Privacy Policy

RentFriends Privacy Policy

RentFriends Privacy Policy

Effective date: May 15, 2026

§1. General Provisions

This Privacy Policy sets out the rules for processing personal data of users of:

  • the websites dyżury.app and rentfriends.app,
  • the Dyżury.app / RentFriends mobile application,
  • registration forms and the waiting list,
  • services associated with the Dyżury.app and RentFriends platforms.

The controllers of personal data are:

  • Aleksandra Kaziniec,
  • Marvin Ruciński,
  • Zuzanna Nowak,

operating the RentFriends / Dyżury.app platform, hereinafter referred to as the “Controllers”.

You can contact the Controllers by e-mail at: kontakt@dyzury.app

§2. Scope of Data Collected

The Controllers may process the following user data:

1. Identification and contact data

  • first name or username,
  • e-mail address,
  • phone number,
  • profile picture,
  • date of birth or age,
  • gender,
  • city of residence,
  • university,
  • profile description,
  • flatmate preferences,
  • links to social media profiles.
  • user activity within the application,
  • likes and matches,
  • safety or terms-of-service violation reports,
  • information related to content moderation.

3. Technical data

  • IP address,
  • device and browser data,
  • login data,
  • basic statistical and analytical data.

Personal data are processed for the purposes of:

  • creating and managing user accounts,
  • enabling use of the application and website features,
  • matching users,
  • ensuring platform security,
  • moderating content and handling reports,
  • communicating with users,
  • developing and improving the services,
  • processing future payments related to the service.

Data are processed on the basis of:

  • Art. 6(1)(b) GDPR — performance of a contract or steps taken prior to entering into a contract,
  • Art. 6(1)(a) GDPR — the user’s consent,
  • Art. 6(1)(f) GDPR — the legitimate interests of the Controllers, consisting in ensuring platform security and developing the services.

§4. Profile Data Visibility

Selected profile information may be visible to other users of the platform in order to enable the user-matching feature.

The user is responsible for the content published in their profile.

§5. Third-Party Login

Users may log in to the application using external services:

  • Google,
  • Apple,
  • Facebook.

In such cases, the Controllers may receive basic data associated with the user’s account in the relevant service.

When logging in via Apple, users may use Apple’s email address hiding feature.

§6. Data Sharing

User data are not sold to third parties.

Data may be entrusted to entities that support the operation of the platform, in particular:

  • hosting providers,
  • payment operators,
  • cloud infrastructure providers,
  • analytics and technical service providers.

The platform may use cloud infrastructure and database services, in particular Supabase, to ensure the operation of the application and to store user data and files.

The platform may use analytical tools provided by third parties, in particular Google Analytics or Firebase Analytics, for the purposes of traffic analysis, usage statistics, and service development.

Some data may be processed outside the European Economic Area by technology service providers, solely in accordance with applicable law and appropriate data safeguards.

Data processors are required to maintain appropriate security measures.

§7. Data Retention Period

Data are retained:

  • for the duration of the user’s account,
  • until the account is deleted,
  • for the period required by law.

After an account is deleted, data may be erased or anonymised.

§8. User Rights

Users have the right to:

  • access their data,
  • rectify their data,
  • erase their data,
  • restrict the processing of their data,
  • withdraw consent at any time,
  • lodge a complaint with the President of the Personal Data Protection Office (UODO).

For matters relating to data protection, users may contact: kontakt@dyzury.app

§9. Account Deletion

Users may delete their account at any time using the function available in the application or by contacting the Controllers.

§10. Data Security

The Controllers apply appropriate technical and organisational measures to protect personal data, in particular:

  • SSL/TLS connection encryption,
  • server and database security measures,
  • restricted access to data,
  • regular system updates.

§11. Cookies

The platform may use cookies and similar technologies for the purposes of:

  • ensuring the correct operation of the service,
  • maintaining user sessions,
  • traffic analysis and service development.

Use of the service constitutes consent to the use of essential cookies.

§12. Age Restrictions

The platform is intended solely for adults (18+).

The Controllers do not knowingly process data of minors.

§13. Reporting Violations

Users may report:

  • security breaches,
  • inappropriate content,
  • privacy violations,
  • conduct in breach of the terms of service,

by contacting: kontakt@dyzury.app

§14. Changes to the Privacy Policy

The Controllers reserve the right to update this Privacy Policy.

Users will be notified of significant changes via:

  • e-mail,
  • the website,
  • the application.