Torinox Privacy Policy

TorinoX (“TorinoX”, “we”, “us”) is a nightlife and events discovery app for Turin, Italy. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and the rights you have. We act as the data controller for the personal data described here. By using the app you agree to this policy. If you do not agree, please do not use the app.

• Profile information: your name, username, profile picture, and any preferences you add.
• Account & contact data: your email address (handled securely via Google sign-in) and, if you sign up for an event, your phone number.
• Location data: if you grant permission, your approximate latitude and longitude, used to show nearby events, activities, and people. You can revoke this at any time.
• Content you create: event likes, event sign-ups, direct messages, comments, tips you submit, map activities, and “stories”.
• Event sign-up details: the name, email, phone, and any guest names you provide when getting a pass for an event.
• Push notification data: if you enable notifications, a device subscription token so we can deliver messages to you.
• Technical & log data: IP address, device and browser type, app version, pages/screens viewed, and server logs. This is generated automatically when you use the app and helps us keep it running and secure.
• Diagnostics & analytics: crash reports and error logs (to fix problems) and aggregated usage analytics (to understand which features are used and improve them).
• Device storage: small amounts of data saved on your device (e.g. your login session and app settings such as scanner preferences).

• Provide the core service: show events, friends, and nearby activities, and let you sign up for events.
• Enable social features such as friends, messaging, and stories.
• Deliver event passes and share the relevant sign-up details with the event organiser so they can manage entry.
• Send notifications you have opted into (you can turn these off any time).
• Review user-submitted tips before they are published, and moderate content for safety.
• Monitor errors and analyse usage to fix bugs and improve the app.
• Protect the security and integrity of the platform and prevent abuse or fraud.
• Comply with legal obligations.

Where the EU General Data Protection Regulation applies, we rely on the following legal bases:

• Contract: creating your account and providing the features you request, including event sign-ups.
• Consent: location access, push notifications, and analytics — which you can withdraw at any time.
• Legitimate interests: keeping the app secure, preventing abuse, and improving the service.
• Legal obligation: where we are required by law to process or retain data.

We do not sell your personal data. We share it only with trusted service providers who process it on our behalf to run the app:

• Supabase — database, authentication, and file storage.
• Google Cloud — app and server hosting.
• Google — sign-in (authentication) and push-notification delivery.
• Sentry — error and crash diagnostics.
• PostHog — product usage analytics.

Some of these providers may process data outside the European Economic Area (for example in the United States). Where that happens, transfers are protected by appropriate safeguards such as the European Commission’s Standard Contractual Clauses.

We keep your personal data for as long as your account is active. If you delete your account, we remove your profile and associated content. Some data may be retained for a limited period afterwards where necessary for security, dispute resolution, legal compliance, or in routine backups, after which it is deleted. Server and diagnostic logs are kept only for a short period.

Under the GDPR and applicable law, you have the right to:

• Access: request a copy of the personal data we hold about you.
• Rectification: correct inaccurate or incomplete data from your Profile settings.
• Erasure: delete your account and associated data using the “Delete Account” option in Settings.
• Restriction & objection: ask us to limit or stop certain processing.
• Portability: receive your data in a portable format.
• Withdraw consent: disable location and push notifications any time via the app or your device settings.
• Complain: lodge a complaint with your local data protection authority. In Italy this is the Garante per la protezione dei dati personali.

We use device storage and similar technologies that are essential to operate the app — for example to keep you signed in and to remember your settings — and a limited set of analytics technologies to understand usage. We do not use third-party advertising trackers.

We use industry-standard measures to protect your data, including encryption in transit and database row-level security that restricts access to your own records. No method of transmission or storage is completely secure, but we work to protect your information and review our safeguards regularly.

TorinoX is a nightlife app intended for adults. You must be at least 18 years old to create an account and use the app. We do not knowingly collect data from anyone under 18; if we learn that we have, we will delete it.

We may update this policy as the app evolves. We will revise the “Last updated” date above and, where changes are significant, notify you in the app. For any privacy question or to exercise your rights, contact us at support@iosvisual.com.