HomeAbout Us

Kreiso Privacy Policy

Last updated: March 18, 2026

This Privacy Policy explains how Kreiso collects, uses, stores, and protects your personal data when you use our website (kreiso.app), our mobile application, and any related services (collectively, the "Service"). This policy applies to our waitlist, our mobile app, and all features within.

1. Data Controller

Kreiso is operated by:

Nikita Konstantinovskiy Operating as Kreiso Görrestr. 11, 80798, München, Germany nikitakonst1@gmail.com

For the purposes of the EU General Data Protection Regulation (GDPR), Nikita Konstantinovskiy is the data controller responsible for your personal data.

2. Data We Collect

2.1 Waitlist

When you join our waitlist, we collect:

  • Email address
  • Phone number (if provided)

2.2 Account & Profile Data

When you create an account, we collect:

  • Name
  • Date of birth
  • Profile photo
  • Country of origin
  • Languages spoken
  • City of residence

2.3 Onboarding Survey Data

During onboarding, we collect your responses to our compatibility survey, which includes:

  • Life stage
  • Work field
  • Education level
  • Time in your city
  • Interests (selected from a curated list)
  • Humor style preference
  • Conversation depth preference
  • Social format preference
  • Friend priorities
  • Connection intent
  • Event preferences
  • Deal breakers
  • Venue preferences (like/dislike swipes on curated venue cards)

2.4 Event Area Data

You set your preferred event area on a map, which provides us with:

  • Approximate geographic center point (latitude and longitude)
  • Preferred radius (in kilometers)

We do not collect or track your real-time GPS location.

2.5 Behavioral Data

As you use the Service, we collect:

  • Event commitments and attendance
  • Post-event feedback (ratings, free-text responses)
  • Social preferences expressed through feedback (e.g., which group members you would meet again)
  • Activity ratings

2.6 Payment Data

If you make payments through the Service, payment processing is handled by Stripe. We do not store your credit card number, bank account details, or other financial account information on our servers. Stripe collects and processes your payment data as an independent data controller under its own privacy policy.

2.7 Spam and Abuse Prevention

We use Google reCAPTCHA to protect the Service from spam, bots, and abuse. reCAPTCHA collects hardware and software information (such as device and application data) and sends it to Google for analysis. Your use of reCAPTCHA is subject to Google's Privacy Policy and Terms of Service.

2.8 Automatically Collected Data

When you use the Service, we automatically collect:

  • Device type and operating system
  • App version
  • Crash reports and error logs
  • General usage patterns (screens viewed, features used)

We use cookieless analytics. We do not use tracking cookies, advertising pixels, or cross-site tracking technologies.

3. How We Use Your Data

We use your data for the following purposes:

  • Waitlist management: To notify you when the Service launches or when a spot becomes available.
  • Account creation and authentication: To create and secure your account.
  • Compatibility matching: To compute similarity scores between users, form compatible groups for events, and generate personalized event recommendations. This is the core function of the Service.
  • Event coordination: To organize events, form groups, assign venues, and facilitate group communication.
  • Improving the Service: To refine our matching algorithm based on aggregated feedback and behavioral patterns. We do not use your data to train third-party AI or machine learning models.
  • Communication: To send you event notifications, feedback requests, re-engagement reminders, and essential service updates.
  • Safety and enforcement: To enforce our Terms of Service and protect users from harmful behavior.
  • Payment processing: To process event fees or subscription payments through Stripe.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:

Purpose Legal Basis
Waitlist communication Your consent (Art. 6(1)(a) GDPR)
Account creation and service delivery Performance of a contract (Art. 6(1)(b) GDPR)
Compatibility matching and group formation Performance of a contract (Art. 6(1)(b) GDPR)
Payment processing Performance of a contract (Art. 6(1)(b) GDPR)
Service improvement and analytics Legitimate interest (Art. 6(1)(f) GDPR)
Safety and enforcement Legitimate interest (Art. 6(1)(f) GDPR)
Push notifications and re-engagement emails Your consent (Art. 6(1)(a) GDPR)

You may withdraw your consent at any time by contacting us or adjusting your notification settings within the app. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

5. Who We Share Your Data With

We do not sell, rent, or trade your personal data to third parties. We share data only with the following service providers ("processors") who process data on our behalf and under our instructions:

Service Provider Purpose Data Location
Google Firebase (Firebase Auth, Firestore, Cloud Messaging, Crashlytics) Authentication, real-time data storage, push notifications, error tracking EU (Belgium)
Google Cloud SQL Database hosting (PostgreSQL) for matching computation EU (Belgium)
Firebase Hosting Hosting the landing page and web assets EU (Belgium)
Resend Transactional email delivery (waitlist confirmations, event notifications, feedback requests) United States
Stripe Payment processing United States
Google reCAPTCHA Spam and abuse prevention EU (Belgium)

All processors are bound by data processing agreements and process your data only for the purposes described in this policy.

We may also disclose your data if required by law, regulation, legal process, or governmental request, or to protect the rights, safety, or property of Kreiso, our users, or the public.

6. International Data Transfers

Your data is primarily processed and stored on servers located in the EU (Belgium). Some third-party processors (Resend, Stripe) may process data in the United States, which constitutes a transfer of personal data to a third country.

We ensure adequate protection for these transfers through:

  • The EU-U.S. Data Privacy Framework, where applicable
  • Standard Contractual Clauses (SCCs) approved by the European Commission, where the Data Privacy Framework does not apply

You may request a copy of the applicable transfer safeguards by contacting us at nikitakonst1@gmail.com.

7. Data Retention

We retain your data as follows:

Data Type Retention Period
Waitlist data (email, phone) Until you unsubscribe or until 12 months after the last contact, whichever is earlier
Account and profile data For the duration of your account, plus 180 days after account deletion
Survey and behavioral data For the duration of your account, plus 180 days after account deletion
Payment records As required by applicable tax and accounting law (typically 7–10 years for transaction records)
Crash reports and error logs 180 days

After the retention period, your data is permanently deleted or irreversibly anonymized.

During the 180-day post-deletion period, your data is deactivated and inaccessible to other users. This period exists to allow you to recover your account if you change your mind, to resolve any outstanding payment disputes (which may take up to 120 days), and to maintain the integrity of group and event records for other users who participated in shared events.

8. Your Rights

8.1 Rights Under GDPR (EEA, UK, Switzerland)

You have the right to:

  • Access your personal data and obtain a copy
  • Rectify inaccurate or incomplete data
  • Erase your data ("right to be forgotten")
  • Restrict processing in certain circumstances
  • Data portability — receive your data in a structured, machine-readable format
  • Object to processing based on legitimate interests
  • Withdraw consent at any time for processing based on consent
  • Lodge a complaint with a supervisory authority. For Germany, this is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach.

8.2 Rights Under U.S. State Privacy Laws

If you are a resident of California, Colorado, Connecticut, Virginia, or another U.S. state with an applicable privacy law, you have the right to:

  • Know what personal data we collect, use, and share
  • Delete your personal data
  • Opt out of the sale of your personal data. We do not sell your personal data.
  • Non-discrimination for exercising your privacy rights

8.3 How to Exercise Your Rights

To exercise any of these rights, contact us at nikitakonst1@gmail.com. We will respond within 30 days. We may ask you to verify your identity before processing your request.

You can also delete your account directly within the app, which initiates the 180-day deletion process described above.

9. Age Requirement

The Service is restricted to users aged 16 and older. We do not knowingly collect personal data from anyone under 16. If we learn that we have collected data from a person under 16, we will delete it promptly. If you believe a minor has provided us with personal data, please contact us at nikitakonst1@gmail.com.

Certain events may have additional age restrictions (e.g., 18+ for events at alcohol-serving venues). These restrictions are displayed on each event listing.

10. Security

We implement technical and organizational measures to protect your data, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Firebase Authentication with secure token management
  • Access controls limiting data access to essential operations
  • Regular security reviews of our infrastructure

No method of transmission or storage is completely secure. If you discover a security vulnerability, please report it to nikitakonst1@gmail.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a prominent notice within the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Contact

For any questions, concerns, or requests regarding this Privacy Policy or your personal data:

Nikita Konstantinovskiy Operating as Kreiso Görrestr. 11, 80798, München, Germany nikitakonst1@gmail.com