Privacy Policy – YOUCAT Community Platform (Hivebrite)

Last updated: 13.01.26

This Privacy Policy applies specifically to the YOUCAT Community Platform operated via Hivebrite (the “Platform”). It complements and aligns with the general Privacy Policy of the YOUCAT website and explains how personal data are processed in the context of a registered community platform that enables user accounts, discussions, messaging, file sharing, and community interaction.

Where the YOUCAT website Privacy Policy addresses general website visits, cookies, newsletters, eCommerce, and analytics, this document focuses exclusively on the Community Platform.

1. Controller

The controller responsible for data processing on the Community Platform within the meaning of Art. 4(7) GDPR is:

YOUCAT Foundation gemeinnützige GmbH
Bischof-Kindermann-Str. 23
61462 Königstein im Taunus, Germany
Phone: +49 (0) 821 41010803
E-mail: [email protected]

2. Data Protection Officer

YOUCAT has appointed a Data Protection Officer:

Dr. Karsten Kinast
Bischof-Kindermann-Str. 23
61462 Königstein im Taunus, Germany
Phone: +49 (0) 821 410 108-10
E-mail: [email protected]

You may contact the Data Protection Officer at any time regarding questions related to data protection.

3. Scope of Data Processing on the Community Platform

3.1 Account Registration and Profile Data

When you create a user account on the Platform, we process the following personal data:

  • Name (or chosen display name)

  • E-mail address

  • Username and password (encrypted)

  • Language and region settings

  • Optional profile information (e.g. biography, profile photo)

Legal basis: Art. 6(1)(b) GDPR (performance of a contract / user agreement).

3.2 User-Generated Content

The Platform allows users to post content, including:

  • Discussion posts and comments

  • Uploaded files and documents

  • Messages to other users

Any personal data you include in such content are processed at your own discretion and become visible according to the privacy settings of the Platform (e.g. public, community-only, or group-based visibility).

Legal basis: Art. 6(1)(b) GDPR (platform functionality) and Art. 6(1)(f) GDPR (legitimate interest in operating a collaborative community).

3.3 Community Communication

We process personal data to enable:

  • Direct messages between members

  • Group communications

  • Platform notifications (e.g. replies, mentions, system messages)

Legal basis: Art. 6(1)(b) GDPR.

3.4 Technical Data and Log Files

When you access the Platform, the following technical data may be processed automatically:

  • IP address

  • Date and time of access

  • Browser type and operating system

  • Referrer URL

These data are required to ensure platform security, stability, and proper operation.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and reliable platform operation).

 

4. Hosting and Processing by Hivebrite

The Community Platform is operated using the software and infrastructure of Hivebrite.

Hivebrite acts as a data processor within the meaning of Art. 28 GDPR and processes personal data solely on our documented instructions.

A data processing agreement (DPA) has been concluded with Hivebrite in accordance with Art. 28 GDPR.

Data is hosted within the European Union. Where data are transferred to third countries, appropriate safeguards are implemented, in particular Standard Contractual Clauses (SCCs) approved by the European Commission.

5. Recipients of Personal Data

Personal data may be disclosed to:

  • Hivebrite as platform provider (processor)

  • IT and hosting service providers supporting the Platform

  • Authorities or courts where required by law

Data are not sold or disclosed for advertising purposes.

6. International Data Transfers

If personal data are transferred to countries outside the EU/EEA, such transfers take place only:

  • on the basis of an adequacy decision of the European Commission, or

  • subject to appropriate safeguards, in particular Standard Contractual Clauses (Art. 46 GDPR).

7. Storage Duration

Personal data are stored only for as long as necessary for the purposes for which they were collected.

  • Account data are stored for the duration of the user account.

  • User-generated content remains available until deleted by the user or upon account deletion, unless retention is required for legal reasons.

Upon deletion of an account, personal data will be erased or anonymised unless statutory retention obligations apply.

8. Your Rights as a Data Subject

You have the following rights under the GDPR:

  • Right of access (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to erasure (Art. 17 GDPR)

  • Right to restriction of processing (Art. 18 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to object (Art. 21 GDPR)

  • Right to withdraw consent at any time (Art. 7(3) GDPR), where processing is based on consent

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence or place of work.

9. Security Measures

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or misuse. The Platform is accessible via encrypted SSL/TLS connections.

However, we note that internet-based data transmission may have security vulnerabilities, and complete protection against third-party access cannot be guaranteed.

10. Account Deletion and Community Content

Users may delete their account at any time. Upon deletion:

  • Profile data will be removed or anonymised.

  • Public contributions may remain visible in anonymised form, unless deletion is requested and legally permissible.

Child Safety Standards Policy

11. Child Safety Standards 

Any explicit content or child sexual abuse and exploitation (CSAE) is strongly prohibited on our application. 

Compliance with Child Safety laws & reporting 

Our app complies with applicable child safety laws and regulations. 

Our app ensures all content shared within the app is appropriate for a mixed audience, including children. User-generated content is moderated to prevent inappropriate material from being accessible.

Any CSAM (Child Safety Abuse Material) content will be automatically removed when flagged or reported through our moderation features or if we are directly contacted for this purpose. 

We will systematically take action to report confirmed CSAM content to the National Center for Missing and Exploited Children.
CSAM consists of any visual depiction, including but not limited to photos, videos and computer-generated imagery, involving the use of a minor engaging in sexually explicit conduct.

Child safety point of contact   

You can reach out to [email protected] if CSAM content is detected. 

Privacy and Data Protection

Our app is committed to protecting user data, especially for children under 13, in compliance with applicable regulations.

The privacy policy is displayed clearly and is accessible from the app settings and our website

All data is encrypted during transmission and stored securely.

Ads and Monetization

Our app does not include ads or monetized content. 

Transparency and Disclosures

Data safety: Detailed information is provided as per Google Play’s Data safety form.

Content ratings: IARC 3+, L, E, 3, 3, USK 0

Regular internal testing is conducted to ensure compliance with Google Play’s child safety standards, including functionality reviews and content audits.

Policies are reviewed quarterly or as required to align with updated child safety standards.

 

12. Amendments to this Privacy Policy

We reserve the right to update this Privacy Policy to reflect changes in legal requirements or platform functionality. The applicable version is the one published on the Platform at the time of use.

13. Contact

If you have questions regarding this Privacy Policy or the processing of your personal data on the Community Platform, please contact:

E-mail: [email protected]