Privacy Policy

1. What Data Do We Collect?

When using the Sonder platform, we collect the following types of personal information:

• Personal information: such as your name, date of birth, and gender (if voluntarily provided), as well as your email address and account registration data.
• Location data: including the location at the time of account registration and real-time GPS location. This data is used exclusively to show relevant events nearby. We always request your explicit consent before accessing your location.
• User activity: such as interactions within the app (e.g., downloads, shares, likes, saved events, preferences), use of the event calendar and festival categories, as well as your navigation behavior and usage preferences.
• Technical data: such as your IP address, device type, operating system, unique device ID, app version, and usage duration.
• Music integration data: which may include your Apple Music or Spotify listening preferences if you choose to connect your accounts. This is entirely optional and based on your consent.
• Tracking and analytics data: including the use of cookies and app trackers for functional and analytical purposes. We request your explicit consent upon first use of the app.

2. Why Do We Use Your Data?

We process your personal data for the following purposes:

• To operate and maintain the core functionality of the app, and to personalize content and event recommendations based on your behavior, location, and preferences.
• We may provide automated suggestions for events or content based on your interactions, attendance history, Spotify or Apple Music activity (if connected), and your geographic location.
• Your data also helps us to analyze usage patterns and improve the performance of our platform, as well as detect and prevent fraud or abuse, such as suspicious IP activity.
• If you have given explicit consent, we may use your information to send service-related notifications, feature updates, or promotional messages.
• We also use your data to comply with legal obligations and to enforce our Terms of Service.

3. Sharing Data With Third Parties

We do not sell your personal data. We only share your data with carefully selected third-party service providers (processors) who help us with technical infrastructure, analytics, hosting, and customer support. This includes, but is not limited to:

• Supabase
• Google Analytics and Google Search Console
• Meta SDK (Facebook / Instagram)

We may also share your data with festival organizers you choose to engage with, but only when this is functionally necessary.

In rare cases, we may share data with legal authorities if required to comply with a legal obligation such as a court order.

In the event of a business transfer, merger, or acquisition, we may transfer user data to the new owner, provided that you are informed and your rights remain protected.

If personal data is transferred outside the EU or EEA, we ensure that appropriate safeguards are in place, including the use of Standard Contractual Clauses (SCCs) where necessary. All our processors are bound by data processing agreements as required under Article 28 of the GDPR.

4. Data Security

We implement strict technical and organizational measures to protect your data. This includes:

• Encryption of your data during transmission (TLS) and in storage
• Controlled access to internal data sources
• Secure server infrastructure
• Regular backups and security audits

Although no system can be completely secure, we take all reasonable precautions to protect your personal data from unauthorized access, loss, or misuse.

5. Your Rights Under GDPR

You have several rights under the GDPR regarding your personal data:

You have the right to access the data we hold about you, to correct any inaccurate information, and to request deletion of your data under certain circumstances ("the right to be forgotten"). You may also restrict the processing of your data, object to certain types of processing (such as marketing), and request to receive your data in a portable format.

You have the right to withdraw your consent at any time. Withdrawing consent does not affect the lawfulness of data processing based on consent before it was withdrawn.

You can exercise these rights via the app's Privacy Preferences settings or by emailing us at privacy@sonderofc.com. Every marketing email you receive from us will include a direct unsubscribe link.

6. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes for which it was collected.

• Account data is retained while your account remains active and for no longer than twelve months after deactivation or deletion.
• Anonymized analytics data used for statistical purposes is stored for a maximum of twelve months.
• Marketing consent is retained until you withdraw it.
• Any data we are legally required to retain will be stored only as long as required under applicable law.

Once data is no longer needed for these purposes, we delete it securely or anonymize it.

7. Children's Privacy

Sonder is not intended for children under the age of 13. Users below this age are not permitted to create an account. We automatically block registrations based on birth date. If we become aware that personal data has been collected from a child under 13, we will promptly delete the data and deactivate the account.

8. External Services and Links

The app may contain links to external services, such as Spotify or ticketing platforms. These services are subject to their own privacy policies. We are not responsible for how those services collect, use, or share data.

9. Updates to This Policy

We may update this Privacy Policy occasionally. The date of the latest revision is listed at the top of this document.

If we make significant changes—such as introducing new data categories or new third-party partnerships—you will be informed through an in-app notification or by email, where applicable.

A "significant change" means any modification in the types of data we collect, how we use it, or who we share it with, especially if it involves profiling or marketing.

10. Contact

If you have any questions or requests regarding this Privacy Policy or your data, you may contact us at: