nightlife
PassXS
keyLoginSign Up Free

Privacy Policy

Last updated: April 1, 2026

1. Overview

PassXS ("we", "us", "our") is operated by APOLLOBASE GmbH, Stuttgart, Germany. This Privacy Policy explains how we collect, use, store, and share your personal data when you use the PassXS platform, including our website, mobile applications, and related services (collectively, the "Service").

We are committed to protecting your privacy in compliance with the EU General Data Protection Regulation (GDPR) and German data-protection law (BDSG).

2. Data Controller

APOLLOBASE GmbH
Musterstraße 1, 70173 Stuttgart, Germany
E-Mail: bu@apollobase.com

3. Data We Collect

We collect the following categories of personal data:

3.1 Account Data

  • Phone number (used for authentication via OTP)
  • Name (optional, for profile personalization)
  • Email address (optional, for receipts and notifications)
  • Profile photo (optional)

3.2 Usage Data

  • Pages visited and features used
  • Venues viewed and followed
  • Events attended and tickets purchased
  • Device type, browser, operating system
  • IP address and approximate location (city-level)

3.3 Transaction Data

  • Ticket purchases and table reservations
  • Payment method (processed by Stripe; we do not store full card numbers)
  • Loyalty stamps and rewards

3.4 User Content

  • Photos uploaded to social walls
  • Reviews and ratings

4. How We Use Your Data

  • Create and manage your account
  • Process ticket purchases and table reservations
  • Provide loyalty stamps and rewards
  • Display personalized venue and event recommendations
  • Send transactional messages (order confirmations, entry QR codes)
  • Analyze usage patterns to improve the Service
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

5. Legal Basis for Processing

  • Contract performance(Art. 6(1)(b) GDPR) — processing necessary to provide the Service you requested (account, tickets, reservations).
  • Legitimate interest(Art. 6(1)(f) GDPR) — analytics, fraud prevention, and improving the Service.
  • Consent(Art. 6(1)(a) GDPR) — optional marketing communications and non-essential cookies.
  • Legal obligation(Art. 6(1)(c) GDPR) — tax records and regulatory compliance.

6. Third-Party Services

We share data with the following processors, all of which maintain GDPR-compliant data processing agreements:

ServicePurposeData Shared
SupabaseDatabase & authenticationAccount data, usage data
VercelHosting & analyticsIP address, usage data
StripePayment processingPayment & transaction data
TwilioSMS OTP verificationPhone number
Google MapsVenue maps & place dataLocation queries

7. Cookies

7.1 Essential Cookies

We use strictly necessary cookies to maintain your session, remember your authentication state, and store your cookie consent preference. These cannot be disabled.

7.2 Analytics Cookies

With your consent, we use analytics cookies (e.g., Vercel Web Analytics) to understand how visitors interact with the Service. These cookies collect anonymized usage data such as pages viewed, session duration, and referral source.

7.3 Managing Cookies

You can manage your cookie preferences at any time via the cookie banner or by clearing cookies in your browser settings. Withdrawing consent for analytics cookies does not affect the lawfulness of prior processing.

8. Data Retention

  • Account data: retained while your account is active. Deleted within 30 days of account deletion request.
  • Transaction data: retained for 10 years as required by German tax law (§ 147 AO).
  • Usage / analytics data: anonymized after 26 months.
  • User content: deleted upon request or account deletion.

9. Your Rights

Under the GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion of your data ("right to be forgotten").
  • Restriction — limit how we process your data.
  • Data portability — receive your data in a structured, machine-readable format.
  • Object — object to processing based on legitimate interest.
  • Withdraw consent — at any time, without affecting prior lawful processing.

To exercise any of these rights, email us at bu@apollobase.com. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority. In Baden-Württemberg, this is the Landesbeauftragte für den Datenschutz und die Informationsfreiheit (LfDI).

10. Data Security

We implement industry-standard technical and organizational measures to protect your data, including encryption in transit (TLS) and at rest, access controls, and regular security reviews.

11. Children

PassXS is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Service or by email. The "Last updated" date at the top of this page indicates the most recent revision.

13. Contact

For questions about this Privacy Policy or your personal data, contact us at:

APOLLOBASE GmbH
Attn: Data Protection
Musterstraße 1, 70173 Stuttgart, Germany
E-Mail: bu@apollobase.com