Privacy Policy
Last updated: February 26, 2026
1. Data Controller
YayPlans is operated by:
Unique Prime GmbH
Schottenfeldgasse 20/6A
1070 Wien, Austria
Company Register: FN 552654 b
For privacy-related inquiries, contact us at: privacy@yayplans.com
2. Information We Collect
We collect the following types of information:
Account Information
When you sign in with Google, we receive your name, email address, and profile picture from your Google account.
Guest Information
When you RSVP to an event as a guest (without an account), we collect your name and email address. We also set a cookie (yayplans_guest) that expires after one year to remember your guest identity for future visits.
Event Information
Details about events you create, including titles, dates, times, locations, capacity limits, and date voting options.
Social Features
Information about Bunches (private friend groups) and Circles (shared social groups) you create or join, including member lists and invitations.
Technical Data
We use Plausible Analytics (self-hosted in the EU), a privacy-focused analytics service that does not use cookies or track individual users. We collect anonymous, aggregated data about traffic patterns. We also use GlitchTip (self-hosted in the EU) for error monitoring to improve service reliability, which may capture technical details about errors you encounter.
3. Legal Basis for Processing (GDPR)
We process your personal data based on the following legal grounds:
- Contract performance: To provide the service you signed up for (creating events, RSVPs, managing groups).
- Legitimate interests: To improve our service, prevent fraud, and ensure security.
- Consent: Where you have given explicit consent (e.g., marketing communications, if any).
- Legal obligations: To comply with applicable laws and regulations.
4. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve our services
- Send you event confirmations, reminders, and notifications
- Display your name to event organizers and other attendees
- Enable social features like Bunches and Circles
- Detect and prevent fraud or abuse
- Diagnose technical issues and improve reliability
5. Information Sharing and Third-Party Processors
We do not sell your personal information. We share data only in these circumstances:
With Other Users
- Your name and avatar are visible to other attendees of events you join.
- Event details you create are accessible to anyone with the event link.
- Circle members can see other members of the same circle.
With Service Providers
We use the following third-party processors to operate our service:
- Hetzner (Finland, EU): Server hosting and infrastructure.
- Self-hosted PostgreSQL (Finland, EU): Database and authentication.
- Bunny.net (Slovenia, EU): Content delivery network and DDoS protection.
- Scaleway (France, EU): Transactional email delivery.
- Google (USA): Authentication provider for social login.
- Plausible Analytics (self-hosted, Finland, EU): Privacy-focused web analytics.
- GlitchTip (self-hosted, Finland, EU): Error monitoring.
These providers process data on our behalf under data processing agreements that ensure GDPR-compliant data protection.
For Legal Reasons
We may disclose information if required by law, court order, or to protect the rights and safety of YayPlans and our users.
6. International Data Transfers
YayPlans is operated from Austria (EU). Our infrastructure is hosted entirely within the European Union (Finland, Slovenia, and France). The only non-EU data transfer is to Google for authentication (social login), which is covered by appropriate safeguards including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data processing agreements with all processors
7. Data Security
We implement technical and organizational measures to protect your personal data, including encryption in transit (TLS) and at rest, secure authentication, and access controls. Our infrastructure providers maintain SOC 2 compliance and other security certifications.
8. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you services. Event data is retained for the lifetime of the event plus a reasonable period for historical reference. You can request deletion of your data at any time by contacting us.
9. Your Rights Under GDPR
As a data subject, you have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your personal data ("right to be forgotten").
- Restriction: Request limitation of processing in certain circumstances.
- Portability: Receive your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests.
- Withdraw consent: Where processing is based on consent, withdraw it at any time.
To exercise any of these rights, contact us at privacy@yayplans.com. We will respond within 30 days.
You also have the right to lodge a complaint with a supervisory authority. In Austria, this is the Österreichische Datenschutzbehörde (www.dsb.gv.at).
10. Cookies
We use only essential cookies required for the service to function:
- Authentication cookies: To keep you logged in.
- Guest token cookie: To remember guest RSVPs (1 year expiry).
We do not use tracking cookies or advertising cookies. Plausible Analytics is cookie-free.
11. Children's Privacy
YayPlans is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
12. Changes to This Policy
We may update this privacy policy from time to time. For material changes, we will notify you by email or through the service. We encourage you to review this policy periodically.
13. Contact Us
If you have any questions about this privacy policy or our data practices, please contact us at: