Gellog

Privacy Policy

Last updated: 9 April 2026

DISCLAIMER: This Privacy Policy was drafted with AI assistance and reviewed by the operator of Gellog. It is not a substitute for legal advice. If you have questions about your rights under GDPR, you may contact us directly or consult a legal professional.

1. Who We Are

Gellog is a gelato logging and discovery application developed and operated by:

Sidus Studio
Zoetermeer, Netherlands
Email: support@gellog.app
Website: https://gellog.app

Sidus Studio is registered with the Dutch Chamber of Commerce as a sole proprietorship. We are the data controller responsible for your personal data.

2. What Data We Collect

2.1 Account Data

When you create an account, we collect:

  • Email address
  • Username (chosen by you)
  • Display name (optional)
  • Profile photo (optional)
  • Password (stored as a secure hash — we never see your plain-text password)

2.2 Gelato Log Data

When you log a gelato visit, we collect:

  • Salon name and location (via Google Places API)
  • Flavours tried and ratings given
  • Overall visit rating
  • Photos you upload
  • Notes you write
  • Date and time of the visit
  • Cup or cone selection
  • Price paid (optional)

2.3 Weather Data

When you log a visit, we automatically capture weather conditions at your location using the Open-Meteo API. This includes temperature, apparent temperature, and weather condition. Open-Meteo does not receive any personally identifiable information — only your approximate coordinates at the time of logging.

2.4 Location Data

We request your device location only when you actively log a gelato visit, in order to capture weather data and pre-fill the salon location. We do not continuously track your location. Location data is not stored as a separate record — it is used only at the moment of logging.

2.5 Social Data

If you use Gellog's social features, we store:

  • Follow/following relationships between users
  • Likes and comments you make on logs
  • Your visibility settings (public / friends / private)

2.6 Payment Data

If you subscribe to a paid tier, payment is handled by Stripe. Gellog never sees, stores, or processes your card details. Stripe stores your payment information securely. We receive only a customer ID and subscription status from Stripe. For more information, see Stripe's Privacy Policy at stripe.com/privacy.

2.7 Technical Data

We automatically collect basic technical information when you use the app:

  • Browser type and version
  • Device type (mobile / desktop)
  • Pages visited and time spent
  • Error logs

This data is used solely to maintain and improve the service.

3. How We Use Your Data

We use your personal data for the following purposes:

  • To create and manage your Gellog account
  • To provide the gelato logging and discovery features
  • To show your logs in your feed and on your profile
  • To enable social features (following, liking, commenting)
  • To process your subscription payments via Stripe
  • To send you transactional emails (account verification, password reset)
  • To improve the app based on usage patterns
  • To respond to your support requests

We do not use your data for advertising. We do not sell your data to third parties.

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your data under the following legal bases:

  • Contract performance: processing necessary to provide the Gellog service you signed up for
  • Legitimate interests: improving the service, preventing fraud, ensuring security
  • Consent: where you have explicitly given consent (e.g. location access)
  • Legal obligation: where required by Dutch or EU law

5. Third-Party Services

Gellog uses the following third-party services that may process your data:

Supabase (database and file storage)
Your account data, logs, photos, and app data are stored on Supabase servers. Supabase stores data in EU-based infrastructure. Privacy policy: supabase.com/privacy

Vercel (hosting)
The Gellog web application is hosted on Vercel. Vercel may process request data (IP addresses, headers) as part of serving the application. Privacy policy: vercel.com/legal/privacy-policy

Google Maps & Places API (location search)
We use Google's Places API to help you find and identify gelato salons. Search queries are sent to Google's servers. Privacy policy: policies.google.com/privacy

Stripe (payments)
Subscription payments are processed by Stripe, Inc. Your payment details are handled entirely by Stripe and never stored by Gellog. Privacy policy: stripe.com/privacy

Open-Meteo (weather data)
We use the Open-Meteo API to fetch weather conditions at the time you log a visit. Only your approximate coordinates are sent — no personal data. Open-Meteo does not store requests. Privacy policy: open-meteo.com/en/terms

6. Data Retention

We retain your data for as long as your account is active. You can delete your account at any time from the Settings page. When you delete your account:

  • Your profile, logs, flavour ratings, and photos are permanently deleted
  • Your comments and likes are removed
  • Aggregated, anonymised data (e.g. total visits to a salon) may be retained

Payment records may be retained for up to 7 years as required by Dutch tax law (Belastingdienst).

7. Your Rights Under GDPR

As a resident of the EU/EEA, you have the following rights:

  • Right of access: request a copy of the data we hold about you
  • Right to rectification: ask us to correct inaccurate data
  • Right to erasure: request deletion of your data ('right to be forgotten')
  • Right to restriction: ask us to limit how we process your data
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to object: object to processing based on legitimate interests

To exercise any of these rights, email us at support@gellog.app. We will respond within 30 days.

You also have the right to lodge a complaint with the Dutch Data Protection Authority (autoriteitpersoonsgegevens.nl).

8. Data Security

We take reasonable measures to protect your personal data, including:

  • All data transmitted to/from Gellog is encrypted using HTTPS/TLS
  • Passwords are hashed using industry-standard algorithms (handled by Supabase Auth)
  • Database access is restricted using Row Level Security (RLS) policies
  • We do not store payment card data

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

9. Children's Privacy

Gellog is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us at support@gellog.app and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via the app or by email. The 'Last updated' date at the top of this document reflects the most recent revision. Continued use of Gellog after changes take effect constitutes acceptance of the revised policy.

11. Contact

For any privacy-related questions or requests:

Email: support@gellog.app
Website: https://gellog.app
Sidus Studio, Zoetermeer, Netherlands