FestiBesti
Legal

Privacy Policy

Last updated: June 2026

Your privacy matters to us at FestiBesti. This policy explains which personal data we process in the FestiBesti app, for what purpose, on what legal basis, and what rights you have.

Controller

The controller for data processing in the FestiBesti app is:

Lukas Thiemann

Timm-Kröger-Straße 4

30177 Hannover

Germany

Email: privacy@firebnd.com

We are not legally required to appoint a data protection officer. For any privacy questions, reach us at the address above.

What data we process

We only collect the data needed to run the app:

  • Account data: the email address and name you provide at sign-up; if you sign in with Apple or Google, the sign-in data they pass to us.
  • Profile data: your festival selfie and, optionally, pronouns, a short bio, an Instagram handle and your date of birth. We derive your age from your date of birth and show it to other users; the exact date stays hidden.
  • Content: groups you create or join, meeting points, your camp pin, liked acts, and messages in group and direct chats.
  • Location data: your position, only when you actively use a feature that needs it, to drop your camp pin or show your spot on the festival map (see below).
  • Device and push data: a push token for your device so we can send you notifications.
  • Technical access data: to secure your session, we store your IP address and device/browser identifier (user agent) when you sign in.

Purposes and legal bases

We process your data on the following bases:

  • to perform the user contract (Art. 6(1)(b) GDPR), so you can use your account, find groups, share meeting points and chat;
  • based on your consent (Art. 6(1)(a) GDPR and Section 25 TDDDG) for access to your camera and location and for sending push notifications. You give this consent through your device's system prompts and can withdraw it there at any time;
  • to protect our legitimate interests (Art. 6(1)(f) GDPR) in the security of the app, protection against misuse, and stable operation;
  • to meet legal obligations (Art. 6(1)(c) GDPR), for example when we review reported content or are required to retain data.

Selfie and profile photo

An up-to-date selfie is required for an account. It serves as your profile picture and is shown to other festival-goers you are in contact with, so your group can tell it is really you. The image is stored encrypted with our storage provider (Cloudflare R2).

We do not use facial recognition and do not analyse your selfie biometrically to identify you. On upload, an automated check may run that only aims to reject clearly objectionable content (such as nudity); it does not identify people. You can replace your selfie in the app at any time.

Location data

Location data is only processed when you use a feature that needs it, such as dropping a camp pin or showing your position on the map. We do not track your location in the background and do not build movement profiles. Your camp pin is stored as a single point until you change or delete it. You can withdraw location access at any time in your device settings.

Direct messages and groups

Messages are stored so they can be delivered to recipients and shown in the chat history. You can block other people and report content or users. We may review and remove reported content and suspend the accounts involved to keep the community safe.

Minimum age and minors

FestiBesti is intended for people aged 18 and over. We do not knowingly process data of people under 18. If we learn that an account is held by a minor contrary to our Terms of Use, we remove it. The age of consent for data processing in Germany is 16 (Art. 8 GDPR); our minimum age is higher.

Recipients and processors

We do not sell your data. We share it only with carefully selected providers who help us run the app and process data solely on our behalf and instructions (Art. 28 GDPR):

  • Cloudflare for hosting, database and image storage;
  • Apple for delivering push notifications (Apple Push Notification service);
  • Apple or Google if you sign up via their sign-in service;
  • an email provider for sending system emails (for example to confirm your address).

We disclose data to authorities only where legally required.

Transfers to third countries

Some providers (in particular Cloudflare and Apple) may also process data in the USA. The transfer is safeguarded by appropriate measures, in particular the EU Commission's Standard Contractual Clauses and, where applicable, certification under the EU-US Data Privacy Framework.

Retention

We keep your data only as long as needed for the stated purposes:

  • account, profile and content data for as long as your account exists;
  • chat messages until the related group or your account is deleted;
  • technical access data (IP, user agent) for the duration of the session;
  • data on reports and blocks for as long as needed for community safety or legal obligations.

After you delete your account, we remove your personal data unless we are legally required to retain it.

No ads, no tracking

FestiBesti contains no advertising and no tracking. We use no analytics or advertising services and make no automated decisions with legal effect on you (Art. 22 GDPR).

Your rights under the GDPR

You have the right at any time to:

  • access the data we store about you (Art. 15);
  • have inaccurate data corrected (Art. 16);
  • have your personal data erased (Art. 17);
  • restrict processing (Art. 18);
  • data portability in a machine-readable format (Art. 20);
  • object to processing based on legitimate interests (Art. 21);
  • withdraw consent with effect for the future (Art. 7(3)).

You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The authority of your place of residence or of our seat is competent.

Deleting your account

You can delete your account directly in the app under "Edit profile". This removes your profile, your selfie and the data linked to your account.

Changes to this policy

We may adapt this privacy policy, for example for new features or changes in the law. The version published in the app at the time applies.

Contact

For any privacy questions or concerns, reach us at privacy@firebnd.com.