← back

Privacy Policy

Last updated: June 18, 2026

In plain English

We collect what we need to run Nas Village, nothing more. We do not sell your data, we do not run third-party advertising on the service, and you can delete your account and your data at any time from Settings. The detailed version follows below and is written to meet the requirements of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

1. Data controller

The controller responsible for processing your personal data within the meaning of Art. 4(7) GDPR is:
Abdelrahman Aly
Damaschkeweg 1
35039 Marburg, Germany
Email: support@nasvillage.com
Phone: +49 175 33927051
Our full company details are in the Impressum.

2. What data we collect

  • Account data: name, email address, password (stored only as a salted hash), email-verification status.
  • Profile data: avatar, city and country, age, profession, education, hobbies and skills (with self-rated level), short bio, current status, profile visibility setting.
  • Social graph & activity: connections, friend requests, events you create or join, chat participation, notifications, reports you submit.
  • Content: messages and event content you post (chat messages auto-expire — see retention).
  • Technical & device data: IP address, browser/device type and OS, language, app version, push-notification token, approximate location derived from IP, security logs and error diagnostics.
  • Cookies & local storage: see our Cookie Policy.
  • Communications: support messages you send us and our replies.
We do not knowingly collect special categories of data (e.g. health, religion, sexual orientation, biometric data). Please do not post such information in free-text fields.

3. Why we process it and on what legal basis

  • To provide the service — sign-in, displaying your village, delivering messages, organising events, profile visibility settings. Legal basis: Art. 6(1)(b) GDPR — performance of contract.
  • To match users by hobbies and city and to power the discovery feed. Legal basis: Art. 6(1)(b) GDPR — performance of contract.
  • To send essential service emails (verification, password reset, security alerts, material changes to these terms). Legal basis: Art. 6(1)(b) and (c) GDPR.
  • To send push or email notifications about activity (new connection requests, chat messages, event reminders). Legal basis: Art. 6(1)(f) GDPR — legitimate interest in keeping you engaged, balanced against your control via notification settings.
  • To keep the platform safe — abuse detection, rate-limiting, fraud prevention, enforcement of our Terms. Legal basis: Art. 6(1)(f) GDPR — legitimate interest in the security and integrity of the service.
  • To comply with legal obligations (e.g. responding to lawful requests, handling abuse reports, tax/accounting where applicable). Legal basis: Art. 6(1)(c) GDPR.
  • To improve the service — anonymised/aggregated product analytics and error monitoring. Legal basis: Art. 6(1)(f) GDPR — legitimate interest; or your consent where required.

4. Who sees what

Your profile visibility is controlled by you in Settings. The available levels are Public to Village (visible to all signed-in users in your city), Friends-of-Friends (visible only to people connected to your connections), and Direct Friends (visible only to people you have accepted as connections). Direct messages are visible only to the participants of the conversation. Event details are visible to people the organiser invites or the visibility the organiser chooses. Our team may access content only when investigating a report, a suspected policy violation or a lawful request, under strict confidentiality.

5. Sharing with third parties (processors)

We do not sell your personal data. We share data only with vetted service providers that process it on our behalf under written data-processing agreements (Art. 28 GDPR):
  • Cloud infrastructure: Cloudflare, Inc. — hosting, content delivery, DDoS protection (servers in the EU where available).
  • Database, auth and storage: Supabase, Inc. — user accounts, profile data, content storage, push-token management.
  • Transactional email: our email-sending provider for verification, password reset and notification emails.
  • Push notifications: Apple Push Notification service and Firebase Cloud Messaging (Google) for delivering mobile push messages.
  • Error and performance monitoring: diagnostic logs to help us reproduce and fix bugs.
We may also disclose data where strictly necessary to comply with the law, enforce our Terms, protect the rights, safety or property of Nas Village, our users or the public, or in connection with a corporate transaction (merger, acquisition, insolvency) where the recipient is bound to honour this Privacy Policy.

6. International transfers

Some of our processors are located outside the European Economic Area (EEA), primarily in the United States. Where data is transferred outside the EEA we rely on appropriate safeguards under Chapter V GDPR, in particular the European Commission's Standard Contractual Clauses (Art. 46(2)(c) GDPR), supplemented by additional technical and organisational measures where required.

7. How long we keep your data

  • Account & profile data: for as long as your account is active.
  • Direct chat messages: automatically deleted after 24 hours.
  • Event chat messages: automatically deleted after 12 hours.
  • Notifications: kept for up to 90 days in your inbox.
  • Security and access logs: typically up to 90 days, longer where required for security investigations.
  • Account deletion: when you delete your account, we remove your profile and content within 30 days, except where retention is required by law (e.g. abuse reports, statutory accounting periods).

8. Your rights

Under the GDPR you have the right to:
  • Access your data and obtain a copy (Art. 15);
  • Rectify inaccurate or incomplete data (Art. 16);
  • Erase your data ("right to be forgotten", Art. 17);
  • Restrict processing (Art. 18);
  • Data portability — receive your data in a structured, machine-readable format (Art. 20);
  • Object to processing based on our legitimate interests (Art. 21), including direct-message notifications;
  • Withdraw consent at any time where processing is based on your consent (Art. 7(3)), without affecting prior lawful processing;
  • Lodge a complaint with a supervisory authority (Art. 77) — for users in Hesse, Germany this is Der Hessische Beauftragte für Datenschutz und Informationsfreiheit.
Most rights are self-serve in Settings. For anything else email support@nasvillage.com; we respond within 30 days.

9. Automated decision-making

We do not use automated decision-making that produces legal or similarly significant effects on you within the meaning of Art. 22 GDPR. Sorting of the discovery feed by shared city, hobbies and profession is a ranking signal, not an automated decision about you.

10. Security

We protect your data using industry-standard technical and organisational measures, including encryption in transit (TLS) and at rest, hashed passwords, access controls, row-level security on user data, principle-of-least-privilege for internal access, audit logging, and regular review of our processors. No system is perfectly secure; you can help by using a strong unique password and notifying us promptly of any suspected compromise.

11. Children

Nas Village is intended for adults. You must be at least 18 to use it. We do not knowingly collect personal data from anyone under 18. If we learn we have collected data from a minor, we will delete it without delay.

12. Cookies and similar technologies

See our Cookie Policy for the full list, including categories, purposes and retention periods.

13. Changes to this Policy

If we make material changes we will notify you in the app or by email at least 14 days before the changes take effect. The "Last updated" date at the top of this page always reflects the current version.

14. Contact

Questions, complaints or data-protection requests? Email support@nasvillage.com or write to Abdelrahman Aly, Damaschkeweg 1, 35039 Marburg, Germany.