Privacy Policy

Last updated: 1 January 2026

This Privacy Policy explains how Groxo collects, uses, and protects your personal data when you use our platform. We are committed to handling your data responsibly and transparently, in compliance with the General Data Protection Regulation (GDPR) and applicable Hungarian data protection law.

1. Data we collect

We collect the following categories of data:

  • Account data: email address, display name, and password (stored as a secure hash) when you sign up.
  • Profile data: nickname, city, country, phone number (organisers), profile photo, biography, sport preferences, and social media links — provided voluntarily.
  • Event interaction data: events you register for, favourites you save, and tickets you purchase.
  • Organiser data: business or club name, contact email, event listings, and identity verification documents submitted during the verification process.
  • Usage data: pages visited, search queries, filter selections, and timestamps — collected automatically to improve the platform.
  • Device data: browser type, operating system, and IP address — collected automatically for security and analytics purposes.

2. How we use your data

We use your data to:

  • Provide and operate the Groxo platform, including account management, event discovery, and registration.
  • Verify organiser identities and maintain platform integrity.
  • Send transactional emails such as registration confirmations and account notifications.
  • Improve the platform through aggregated usage analytics.
  • Comply with legal obligations.

We do not use your data for automated profiling that produces legal or similarly significant effects.

3. How we share your data

We do not sell your personal data to third parties. We may share data with:

  • Event organisers: when you register for their event, they receive the information necessary to process your registration (name, email, and any details you provided).
  • Infrastructure providers: Groxo uses Supabase as its backend infrastructure provider. Data is stored on Supabase-managed servers in the European Union. Supabase processes data on our behalf and is bound by appropriate data processing agreements.
  • Payment processors: when you purchase a ticket, payment data is handled by our payment provider (Stripe). Groxo does not store your payment card details.
  • Legal authorities: if required by law, court order, or to protect the safety of users.

4. Cookies and local storage

Groxo uses browser local storage to maintain your session and remember your preferences (such as your selected filters). We do not use third-party advertising cookies. Essential session cookies may be set by our infrastructure provider (Supabase) to authenticate your account.

5. Data retention

We retain your account data for as long as your account is active. If you delete your account, your personal profile data will be removed within 30 days. Some data may be retained for longer where required by law or for legitimate business purposes (e.g. records of financial transactions).

6. Your rights

Under the GDPR and Hungarian data protection law, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data ("right to be forgotten").
  • Object to or restrict certain types of processing.
  • Data portability — receive a copy of your data in a machine-readable format.
  • Lodge a complaint with the Hungarian data protection supervisory authority, the NAIH (Nemzeti Adatvédelmi és Információszabadság Hatóság) at naih.hu.

To exercise any of these rights, contact us at hello@groxo.app. We will respond within 30 days.

7. Security

We use industry-standard security measures including encrypted connections (HTTPS), server-side authentication, and access controls. Identity documents submitted for organiser verification are stored in a private, access-controlled storage bucket and are not publicly accessible.

8. Children's privacy

Groxo is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has registered, please contact us at hello@groxo.app.

9. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-app notice. The "last updated" date at the top of this page reflects the most recent revision.

10. Contact

For privacy-related enquiries, email hello@groxo.app. For general support, see our page.