DARIA Connect

Support Page

Privacy

Information about personal data processing in the DARIA Connect app.

DARIA Connect App Direct Support English

Privacy Policy — Daria Connect App

Effective date: 1 June 2026 Scope: Daria Connect iOS/Android app and the associated backend services at connect.daria-us.com. Not covered: the corporate website daria-us.com.

1. Data Controller

The controller within the meaning of the EU General Data Protection Regulation (GDPR) and other applicable data protection laws is:

Daria US Holding LLC 1525 Hendry Street Fort Myers, FL 33901 United States of America Phone: +1 (239) 946 5585 Email: app@daria-us.com

2. Scope

This Privacy Policy applies exclusively to the use of the Daria Connect App (iOS, Android) and the associated backend services under the domain connect.daria-us.com. A separate Privacy Policy applies to the website daria-us.com.

3. General Information on Data Processing

3.1 Extent of Processing

We process personal data of our users only insofar as this is necessary to provide a functional application and its contents and services. Processing is generally based on the user's consent or on a statutory permission.

3.2 Legal Bases

The legal bases for processing are:

  • Art. 6(1)(a) GDPR — Consent (e.g. push notifications, display on the member map)
  • Art. 6(1)(b) GDPR — Performance of a contract (providing the community platform to customers of the Daria group)
  • Art. 6(1)(c) GDPR — Legal obligations
  • Art. 6(1)(f) GDPR — Legitimate interests (IT security, abuse prevention, internal reporting)

4. Categories of Processed Data

4.1 Account and Profile Data

  • Name (first name, last name), email address, password hash
  • Profile picture, header image, up to 30 gallery photos
  • Biography, location, occupation (each in German and English), date of birth
  • Social profiles (linked), interest tags
  • Visibility settings ("Show email", "Show online status")
  • Membership start date, team-member status

Purpose: Profile display within the community, authentication, addressing. Legal basis: Art. 6(1)(b) GDPR.

4.2 Community Content

  • Posts (title, teaser, body, images, videos up to 500 MB)
  • Comments (two-level) including moderation flags
  • Emoji reactions on posts and comments
  • Votes in polls

Purpose: Provision of community features. Legal basis: Art. 6(1)(b) GDPR.

4.3 Usage Data and Activity Log

The app records defined user interactions to operate an internal loyalty-points system ("XP") and to generate anonymized reports on community health. The following events are recorded:

  • Sign-ins and sign-outs
  • Reading posts, reactions and comments, poll participation
  • Profile updates (avatar, header, tags, social links)

Each event contains: a unique event UUID, the event type, an optional reference to an object (e.g. post ID), structured metadata (max. 2 KB, e.g. the emoji used) and a timestamp. The user ID is not transmitted from the device; the backend attributes the event via the authenticated session token.

Purpose: Awarding loyalty points, usage analytics for product improvement. Legal basis: Art. 6(1)(b) and (f) GDPR.

4.4 Device and Connection Data

  • Push notification token (FCM) and platform information (iOS/Android) — only if the user has enabled push notifications
  • Language preference (device Accept-Language header)
  • App and operating-system version for error analysis

The session table stores neither the IP address nor the user agent of the device (intentional data minimization).

4.5 Diagnostics and Error Data (Sentry)

For technical error analysis we use Sentry (Functional Software, Inc., San Francisco, CA, USA, operated via sentry.io). The following data is transmitted:

  • Error traces (PHP stack traces, Laravel / Livewire components)
  • Technical breadcrumbs (preceding log entries, cache events, route navigation, SQL query structure without parameter values)
  • Pseudonymous user ID (no email, no name)

Purpose: Stability monitoring, debugging. Legal basis: Art. 6(1)(f) GDPR.

4.6 Chat / Direct Messages

The app offers a private one-to-one direct-messaging feature between two members ("Connect"). In this context we process:

  • Message content (plain text, max. 2,000 characters) — there are no attachments, images, voice messages or other media in the chat
  • Sender and recipient attribution (which two members are having a conversation)
  • Timestamps of each message and the time of the last message per conversation
  • Read status (up to which message and at what time a member has read a conversation)
  • Block relationships (which member has blocked which) as well as reports about individual messages, including the report reason and an optional note

Messages are stored and delivered on our backend (DariaHub, hosted in Germany); they are not persistently stored on the device. Transmission between the app and the backend is TLS-encrypted. Messages are not end-to-end encrypted: their content is stored in plain text in our database so that we can provide in-app search and moderate reported content (see section 10). Machine translation (DeepL) does not take place for direct messages.

When a new message is delivered, and provided push notifications are enabled, we send a push notification to the recipient's device. It usually contains the sender's first name and a generic note ("New message"); the actual message text is not transmitted in the push.

To protect against abusive behaviour, you can report individual messages and block other members (see section 11a).

Purpose: Provision of private one-to-one communication between members, delivery of notifications, abuse prevention and moderation. Legal basis: Art. 6(1)(b) GDPR (performance of a contract); for reporting, blocking and moderation data, Art. 6(1)(f) GDPR (legitimate interest in abuse prevention).

4.7 Map Display / Approximate Location

The app can display members as a pin on an internal map ("member map"). This feature is off by default and only takes effect after explicit consent via the toggle "Show me on the map" in your profile settings (opt-in). Before activation, you are informed in the app about the data processing involved — including the transfer to Google in the USA. Whether you appear on the map is voluntary; declining has no effect on the remaining functionality of the app.

We do not use GPS or a precise device location; the app does not request the operating-system location permission. The map pin is based solely on your approximate home address at the level of postal code, city and country, which is sourced from your profile (origin: member CRM HubSpot; no extra input step). A precise street or house number is not processed, not transmitted to Google and not displayed on the map.

To compute the coordinates we transmit postal code, city and country once per address change, server-side, to the Geocoding API of Google Maps Platform (Google LLC, Mountain View, CA, USA — see section 5); this happens only while the toggle is on. The computed coordinates are at approximately postal-code granularity and are additionally rounded when delivered to the app, so that the pin reflects only a coarse grid (on the order of about 1 km). For data minimization, the map shows only the first name (where applicable only the initial of the last name) and the approximate pin for each visible member. To render the map (map tiles, markers), the Google Maps JavaScript SDK is loaded on the device; for technical reasons this transmits the device's IP address and the requested map section to Google.

When you disable the toggle or delete your account, your stored coordinates are deleted immediately and permanently.

Purpose: Displaying members in your region on a map to support community exchange. Legal basis: Art. 6(1)(a) GDPR (consent via opt-in); for the underlying address processing Art. 6(1)(b) GDPR. Withdrawal: possible at any time, without giving reasons, by toggling the switch off in your profile settings. Withdrawal is effective only going forward.

5. Recipients and Processors

We engage the following processors within the meaning of Art. 28 GDPR in order to provide the app:

Recipient Purpose Location Third-Country Transfer
DariaHub backend (own system, hosted at Hetzner) Data storage (incl. profiles, posts and direct messages), authentication, synchronization Germany (EU) No (processing within the EU)
HubSpot, Inc. CRM / source of member master data (name, email, address, memberships), synchronization USA Standard Contractual Clauses (Art. 46 GDPR)
Amazon Web Services, Inc. (S3) Storage of images and videos EU, Frankfurt (eu-central-1) No (processing within the EU)
Mailjet (Sinch Email) Delivery of transactional emails (e.g. sign-in / login code) EU (France) No
Google LLC (Google Maps Platform) Geocoding of the home address (postal code/city/country → approximate coordinate; only with active map opt-in, see section 4.7) and rendering of the member map (map tiles, markers; transmitting device IP and map section to Google) USA Standard Contractual Clauses (Art. 46 GDPR)
DeepL SE Automatic translation of post content DE↔EN (does not apply to direct messages) Cologne, Germany No
Slack Technologies (Salesforce) Internal alerting of the moderation team (moderation metadata) USA Standard Contractual Clauses (Art. 46 GDPR)
Functional Software, Inc. (Sentry) Error tracking USA Standard Contractual Clauses (Art. 46 GDPR)
Apple Inc. / Google LLC Delivery of push notifications USA Standard Contractual Clauses (Art. 46 GDPR)

Data processing agreements under Art. 28 GDPR are in place with all processors listed above, ensuring an equivalent level of data protection. For transfers to recipients in the USA we rely on Standard Contractual Clauses pursuant to Art. 46 GDPR; where individual recipients are additionally certified under the EU-US Data Privacy Framework, this applies in addition.

6. Retention Periods

Data category Retention
Account and profile data For the duration of membership. After account deletion: your account is deactivated immediately. After 30 days your data is deleted permanently and irreversibly; profile media (profile picture, header image, gallery photos) are removed from S3 in the same step.
Community content Posts and comments remain after account deletion in anonymized form (without attribution to the original author), provided they are still relevant for the community. Images and videos attached to those posts are retained as part of the anonymized content — also to protect co-authors whose comments and reactions reference that material. Separate deletion of individual posts or individual media files is available upon request.
Chat / direct messages Messages remain stored for as long as the conversation exists or until one of the participating accounts is deleted. Upon account deletion, all messages you sent as well as your conversation memberships and read status are permanently deleted — including from your conversation partner's view; only the partner's own messages remain with them.
Location coordinates (member map) For as long as the "Show me on the map" toggle is active. Upon deactivation or account deletion, the coordinates are deleted immediately and permanently. Active coordinates are additionally treated as stale after a maximum of 30 days and recalculated or no longer displayed. Records of consent to map visibility are documented separately to meet our accountability obligations (Art. 5(2), Art. 7(1) GDPR).
Usage data / activity log Kept indefinitely in anonymized form for statistical evaluation; re-identification after account deletion is no longer possible.
Session data Session tokens expire after a maximum of 8 hours or after 15 minutes of inactivity.
Diagnostics and error data (Sentry) 90 days, then automatic deletion.

7. Account Deletion

Users may delete their account at any time directly in the app under Drawer > Settings > Delete Account. Your account is deactivated immediately. After 30 days your data is deleted permanently and irreversibly. Within this 30-day grace period you can request restoration by contacting us at app@daria-us.com. After the period has elapsed, restoration is no longer possible; the retention periods described in section 6 apply.

Alternatively, you may initiate account deletion without access to the app via our website: connect.daria-us.com/account-deletion.

8. Data-Subject Rights

You have the right to:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)
  • Withdraw consent (Art. 7(3) GDPR)

To exercise these rights please contact:

Email: app@daria-us.com Postal address: see section 1

You also have the right to lodge a complaint with a data-protection supervisory authority (Art. 77 GDPR).

9. Push Notifications

Push notifications are sent only if you have explicitly opted in via the iOS or Android system prompt on your device. Consent can be withdrawn at any time in the operating-system settings.

Push notifications also include alerts about new direct messages; these usually contain the sender's first name but no message text (see section 4.6).

Legal basis: Art. 6(1)(a) GDPR.

10. Security

Communication between the app and the backend takes place exclusively over TLS-encrypted connections. Media content is accessed via signed, time-limited access URLs. The backend is protected by authentication tokens bound to the respective device.

Direct messages are TLS-encrypted in transit but are not end-to-end encrypted: their content is stored in plain text in our database so that we can provide in-app search and moderate reported content. We treat this content confidentially and access it only within the scope of the purposes described (providing the feature, moderating reported content).

11. Use by Minors

The Daria Connect App is intended exclusively for adults (customers of the Daria group). Use by persons under the age of 16 is not permitted. If we become aware of data relating to minors, we will delete it without delay.

11a. Community Safety, Reporting and Blocking

For user-generated content (posts, comments, profiles and direct messages) we apply a zero-tolerance policy towards objectionable content and abusive behaviour. This requirement is part of the community guidelines you agree to upon first sign-in.

The following protective mechanisms are available to you in the app:

  • Reporting individual posts, comments and direct messages, stating a reason for the report
  • Blocking other members — including directly from their profile; a blocked member can no longer send you messages

Reported content is reviewed by our moderation team; objectionable content is removed or hidden, and abusive users may be excluded. Moderatively hidden messages remain stored internally for documentation and moderation purposes but are no longer visible to other members. For questions or to report abuse, you can reach us at any time at app@daria-us.com.

Purpose: Protection of the community, abuse prevention, fulfilment of platform obligations. Legal basis: Art. 6(1)(b) and (f) GDPR.

12. Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy to reflect changes in the law or in our services. The updated Privacy Policy will apply to your next use of the app.

13. Language versions

This Privacy Policy is available in German and English. In the event of any inconsistency, the German version prevails.

German version: /privacy