Privacy Policy

Effective date: 23 May 2026 · Version: 1.0 · Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) · goyova.com/legal/privacy

1. Introduction

This Privacy Policy describes how Tim Hulsen, a natural person operating the Goyova service from Shop 2/290 Boundary Street, Spring Hill QLD 4000, Australia ("we", "us", "our"), collects, uses, stores, shares, and protects personal information when you use the Goyova mobile application, the goyova.com website, or any related services (the "Service").

We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We also follow:

GDPR principles for users in the EU, EEA, and UK
California Consumer Privacy Act (CCPA) for users in California
EU Digital Services Act (DSA) trader transparency rules for distribution in the EU

By using the Service, you consent to the practices in this Policy. If you do not agree, please do not use the Service.

The current Goyova service operates without user accounts. You are identified only by an anonymous device identifier stored on your own device. There is no sign-up, no login, no password, no email registration. This Policy reflects that anonymous-only model.

When Goyova transitions to operating as Goyova Pty Ltd later in 2026, this Policy will be reissued. If user accounts are added, this Policy will be updated to describe the additional information collected at that time.

2. Who we are — data controller

Tim Hulsen (operator) is the entity responsible for the personal information collected through the Service.

For users in the EU/EEA/UK, we act as the data controller under GDPR.

Privacy contact: [email protected] (general support: [email protected])

3. What personal information we collect

We collect only what is necessary to operate the Service. The Goyova app currently collects the following.

3.1 Anonymous device identifier ("Device ID")

A random identifier is generated on your device when you first launch the Service and stored locally in your device's app storage. This identifier:

Allows you to vote on community posts without voting twice
Allows you to submit reports on objectionable posts without flooding the system
Powers your local "blocked users" list
Tracks your own community posts so you can edit or delete them
Is not linked to your real name, email, government identifier, or any other personally identifying information

Under the Privacy Act 1988 and GDPR, this Device ID may be considered pseudonymous personal information, because in theory a court order to us combined with a court order to your network operator could re-identify a single device. In practice we never seek to do so.

3.2 Community post content (if you choose to submit a post)

When you voluntarily submit a community visit report, we store on our servers:

The text of your comment (up to a per-post character limit)
The visit date (day / month / year you entered)
The visit location label (a place name you typed — not your current GPS position)
The display name you optionally choose to attach to the post
The photos you choose to upload, stored on Cloudflare R2

Photos are displayed publicly to all Service users on the relevant event page along with the visit location and date you provide.

3.3 Voting and report records

When you vote (thumbs up / thumbs down) on a community post or submit a report against another post, we record:

Your Device ID
The post being voted on or reported
The vote type or the report category (spam, harassment, offensive, misleading, other)
A timestamp

These records prevent vote-stuffing and abuse-of-report.

3.4 Photos uploaded for community posts — additional handling notice

When you upload a photo to a community post:

The photo is sent from your device to our server (Cloudflare Worker at api.goyova.com)
It is stored on Cloudflare R2 (object storage)
It is associated with your Device ID

EXIF metadata handling: Before upload, the photo is re-encoded on your device to remove EXIF metadata, including embedded GPS coordinates, camera identifiers, and timestamps. If re-encoding fails for any reason, the original photo is sent instead — this fallback is rare.

3.5 Location data (GPS) — on-device only

The Service requests location permission to calculate distances between you and natural events and to display events near you on the map. GPS coordinates are processed only on your device. They are never sent to our servers in raw form.

You may decline location permission and still use the Service (without distance-sorted results).

3.6 Camera and photo library — on use only

The Service requests camera and photo library permissions only when you actively tap "Add photo" on a community post. We do not access your camera or photo library at any other time. We never access photos other than the one you specifically choose to upload.

3.7 Usage analytics

We use PostHog (with infrastructure hosted in the European Union at eu.i.posthog.com) for product analytics. PostHog receives:

Anonymous usage events (which screens you view, which features you use)
App version, operating system, device model
Country-level (not city-level) geographic indicator derived from your IP address

PostHog is configured in identified_only mode, meaning anonymous users remain anonymous. PostHog does not set cookies in the mobile app. On the goyova.com website, PostHog is configured in memory-only persistence mode and does not set cookies. The Service does not set tracking cookies for behavioural advertising or cross-app tracking.

3.8 Technical and connection data

When you access the Service, our infrastructure providers (Cloudflare, Supabase) receive standard technical request data: IP address, browser or app type, request timestamps, and HTTP headers. This is used for security, abuse prevention, and infrastructure operation.

3.9 Trip data — stored only on your device

When you create a trip in the app, the trip name, stops, dates, hotel/airport/car/tour details, and event references are stored only on your device using local app storage. We do not store your trip data on our servers.

You can export your trip data to a JSON file or PDF at any time via Settings → Back up trips.

4. What we do NOT collect

We do not collect or process:

Your real name (the optional display name is your choice)
Email address (no accounts exist)
Phone number
Passwords
Browsing history outside the Service
Contacts, calendar, or SMS data
Payment or financial information (the Service is free; we do not process payments)
Sensitive information as defined by the APPs (health, sexual orientation, political opinions, religious beliefs, racial or ethnic origin, criminal record, biometric data, genetic data) — unless you voluntarily include such content in a community post, which you should not
Government identifiers (passport number, driver's licence number, tax file number, Medicare number, etc.)
Any data when the Service is not actively in use

5. Legal basis for processing

5.1 Australian Privacy Principles (APPs)

We collect personal information only by lawful and fair means and only where reasonably necessary for our functions. Bases relied upon:

Consent (APP 3) for community posts, photo uploads, and the optional display name
Necessary for our functions (APP 3) for the Device ID (abuse prevention) and technical infrastructure

5.2 GDPR (for EU/EEA/UK users)

Data category	Legal basis (GDPR Article 6)
Location data (on-device only)	Legitimate interest — providing core distance/nearby features (Art 6(1)(f))
Device ID	Legitimate interest — preventing vote-stuffing and abuse (Art 6(1)(f))
Community posts and photos	Consent — you choose to submit (Art 6(1)(a))
Anonymous analytics (PostHog)	Legitimate interest — product improvement (Art 6(1)(f))

You may withdraw consent at any time. Withdrawal does not affect lawful processing carried out before withdrawal.

5.3 CCPA (California residents)

See Section 10 for California-specific rights.

6. How we use your personal information

We use the information described above only for the following purposes:

Device ID: to operate community voting and reporting, and to apply your local block list
Community User Content: to display your visit report (with location label, date, and optional display name) to other users of the Service
Promoted photos: highly-rated User Content may be promoted as the main event photo and the location data used to update event coverage
Usage analytics: to understand how the Service is used and to improve features (anonymous only — PostHog)
Technical data: to operate the Service securely and prevent abuse
Service communications: in rare cases, we may need to contact you in response to a request you initiated (e.g., a deletion request you sent us by email)

We do not:

Use your information for advertising or marketing
Sell or "share" your information to any third party for cross-context behavioural advertising
Use your data for automated decision-making with legal or similarly significant effects
Profile you for advertising purposes

7. Who we share personal information with

We share personal information only with the service providers necessary to operate the Service. All providers are bound by their published privacy policies and any applicable data processing terms.

7.1 Infrastructure providers

Provider	Role	Data shared	Location
Supabase Inc. (supabase.com)	Database, file metadata	Community posts, photo metadata, votes, reports	Japan (Tokyo, ap-northeast-1)
Cloudflare Inc. (cloudflare.com)	API hosting, CDN, R2 photo storage	IP address (transient), request data, uploaded photos	Global edge / United States
Expo Application Services (expo.dev)	App build infrastructure, OTA updates	Anonymous build telemetry	United States

7.2 Map and geocoding

Provider	Role	Data shared
CARTO (carto.com)	Map tile rendering	IP address (transient), tile request data
OpenStreetMap / Nominatim	Place-name geocoding	Your typed search query, IP address (transient)

7.3 Stock photo providers (for event hero photos curated by us)

Provider	Role	Data shared
Unsplash, Pexels, Pixabay, Wikimedia Commons, Flickr	Source of event illustration photos	IP, device info (transient — only when device fetches photo)

7.4 Analytics

Provider	Role	Data shared
PostHog Inc. (eu.i.posthog.com — EU hosted)	Anonymous product analytics	Anonymous usage events, app version, device type, country-level location

7.5 Affiliate redirects

When you tap an affiliate link in the Service (e.g., to a third-party booking site), you are redirected to that third party's site. That third party processes your data under their own privacy policy. We do not share your personal information with affiliates; only an anonymous click identifier may be passed for commission attribution.

7.6 Legal and safety disclosures

We may disclose personal information if required by law, valid court order, or where reasonably necessary to:

Comply with legal obligations
Enforce our Terms of Service or Privacy Policy
Protect the rights, property, or safety of Tim Hulsen, our users, or others
Investigate suspected fraud, abuse, or unlawful activity

7.7 Business transfers

If we are involved in a merger, acquisition, corporate restructure, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you and provide an opportunity to opt out where required by law.

8. International data transfers

Our database (Supabase) is located in Japan (Tokyo, ap-northeast-1 region). Other primary infrastructure (Cloudflare, Expo) is located in the United States. PostHog analytics are hosted in the European Union.

For Australian users: we comply with APP 8 (cross-border disclosure). We take reasonable steps to ensure overseas recipients comply with the APPs or are subject to a law substantially similar to the APPs.

For EU/EEA/UK users: transfers to the United States and Japan rely on Standard Contractual Clauses (SCCs) as approved by the European Commission, where applicable.

9. How long we keep your data

Data	Retention
Device ID	Stored locally on your device only; deleted when you tap Settings → Clear my data, or when you uninstall the app or clear app storage
Community User Content (posts, photos, comments)	Indefinitely until you request deletion (in-app or by email), content is removed via moderation, or the Service is discontinued. Promoted photos used as primary event photos may be retained as part of the event record after your deletion request unless you separately request their removal.
Votes and report records	Retained while the associated post exists; deleted when the post is deleted
Server-side location	Never retained (location is processed only on-device)
Trip data	Stored only on your device; deleted when you uninstall the app or clear app storage
Technical logs (Cloudflare, Supabase, Worker)	Up to 90 days for security and abuse prevention
Moderation records	Up to 24 months for abuse prevention and dispute resolution
Anonymous analytics (PostHog)	Up to 12 months

After deletion, anonymised statistical data may be retained indefinitely for product and business analytics.

10. Your rights — all users

You have the right to:

Access personal information we hold about you (limited to information linked to your Device ID, since we do not collect names or emails)
Correct inaccurate or incomplete information (typically by editing your post in-app, or by emailing us)
Request deletion of your community posts, photos, votes, and reports
Withdraw consent for community features by requesting deletion in-app via Settings → Clear my data, or by email
Use the Service without ever submitting any community content
Lodge a complaint with the relevant privacy authority

In-app deletion: tap Settings → Clear my data in the app. This action calls our server to delete all posts, photos, votes, and reports linked to your Device ID, and clears the Device ID itself from your device. The deletion is processed immediately.

Email-based deletion (for promoted photos that have been used as primary event photos, or where in-app deletion does not fully cover your concern): email [email protected] from any email address. Describe what you want deleted. Include your Device ID if you know it (it is stored under the key @device_id in your app storage; or contact us and we will help you find it). We respond within 30 days.

11. California residents (CCPA)

California residents have rights under the California Consumer Privacy Act:

The right to know what personal information we collect, use, and disclose
The right to request deletion of personal information we collect
The right to opt out of the sale or sharing of personal information — we do not sell or share personal information for cross-context behavioural advertising
The right to correct inaccurate personal information
The right to non-discrimination for exercising these rights

To exercise CCPA rights, email [email protected].

12. EU/EEA/UK users (GDPR)

EU/EEA/UK users have the rights in Section 10, plus:

Data portability — receive your data in a structured, machine-readable format
Object to processing based on legitimate interest
Restriction of processing
Automated decisions — we do not engage in automated decision-making with legal or similar significant effects

Supervisory authority: you have the right to lodge a complaint with your national data protection authority.

EU Digital Services Act (DSA) — trader information: in accordance with the DSA, in EU member states our trader contact information is displayed on the App Store / Play Store listing for the Service. See goyova.com/legal/terms Section 24 for current contact information.

13. Children's privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13.

If we learn we have inadvertently collected personal information from a child under 13 without verifiable parental consent, we will delete it promptly. If you believe a child has submitted personal information, please email [email protected].

Users aged 13-17 may use the Service with parental or guardian awareness. The Service is rated 12+ on the Apple App Store and Teen (T) on Google Play.

14. Security

We implement reasonable technical and organisational measures to protect your personal information:

All data is transmitted over HTTPS/TLS
Database access uses Row-Level Security (RLS) on Supabase
API credentials are stored in encrypted environment variables, never in client code
EXIF metadata is removed from uploaded photos on your device before upload (see Section 3.4)
File type and size validation on uploads
Multi-user-reported content is automatically hidden pending review
Regular review of third-party providers

No system is perfectly secure. If you become aware of a security issue, please report it to [email protected] with subject "Security".

Data breach notification: in the event of an eligible data breach under the Privacy Act 1988 (Notifiable Data Breaches scheme), we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by law.

15. App Store privacy labels

The Service is distributed via the Apple App Store and Google Play Store. Apple Inc. and Google LLC are not parties to this Privacy Policy and are not responsible for our data practices. Their own privacy policies apply to their independent processing.

App Store privacy labels and Google Play Data Safety disclosures accurately reflect this Privacy Policy. If you notice a discrepancy, please report it to [email protected].

16. Changes to this Policy

We may update this Privacy Policy from time to time. The version number and "Effective date" at the top reflect the latest revision. Material changes will be notified via in-app notice and on goyova.com/legal/privacy at least 14 days before they take effect.

17. Contact

Tim Hulsen, operator of the Goyova service.

Postal: Shop 2/290 Boundary Street, Spring Hill QLD 4000, Australia General contact: [email protected] Privacy queries: [email protected] DMCA / content takedown: [email protected] Legal notices: [email protected] Website: goyova.com

Complaints: if you are not satisfied with our handling of a privacy concern, you may lodge a complaint with:

Office of the Australian Information Commissioner (OAIC) Website: oaic.gov.au Phone: 1300 363 992 (within Australia)