SquadReel Icon

SquadReel

Privacy Policy for the “SquadReel” App and the Website squadreel.com

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

sparse creations GmbH
Düsseldorfer Str. 60
33647 Bielefeld
Germany

Managing director: Bernd Volkmer

E-mail: info@squadreel.com

2. Data Protection Officer

Our Data Protection Officer is:

Sherzod Khaydarov
Düsseldorfer Str. 60
33647 Bielefeld
Germany

E-mail: info@squadreel.com

3. Scope of this Privacy Policy

This Privacy Policy applies to:

  • the mobile app “SquadReel” (hereinafter the “App”), and

  • the website squadreel.com (hereinafter the “Website”).

Unless expressly stated otherwise, the following information applies to both the App and the Website.

4. Processing of Personal Data

4.1 Use of the App, Registration and User Account

To use the App, you need to create a user account.

Categories of data processed:

  • Basic data: name, nickname

  • Contact data: e-mail address

  • Login data: hashed passwords (for e-mail registration) or tokens for social logins

  • Profile data: optional profile photo and further optional information

Purposes of processing:

  • Creation and management of user accounts

  • Enabling the core functionality of the App (creating and joining “Squads” / events, uploading content, commenting, reacting, etc.)

  • Communication with users (e.g. technical information via e-mail)

Legal basis:

  • Art. 6(1)(b) GDPR (performance of a contract or steps prior to entering into a contract)

4.2 Social Logins (Apple, Google)

When you register or log in via “Sign in with Apple” or “Sign in with Google”, the relevant information (e.g. name, e-mail address, an identifier) is transmitted to us by Apple or Google.

The providers are initially responsible for this data transmission. For details, please refer to their respective privacy policies.

We use the transmitted data solely to:

  • create or log in to your user account, and

  • verify your identity.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

4.3 Event and Content Data (“Squads”)

When using the App, you can share content within closed groups (“Squads”).

Categories of data processed:

  • Photos and videos

  • Comments, likes/reactions, ratings

  • Metadata (e.g. timestamps, assignment to a specific Squad or event, and – if provided – location data from your device)

The content is visible only to the members of the respective Squad. We do not use this content for our own advertising purposes and we do not disclose it to third parties for their own purposes. Disclosure only takes place where it is technically necessary for operating the service (e.g. hosting, storage, see section 5).

Purposes of processing:

  • Provision of the core functionality of the App (shared media and event platform in closed groups)

  • Display, synchronisation and summarisation of events within Squads

Legal basis:

  • Art. 6(1)(b) GDPR (performance of a contract – provision of the App’s features)

Note on special categories of data:
We do not intend to process special categories of personal data (Art. 9 GDPR, e.g. health data, political opinions, religion) in a targeted way. The App is designed as a platform for user-generated content. Users are responsible for ensuring that they do not upload sensitive data they do not wish to share.

4.4 Technical Data and Log Files

When you use the App or the Website, certain technical information is processed automatically by our systems:

  • IP address

  • Date and time of the request

  • Requested resource / URL

  • Device type, operating system, App version

  • Error messages (error logs)

Purposes of processing:

  • Technical provision of the App and Website

  • Ensuring stability and security (error analysis, defence against attacks)

  • Documentation in case of misuse or disruptions

Legal basis:

  • Art. 6(1)(f) GDPR (legitimate interest in a secure and stable operation)

Log files are usually stored for up to 30 days and then deleted or anonymised, unless a longer storage is necessary for evidence purposes.

4.5 Crash Reporting and Performance Monitoring (Firebase Crashlytics)

We use Firebase Crashlytics to analyse errors and crashes in the App. This involves processing technical information (e.g. device type, OS version, App version, timestamp) and a pseudonymous identifier.

Purpose: Improving the stability and quality of the App.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest).

4.6 Analytics (Google Analytics / Firebase Analytics)

We use Google Analytics and/or Firebase Analytics to analyse the use of the App and the Website (e.g. number of users, usage of features, time spent). Pseudonymous usage profiles may be created.

Where required by law, these tools are used only with your consent (e.g. via a consent dialog or cookie banner).

Purposes of processing:

  • Usage analysis of the App and Website

  • Improvement of features and user experience

  • Reach and performance measurement

Legal basis:

  • Art. 6(1)(a) GDPR (consent), where obtained

  • Where permitted, possibly Art. 6(1)(f) GDPR (legitimate interest), e.g. for strictly anonymised statistics

You can withdraw your consent at any time with effect for the future, for example via the settings in the App or via the cookie/consent settings on the Website.

4.7 Newsletter and Marketing E-mails (Brevo)

If you sign up for our newsletter or similar e-mail updates, we process:

  • Your e-mail address

  • Your name / nickname (if provided)

  • Time of registration and confirmation (double opt-in)

We use Brevo as our e-mail service provider.

Purpose: Sending news, updates and, where applicable, marketing information about SquadReel.
Legal basis: Art. 6(1)(a) GDPR (consent).

You can withdraw your consent at any time by using the unsubscribe link in each e-mail.

5. Recipients of Data and Data Transfers

We only share personal data with third parties where this is necessary for the purposes described above, where we are legally allowed or required to do so, or where you have given your consent.

Categories of recipients:

  • Hosting and backend service providers:
    – Google Firebase (backend, database, storage, messaging, analytics)

  • E-mail service provider:
    – Brevo (e-mail communication, newsletters)

  • Analytics and crash reporting services:
    – Google Analytics, Firebase Analytics
    – Firebase Crashlytics

  • Push notification services:
    – Firebase Cloud Messaging (FCM)
    – Apple Push Notification Service (APNS)

These providers act as processors on our behalf and are contractually obliged to comply with data protection requirements, where required by law.

5.1 Data Transfers to Third Countries

When using Google/Firebase and possibly Brevo, personal data may be processed in countries outside the European Union (in particular the United States).

Where no adequacy decision of the European Commission exists, the transfer is based on appropriate safeguards such as:

  • standard contractual clauses (SCCs) adopted by the European Commission and/or

  • participation in the EU-U.S. Data Privacy Framework (where applicable).

Despite these safeguards, an equivalent level of data protection as in the EU cannot be guaranteed in all cases (e.g. extended access rights for authorities).

6. Storage Period and Deletion

We store personal data only as long as necessary for the purposes described or as required by statutory retention obligations.

In particular:

  • User accounts:
    – Stored until the user deletes the account.
    – Inactive accounts may be deleted after 12 months of inactivity.

  • Content (photos/videos, comments, reactions) within Squads:
    – Stored until deleted by the Squad initiator or other authorised Squad members.
    – If all members of a Squad leave the App or delete their accounts, the Squad may be deleted as a whole.

  • Personal profile data:
    – Deleted when the account is deleted.
    – Content such as photos/videos remain in the Squad context until removed by Squad members or by system rules; where technically possible, the link to your account will be removed or pseudonymised.

  • Backups:
    – Backups containing personal data are rotated and kept for a maximum of 3 months, unless a longer storage is required for security or evidence purposes.

  • Log files:
    – Usually stored for up to 30 days, then deleted or anonymised unless longer storage is required for evidence.

7. Security of Processing

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

These measures include in particular:

  • Encryption of data in transit using TLS/HTTPS

  • Use of secure infrastructure and standards (e.g. Firebase encryption “at rest”)

  • Access restrictions to production systems (authorised personnel only)

  • Regular updates of systems and components

We do not generally pre-moderate user-generated content. Users are responsible for their own content. However, if we receive specific reports about unlawful content, we will review them and take appropriate action in line with our legal obligations and our Terms of Use.

8. No Processing of Data of Minors

The App is intended exclusively for adults (18+).
We do not knowingly address or target children or minors. If we become aware that an account was created by a person under 18 without appropriate consent from a parent or guardian, we may delete the account.

9. Your Rights

You have the following rights under the GDPR:

  • Right of access (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to erasure (Art. 17 GDPR)

  • Right to restriction of processing (Art. 18 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to object to certain processing activities (Art. 21 GDPR)

  • Right to withdraw consent at any time with effect for the future (Art. 7(3) GDPR)

To exercise these rights, you can contact us or our Data Protection Officer at any time: info@squadreel.com

You also have the right to lodge a complaint with a supervisory authority.

10. Obligation to Provide Data

Some data (e.g. name, e-mail address) are required for registration and use of the App. Without this data, the App cannot be used, or can only be used in a limited way.

11. Automated Decision-Making / Profiling

We do not carry out any automated decision-making within the meaning of Art. 22 GDPR that produces legal effects concerning you or similarly significantly affects you.

12. Changes to this Privacy Policy

We may amend this Privacy Policy from time to time, for example if the legal situation, the App or the underlying data processing changes. The current version will be available in the App and on the Website.

Last updated: November 14, 2025.