Privacy Policy — Daria Connect App
Effective date: 16 April 2026
Scope: Daria Connect iOS/Android app and the associated backend services at connect.daria-us.com. Not covered: the corporate website daria-us.com.
1. Data Controller
The controller within the meaning of the EU General Data Protection Regulation (GDPR) and other applicable data protection laws is:
Daria US Holding LLC 1525 Hendry Street Fort Myers, FL 33901 United States of America Phone: +1 (239) 946 5585 Email: life@daria-us.com
2. Scope
This Privacy Policy applies exclusively to the use of the Daria Connect App (iOS, Android) and the associated backend services under the domain connect.daria-us.com. A separate Privacy Policy applies to the website daria-us.com.
3. General Information on Data Processing
3.1 Extent of Processing
We process personal data of our users only insofar as this is necessary to provide a functional application and its contents and services. Processing is generally based on the user's consent or on a statutory permission.
3.2 Legal Bases
The legal bases for processing are:
- Art. 6(1)(a) GDPR — Consent (e.g. push notifications)
- Art. 6(1)(b) GDPR — Performance of a contract (providing the community platform to customers of the Daria group)
- Art. 6(1)(c) GDPR — Legal obligations
- Art. 6(1)(f) GDPR — Legitimate interests (IT security, abuse prevention, internal reporting)
4. Categories of Processed Data
4.1 Account and Profile Data
- Name (first name, last name), email address, password hash
- Profile picture, header image, up to 30 gallery photos
- Biography, location, occupation (each in German and English), date of birth
- Social profiles (linked), interest tags
- Visibility settings ("Show email", "Show online status")
- Membership start date, team-member status
Purpose: Profile display within the community, authentication, addressing. Legal basis: Art. 6(1)(b) GDPR.
4.2 Community Content
- Posts (title, teaser, body, images, videos up to 500 MB)
- Comments (two-level) including moderation flags
- Emoji reactions on posts and comments
- Votes in polls
Purpose: Provision of community features. Legal basis: Art. 6(1)(b) GDPR.
4.3 Usage Data and Activity Log
The app records defined user interactions to operate an internal loyalty-points system ("XP") and to generate anonymized reports on community health. The following events are recorded:
- Sign-ins and sign-outs
- Reading posts, reactions and comments, poll participation
- Profile updates (avatar, header, tags, social links)
Each event contains: a unique event UUID, the event type, an optional reference to an object (e.g. post ID), structured metadata (max. 2 KB, e.g. the emoji used) and a timestamp. The user ID is not transmitted from the device; the backend attributes the event via the authenticated session token.
Purpose: Awarding loyalty points, usage analytics for product improvement. Legal basis: Art. 6(1)(b) and (f) GDPR.
4.4 Device and Connection Data
- Push notification token (FCM) and platform information (iOS/Android) — only if the user has enabled push notifications
- Language preference (device
Accept-Languageheader) - App and operating-system version for error analysis
The session table stores neither the IP address nor the user agent of the device (intentional data minimization).
4.5 Diagnostics and Error Data (Sentry)
For technical error analysis we use Sentry (Functional Software, Inc., San Francisco, CA, USA, operated via sentry.io). The following data is transmitted:
- Error traces (PHP stack traces, Laravel / Livewire components)
- Technical breadcrumbs (preceding log entries, cache events, route navigation, SQL query structure without parameter values)
- Pseudonymous user ID (no email, no name)
Purpose: Stability monitoring, debugging. Legal basis: Art. 6(1)(f) GDPR.
5. Recipients and Processors
We engage the following processors within the meaning of Art. 28 GDPR in order to provide the app:
| Recipient | Purpose | Location | Third-Country Transfer |
|---|---|---|---|
| DariaHub backend (own system) | Data storage, authentication, synchronization | USA | EU-US Data Privacy Framework |
| Amazon Web Services, Inc. (S3) | Storage of images and videos | EU, Frankfurt (eu-central-1) | No (processing within the EU) |
| DeepL SE | Automatic translation of post content DE↔EN (Pro tier, no text retention by DeepL) | Cologne, Germany | No |
| Functional Software, Inc. (Sentry) | Error tracking | USA | EU-US Data Privacy Framework |
| Microsoft Corporation | Single sign-on for Daria-group customers | USA | EU-US Data Privacy Framework |
| Apple Inc. / Google LLC | Delivery of push notifications | USA | EU-US Data Privacy Framework |
Data processing agreements under Art. 28 GDPR are in place with all processors listed above. For third-country transfers to the USA we rely on the EU-US Data Privacy Framework; the affected providers are certified accordingly.
6. Retention Periods
| Data category | Retention |
|---|---|
| Account and profile data | For the duration of membership. After account deletion: database records are removed without delay; media stored in S3 are removed without delay. |
| Community content | Posts and comments may remain after account deletion without author attribution, if the content is relevant for the community; separate deletion upon request. |
| Usage data / activity log | Kept indefinitely in anonymized form for statistical evaluation; re-identification after account deletion is no longer possible. |
| Session data | Session tokens expire after a maximum of 8 hours or after 15 minutes of inactivity. |
| Diagnostics and error data (Sentry) | 90 days, then automatic deletion. |
7. Account Deletion
Users may delete their account at any time directly in the app under Profile > Settings > Delete Account. Upon deletion, the retention periods described in section 6 apply.
8. Data-Subject Rights
You have the right to:
- Access (Art. 15 GDPR)
- Rectification (Art. 16 GDPR)
- Erasure (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Object to processing (Art. 21 GDPR)
- Withdraw consent (Art. 7(3) GDPR)
To exercise these rights please contact:
Email: life@daria-us.com Postal address: see section 1
You also have the right to lodge a complaint with a data-protection supervisory authority (Art. 77 GDPR).
9. Push Notifications
Push notifications are sent only if you have explicitly opted in via the iOS or Android system prompt on your device. Consent can be withdrawn at any time in the operating-system settings.
Legal basis: Art. 6(1)(a) GDPR.
10. Security
Communication between the app and the backend takes place exclusively over TLS-encrypted connections. Media content is accessed via signed, time-limited access URLs. The backend is protected by authentication tokens bound to the respective device.
11. Use by Minors
The Daria Connect App is intended exclusively for adults (customers of the Daria group). Use by persons under the age of 16 is not permitted. If we become aware of data relating to minors, we will delete it without delay.
12. Changes to this Privacy Policy
We reserve the right to amend this Privacy Policy to reflect changes in the law or in our services. The updated Privacy Policy will apply to your next use of the app.
13. Language versions
This Privacy Policy is available in German and English. In the event of any inconsistency, the German version prevails.
German version: /privacy