Privacy Policy

1. Introduction

Neawist ("we," "our," or "us") is committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and other applicable EU and Dutch privacy laws. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our neighborhood review platform.

2. Information We Collect

2.1 Personal Information

• Name and email address (when you create an account)
• Profile information (avatar, preferences)
• Authentication data from third-party providers (Google, Apple)

2.2 Usage Information

• Search queries and neighborhood interactions
• Reviews and ratings you submit
• Device information and browser type
• IP address and location data (for neighborhood matching)

2.3 Geolocation Data

3. How We Use Your Information

We process your personal data for the following purposes:

• Service provision: Provide and improve our neighborhood review services
• Authentication: Authenticate users and prevent fraud
• Geographic matching: Match addresses to neighborhoods accurately using location data
• Communications: Send important service updates and notifications
• Analytics: Analyze usage patterns to enhance user experience
• Content moderation: Review and moderate user-generated content to ensure compliance with our Community Guidelines

3.1 Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Consent (Art. 6(1)(a) GDPR): When you create an account and accept our terms, including for marketing communications (opt-in basis)
• Contract Performance (Art. 6(1)(b) GDPR): To provide our review platform services as agreed in our Terms of Service
• Legitimate Interest (Art. 6(1)(f) GDPR): For fraud prevention, security, analytics, and service improvement
• Legal Obligation (Art. 6(1)(c) GDPR): To comply with EU/Dutch legal requirements, including DSA obligations

4. Information Sharing and Data Processors

We do not sell, trade, or rent your personal information to third parties. We may share information only in these limited circumstances:

• With your explicit consent
• To comply with legal obligations (e.g., court orders, DSA takedown requests)
• To protect our rights and prevent fraud
• With service providers who assist our operations (data processors under GDPR Art. 28)

4.1 Data Storage and Processing

We use trusted service providers who process personal data on our behalf. All processors are bound by Data Processing Agreements (DPAs) and GDPR compliance requirements:

• Hosting & Infrastructure: EU-based providers for data storage and application hosting
• Authentication: Google OAuth for secure login (see Google's Privacy Policy)
• Analytics: Privacy-friendly, GDPR-compliant analytics tools that do not use cookies or track personal data
• Geospatial Services: EU-based address lookup and mapping services

Data Location: All user data is stored within the European Union. Where third-party services involve data transfers outside the EU (e.g., Google authentication), we ensure adequate safeguards through Standard Contractual Clauses (SCCs) or other GDPR-compliant mechanisms.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. This includes encryption, secure servers, and regular security audits.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law:

• Account data: Retained while your account is active, and for 30 days after account deletion (to allow recovery)
• Reviews: Retained while your account is active. Upon account deletion, reviews are anonymized (personal identifiers removed) to preserve community value while protecting your privacy
• Authentication logs: Retained for 90 days for security purposes
• Moderation logs: Retained for 12 months to comply with DSA requirements
• Analytics data: Anonymized and aggregated, retained for 24 months
• Legal/compliance records: Retained as required by Dutch/EU law (typically 7 years for financial/tax records)

You can request early deletion of your data by contacting [email protected], subject to our legal obligations.

7. Your Rights Under GDPR

As a data subject in the EU, you have the following rights:

• Right of Access (Art. 15): Request a copy of your personal data we hold
• Right to Rectification (Art. 16): Correct inaccurate or incomplete data
• Right to Erasure (Art. 17): Request deletion of your account and personal data ("right to be forgotten")
• Right to Restriction (Art. 18): Limit how we process your data in certain circumstances
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
• Right to Object (Art. 21): Object to processing based on legitimate interests
• Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time (where consent is the legal basis)
• Right to Lodge a Complaint: File a complaint with your national data protection authority (in NL: Autoriteit Persoonsgegevens)

How to exercise your rights:
Email [email protected]with your request. We will respond within 30 days as required by GDPR. Some rights may be limited by legal obligations (e.g., we cannot delete data we're required to retain by law).

8. Cookies and Tracking

We use minimal cookies for essential functionality only. We do not use tracking, advertising, or analytics cookies.

8.1 What Cookies We Use

• Authentication Cookies: Required to keep you logged in and maintain your session. These are essential for the platform to function and cannot be disabled if you want to use Neawist.
• Session Cookies: Temporary cookies that are deleted when you close your browser.

8.2 What We Don't Use

• No marketing or advertising cookies
• No cross-site tracking
• No Google Analytics
• No Facebook Pixel or similar trackers

8.3 Analytics

We use privacy-friendly, GDPR-compliant analytics that:

• Do not use cookies
• Do not track personal data
• Do not track you across websites
• Store all data within the EU

8.4 Third-Party Cookies

When you log in with Google, Google may set their own cookies. These are governed by Google's Privacy Policy, not ours.

8.5 Managing Cookies

You can control cookies through your browser settings:

• Most browsers allow you to refuse or delete cookies
• However, disabling essential cookies will prevent you from logging in
• Authentication cookies typically expire after 30 days of inactivity

9. Third-Party Services

Our platform integrates with third-party services that may have their own privacy policies:

• Authentication: Google OAuth for secure login (see Google's Privacy Policy)
• Address Lookup: EU-based government services for accurate address matching
• Maps: Privacy-friendly, community-driven mapping services

We encourage you to review the privacy policies of these services. We are not responsible for their data practices.

10. User-Generated Content and Reviews

Important: Reviews you post are publicly visible and may indirectly contain personal information (e.g., mentioning your neighborhood, living situation). Please follow our Community Guidelines in our Terms of Service and:

• Do not include names, addresses, or identifiable information about yourself or others
• Focus on the neighborhood, not individuals
• Understand that reviews may remain anonymized even after account deletion to preserve community value

10.1 Public Profile Information

When you post reviews, the following information is publicly visible by default:

• Display name: Your name or chosen display name
• Avatar: Your profile picture (avatar URL from your authentication provider, e.g., Google)
• Review content: The text and ratings you provide
• Review date: When you posted the review

11. Children's Privacy

Our service is not intended for children under 16 (the age of digital consent in the Netherlands and many EU countries). We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us immediately at [email protected].

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform features. Material changes will be communicated via:

• Email notification to registered users
• Prominent notice on our website
• Updated "Last updated" date at the top of this policy

We encourage you to review this Privacy Policy periodically. Continued use after changes constitutes acceptance of the updated policy.

13. Contact Us & Data Protection Authority

If you have any questions about this Privacy Policy, wish to exercise your GDPR rights, or have privacy concerns:

Dutch Data Protection Authority:
If you believe your rights have been violated, you can file a complaint with: