP-based geolocation (city and country only). Your IP address is processed transiently and not stored by us.
5. Data Sharing
We do not sell, rent, or trade your personal data to any third party. Data is shared only with the processors listed above, strictly for the purposes described in this policy.
6. Data Retention
- Account data: Retained until you delete your account, plus a 30-day cleanup period.
- Chat messages: Retained until account deletion. Upon deletion, messages are anonymized (your identity is removed, but the other user's copy may remain in anonymized form).
- Crash reports: Retained for 90 days, then automatically deleted.
- Location data: Processed transiently; not permanently stored.
7. Your Rights (Art. 15β22 DSGVO)
As a data subject under the GDPR, you have the following rights:
- Right of access (Art. 15) β Request a copy of the personal data we hold about you.
- Right to rectification (Art. 16) β Correct inaccurate personal data.
- Right to erasure (Art. 17) β Request deletion of your personal data ("right to be forgotten").
- Right to restriction of processing (Art. 18) β Request limitation of processing under certain circumstances.
- Right to data portability (Art. 20) β Receive your data in a structured, machine-readable format.
- Right to object (Art. 21) β Object to processing based on legitimate interests.
- Right to withdraw consent (Art. 7(3)) β Withdraw consent at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at support@ceeu.app. We will respond within 30 days.
8. Account Deletion
You can delete your account at any time via Settings β Account β Delete Account in the CeeU app. Deletion is permanent and irreversible. All your personal data, including music preferences and chat history, will be removed within 30 days. Anonymized message copies may remain for the other user's chat history.
9. Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the competent supervisory authority:
Bayerisches Landesamt fΓΌr Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany
www.lda.bayern.de
10. Cookies and Tracking
The CeeU website (ceeu.app) does not use tracking cookies, analytics scripts, or any third-party tracking technologies. We use localStorage exclusively to save your theme preference (dark/light mode). No analytics data is collected on ceeu.app.
11. Children's Privacy
CeeU is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. Users aged 13β17 require verifiable parental or guardian consent to use the Service. If we become aware that we have collected data from a child under 13 without consent, we will delete the account and associated data promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via the app (push notification or in-app banner). The updated policy will be effective upon posting on ceeu.app with a new "Last updated" date.
If you have any questions, contact us at support@ceeu.app.