Privacy Policy

Last updated: February 2026

1. Data Controller

DappPin.com, Germany.

2. Scope

This Privacy Policy applies to all personal data processed through the DappPin website, mobile-optimised web application, and related services (collectively, the “Platform”). By using the Platform, you consent to the data practices described herein.

3. Data We Collect

3.1 Account Data

Full name, email address, phone number, date of birth, profile photo (optional), and hashed authentication credentials. When you sign in via Google, we receive your Google profile name and email.

3.2 Identity Verification (KYC) Data

Government-issued ID images (front and back), full legal name, date of birth, and document type. This data is collected to comply with German regulations and the EU DAC7 directive.

3.3 Financial & Tax Data

PayPal email address, transaction history, wallet balances, escrow records, invoice data, and, when voluntarily provided or legally required, your Tax Identification Number (Steueridentifikationsnummer) for DAC7 / PStTG reporting to the Bundeszentralamt für Steuern (BZSt) and/or local Finanzamt.

3.4 Location Data

GPS coordinates when you use the map features (task browsing, task pinning, GPS verification steps). Location data is collected only while the app is in active use and with your explicit browser permission.

3.5 Task & Communication Data

Task descriptions, bounty amounts, verification photos, chat messages, dispute records, and ratings. In-app chat messages are automatically filtered to remove personal contact information (phone numbers, emails, social media handles, addresses) for user safety.

3.6 Device & Usage Data

IP address, browser type and version, operating system, device identifiers, pages visited, click patterns, session duration, and referral URLs. Analytics data is collected only with your explicit cookie consent.

4. Purpose of Processing

  • Account management – Creating and maintaining your user account
  • Task matching – Displaying relevant tasks based on location and preferences
  • Payment processing – Escrow management, payouts, deposits, and invoicing
  • Identity verification – KYC compliance for Earners
  • Tax reporting – DAC7 / PStTG mandatory reporting to German tax authorities
  • Fraud prevention – Detecting and preventing abuse, fake accounts, and prohibited content
  • Dispute resolution – Reviewing evidence and resolving payment disputes
  • Legal compliance – Meeting our obligations under German and EU law
  • Platform improvement – Analytics and performance monitoring (consent-based)
  • Communication – Service notifications, security alerts, and policy updates

5. Legal Basis (GDPR Art. 6)

  • Art. 6(1)(b) Contract performance – Processing necessary to provide the Platform services
  • Art. 6(1)(c) Legal obligation – Tax reporting (DAC7/PStTG), KYC, AML, and record-keeping requirements
  • Art. 6(1)(f) Legitimate interest – Fraud prevention, platform security, and dispute resolution
  • Art. 6(1)(a) Consent – Analytics cookies and optional marketing communications

6. Data Sharing & Third Parties

We share personal data only as necessary:

  • Payment processors – PayPal (for deposits, payouts, and escrow)
  • Cloud infrastructure – Google Cloud / Firebase (hosting, database, authentication, storage)
  • Tax authorities – BZSt / Finanzamt (as required by DAC7 / PStTG)
  • Analytics – Google Analytics (only with your cookie consent)
  • Law enforcement – When legally compelled by court order or regulatory request

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

7. International Data Transfers

Some of our service providers (e.g., Google, PayPal) may process data outside the EU/EEA. Such transfers are safeguarded by EU Standard Contractual Clauses (SCCs) or adequacy decisions as required by GDPR.

8. Data Retention

  • Account data – Retained for the duration of your account plus 30 days after deletion request
  • Financial & tax data – Retained for 10 years per German commercial and tax law (HGB § 257, AO § 147)
  • KYC documents – Retained for 5 years after account closure
  • Chat & dispute data – Retained for 3 years after resolution
  • Analytics data – Anonymised after 26 months
  • Location data – Not stored beyond the active session (task-level GPS check-ins are stored as verification records)

9. Cookies & Tracking

We use strictly necessary cookies for authentication and session management (no consent required). Analytics and performance cookies are set only after you provide explicit consent via our cookie banner. You can change your cookie preferences at any time in Settings.

10. Data Security

We implement industry-standard security measures including TLS encryption in transit, encryption at rest for sensitive data, Firebase Security Rules for database access control, regular security audits, and automatic filtering of personal contact information in chats. Despite our efforts, no system is 100 % secure. We cannot guarantee absolute security of your data.

11. Your Rights (GDPR Art. 15–22)

You have the right to:

  • Access – Request a copy of your personal data
  • Rectification – Correct inaccurate or incomplete data
  • Erasure – Request deletion of your data (subject to legal retention obligations)
  • Restriction – Restrict processing under certain conditions
  • Data portability – Receive your data in a structured, machine-readable format
  • Objection – Object to processing based on legitimate interest
  • Withdraw consent – Withdraw consent for analytics at any time without affecting prior processing

To exercise any right, contact us. We will respond within 30 days.

12. Automated Decision-Making

We use automated systems for chat content filtering (removing contact information) and DAC7 threshold monitoring (freezing Earner mode). These automated processes may affect your ability to use the Platform. You have the right to request human review of any automated decision.

13. Children

DappPin is not intended for individuals under 18 years of age. We do not knowingly collect data from minors. If we discover that a minor has created an account, we will delete it immediately.

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email or in-app notification at least 14 days before they take effect.

15. Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority. The lead authority for DappPin is the data protection authority of the German federal state where DappPin.com is registered.

16. Contact

For questions or requests regarding your personal data:
Reach us through your profile.