Skip to content
Daruin
RO Coming soon

Privacy Policy

Last updated: May 1, 2026

At Daruin we take your data seriously. The app is designed for families: we don't collect what isn't necessary, and what we do collect stays on our own EU servers.

1. Who we are

The data controller is Gabriel Pîrvu (sole proprietorship registered in Romania), based in Iași. For any data-related question, write to privacy@daruin.com.

2. What we collect

Account and authentication

  • Email and password — needed to create your account. Passwords are stored hashed (bcrypt), never in plain text.
  • Active sessions — encrypted tokens, validated on every request. You can revoke them via "Logout" or "Delete account".

Profile

  • First name, last name, phone (optional), profile photo (optional), birth date (optional, for reminders), gender (optional).

Family and content

  • Family members (name, birth date, relationship) you add yourself.
  • Wishlist items, crowdfunding campaigns, contributions.
  • Photos for the memory vault, uploaded explicitly by you.
  • Payment methods you configure (Revolut tag, IBAN, account holder name) — required to receive contributions.

Technical

  • IP address and user-agent — temporary, for anti-abuse protection and server logs (kept up to 30 days).
  • Push notifications — only if you opt in from settings.

We do NOT collect: location, contacts, microphone, credit card details, data from other apps, or any advertising trackers.

3. Why we collect

  • Account operation: so you can sign in and we can show you your own data.
  • Functionality: wishlists, contributions, photo album.
  • Security: abuse detection, spam prevention.
  • Legal compliance: minimal logs as required by Romanian and EU law.

4. Legal basis (GDPR Art. 6)

  • Contract performance (Art. 6.1.b) for your account and the features you use.
  • Consent (Art. 6.1.a) for push notifications and uploaded photos.
  • Legitimate interest (Art. 6.1.f) for app security.

5. Sharing

We don't sell or share your data with anyone. The only exceptions:

  • Members you invite — see what's relevant to them.
  • Hosting and backup — Hetzner / IONOS, both EU-based and GDPR-compliant.
  • Authorities — only if legally required (valid court order).

6. Where data is stored

All data is hosted in the European Union (Germany or Romania). We don't use any US cloud. No extra-EU transfer.

7. How long we keep data

  • Active account: as long as you use it.
  • Deleted account: permanently removed within 30 days (recovery window).
  • Server logs: maximum 30 days.
  • Support tickets: 12 months after resolution.

8. Your rights (GDPR)

You have the right to:

  • Access — copy of the data we hold about you.
  • Rectification — correct inaccurate data.
  • Erasure ("right to be forgotten") — directly in settings or by email.
  • Portability — JSON data export.
  • Restriction — under certain conditions.
  • Objection — to legitimate-interest processing.

For any request: privacy@daruin.com. We reply within 30 days. Complaints to your local DPA, or Romanian DPA dataprotection.ro.

9. Children

The app is for users aged 16 and over. We don't knowingly collect data from children under 16 without parental consent. Family members you add (including your kids) may be of any age — they're managed by you and don't have their own account.

10. Cookies and storage

The mobile app uses AsyncStorage locally for the session token. The website doesn't use tracking cookies — only localStorage for language preference.

11. Changes

If we change this policy, we'll notify you via in-app message and/or email at least 14 days before it takes effect.

12. Contact

Any data-related question: privacy@daruin.com.