Privacy Policy for WhatsNext – Organizer

Last Updated: September 22, 2025

 

1) Information on the Collection of Personal Data and Contact Details of the Controller

1.1 General
We’re glad you’re visiting our website and app, and we appreciate your interest. Below we inform you about how we handle your personal data when you use our website and app. Personal data means any data with which you can be personally identified.
 

1.2 Controller
The controller responsible for data processing on this website and in the app within the meaning of the General Data Protection Regulation (GDPR) is:
 

CombMe UG (haftungsbeschränkt)
Backesweg 54A,
63477 Maintal, Germany
Email: contact@whatsnext-organizer.com
 

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
 

1.3 Security
For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website and app use SSL or TLS encryption. You can recognize an encrypted connection by the character string “https://” and the lock icon in your browser bar.

• CombMe UG is the controller; however, the app can be used internationally.

• Additional privacy rights apply for users in the EU, UK, the U.S., and other regions (see Section 13).

 

2) Data Collection When Visiting Our Website and Using the App

If you use our website and app for informational purposes only, i.e., without registering or otherwise transmitting information to us, we only collect the data that your browser transmits to our server (“server log files”).

Data collected includes, among other things:

• the website/app visited,

• date and time of access,

• amount of data sent in bytes,

• referrer/source from which you accessed the page,

• browser used,

• operating system used,

• IP address used (where applicable: in anonymized form).

Purpose and Legal Basis
Processing is carried out pursuant to Art. 6(1)(f) GDPR based on our legitimate interests in the stability, security, and functionality of our website and app.

• In addition, we collect in-app usage data, e.g., click behavior, participation in groups, interactions in Actions.

• These data are stored in a pseudonymized form and help us improve the app.

• Security-relevant data (e.g., upon suspicion of misuse) may be stored temporarily and analyzed.

 

3) Disclaimer for Public Actions and Transactions

As the operator of the WhatsNext platform, we allow you to create public groups and share Actions within those groups.

• Creating public groups is a paid premium feature.

• Paid Actions can be created within public groups.

Transactions

• Payments are handled exclusively via external service providers such as Stripe or PayPal.

• All transactions are processed directly between the participating users.

• WhatsNext does not act as a buyer, seller, or intermediary and assumes no liability for disputes arising from such transactions.

User Responsibility

• Users must comply with all applicable laws (tax law, consumer protection, copyright, etc.).

• Misuse may lead to suspension.

3.1 WhatsNext Addendum

• We are not a contracting party to user-to-user deals.

• Users are solely responsible for local legal obligations (e.g., taxes, invoicing).

• In the event of disputes between users (e.g., non-performance), the platform assumes no liability.

 

4) Information for Users of Public Groups

4.1 Visibility and Privacy

• Joining a public group is voluntary and at your own risk.

• Your membership is limited to the specific group you join.

• Your username is visible to other group members.

• Your mobile number or other confidential information remains hidden unless you explicitly choose to share it.

4.2 Group Notifications

• Members of public groups may receive notifications about new Actions and activities.

• These notifications are sent via the app or push messages and can be managed in the app settings.

4.3 Content Responsibility

• Content and Actions in groups are provided solely by users.

• We assume no responsibility for the accuracy, completeness, or legality of such content.

• Inappropriate content can be reported via the in-app reporting function.

4.4 Risk Notice

• Participation in groups and Actions is at your own risk.

• Be cautious when sharing personal information and interacting with other users.

• For in-person meetings or paid Actions arranged outside the app, you act on your own responsibility.

 

4.5 WhatsNext Addendum

• Community Guidelines apply and are binding. Violations may be recorded and result in sanctions (e.g., warnings, suspension).

• Content may persist after deletion as part of backups or if forwarded by other users.

• WhatsNext reserves the right to remove groups or Actions that violate laws, community rules, or Terms.

• We expressly note that the platform is not responsible for verifying the authenticity or intentions of users.

 

5) Cookies

To make visiting our website and app attractive and to enable the use of certain features, we use so-called cookies on various pages. These are small text files stored on your device.

Some cookies we use are deleted after the end of the browser session (so-called session cookies). Other cookies remain on your device and enable us to recognize your browser the next time you visit (persistent cookies).

Where cookies are set, certain user information such as browser and location data as well as IP address values are collected and processed to an individual extent. Persistent cookies are automatically deleted after a specified duration, which may differ depending on the cookie.

Where personal data are processed by cookies implemented by us, processing is carried out pursuant to Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and app and a customer-friendly and effective design of your visit.

Please note that you can set your browser to inform you about the setting of cookies and allow you to decide individually whether to accept them or to exclude acceptance of cookies for specific cases or in general. Each browser manages cookie settings differently. You can find information on changing your cookie settings in the help menus of the respective browsers here:

• Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

• Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

• Chrome: https://support.google.com/chrome/answer/95647?hl=de

• Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac

• Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Please note that if you do not accept cookies, the functionality of our website and app may be limited.

• WhatsNext may use additional cookies and tracking technologies, in particular for:

  • Analytics and security (e.g., Firebase Analytics, Crashlytics),

  • Performance measurement (e.g., load times, app stability),

  • Authentication (e.g., login status).

• On your first visit, a cookie banner is displayed to obtain your consent pursuant to Art. 6(1)(a) GDPR.

• For U.S. users: Cookies can be flagged as “Do Not Sell or Share” relevant to meet CCPA/CPRA requirements.

 

6) Contacting Us

When contacting us (e.g., via contact form or email), personal data are collected. Which data are collected in the case of a contact form can be seen from the respective form.

These data are stored and used solely for the purpose of responding to your request and the technical administration associated with it.

The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR.

Your data will be deleted after final processing of your inquiry if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

• For support inquiries, please use our central email address: contact@whatsnext-organizer.com.

• International users (e.g., U.S., UK, Brazil) may also contact us via these channels.

• Privacy inquiries should preferably be directed to contact@whatsnext-organizer.com for faster handling.

• We strive to respond to support inquiries within 72 hours.

• To detect abuse and ensure security, contact data may be logged (e.g., IP address, timestamp of the request).

 

7) No Use of Your Data for Direct Marketing and No Sharing with Third Parties

We do not use your personal data for direct marketing purposes and we do not share it with third parties at any time. Your data are used exclusively to provide and improve our services in accordance with legal requirements.

• Community notifications:

  • Users may be informed about group activities (e.g., new Actions, invitations).

  • These communications are part of the app’s functionality and not direct marketing.

  • You can adjust or disable notifications at any time in the app settings.

• No commercial disclosure:

  • We do not sell data to third parties.

  • We only share data with external service providers where necessary for platform operation (e.g., Stripe, PayPal, hosting providers).

• International note:

  • For U.S. users: Data are not “sold” within the meaning of CCPA/CPRA.

  • For EU users: Any transfers to third parties are made solely on the basis of Art. 6 GDPR and appropriate safeguards (e.g., standard contractual clauses).

 

8) Use of Social Media: Videos

This website uses YouTube’s embedding function to display and play videos from the provider “YouTube,” which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). The extended privacy mode is used, which, according to the provider, only triggers the storage of user information when video playback starts.

When playback of embedded YouTube videos is started, YouTube sets cookies to collect information about user behavior. According to YouTube, these are used, among other things, to collect video statistics, improve user friendliness, and prevent abusive actions.

If you are logged into Google, your data will be assigned directly to your account when you click a video. If you do not wish to be associated with your YouTube profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. Such evaluation is carried out in particular pursuant to Art. 6(1)(f) GDPR based on Google’s legitimate interests in displaying personalized advertising, market research, and/or the demand-oriented design of its website. You have the right to object to the creation of these user profiles; to exercise this right, you must contact YouTube.

Regardless of video playback, a connection to the Google network is established each time this website is accessed, which may trigger further data processing operations beyond our control.

Previously, transfers of personal data to Google LLC in the U.S. referenced the “Privacy Shield.”
Note: Since 2023, the EU–U.S. Data Privacy Framework (DPF) has replaced Privacy Shield. Transfers to Google LLC rely on the DPF and/or standard contractual clauses.

Further information on data protection at YouTube can be found in the provider’s privacy policy:
https://www.google.de/intl/de/policies/privacy/

• Use of YouTube content is voluntary and at your own risk.

• YouTube videos embedded in public groups are posted by users, not the platform operator; the user posting the content is solely responsible.

• WhatsNext reserves the right to remove embedded videos that violate laws, copyrights, or community rules.

 

9) Web Analytics Services

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Analytics uses “cookies,” text files stored on your computer to help analyze how you use the website. The information generated by the cookie about your use of this website (including the truncated IP address) is usually transmitted to a Google server and stored there. This may also involve transmission to servers of Google LLC in the United States.

This website uses Google Analytics exclusively with the “_anonymizeIp()” extension, which ensures IP address anonymization by truncation and excludes direct personal reference. With this extension, your IP address is truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before transmission. Only in exceptional cases is the full IP address transmitted to a Google LLC server in the U.S. and truncated there. In these exceptional cases, processing is carried out pursuant to Art. 6(1)(f) GDPR based on our legitimate interests in the statistical analysis of user behavior for optimization and marketing purposes.

On our behalf, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services relating to website and internet usage. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data.

You can prevent the storage of cookies by selecting the appropriate settings in your browser software; however, please note that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie related to your website use (including your IP address) and from processing these data by Google by downloading and installing the browser plug-in available at:
https://tools.google.com/dlpage/gaoptout?hl=de
 

As an alternative to the browser plug-in or within browsers on mobile devices, please click the following link to set an opt-out cookie that prevents collection by Google Analytics within this website in the future (this opt-out cookie works only in this browser and only for this domain; if you delete your cookies in this browser, you must click this link again): Disable Google Analytics

Further information on Google (Universal) Analytics can be found here:
https://support.google.com/analytics/answer/2838718?hl=de&ref_topic=6010376

• In addition to Google Analytics, WhatsNext may use additional analytics tools such as Firebase Analytics, Crashlytics, or similar services to improve app stability, performance, and usage.

• All data are processed in a pseudonymized manner; direct identification of individual users is excluded.

• International data transfers (e.g., to the U.S.) are based on the EU–U.S. Data Privacy Framework (DPF) or standard contractual clauses.

• You can limit or disable data collection in the app via the cookie/tracking banner or in the app settings.

• Analytics data are not shared with other users and are not linked with personal payment information (Stripe, PayPal, etc.).

 

10) Tools and Other Services

Google Maps
We use Google Maps (API) by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”) on our website and in our app. Google Maps is a web service for displaying interactive maps to visually present geographic information.

When accessing subpages or app areas in which Google Maps is integrated, information about your use (e.g., IP address) is transmitted to Google servers and stored there. This may also involve transfer to servers of Google LLC in the United States.

This occurs regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged into Google, your data will be directly associated with your account. If you wish to avoid this association, you must log out before using the map function.

Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. Such evaluation is carried out in particular pursuant to Art. 6(1)(f) GDPR based on Google’s legitimate interests in displaying personalized advertising, market research, and/or the demand-oriented design of its services.

If you do not agree to your data being transferred to Google as part of Google Maps use, you can disable JavaScript in your browser. Google Maps can then no longer be used.

Google Terms of Use:
https://www.google.de/intl/de/policies/terms/regional.html
Additional Terms of Service for Google Maps:
https://www.google.com/intl/de_US/help/terms_maps.html
Google Privacy Policy:
https://www.google.de/intl/de/policies/privacy/

Google Web Fonts
This website and app use so-called web fonts provided by Google Ireland Limited for the uniform display of fonts. When a page is called up, your browser loads the required web fonts into its cache to display texts and fonts correctly.

For this purpose, your browser must connect to Google servers. This may also involve the transmission of personal data to servers of Google LLC in the United States.

The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers and thus constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If your browser does not support web fonts, a standard font from your computer will be used.

More information on Google Web Fonts:
https://developers.google.com/fonts/faq
Google Privacy Policy:
https://www.google.com/policies/privacy/

 

11) Duration of Storage of Personal Data

The duration of the storage of personal data is based on the respective statutory retention periods (e.g., commercial and tax law retention periods). After expiry of these periods, the corresponding data are routinely deleted, provided they are no longer necessary for performance of a contract or pre-contractual measures and/or we have no legitimate interest in further storage.

• Account data:

  • stored for the duration of active use;

  • upon account deletion, personal data are irreversibly deleted unless statutory retention obligations apply.

• Community content (posts, groups, Actions):

  • remains stored as long as the group or Action is active;

  • deleted content may remain for a limited time for technical reasons (e.g., backups);

  • content shared or forwarded by other users may remain outside our direct control.

• Payment data (e.g., Stripe, PayPal):

  • not stored by us; processed exclusively by the payment service providers;

  • billing-relevant data (e.g., invoices, booking records) are stored by us for up to 10 years in accordance with commercial and tax regulations.

• Support and security data (e.g., contact requests, abuse reports):

  • stored until the matter is conclusively resolved;

  • in special cases (e.g., legal disputes), data may be retained longer where legally required.

 

12) Additional Privacy Rights for Specific Regions

​

12.1 California Residents (CCPA/CPRA)
If you are a California resident, additional rights under the California Consumer Privacy Act (CCPA), as amended by the CPRA, apply:

• Right to know: what categories of personal information we collect and for what purposes.

• Right to access: the specific personal information we have collected about you.

• Right to delete: request deletion of your personal information, subject to certain exceptions.

• Right to opt-out: the right to opt out of the sharing of your personal information with third parties (“Do Not Sell My Personal Information”).

• Right to non-discrimination: you have the right not to be discriminated against for exercising your CCPA rights.
   

Disclaimer for public Actions and transactions:
WhatsNext allows you to create public groups and share Actions, including paid Actions via Stripe or PayPal. We assume no liability for transactions between users. The use of Stripe and PayPal is at the sole responsibility of the participating parties.

• WhatsNext does not sell or share personal information within the meaning of CCPA/CPRA.

• Users can exercise their opt-out rights via the in-app settings.

• Group activity notifications are service communications, not advertising.
   

12.2 Brazil (LGPD)
For users in Brazil, additional rights under the Brazilian General Data Protection Law (LGPD) apply:

• Right to information: what personal data are collected and for what purposes.

• Right of access: access to personal data collected about you.

• Right to rectification: correct inaccurate or incomplete data.

• Right to deletion: request deletion of personal data, subject to conditions.

• Right to withdraw consent.
   

WhatsNext commits to informing Brazilian users about their rights clearly and transparently, and support requests can be submitted in Portuguese.
 

12.3 Canada (PIPEDA)
Canadian users have the following rights under the Personal Information Protection and Electronic Documents Act (PIPEDA):

• Right to consent: to the collection, use, and disclosure of personal information.

• Right of access: to personal information collected.

• Right to rectification: correct inaccurate data.
   

WhatsNext does not disclose personal information without express consent unless required by law.
 

12.4 Australia (Privacy Act 1988 and NDB Scheme)
For users in Australia:

• Right of access to personal information collected.

• Right to correction of inaccurate data.

• Right to notification in the event of data breaches in accordance with the Notifiable Data Breaches (NDB) scheme.

WhatsNext addendum: Security incidents affecting Australian users will be reported in accordance with legal requirements.
 

12.5 Singapore (PDPA)
Under the Personal Data Protection Act (PDPA), users in Singapore have:

• Right to consent to the collection, use, and disclosure of personal data.

• Right of access to personal data collected.

• Right to correction of incomplete or inaccurate data.

Users may withdraw consent at any time. Deletion requests will be handled within 30 days where possible.
 

12.6 EU and UK Additions

• EU (GDPR): In addition to the rights listed, users have the right to data portability (Art. 20 GDPR) and the right to lodge a complaint with a supervisory authority in their country of residence.

• UK (UK-GDPR): Post-Brexit, equivalent rights apply under the supervision of the Information Commissioner’s Office (ICO).

 

13) Security & Support
 

13.1 Technical and Organizational Measures
We implement appropriate technical and organizational security measures to protect your personal data against loss, misuse, unauthorized access, or disclosure. These include, among others:

• encryption of data transmissions (SSL/TLS),

• access restrictions to personal data,

• regular backups and system reviews.

Despite all measures, we cannot guarantee absolute security on the internet or in mobile networks. Use of the app is therefore at your own risk.
 

13.2 Abuse and Security Reports

• Suspicious activities (e.g., fraudulent groups, spam, violations of community guidelines) can be reported via the in-app reporting function or by email to contact@whatsnext-organizer.com.

• Security-relevant incidents (e.g., data breaches) are documented and reported pursuant to legal requirements (e.g., GDPR, Australia’s NDB scheme).
   

13.3 Support Contact

• For general inquiries: contact@whatsnext-organizer.com

• For privacy inquiries: contact@whatsnext-organizer.com

• We generally strive to respond to support inquiries within 72 hours.

  
   

13.4 International Addendum

• In certain regions, additional information obligations may apply (e.g., CCPA in California, LGPD in Brazil). These will be fulfilled in accordance with applicable laws.

 

14) Changes to This Privacy Policy
 

14.1 General
We reserve the right to change this Privacy Policy at any time to reflect legal requirements or changes to our services.
 

14.2 User Notification

• We will notify you of material changes in a timely manner before they take effect.

• Notification will be provided via our app, our website, or email.

• The date of the last update is always shown at the top of this policy.
   

14.3 Continued Use
If you continue to use the service after a revised Privacy Policy takes effect, this constitutes your acceptance of the changes.
 

14.4 WhatsNext Addendum

• Changes may result in particular from the introduction of new community features or fee models.

• International users (e.g., in the U.S. or Brazil) will be informed in a language-appropriate version about their specific rights.

 

15) Privacy Contact
 

15.1 Responsible Contact
For any questions about the collection, processing, or use of your personal data, for information, correction, restriction, or deletion of data, as well as for revoking consent, please contact:

​

CombMe UG (haftungsbeschränkt)
Backesweg 54A
63477 Maintal
Germany
Email: contact@whatsnext-organizer.com

​

15.2 International Users

• Users in the EU may also contact the competent data protection authority in their country of residence.

• Users in the United Kingdom (UK) may contact the Information Commissioner’s Office (ICO).

• Users in the U.S. may exercise their CCPA/CPRA rights directly with us.

• Users in Brazil may contact us under the LGPD.
   

15.3 Support Routing

• For technical or general questions: contact@whatsnext-organizer.com

• For privacy questions: contact@whatsnext-organizer.com