1. Controller
The controller for the processing of personal data in relation to CoasterBingo is Max Kievits, sole proprietorship, trading as CoasterBingo.
Address: Hoeckelsweg 96, Doornspijk, The Netherlands
Chamber of Commerce (KvK): 95396535
Email: support@coasterbingo.app
2. Scope of this Policy
This Policy applies to personal data processed when you create an account, use CoasterBingo, interact with friend-based features, purchase or restore Premium access, contact support, or otherwise interact with us regarding the service.
3. Categories of personal data we process
Depending on how you use CoasterBingo, we may process the following categories of personal data:
- Account and identity data, such as your display name, username, email address, profile photo and account identifiers;
- Authentication data, including login-related tokens or identifiers needed to maintain account access and security;
- Profile and activity data, including coaster credits, wishlists, achievements, ratings, profile preferences and similar in-app records;
- Social data, including friend requests, confirmed friendships, friend-based activity items and related visibility settings;
- Subscription and entitlement data, including whether you have Premium access and related purchase-state information received from Apple or stored in our backend for access control;
- Technical and device data, such as app version, operating system, language, IP-related or device-related information necessary for security, delivery and troubleshooting;
- Push notification data, including device tokens or comparable technical identifiers required to send notifications through Apple’s infrastructure;
- Support and correspondence data, including the contents of messages you send us and our replies; and
- Crash reports and diagnostics made available through Apple to help us investigate app stability and errors.
We do not state that we use advertising analytics or marketing email profiles because, based on the current product setup communicated to us, CoasterBingo does not use analytics for marketing and does not send marketing emails.
4. How we obtain personal data
We collect personal data directly from you when you register, fill in profile fields, add coaster data, use friend features, purchase or restore Premium, send us support messages, or enable notifications. We may also receive limited technical, billing-related or diagnostic data from Apple and limited infrastructure-generated data from our backend providers.
5. Purposes of processing
We process personal data for the following purposes:
- to create, administer and secure your account;
- to provide the core functionality of CoasterBingo, including tracking, progress, wishlists, achievements and friend-based features;
- to operate Premium access, restore purchases and enforce subscription entitlements;
- to send essential service communications and push notifications you have enabled;
- to investigate crashes, improve reliability, prevent abuse and maintain service security;
- to respond to questions, support requests, complaints and legal notices; and
- to comply with legal, tax, accounting, fraud-prevention and recordkeeping obligations.
6. Legal bases for processing
We process personal data on one or more of the following legal bases, depending on the specific processing activity:
- Performance of a contract: where processing is necessary to create and operate your account, provide the app, maintain friend features and deliver Premium functionality;
- Legal obligation: where processing is necessary to comply with legal duties such as accounting, tax, fraud prevention or lawful requests from authorities;
- Legitimate interests: where processing is necessary for the legitimate interests of operating, securing, defending and improving CoasterBingo, provided those interests are not overridden by your interests or fundamental rights; and
- Consent: where consent is legally required, for example where a platform permission or device setting requires your choice. You can withdraw consent at any time for future processing, without affecting prior lawful processing.
7. Profile visibility and social features
CoasterBingo currently uses a friend-based visibility model. Profiles and activity are not publicly visible. Relevant profile information and activity are intended to be visible only to users with whom you have a confirmed friendship connection inside the app.
Even with this restricted visibility, any information you choose to place in your profile or share through friend-based interactions may be seen by those confirmed friends. You should therefore avoid posting information you would not want such users to see.
8. Push notifications
CoasterBingo may send push notifications relating to social interactions, reminders or service-related events. Push notifications are delivered using Apple’s notification infrastructure. You can disable push notifications at any time through your device settings.
9. Recipients and processors
We may share personal data with the following categories of recipients where necessary:
- Supabase, as backend, database, authentication and storage provider;
- Apple, for App Store distribution, in-app purchase processing, purchase restoration support, push infrastructure and crash reporting;
- professional advisers, such as accountants, legal advisers or auditors, where disclosure is necessary and proportionate; and
- public authorities, regulators or law enforcement, where disclosure is required by law or reasonably necessary for legal claims or compliance.
Where a third party processes personal data on our behalf as a processor, we seek to put appropriate contractual safeguards in place, such as a data processing agreement where required by law.
10. International transfers
If personal data is processed outside the European Economic Area, we will seek to ensure that an appropriate transfer mechanism is used where required, such as an adequacy decision or the European Commission’s standard contractual clauses, together with supplementary measures where appropriate.
11. Retention periods
We do not retain personal data longer than necessary for the purposes for which it was collected, unless a longer retention period is required or justified by law, legal claims or security needs.
- Account data: for as long as your account remains active, and up to 30 days after a valid deletion request to complete deletion and account closure workflows;
- Profile data, coaster history, wishlists, achievements, friends data and in-app activity: for as long as your account remains active, and deleted within 30 days after account deletion, except insofar as temporary backups still apply;
- Backups: up to 90 days;
- Support communications: up to 2 years after the relevant request or complaint has been completed;
- Technical and security logs: up to 12 months, unless a longer period is reasonably necessary for a concrete security incident or legal claim;
- Crash reports and diagnostics available through Apple: up to 12 months, insofar as available to us through Apple systems;
- Subscription entitlement records in our backend: for as long as reasonably necessary to provide Premium access, handle disputes, restore purchases and prevent fraud, and up to 2 years thereafter unless a longer legal obligation applies; and
- Administrative or tax records: for as long as we are legally required to retain them under applicable law.
12. Security
We take appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access. Such measures may include access controls, authentication safeguards, encryption in transit where appropriate, least-privilege practices, logging and vendor controls.
No system can be guaranteed to be completely secure. You are also responsible for maintaining the confidentiality of your credentials and securing your device.
13. Your rights
Subject to the conditions and limitations laid down in applicable data protection law, you may have the right to request access to, rectification of, erasure of, restriction of or objection to the processing of your personal data, and the right to data portability where applicable.
Where processing is based on consent, you may withdraw that consent at any time for future processing. You also have the right to lodge a complaint with the competent supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens.
You can exercise your rights by contacting us at support@coasterbingo.app. We may request reasonable information to verify your identity before acting on a request.
14. Children
CoasterBingo is not intended for children under the age of 16. We do not knowingly permit account creation by users under that age. If you believe that personal data of a child under 16 has been processed unlawfully through CoasterBingo, contact us so that we can investigate and take appropriate action.
15. Changes to this Policy
We may amend this Privacy Policy from time to time to reflect legal, technical or operational developments. The most recent version will be made available through our website or within the app. If a change materially affects your rights, we will take reasonable steps to bring it to your attention before it takes effect, unless immediate changes are required for legal or security reasons.
16. Contact
For questions about this Privacy Policy or the processing of personal data, contact:
Max Kievits, trading as CoasterBingo
Hoeckelsweg 96, Doornspijk, The Netherlands
support@coasterbingo.app