sortida.
Legal

Privacy Policy

Last updated: 2026-05-15
Draft. This page is placeholder copy and is not legally binding until reviewed by qualified counsel. Don't link to it from production marketing until that review is complete.

At a glance

Sortida collects only the data we need to operate the service. We don't sell your data, we don't run third-party ad networks inside the app, and you can export or delete everything from Privacy Center at any time.

Who is the data controller

The data controller is Sortida SRL, Bucharest, Romania. Reach the data protection contact at privacy@sortida.app.

What we collect, and why

Account data: email, display name, optional username, optional avatar. Used to sign you in and show who you are to friends. Legal basis: contract performance (Art. 6(1)(b) GDPR).

Activity data: events you save, RSVP to, or buy tickets for; plans you create or join; messages within those plans. Used to power the feed and the social features. Legal basis: contract.

Payment data: when you buy a ticket, payment details are handled by Stripe — we never see your card number. We store the order ID, the Stripe session ID, and the amount.

Device/diagnostic data: coarse device info, error reports (via Sentry), and minimal usage events to fix bugs and monitor abuse. Legal basis: legitimate interest in keeping the service working.

Location: only if you allow the browser prompt, used to surface nearby events. Stored on your device, not on our servers.

Who we share data with

Partners who organise events you buy tickets for see your display name, the ticket type, and check-in status — what they'd see if you handed them a physical ticket.

Friends you connect with see your username, display name, avatar, vibes/categories you've added publicly, and plans you've invited them to.

Processors we rely on to run the service: Supabase (database/auth, EU region), Stripe (payments, US/EU), Resend (transactional email, EU), Sentry (error monitoring, EU), Vercel (hosting, EU/global). Each is under a data processing agreement.

We don't sell your data and we don't run third-party advertising inside the app.

Cookies

We use the minimum cookies needed for sign-in and for remembering your cookie preferences. See our cookies policy for the full list.

How long we keep your data

Account data is kept until you delete your account. Ticket and payment records are kept for 5 years to meet Romanian tax rules. Diagnostic data is kept for 30 days.

Your rights

Under GDPR you can request access to, correction of, deletion of, or portability of your data — directly inside the app at Privacy Center, or by writing to privacy@sortida.app. You can also lodge a complaint with the Romanian DPA (ANSPDCP,dataprotection.ro).

International transfers

Most data stays in the EU. Stripe and Vercel may process some data in the US under EU Standard Contractual Clauses.

Changes to this policy

We'll announce material changes inside the app and by email at least 14 days before they take effect.

Sortida · For legal inquiries, write to legal@sortida.app.