We care about your privacy

PRIVACY POLICY — Dash/Out
Last updated: 19 September 2025

We are TOKEN LAB SRL, a Romanian legal entity with registered office at Sat Floreşti, Comuna Floreşti, Strada Traian, Nr. 01, Bloc A, Scara B, Etaj 7, Ap. 29, Cluj County, Romania, registered with the Trade Register under no. J12/2630/04.06.2024, having CUI 50179876, IBAN RO84BTRLRONCRT0CS5616901 (Banca Transilvania).

We are open to discuss any questions or concerns you may have regarding the confidentiality of your personal data and encourage you to contact us whenever you wish to learn more.
You can easily write to us at office@dash-out.com and we will try to respond as soon as possible.

We assure you that we take all appropriate measures to protect the confidentiality of the data you provide so that your interaction with the Dash/Out mobile application is carried out in compliance with Regulation (EU) 2016/679 (GDPR), Law 190/2018, and other applicable national and European legislation. The purpose of this Policy is to inform you about the personal data we collect from users or that are communicated to us through the Dash/Out Application, as well as how we process this data.

Information We Collect

Dash/Out must receive or collect certain information to operate, provide, improve, understand, customize, support, and secure our Services. The types of information we receive and collect depend on how you use our mobile app and which permissions you grant.

Some information is necessary to deliver our Service; without it we cannot provide the app features to you (e.g., a verified login identifier). Other information is optional and collected only with your consent (e.g., continuous background location for hyper-local suggestions, calendar access for “Going” reminders). You can manage permissions in your device settings on both Android and iOS.

1) Information You Provide

Account Information.
To create a Dash/Out account, you may provide basic information such as a phone number and/or email address, your name, and date of birth (the Service is intended for users aged 14+). You may also add a profile photo and other details.

Preferences & Saved Items.
When you save favorites, mark items as “Going”, or set interests/categories, we store those selections to personalize your experience.

Calendar & “Going.”
If you choose to add an item to your in-app calendar and mark “Going”, we store the related entry and, with your consent, may send you reminders/notifications.

Support Communications.
If you contact us (e.g., email to office@dash-out.com), we process the content of your message and any attachments to assist you.

Note: Dash/Out does not currently provide in-app chat or gifting. If we introduce messaging or group features in the future, this Policy will apply to those features as described under “Future Features” below.

2) Automatically Collected Information

Usage and Log Information.
We collect service-related, diagnostic, and performance information—such as how you use the app, feature interactions (e.g., viewing suggestions, opening maps, using search and filters), timestamps, crash logs, and similar telemetry.

Device and Connection Information.
When you install, access, or use the app, we may collect device-specific information (hardware model, OS version, app version, mobile network/ISP, language, time zone, IP address, device operations information). This helps with compatibility, debugging, and security.

Location Information (with Consent).
With your explicit consent, Dash/Out collects and uses precise location data, which can include continuous background location (if enabled in your device settings), to generate real-time, context-aware suggestions (e.g., dining, bars, sports, culture, events, parks, trails) wherever you travel across the country.
You can withdraw consent at any time in your device settings. If you disable location, personalized and proximity-based suggestions may no longer function as intended. Even without precise location, we may estimate general location (e.g., city, country) from IP address for basic analytics and fraud/security.

3) Information from Third Parties

Providers and Venues.
If you interact with a third-party provider (e.g., by visiting their venue page opened from our app), they may share limited information back to us (e.g., aggregated statistics) where legally permitted. Your direct dealings with providers are governed by their own privacy terms.

User Reports.
Users or third parties may report content or behavior they believe violates our Terms. When a report is made, we collect information on both the reporting and reported parties to review and act as needed.

Future Features (Contacts/Groups/Messaging/Bookings).
If we introduce Groups, Messaging, or Bookings, we will process the data necessary to operate those features (e.g., group membership, messages metadata/content, reservation details). Where applicable, we will rely on consent (e.g., contacts upload), contract (to provide the requested feature), and/or legitimate interests (safety, moderation, service improvement). We will update in-app notices accordingly.

The Purpose and Legal Bases of Processing

We process your data for the following purposes and under these GDPR legal bases:

1. Provide and operate the app (Contract/Legitimate Interest).
   Enable core features (account, discovery, suggestions, search, maps, favorites, “Going”, notifications you opt into), maintain and secure the Service, fix bugs, and ensure compatibility.
2. Personalize suggestions (Consent/Legitimate Interest).
   Use your Location Data (with consent), preferences, and interactions to show relevant, nearby activities and places.
3. Notifications and reminders (Consent).
   Send push notifications (e.g., “Going” reminders, nearby highlights). You can disable notifications in device settings at any time.
4. Analytics and improvement (Legitimate Interest).
   Understand how the app is used to improve relevance, performance, and stability.
5. Safety, security, and moderation (Legitimate Interest/Legal Obligation).
   Detect and prevent fraud/abuse, protect our users and systems, respond to lawful requests.
6. Support and communication (Contract/Legitimate Interest).
   Respond to your inquiries and provide assistance.
7. Regulatory and compliance (Legal Obligation).
   Fulfill record-keeping and other obligations required by law.

We will seek your consent for any processing where consent is the appropriate legal basis (e.g., continuous background location, certain notifications, contacts upload if introduced). Where we rely on legitimate interests, we balance those interests against your rights and expectations.

We Do Not Disclose Your Personal Data Without a Legal Basis

We do not sell your personal data. We disclose personal data only when one of the following applies:

• With your consent. For example, if in the future you choose to make a booking directly in the app, we may share the necessary details with the selected provider to fulfill your request.
• To processors (service providers). Trusted vendors who process data on our behalf under written contracts and only for our instructions (e.g., cloud hosting, crash/analytics SDKs, push notifications, mapping). They are not allowed to use or disclose the data for their own purposes.
• For legal reasons. Where required to comply with law, lawful requests, to protect your or our rights, safety, or property, or to enforce our Terms.

Mobile SDKs, Cookies, and Similar Technologies

Dash/Out is a mobile-only application. We may use third-party SDKs and system services in the app (for example, push notifications, crash reporting, analytics, and maps). Such tools may set or read identifiers on your device to operate and improve services. You can manage app permissions and system ad/analytics settings on your device.

Illustrative examples of vendors/technologies we may use (subject to change):

• Push & platform services: Apple Push Notification Service (APNs), Firebase Cloud Messaging (FCM)
• Crash/analytics: Google/Firebase Analytics & Crashlytics, Apple App Analytics
• Mapping & places: Apple Maps, Google Maps Platform
• A/B testing/metrics: In-app measurement frameworks

These providers act as our processors or independent controllers depending on the context of use. Please refer to their public policies for details on their processing.

Data Retention

We store your data only for as long as necessary to provide the Service and for the purposes outlined in this Policy:

• Account data & preferences: while your account is active and for a reasonable period thereafter if needed for security, fraud prevention, or legal obligations.
• Location data: retained for the minimal period needed to deliver suggestions and for short-term logs/analytics; precise retention windows will be tuned to necessity and minimized.
• Support communications: retained as needed to resolve issues and for legal/compliance.
• Legal records: where law requires (e.g., statutory retention), we keep records for the mandated period.

When data is no longer needed, we delete or anonymize it in accordance with our retention schedule and applicable law.

Storage, Security, and International Transfers

We host and process data with reputable cloud providers using industry-standard safeguards (encryption in transit and at rest where applicable, access controls, monitoring). While no method of transmission or storage is 100% secure, we continuously improve our administrative, technical, and physical measures to protect your data.

If personal data is transferred outside the European Economic Area (EEA), we will implement appropriate safeguards under GDPR (e.g., Standard Contractual Clauses, transfer impact assessments, and supplementary measures).

Your Rights as a Data Subject

Under GDPR and applicable national law, you have the following rights (subject to conditions and exceptions):

• Right of access – obtain confirmation whether we process your data and a copy of it.
• Right to rectification – request correction of inaccurate or incomplete data.
• Right to erasure – request deletion of your data (e.g., when processing is no longer necessary or consent is withdrawn).
• Right to restriction – request restriction of processing in certain cases.
• Right to object – object to processing based on legitimate interests (including profiling) and to direct marketing (if applicable).
• Right to data portability – receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.
• Rights related to automated decision-making – not to be subject to decisions based solely on automated processing, including profiling, producing legal effects or similarly significant effects.
• Right to withdraw consent – where processing is based on consent (e.g., continuous location, certain notifications), you may withdraw at any time via device/app settings or by contacting us; withdrawal does not affect prior lawful processing.

To exercise these rights, contact office@dash-out.com. We may need to verify your identity to process requests. You also have the right to lodge a complaint with the ANSPDCP – National Authority for the Supervision of Personal Data Processing (28–30 Bd. Gheorghe Magheru, Sector 1, Bucharest; Email: anspdcp@dataprotection.ro; Tel: +40 318 059 211).

Children’s Privacy

Our Services are not intended for children under 14. We do not knowingly collect personal data from children under 14. If you are a parent/guardian and believe your child provided personal data to us, please contact office@dash-out.com so we can take appropriate actions. If we later introduce features directed at teens (14–17), we will provide age-appropriate notices and controls.

Links to Other Services

Our app may reference or deep-link to third-party services (e.g., a provider’s page for directions). Those services are not operated by us and have their own privacy practices. We strongly advise you to review their privacy policies. We are not responsible for their content, policies, or practices.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the new version in the application and indicate the “Last updated” date. Where required by law, we will seek your consent for material changes (e.g., new purposes that rely on consent).

Last updated: 19 September 2025

Contact Us

If you have any questions or suggestions about this Privacy Policy, or if you wish to exercise your rights, please contact us at office@dash-out.com.
Postal address: TOKEN LAB SRL, Sat Floreşti, Comuna Floreşti, Strada Traian, Nr. 01, Bloc A, Scara B, Etaj 7, Ap. 29, Cluj County, Romania.