Privacy Policy
Effective date: 1 June 2026 · Last updated: 1 June 2026
This Privacy Policy explains how your personal data is collected, used, shared and protected when you use the getPlnz mobile application and related services (together, the “Service”).
We take your privacy seriously and process your personal data in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, or “GDPR”) and Belgian data protection law.
1. Who we are (Data Controller)
The Service is operated by Samuel Cecere, a self-employed individual (secondary occupation / zelfstandige in bijberoep) trading under the business name “Samu Studio”.
| Enterprise number (KBO/BCE) | 1035.896.256 |
|---|---|
| VAT number | BE 1035.896.256 |
| Establishment unit number | 2.386.725.877 |
| Country of establishment | Belgium |
| hello@getplnz.com | |
| Website | getplnz.com |
Samuel Cecere is the data controller responsible for your personal data. In this Privacy Policy, “getPlnz”, “we”, “us” and “our” refer to the data controller named above. We are not legally required to appoint a Data Protection Officer. For any question, contact us at hello@getplnz.com.
2. Scope
This Privacy Policy applies to the getPlnz mobile application (for iOS and Android) and to the getPlnz website (getplnz.com), which currently serves as an informational landing page. The Service is currently available to users in Belgium and is intended for people aged 18 or older (see Section 11).
3. The personal data we collect
We only collect the data we need to operate the Service:
3.1 Account and identity data
- Email address;
- Password — handled by Firebase Authentication; we never see or store your password in plain text;
- A unique account identifier.
3.2 Profile data
- Display name, profile photo, gender, city;
- Date of birth — used to confirm you are at least 18 and to display your age to other users;
- Nationalities, short biography (“bio”), home region.
3.3 Activity data
- The activities (“plnz”) you book and your booking and participation history;
- The feedback you submit after an activity (star rating and optional comment).
3.4 Social and communication data
- The people you met at past activities (“recently met”), and your like/skip decisions;
- Your matches and connections;
- Messages you send and receive in activity group chats and one-to-one chats, including photos you share in those chats.
3.5 Payment data
When you book a paid activity, your payment is processed by Stripe. We receive confirmation of the transaction and limited transaction metadata (amount, currency, payment status and a payment reference). We do not receive or store your full payment card number — card details are processed directly by Stripe.
3.6 Gamification data
- Experience points (“XP”), level, and monthly activity counts.
3.7 Moderation and safety data
- Reports you submit or that concern you;
- Users you have blocked;
- Users you have added to your private “rather not” list (a soft-block: the other user is never told, never sees that you added them, and we never share the list with anyone else). Used only to filter who is suggested to you and to warn you privately when one of them joins an activity you are in (or vice-versa);
- Any suspension (“ban”) status applied to your account.
3.8 Technical and device data
- A push notification token (Firebase Cloud Messaging / Apple Push Notification service);
- Device and app information, IP address and log data inherently processed by our hosting provider to operate and secure the Service.
3.9 Location
We do not collect your precise GPS location. We only use the region or city you choose yourself, and the addresses associated with activities.
4. How and why we use your data, and our legal bases
We process your personal data only where we have a legal basis under Article 6 GDPR.
| Purpose | Legal basis |
|---|---|
| Create and manage your account; provide and operate the app and its core features | Performance of a contract (Art. 6(1)(b)) |
| Process activity bookings and payments | Performance of a contract; legal obligation for accounting and invoicing |
| Enable group chats, one-to-one chats, matching and connections | Performance of a contract |
| Send push notifications | Your consent — you can turn notifications off at any time; service and legal-update messages may rely on our contract or legitimate interest |
| Keep the Service safe: security, fraud prevention, moderation, handling reports, blocks and suspensions | Our legitimate interests and, where applicable, legal obligation |
| Respond to your questions and provide support | Performance of a contract / our legitimate interests |
| Comply with legal obligations (tax and accounting retention, lawful requests) | Legal obligation |
| Establish, exercise or defend legal claims | Our legitimate interests |
| Inform you about material changes to our Terms or this Policy | Legal obligation / our legitimate interests |
Where we rely on consent, you may withdraw it at any time. Where we rely on our legitimate interests, you have the right to object (see Section 10). We do not use your data for behavioural advertising, and we do not sell your personal data.
5. Automated decision-making and profiling
The Service includes features such as activity recommendations and a matching system. These do not produce legal effects concerning you or similarly significantly affect you within the meaning of Article 22 GDPR. We do not carry out automated decision-making with a legal or similarly significant effect on you.
6. Who we share your data with
We do not sell your personal data. We share it only with:
6.1 Other users
Certain profile information (display name, photo, age, gender, city, nationalities, bio, level) and the content you post (chat messages, shared photos) is visible to other users, as necessary for the Service to function.
6.2 Service providers
- Google (Google Ireland Limited / Google LLC) — Firebase: hosting, database, authentication, file storage, server logic and push notifications;
- Stripe (Stripe Payments Europe, Limited and affiliates) — payment processing;
- Apple Inc. — app distribution via the App Store and push delivery via the Apple Push Notification service;
- Google — app distribution via Google Play and push delivery.
6.3 Authorities and legal requirements
We may disclose personal data to public authorities or courts where necessary to comply with a legal obligation or to establish, exercise or defend legal claims.
6.4 Business transfers
If the Service is transferred to another operator, your personal data may be transferred as part of that transaction. We will inform you in advance.
7. International data transfers
Your personal data is primarily stored on servers located in the European Union (Google Cloud region europe-west1, Belgium). Some providers (Google, Stripe, Apple) may process certain data outside the European Economic Area. Where they do, transfers are protected by appropriate safeguards required by the GDPR, in particular the European Commission's Standard Contractual Clauses and/or an adequacy decision.
8. How long we keep your data
- Account and profile data — for as long as your account exists.
- When you delete your account — your personal data is deleted promptly, except: payment and invoicing records are kept for 7 years (Belgian accounting and tax law); reports are kept as a moderation audit record; and messages you posted remain visible to other chat participants but are anonymised (shown as “Deleted user”).
- Inactive accounts are not automatically deleted.
- Backups may contain your data for a limited period before being overwritten.
9. How we protect your data
We take appropriate technical and organisational measures, including encryption in transit (HTTPS/TLS), strict database access rules, server-side validation of sensitive operations, access controls, and reputable infrastructure providers. No method of transmission or storage is completely secure; if a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the competent authority and, where required, you, in accordance with Articles 33 and 34 GDPR.
10. Your rights
Under the GDPR you have the rights of access, rectification, erasure, restriction, data portability, objection, and the right to withdraw consent at any time.
How to exercise your rights. You can edit your profile, manage push notifications, block/unblock users and permanently delete your account directly in the app. For any other request, contact hello@getplnz.com. We respond without undue delay and within one month, as provided by the GDPR.
Right to lodge a complaint. You may lodge a complaint with the Belgian supervisory authority:
Gegevensbeschermingsautoriteit (Data Protection Authority)
Drukpersstraat 35, 1000 Brussels, Belgium
Tel.: +32 (0)2 274 48 00 · Email: contact@apd-gba.be
www.gegevensbeschermingsautoriteit.be
11. Children
The Service is intended only for people aged 18 or older. It is not directed at children, and we do not knowingly collect personal data from anyone under 18. If we become aware that a minor has created an account, we will delete it.
12. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. When we make a material change, we will notify you in advance by email and/or an in-app notice. The “Last updated” date above always indicates the most recent version.
13. Contact us
Samuel Cecere — “Samu Studio” (registered in Belgium, KBO 1035.896.256)
Email: hello@getplnz.com
Our full registered address is available on request and via the Belgian Crossroads Bank for Enterprises (KBO/BCE) public register using the enterprise number above.