Privacy Policy
Last updated: 9 July 2026
Controller
Heiko Raschl, Wenzelberg 26, 85445 Oberding, Germany.
Data protection & legal contact: legal@sortie.work
General contact & content moderation / abuse reports:
request@sortie.work
Overview
Sortie is an evening-discovery app (app.sortie.work) and this website (sortie.work). This policy covers both. Sortie follows a “Tonight only” principle: presence signals and group chats are ephemeral and automatically deleted every night at 00:00 local time. We do not build persistent user profiles and do not use behavioural tracking or advertising.
1. Website (waitlist)
When you join the waitlist, we collect your email address to send the beta confirmation and updates. Legal basis: your consent (Art. 6(1)(a) GDPR). The website uses no advertising cookies and no cross-site tracking. Your email is retained for the duration of the beta program or until you request deletion — whichever comes first.
2. Account & authentication (app)
The app uses anonymous sessions: you are identified only by an anonymous session identifier, not by name or a persistent profile. This identifier is the sole identity anchor and is not linked to your real-world identity. To unlock premium (“Sortie Pro”) features, we send a magic link to your email address for sign-in. Legal basis: performance of a contract / your request (Art. 6(1)(b) GDPR).
3. Location data (app)
When you open the app, we read your device location (approximate or precise, depending on your OS permission) to show venues near you. We store your last known coordinates — a single, overwritten value, so no location history and no movement profile is created — to power nearby-venue results and, if you enable notifications, the proximity radius for alerts. You can withhold or revoke location permission in your device settings at any time; browsing still works without it. Legal basis: your consent / our legitimate interest in providing the core function (Art. 6(1)(a)/(f) GDPR).
4. Presence signals (app)
When you signal that you are going to a venue tonight, we store a presence signal (venue, chosen time slot, your anonymous session id). Presence signals are ephemeral and deleted nightly. Legal basis: performance of the service you requested (Art. 6(1)(b) GDPR).
5. Group chat & user content (app)
Sortie Pro users can join an anonymous public group chat (“Offener Tisch”). We store the messages you send in order to deliver them to the group. There is no private 1:1 messaging and no persistent profiles. All chat content is ephemeral and deleted nightly at midnight. To keep the space safe, messages pass an automated pattern filter, you can report content and block/mute participants, and a chat is frozen after repeated reports. To report abuse, use the in-app report control or email request@sortie.work; we act on reports promptly. Legal basis: performance of the service and our legitimate interest in a safe service (Art. 6(1)(b)/(f) GDPR).
6. Push notifications (app)
If you enable notifications, we store your Expo push token and your notification preferences (on/off, quiet-hours window, radius, and per-category choices) to send you relevant alerts about nearby openings. We never use push data for advertising or profiling. You can turn notifications off in-app or in your device settings at any time, which withdraws this consent going forward. Legal basis: your consent (Art. 6(1)(a) GDPR).
7. Payments (app)
If you subscribe to Sortie Pro, payment is processed by Stripe via checkout on sortie.work. Stripe handles your payment-card data directly (we do not receive or store card numbers); we receive your subscription status and the email associated with the purchase. Legal basis: performance of the contract (Art. 6(1)(b) GDPR). See Stripe’s privacy policy for their processing.
8. Analytics & error monitoring (app)
We use PostHog (product analytics) and Sentry (error and crash monitoring) to understand usage and diagnose problems. This data is processed on EU infrastructure and is pseudonymised/anonymised where possible; it is not used for advertising. Legal basis: our legitimate interest in a stable, improving service (Art. 6(1)(f) GDPR).
9. Processors & where data is stored
- Supabase — database, auth, backend (EU, Frankfurt).
- Resend — transactional email (EU).
- Stripe — payment processing.
- Expo / Apple / Google — push delivery (transfers safeguarded by Standard Contractual Clauses where applicable).
- PostHog — product analytics (EU).
- Sentry — error monitoring.
- Vercel — website and app hosting.
10. Retention
Presence signals and group chats: deleted nightly at 00:00 local time. Last-known location: overwritten on each use, deleted on account/data deletion. Push token & preferences: kept until you disable notifications or request deletion. Waitlist email: until the end of the beta or your deletion request. Payment/subscription records: as required by law (e.g. tax retention periods).
11. Your rights
You have the right to access, rectification, erasure, restriction, data portability, and objection under the GDPR, and the right to withdraw consent at any time. To exercise these rights, contact legal@sortie.work. You also have the right to lodge a complaint with the competent supervisory authority: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA).
12. Contact
Data protection & rights: legal@sortie.work
General & abuse reports: request@sortie.work