Privacy Policy CompleteSearch

Last updated: February 8, 2026

CompleteSearch ("we", "us", "our") respects your privacy. This Privacy Policy explains what data the app processes, why, for how long, and your rights under the GDPR.

1. Data Controller

Mimet
Email: info@mimet.nl

2. What data do we process?

CompleteSearch works without account registration. We only process data required to operate the app:

1) Location Data (precise GPS location)
Purpose: live map display, route/spotlight rendering, and real-time synchronization within a map room.

2) User Input
Nickname (required in the app)
Drawing objects on the map (circle, polygon, star)
Purpose: collaboration in rooms and participant identification within a room.

3) Technical Identifier (UUID/device key)
Purpose: room presence and real-time synchronization.
This identifier is pseudonymous and does not itself contain name or email.

4) Room Data
6-digit map code
Room events (join/leave/presence sync)

5) Local Device Storage
Last used nickname
Recently visited map codes
Purpose: usability (faster rejoin flow).

3. What data do we not process?

• No account credentials such as password or email in the app
• No advertising tracking
• No sale of personal data

4. Legal Basis (GDPR)

We process data based on:

• Performance of a contract (Art. 6(1)(b) GDPR): real-time room functionality
• Consent (Art. 6(1)(a) GDPR): location permission via iOS prompt
• Legitimate interest (Art. 6(1)(f) GDPR): security, stability, and troubleshooting

5. Retention

• Room data (location path, drawings, and room history): up to 7 days. After that, data is automatically deleted.
• Local device data (nickname/recent rooms): stays on device until the user removes the app or clears app data.

6. Processors / Recipients

We use Supabase as a processor for database and realtime synchronization.

• Hosting region: EU-West (Ireland, AWS eu-west-1)

We do not share data with advertising networks.

7. International Transfers

Primary storage is in the EU region (Ireland). If any subprocessors outside the EEA are used, this is done only with appropriate GDPR safeguards (such as Standard Contractual Clauses), where applicable.

8. Security

We apply appropriate technical and organizational measures, including:

• Access control and key management
• Restricted data access
• Transport encryption (TLS)
• Limited retention period (7 days)

No system is 100% risk-free, but we actively reduce risk.

9. Your GDPR Rights

You have the right to:

• Access
• Rectification
• Erasure
• Restriction of processing
• Object
• Data portability
• Withdraw consent (for location via iOS settings)

You can submit requests to info@mimet.nl. Because the app has no account system, additional information may be needed to locate your data (for example map code and timeframe).

You also have the right to lodge a complaint with your local data protection authority.

10. Children

The app is not intended for use by children without parental/guardian consent where legally required.

11. Changes

We may update this Privacy Policy due to legal or functional changes. The latest version will always be available at the published policy URL.