Privacy Policy

Last updated: March 8, 2025

1. Introduction

Welcome to Doubl! We take your privacy seriously and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services. It complies with:

  • The General Data Protection Regulation (GDPR) (EU Regulation 2016/679), applicable to users in the European Union.

  • The French Data Protection Act (Loi Informatique et Libertés) and CNIL guidelines.

  • The Swiss Federal Act on Data Protection (FADP), effective September 2023.

  • The California Consumer Privacy Act (CCPA) (Cal. Civ. Code § 1798.100 et seq.) for users in the United States (California).

By using Doubl, you agree to this Privacy Policy.

2. Information We Collect

2.1 Types of Data Collected

We collect and process the following categories of personal data:

  • Mandatory Information: Full name, email address, profile picture, event participation details.

  • Optional Information: Interests, age, gender, location, affiliated institution or company.

  • Encrypted Information: User-to-user messages (end-to-end encrypted and unreadable by Doubl).

  • Analytics & Technical Data: Usage data from Google Analytics, Sentry, App Store analytics.

  • Cookies & Tracking Data: Collected via cookies, web beacons, and similar technologies.

2.2 Purpose of Data Collection

We process personal data for the following purposes:

  • Service Provision: To operate and improve our services.

  • Security & Fraud Prevention: To ensure user safety and detect misuse.

  • Customer Support: To respond to inquiries and provide assistance.

  • Legal & Compliance Obligations: To comply with applicable laws.

3. Legal Basis for Processing Data

Under GDPR (Article 6), CNIL, FADP, and CCPA, we rely on the following legal bases:

  • User Consent (GDPR Art. 6(1)(a)): When you sign up, accept cookies, or opt-in to marketing.

  • Contractual Necessity (GDPR Art. 6(1)(b)): To provide our services.

  • Legitimate Interests (GDPR Art. 6(1)(f)): Security, fraud prevention, service improvement.

  • Legal Compliance (GDPR Art. 6(1)(c)): To fulfill regulatory obligations.

4. User Rights

Under GDPR (Arts. 12-22), CNIL, FADP, and CCPA, you have the right to:

  • Access your personal data (Art. 15 GDPR, CCPA § 1798.110).

  • Rectify inaccurate information (Art. 16 GDPR).

  • Request data deletion (Right to be Forgotten) (Art. 17 GDPR, CCPA § 1798.105).

  • Request portability of your data (Art. 20 GDPR).

  • Withdraw consent at any time (Art. 7(3) GDPR).

  • Opt-out of data sharing and tracking (CCPA § 1798.120, GDPR Art. 21).

  • Lodge a complaint with a data protection authority (CNIL in France, the Federal Data Protection and Information Commissioner in Switzerland, or relevant EU DPA).

To exercise your rights, contact legal@getdoubl.com. For account deletion, email support@getdoubl.com.

5. Data Storage, Retention, and Security

  • Data is stored on Supabase and AWS servers in the European Union.

  • All data is encrypted at rest and in transit.

  • Retention Period: Data is deleted 30 days after account deletion, unless legally required otherwise.

  • Security Measures: Regular audits, access controls, and employee training ensure compliance.

6. Data Sharing and Third Parties

We share data with trusted service providers under strict compliance:

  • Supabase (Authentication, database management).

  • AWS (Cloud storage, server infrastructure).

  • Google Analytics, Sentry (Analytics and error tracking).

All third parties adhere to GDPR, CNIL, FADP, and CCPA regulations via contractual agreements.

7. International Data Transfers

  • EU & Swiss Users: Data remains stored in the European Union.

  • California Users: CCPA protections apply.

  • Cross-border transfers comply with GDPR Chapter V, Swiss adequacy decisions, and CCPA safeguards.

8. Cookies and Tracking

  • EU & Swiss users can manage consent via our cookie banner (GDPR Art. 7, CNIL guidelines).

  • California users can opt-out of tracking under CCPA § 1798.135.

9. Children's Data

  • Doubl is intended for users aged 16 and older (GDPR Art. 8).

  • We do not knowingly collect or process data from children under 16.

10. Data Breach Notification

  • In case of a breach, affected users and relevant authorities will be notified within 72 hours as per GDPR Art. 33-34, FADP, and CNIL requirements.

11. Policy Updates

  • This Privacy Policy is reviewed regularly and may be updated.

  • Users will be notified of significant changes.

12. Contact Information

For privacy inquiries, please contact our Data Protection Officer (DPO):

Vincent Adler
 Email: legal@getdoubl.com
 Address: Donnerbrink 3, 33619 Bielefeld, Germany



© 2025 Doubl. All rights reserved.

All content, trademarks, logos, and intellectual property displayed on this website and the Doubl mobile application are the exclusive property of Doubl, unless otherwise stated. Any unauthorized use, reproduction, modification, distribution, or display of our content without explicit written permission is strictly prohibited.

If you believe that any content on this website or our mobile application infringes your copyright, you may submit a notification under the Digital Millennium Copyright Act (DMCA) by contacting us at legal@getdoubl.com.

This copyright notice applies globally, in accordance with applicable copyright laws of Germany, the European Union, the United States, France, and Switzerland. Any disputes arising from copyright claims shall be governed by the applicable jurisdiction in which Doubl operates.