This Privacy Policy describes how CoseNostre, LLC ("we", "us", "our"), operating the Andüma! platform at anduma.io, collects, uses, and protects your personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable privacy laws.
Data Controller:
CoseNostre, LLC
18513 San Quentin Dr.
Michigan 48076, United States
Email: [email protected]
| Category | Data | Purpose | Legal Basis |
|---|---|---|---|
| Account | Name, email address | Authentication, account management | Contract performance |
| Profile | Preferred language, home province, saved favourites, trip plans | Personalisation | Contract performance / Legitimate interest |
| Location | Approximate geolocation (browser-based, on request) | "Near you" features | Consent |
| Usage | Pages visited, features used, session data | Analytics, service improvement | Legitimate interest |
| Payment | Payment method details (processed by Stripe — we do not store card data) | Subscription processing | Contract performance |
| Technical | IP address, browser type, device type | Security, fraud prevention | Legitimate interest |
We use your personal data to provide, operate and improve Andüma!; personalise your experience; process payments; send transactional emails; analyse usage; and comply with legal obligations. We do not sell your data or use it for advertising profiling.
| Service | Purpose | Privacy Policy |
|---|---|---|
| Supabase | Database and authentication | supabase.com/privacy |
| Stripe | Payment processing | stripe.com/privacy |
| Google (OAuth) | Optional sign-in | policies.google.com/privacy |
| Google Analytics | Usage analytics (anonymised) | policies.google.com/privacy |
| Netlify | Web hosting | netlify.com/privacy |
We retain your data while your account is active. Upon account deletion, data is permanently removed within 30 days, unless legally required to retain it longer.
EU/EEA users have the right to: access, rectify, erase, port, object to, or restrict processing of their data, and to withdraw consent at any time. Contact [email protected] to exercise these rights. We respond within 30 days. You may also lodge a complaint with your local data protection authority.
Andüma! uses minimal cookies and localStorage for session management and preferences. We do not use advertising tracking cookies. Google Analytics is configured with IP anonymisation.
We use HTTPS encryption, secure database infrastructure, and access controls. Payment data is handled exclusively by Stripe and never stored on our servers.
Data may be processed outside the EEA, including in the United States. We ensure appropriate safeguards including Standard Contractual Clauses where required.
Andüma! is not directed at children under 16. If you believe a child has provided data, contact