This privacy policy describes how Côté ("we", "us", "our") collects, uses and protects your personal data when you use our app and website. We are committed to full transparency about how your data is used.
1. What data do we collect?
We may collect the following data:
- Account data: name, email address, profile photo
- Location data: your municipality and, with your consent, your current GPS position (not stored historically)
- Audio recordings: dialect audio contributions you voluntarily submit — stored for community learning
- Usage data: anonymous usage events (PostHog, opt-in only), lesson progress, chat messages
- Crash reports: anonymous crash logs (GlitchTip, opt-in only) — no screenshots, no personal data
- Device data: device type (Android/iOS), operating system, app version
- IP address: temporarily logged for security and rate limiting — not linked to your profile
2. How do we use your data?
We use your data to:
- Provide and improve our services
- Connect you with other users in your municipality
- Track your learning progress
- Send you relevant notifications
- Resolve technical issues
3. Processors & Partners
We work with the following carefully selected service providers. All data remains in the EU.
| Service | Purpose | Location |
|---|
| Keycloak | Authentication (login) | EU (Hetzner, Frankfurt) |
| Hetzner | Server hosting (API, database) | EU (Frankfurt) |
| Hostinger | Website hosting | EU |
| Cloudflare R2 | File storage (photos, audio) | EU |
| GlitchTip | Crash monitoring (opt-in) | EU (self-hosted) |
| PostHog | Usage analytics (opt-in) | EU |
| Centrifugo | Real-time messaging | EU (self-hosted) |
4. How long do we store your data?
We apply the following retention periods:
- Account data: until deletion request + 30 days
- Chat messages: until account deletion
- GPS location: only current position, no history stored
- Analytics events: 12 months (opt-in only)
- Rate limit logs: 7 days
- Consent logs: 2 years (audit requirement)
5. Data sharing
We do not sell your data. We only share with processors listed above and only:
- With your explicit consent
- When legally required
- With service providers who help us run the app (under data processing agreements)
6. Security
We take the following technical and organizational measures to protect your data:
- TLS 1.3 for all data transport
- End-to-end encryption (X25519 + AES-256-GCM) for private messages and dating chat
- Local database encryption (SQLCipher) on your device
- Crash reports contain no screenshots or personal data
- Passwords are hashed by Keycloak — we never see them
7. Your rights
Under GDPR you have the following rights. Contact us at contact@cote.ink for any request — we respond within 30 days.
- View or correct your data: contact@cote.ink
- Export your data: app → Profile → Privacy → Export my data
- Delete your account: app → Profile → Privacy → Delete account
- Withdraw your consent at any time (analytics/crash settings in the app)
- File a complaint with the Belgian Data Protection Authority (www.gegevensbeschermingsautoriteit.be)
8. Contact
For questions about this privacy policy, contact us at contact@cote.ink. We respond within 30 days.