Privacy Policy
This Privacy Policy describes how Bluestand ("Bluestand," "we," "our," or "us") collects, uses, and shares personal data when you use the Bluestand mobile application and related services (the "Service"). We are based in Serbia and we offer the Service worldwide, including to users in the European Union and the European Economic Area.
If you have any questions about this Policy, contact us at contact@bluestand.app.
1. Who we are
Bluestand is operated by [LEGAL ENTITY OR FOUNDER NAME], based in [CITY], Serbia. We are the data controller responsible for your personal data under the EU General Data Protection Regulation (GDPR) and applicable Serbian data protection law.
2. What information we collect
We collect information in three ways: information you give us directly, information you generate as content, and information we collect automatically.
Information you provide directly
- Account information: email address and password when you sign up.
- Profile information: your chosen username, optional avatar image, optional short bio, and an optional free-text location label.
Content you upload
- Photos and any associated captions.
- Photo metadata (EXIF): camera make and model, focal length, exposure settings, and capture timestamp, where present in the photo file.
- GPS coordinates and compass heading indicating where and which direction the photo was taken.
- A "has people" indicator you set when uploading to flag whether the photo includes identifiable people.
Information we collect automatically
- Push notification token issued by your device's operating system when you enable notifications.
- Activity data: spots you found, photos you upload, follows, saves, comments, and reports.
- Crash reports and error diagnostics collected via Sentry for the purpose of fixing bugs.
We do not collect precise device location independently of the photos you choose to upload. We do not show personalized advertising and we do not sell your personal data.
3. How we use your information
We use the information described above to:
- Operate the core function of the Service — match your uploaded photos to a spot, render sightlines on the map, and display contributions to other users.
- Communicate with you — send transactional emails (account verification, password resets) and, only if you enable them, push notifications about activity related to you.
- Protect the community — review reports, enforce these rules, and prevent abuse.
- Improve reliability — diagnose crashes and errors.
- Comply with legal obligations that apply to us.
4. Legal basis for processing (GDPR)
For users in the EU and EEA, we rely on the following legal bases under Article 6 GDPR:
| Activity | Legal basis |
|---|---|
| Creating and operating your account; storing your photos; powering social features | Contract (Article 6(1)(b)) |
| Sending push notifications | Consent (Article 6(1)(a)) — you can withdraw consent any time in Settings |
| Preventing abuse, diagnosing crashes, securing the Service | Legitimate interest (Article 6(1)(f)) |
| Meeting legal obligations | Legal obligation (Article 6(1)(c)) |
You can withdraw consent or object to legitimate-interest processing at any time by contacting us at contact@bluestand.app.
5. Sharing with third parties
We use the following third-party service providers ("sub-processors") to operate the Service. We share only the data they need to perform their function. None of them sell your data.
| Provider | Location | Purpose |
|---|---|---|
| Supabase | Ireland (EU) | Database, file storage, authentication, push delivery |
| Mapbox | United States | Map tiles and basemap rendering |
| Sentry | United States | Crash reporting and error diagnostics |
| Expo | United States | Push notification delivery |
| Resend | United States | Transactional email (verification, password resets) |
| Cloudflare | United States | DNS and content delivery |
| Vercel | United States | Hosting of our public website |
We may also disclose information when required by law, to enforce these terms, or to protect the rights, property, or safety of Bluestand, our users, or the public.
6. International transfers
Some of our sub-processors are located outside the EU/EEA, including in the United States. When we transfer your personal data outside the EU/EEA, we rely on Standard Contractual Clauses approved by the European Commission, or another lawful transfer mechanism, to ensure your data continues to receive an equivalent level of protection.
7. How long we keep your data
We retain your personal data for as long as your account is active.
If you delete your account, we delete your profile, your uploaded photos, and your activity data (follows, saves, comments) within a reasonable period, except where we are required to retain certain information for legal reasons.
Crash and diagnostic logs are retained for a short technical period (typically up to 90 days) and are not used to identify you.
8. Your rights
If you are in the EU/EEA, GDPR Articles 15 to 22 give you the following rights:
- Access the personal data we hold about you
- Rectification of inaccurate data (you can edit most of this yourself in your profile)
- Erasure ("right to be forgotten") — you can delete your account in Settings, or contact us
- Restriction of processing
- Data portability — request a copy of your data in a machine-readable format
- Object to processing based on legitimate interests
- Withdraw consent at any time (for example, by disabling push notifications)
- Lodge a complaint with your local data protection authority
In Serbia, the supervisory authority is the Commissioner for Information of Public Importance and Personal Data Protection (Poverenik za informacije od javnog značaja i zaštitu podataka o ličnosti).
To exercise any of these rights, email us at contact@bluestand.app. We will respond within 30 days.
9. Children
Bluestand is not intended for children under the age of 13. If you are in the EU, you must additionally meet your country's minimum digital consent age (which may be up to 16) or have your parent or guardian's consent.
If you believe a child has provided personal data to us, please contact us at contact@bluestand.app and we will delete the account.
10. Security
We use industry-standard measures to protect your data, including encryption in transit (HTTPS), encryption at rest for stored files, row-level security on our database, and authentication via established providers. No system is perfectly secure, however, and we cannot guarantee absolute security.
11. Changes to this Policy
We may update this Policy from time to time. When we make material changes, we will notify you in the app or by email before the changes take effect. The "Last updated" date at the top reflects the latest revision.
12. Contact
For any privacy-related question, request, or complaint:
Email: contact@bluestand.app
Postal address: [PHYSICAL ADDRESS IF REQUIRED]