FestaFesta

Privacy Policy

Last updated: April 27, 2026

This Privacy Policy explains how Festa ("Festa", "we", "us") collects, uses, and protects personal data when you use the Festa mobile app and the Festa web portal. Festa is operated from Malta and serves users worldwide.

1. Data We Collect

Account and profile data

  • Email address used to sign in
  • Display name, username, and avatar URL (you choose these)
  • Preferred language, audience preference, and notification categories
  • Account role (regular user, organizer, or admin)

App activity and social features

  • Events you bookmark or RSVP to
  • Profiles you follow
  • Events you submit through the "Submit event" form
  • Reports you file against events or users

Approximate location

If you grant location permission, Festa reads a coarse (city-level) location from the device to surface nearby events. We do not store your precise GPS coordinates on our servers. If you do not grant location permission, you can pick a city manually instead. Your manual city choice is stored locally on the device.

Push notification token

If you enable push notifications, we store your device's push token (issued by Apple Push Notification service or Firebase Cloud Messaging) and the platform (iOS or Android) so we can send reminders for events you bookmarked and notify you about new events that match your preferences. You can disable notifications at any time in your device settings.

Affiliate click data

When you tap a third-party activity link (for example a tour or experience powered by GetYourGuide), Festa records the click for analytics. The data we store on our own servers includes:

  • The activity that was clicked, its title, and the destination URL
  • An anonymous session identifier persisted on the device
  • If you are signed in, your Festa user ID (linked to the click)
  • Platform (iOS or Android), referring screen, optional city, and a Gozo flag

This data is used as first-party analytics. We do not share your Festa user ID with the affiliate partner, and we do not link this data with data collected by other companies' apps or websites. As a result, this is not "tracking" under the iOS App Tracking Transparency definition.

Crash and error data

When the app encounters an unexpected error, we send a crash report containing the error type, message, stack trace, app version, platform, and a timestamp. Crash reports do not include your email address, the contents of your bookmarks, or any personal messages.

2. How We Use Your Data

  • Provide and maintain the Festa app and the admin portal
  • Show events near you, recommend events, and respect your audience preference
  • Display social activity such as bookmarks, RSVPs, and follows
  • Send push notifications and reminders if you have allowed them
  • Review and moderate user-submitted events and user reports
  • Measure outbound affiliate click activity to improve product quality
  • Detect, prevent, and respond to abuse, fraud, or security incidents
  • Comply with applicable legal obligations

We do not sell your personal data and we do not run third-party advertising in the app.

3. Public Visibility Inside the App

Festa includes a public people search and social features. The following pieces of your profile are visible to other users in the app:

  • Display name, username, and avatar
  • Aggregate counts of events you bookmarked or RSVP'd to (where the public-profile view exposes them)
  • Follow relationships and counts

Your email address, push token, exact device identifiers, and crash reports are never shown to other users.

4. Where Your Data Is Stored

Festa uses Supabase (Supabase Inc.) as the database and authentication provider. Our project is hosted in the European Union. Authentication tokens on mobile devices are stored in the device keychain through expo-secure-store. We rely on row-level security policies and role-based access controls to make sure each user can only access their own data.

5. Third-Party Services

Festa relies on a small number of third-party services. Each of them processes data only as needed to provide its function:

  • Supabase — database, authentication, storage, and serverless functions. Privacy policy.
  • Expo and EAS — mobile app build, push notification routing, and over-the-air updates. Privacy policy.
  • Apple Push Notification service — delivers push notifications on iOS devices.
  • Firebase Cloud Messaging — delivers push notifications on Android devices.
  • Apple Maps and Google Maps — render maps and venue locations. When a map is shown, the maps provider may receive your IP address and viewport.
  • GetYourGuide — activity and tour partner. When you tap a GetYourGuide link, you leave Festa and GetYourGuide's own privacy policy applies.
  • Sentry — crash reporting. Sentry receives error stack traces and app metadata as described in section 1.
  • Vercel — hosts the Festa web portal and this Privacy Policy page.

6. Data Retention

Account data is retained while your account is active. If you delete your account, we delete your profile, bookmarks, RSVPs, follows, push tokens, and submitted events associated with your account. Aggregate analytics that do not identify you may be retained.

Affiliate click logs are retained for up to 24 months for fraud-detection and analytics purposes, after which they are aggregated or deleted.

7. Your Rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can exercise the most common rights directly in the app:

  • Delete your account. Open Profile, then "Delete account". This removes your personal data from Festa.
  • Disable notifications. Toggle notification permission off in your device settings or change your notification categories in the app.
  • Revoke location. Disable Festa's location permission in your device settings at any time.
  • Sign out. Sign out from the Profile screen at any time; your session is cleared from the device.

For other privacy requests, write to hello@festa-app.co.

8. Reporting Inappropriate Content

Festa includes an in-app way to report events or profiles that you believe violate our terms or contain offensive, illegal, or misleading content. Reports are reviewed by the Festa moderation team. You can also email hello@festa-app.co if you cannot reach the in-app reporting flow.

9. Children

Festa is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us so we can delete it.

10. International Transfers

Festa is operated from Malta, and most data is stored in the European Union. Some of our processors (for example Apple, Google, Sentry, and Expo) are based outside the EU and may process data in their own regions under their own safeguards.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the date above and, where appropriate, notify you in the app or by email.

12. Contact

Questions, requests, or complaints? Email hello@festa-app.co.