Insider Budapest
Get access - €8
Last updated: March 2026
Insider Budapest is based in Budapest, Hungary. For the purposes of EU data protection law (GDPR), we are the data controller for the personal data described in this policy.
Contact: info@insiderbudapest.app
2.1 Data you provide directly
- Email address — provided when you sign up via magic link. This is the only personal data you actively provide to us.
2.2 Data collected automatically
- Usage analytics — we track events such as app opens, pin taps, route starts, moment card generations, and day filter changes. These events are linked to your user ID to help us understand how the app is used and to improve the product.
- Error logs — if the app encounters an error, we may log technical details (error type, message, browser info) linked to your user ID to help us fix issues.
- Purchase data — when you purchase access, our payment provider sends us your email address, order ID, and payment status. We do not receive or store your payment card details, bank account information, or billing address.
2.3 Data we do not collect
- We do not collect your name, phone number, physical address, or date of birth
- We do not collect your GPS location. The app uses Google Maps, which may request location permission from your browser, but this data is processed by Google, not by us
- We do not use cookies for advertising or tracking. The app uses only essential session cookies for authentication
- We do not use passwords. Authentication is entirely via magic link (passwordless)
We use your data for the following purposes:
- To provide the service — your email is used for authentication (magic link sign-in) and to match your purchase to your account
- To manage access — we check your entitlement status (active/expired) to determine whether to grant access to app content
- To improve the product — usage analytics help us understand which landmarks, routes, and features are most used, so we can improve the experience
- To fix issues — error logs help us identify and resolve technical problems.
We do not sell your data. We do not use your data for advertising. We do not share your data with third parties for their marketing purposes.
Under the General Data Protection Regulation (GDPR), we process your data on the following legal bases:
- Contract performance (Art. 6(1)(b)) — processing your email and purchase data is necessary to provide you with the service you paid for
- Legitimate interest (Art. 6(1)(f)) — usage analytics and error logging serve our legitimate interest in improving the product and fixing issues. This processing is minimal, uses no sensitive data, and does not override your rights.
We share data with the following third-party service providers, solely for the purposes described:
- Supabase (USA) — database hosting, authentication, and edge functions. Stores your email, profile, analytics events, and entitlement data. Supabase complies with SOC 2 Type II and processes data under standard contractual clauses (SCCs) for EU-US data transfers.
- Payment provider (merchant of record) — processes your payment, handles receipts, VAT, and tax compliance. Receives your email and payment details. We do not receive or store card information.
- Google Maps API — renders the interactive map in the app. Google may collect technical data (IP address, device info) as part of its Maps service. See Google’s Privacy Policy for details.
- Lovable / Netlify (hosting) — hosts the web application. May process IP addresses and standard server logs.
We do not transfer data to any other third parties.
Some of our sub-processors (notably Supabase) are based in the United States. Data transfers to the US are protected by Standard Contractual Clauses (SCCs) as approved by the European Commission, in compliance with GDPR requirements.
- Account and profile data — retained for as long as your account is active. If your access expires and you do not renew, we retain your data for up to 12 months after expiry, then delete it.
- Analytics events — retained for up to 24 months for product improvement purposes, then anonymized or deleted.
- Error logs — retained for up to 6 months.
- Purchase records — retained for the duration required by applicable tax and accounting laws.
Under GDPR, you have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate data
- Right to erasure (“right to be forgotten”) — request deletion of your data, subjectto legal retention obligations
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interest
- Right to lodge a complaint — with a supervisory authority.
To exercise any of these rights, email us at: info@insiderbudapest.app. We will respond within30 days.
Insider Budapest is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child under 16 has provided us with personal data, please contact us and we will delete it promptly.
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last updated” date. We encourage you to review this policy periodically.
For any privacy-related questions or requests:
Email: info@insiderbudapest.app
