Privacy Policy
Last updated: April 4, 2026
This Privacy Policy explains how Kroogom collects, uses, and protects your personal data.
1. Data Controller
Kroogom is the data controller for the personal data processed through this Platform. If you have questions about how your data is handled, contact us at support@kroogom.com.
2. Personal Data We Collect
We collect the following personal data: Account information (name, email address, username, profile photo); Profile information (occupation, bio, home city, interests, social links); Event data (events you create, attend, or bookmark); Communication data (messages you send through the Platform); Location data (home city you set in your profile, event locations, device geolocation when you grant permission for nearby events); Device data (device type, operating system, IP address, browser type, push notification tokens); Usage data (pages visited, features used, timestamps).
3. How We Collect Data
We collect data: directly from you when you create an account, fill in your profile, create events, or send messages; automatically through cookies and similar technologies when you use the Platform; from third-party authentication providers (Google Sign-In) when you choose to sign in with Google — we receive your name, email, and profile picture from Google.
4. How We Use Your Data
We use your personal data to: provide and operate the Platform; authenticate your identity and manage your account; display events, groups, and user profiles; enable communication between users via messaging; send you notifications about events, messages, and account activity; improve the Platform based on usage patterns; comply with legal obligations.
5. Lawful Basis for Processing (GDPR)
We process your personal data based on: Contract — processing necessary to provide the services you signed up for (account management, event features, messaging); Legitimate Interest — improving the Platform, preventing fraud, ensuring security; Consent — sending marketing communications, using non-essential cookies; Legal Obligation — complying with applicable laws and regulations.
6. Third-Party Services
We use the following third-party services to operate the Platform: Amazon Web Services (AWS) — cloud hosting, data storage (S3), content delivery (CloudFront CDN), authentication (Cognito), push notifications (SNS). Data is stored in the AWS us-east-1 region; Google — Google Sign-In for authentication, Google Maps and Google Places API for event locations and address autocomplete, and Google Analytics for understanding how the Platform is used. Google Analytics collects anonymous usage data (pages visited, session duration, device type) and is only activated after you give consent via the cookie banner. Google's privacy policy: https://policies.google.com/privacy; Push Notifications — delivered via AWS SNS to Apple Push Notification Service (APNs) for iOS and Firebase Cloud Messaging (FCM) for Android. We do not sell your personal data to any third party.
7. Cookies
We use the following storage mechanisms: Essential: An HTTP-only secure cookie stores a refresh token for maintaining your session across page loads — this cookie is not accessible to JavaScript and is used only for server-side token renewal; a "kroogom-auth" session-hint cookie indicates you are logged in and is used for page protection (does not contain the token itself); access and ID tokens are held in memory only and are never written to localStorage or sessionStorage. Analytics (opt-in): Google Analytics cookies (_ga, _ga_*) — used to distinguish users and track anonymous usage patterns. These cookies are only set after you explicitly accept analytics cookies via our cookie banner. You can decline analytics cookies when the banner is shown, or later by clearing cookies or using your browser's cookie settings; after that, only essential cookies will be used. We do not use advertising cookies. Google Maps may set its own cookies when map features are used — see Google's cookie policy for details.
8. Data Retention
We retain your personal data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it by law. Event data created by you may be retained in anonymized form after account deletion. Messages sent to other users remain visible to those users after your account is deleted.
9. Your Rights
Under GDPR and Ukrainian data protection law, you have the right to: Access — request a copy of the personal data we hold about you; Rectification — correct inaccurate or incomplete data via your profile settings; Erasure — delete your account and personal data via account settings; Restriction — request that we restrict processing of your data; Portability — receive your data in a structured, machine-readable format; Objection — object to processing based on legitimate interest; Withdraw consent — withdraw consent for marketing communications at any time. To exercise these rights, contact us at support@kroogom.com or use the account settings in the Platform.
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including: encrypted data transmission (HTTPS/TLS); secure authentication managed by AWS Cognito — Kroogom does not store passwords; your credentials are handled entirely by Cognito's security infrastructure; refresh tokens stored in HTTP-only secure cookies inaccessible to client-side code; server-side encryption (AES-256) for stored files; access controls on our infrastructure; regular security reviews.
11. International Data Transfers
Your data is processed in the United States (AWS us-east-1 region) and may also be processed in other regions for certain Google services. Where data is transferred outside the EU, we rely on appropriate safeguards such as Standard Contractual Clauses.
12. Children's Privacy
The Platform is not intended for children under 16. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child under 16, please contact us and we will delete it.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a notice on the Platform. The "Last updated" date at the top of this page indicates the most recent revision.
14. Contact
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at support@kroogom.com.