RiseCrew — Last updated: May 2026

Privacy Policy

RiseCrew is a peer-support space for people living with chronic illness or navigating health challenges. This policy explains how we collect, use, and protect your personal data, in compliance with the General Data Protection Regulation (GDPR).

1. Data Controller

RiseCrew
Contact: contact@risecrew.app

2. Data We Collect

  • Account: email address, password (hashed).
  • Profile: display name, bio, health journey type (if provided), participation mode, stage of journey.
  • Activity: private messages, group messages, reactions, comments, group memberships, profile posts.
  • Technical: connection logs (IP address, timestamps) retained by the hosting infrastructure.

⚠️ Your health journey type constitutes health data under Article 9 GDPR. By providing it, you give your explicit consent to its processing. The service is accessible from age 16.

3. Purposes and Legal Basis

Purpose Legal basis
Service provision (account, groups, messages) Contract performance (Art. 6.1.b GDPR)
Profile personalisation and group suggestions Consent (Art. 6.1.a — health data: Art. 9.2.a)
Community moderation and safety Legitimate interest (Art. 6.1.f GDPR)
Transactional emails (confirmation, password reset) Contract performance (Art. 6.1.b GDPR)

4. Retention Periods

  • Active account: data is retained for as long as your account exists.
  • After account deletion: your email, password, and profile data are immediately deleted. Your group messages are anonymised (author replaced with "Deleted user") to preserve shared conversation history. Your private conversations are deleted.
  • Technical logs: retained for a maximum of 30 days by the hosting provider.

5. Data Recipients

Your data is never sold or shared with third parties. It is only transmitted to sub-processors necessary to run the service:

  • Hetzner Online GmbH (server hosting, Germany — EU);
  • Resend Inc. (transactional email delivery, United States — transfer governed by EU Standard Contractual Clauses).

6. Your Rights

Under Articles 15–22 GDPR, you have the following rights:

  • Access — obtain a copy of your personal data.
  • Rectification — correct inaccurate information.
  • Erasure — delete your account directly from Account settings → Delete account.
  • Portability — receive your data in a structured format (on request).
  • Objection and restriction — object to certain processing or request its restriction.
  • Withdrawal of consent — withdraw your consent at any time for consent-based processing.

To exercise your rights, contact us at contact@risecrew.app. You may also lodge a complaint with your local supervisory authority (in France: CNIL).

7. Security

All communications are encrypted via HTTPS (TLS). Passwords are hashed with bcrypt. Access to data is restricted to authorised personnel. We apply appropriate technical and organisational measures to protect your data.

8. Changes to this Policy

Any material changes to this policy will be notified by email or via a banner on the platform. The date of last update appears at the top of this page.