Privacy Policy for the Clubster App

Data controller

Controller under GDPR for Clubster app processing is:

Nuvexonix (sole proprietorship)
Proprietor: Florian Bläsius
Erlenweg 6
83624 Otterfing
Germany

Email (support and privacy): support@nuvexonix.com
Website: https://nuvexonix.com/en

Scope of this policy

This policy applies to the mobile Clubster app and closely coupled Clubster Business web interfaces. General website-only processing is additionally described in the website privacy policy.

What data can be processed

• Account data: email, hashed password, UID, display name, optional profile information.
• Usage data: viewed clubs/events, favorites, interactions with groups and polls.
• Location data: location signals from the operating system when permission is enabled.
• Device and technical data: app version, OS version, language, timestamps, technical identifiers.
• User-generated content: ratings, texts, group entries, uploads, moderation reports.
• Operator data: business verification data, role assignments, and related workflow records.
• Support communication: message content and technical metadata for support requests.
• Security and logs: technical logs for stability, fraud prevention, and abuse detection.

Legal basis for processing

• Art. 6(1)(b) GDPR - performance of contract (account, app functionality, business workflows).
• Art. 6(1)(a) GDPR - consent (for example location access, optional push categories).
• Art. 6(1)(f) GDPR - legitimate interest (security, anti-abuse, system stability).
• Art. 6(1)(c) GDPR - legal obligations where required.

Registration, login, and account security

Clubster uses secure authentication flows (including verification and security checks) to protect accounts. In guest mode, functionality is limited and may process reduced technical data.

You can request account deletion through in-app options or via support@nuvexonix.com.

Location, push, and device permissions

Location access is used to show nearby venues and events. Push tokens are used to deliver functional notifications, and optional campaign notifications where applicable. Permissions are managed through your device settings and can be changed at any time.

User content, reports, and moderation

User and operator content can be reviewed by moderation systems and authorized teams where needed to enforce terms, protect users, and process abuse reports.

Business verification and subscription operations

For business onboarding, verification, and subscription-related web flows, additional records may be processed, including role data, verification artifacts, and workflow status history.

Infrastructure providers

Clubster relies on cloud infrastructure and security tooling (for example Firebase/Google services) to operate app features, security controls, and backend workflows. Where processors are used, data processing is governed by contractual safeguards.

Security tools

Anti-abuse systems may process technical signals to prevent automated misuse and protect platform integrity.

How long data is stored

• Account and profile data: as long as required for active account use and legal obligations.
• Support and moderation records: as long as required for resolution, safety, and legal compliance.
• Technical logs: limited retention for security, diagnostics, and reliability.
• Deleted account data: deleted or anonymized according to legal and operational requirements.

GDPR rights

• Access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restriction (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection (Art. 21 GDPR)
• Withdrawal of consent (Art. 7(3) GDPR)
• Complaint to a supervisory authority

Changes to this policy

This policy may be updated when product functionality, legal requirements, or infrastructure change. The latest version is published on this page.

Last update: March 2026