Privacy Policy
This policy explains how Besta (mobile app) and Besta Pro (SaaS for venues) collect, use, and protect your personal data in accordance with GDPR and French data protection law.
Last updated: December 11, 2025
Website Editor
The website besta-app.fr is published by:
Besta Company
Simplified joint-stock company with a capital of €150.00
Registered with the Paris Trade and Companies Register under number 992 400 390
Head office: 60 RUE FRANCOIS IER, 75008 PARIS - France
VAT number: FR67992400390
Email address: contact@besta-app.fr
Publication Directors
Mr. Oier CESAT (President of BESTA) and Mr. Colas NAUDI (Chief Executive Officer of BESTA)
Hosting
The site is hosted by:
Vercel Inc.
340 S Lemon Ave #4133
Walnut, CA 91789
United States
Website: https://vercel.com
1. Purpose of this Policy
This Privacy Policy informs users of the Besta mobile app and Besta Pro platform about: - personal data collected, - processing purposes, - legal bases, - recipients, - retention periods, - user rights, - security measures. Besta complies with GDPR and French data protection law.
2. Data controller
Controller: BESTA Email: contact@besta-app.fr Legal representative: Mr. Oier CESAT, represented by the General Manager Mr. Colas NAUDI
3. User profile — Individual user data (mobile app)
Profile data: email address, name, date of birth, city, gender, music preferences Connection data: IP, device, logs Preferences (followed event types) Push notification tokens (expo-notifications / FCM) Favorites history and viewed events
3.1 Additional profile data (age, city, gender, music preferences)
These details are currently required when creating an account to enable initial content personalization and calculation of anonymous statistics for venues. They are processed securely and only for the purposes described. In the future, these details may become optional and editable by the user in their account settings. Processing of these data is based on Besta’s legitimate interest (Article 6-1(f) GDPR): providing a relevant, personalized, and useful service for users and venues. Statistics shared with venues always remain anonymous; no personal or identifiable data is disclosed.
4. Venue data (Besta Pro)
Public data (visible): - Venue name, address, opening hours, type, public events, public photos. - These data may be created by Besta without a manager because they are already public and of public interest. - Public venue data are processed on Besta’s legitimate interest basis (Article 6-1(f) GDPR) to list publicly accessible places and events. Non-public data (confidential): - Manager/contact name, professional email, professional phone number. - Internal info: validation status, settings, credits, invoices. Statistics shared with venues are always anonymized: no personal or identifiable data are disclosed.
5. Billing data
Purchase history and subscriptions Information from Stripe (never full card numbers)
6. Data collected automatically
Usage statistics Technical device data Notifications received Cookies / local storage on the web version
7. Purposes and legal bases
| Purpose | Data used | Legal basis |
|---|---|---|
| Account creation | Email, password | Contract performance |
| Event publishing | Venue data | Legitimate interest + Contract performance |
| Subscription management | Billing data | Contract performance |
| Push notifications | FCM token | Consent |
| Security / fraud | Logs, IP | Legitimate interest |
| Internal statistics | Anonymized logs | Legitimate interest |
| Customer support | Email, logs | Legitimate interest |
| Personalization and recommendations | Profile data (age, city, gender, music preferences) | Legitimate interest (Article 6-1(f) GDPR) to provide a relevant, personalized service |
Statistics shared with venues are always anonymized (no identification possible).
8. Retention periods
| Data | Period |
|---|---|
| User account | Until deleted by the user |
| Public venue data | No limit, unless manager requests or inaccuracy is proven |
| Private venue data | Duration of the contract + 3 years |
| Invoices / accounting | 10 years (legal obligation) |
| Technical logs | 12 months |
| Notification tokens | Until revoked / uninstalled |
Note: public venue data may be kept even if a manager deletes their account, because it is non-personal public-interest information.
9. Data sharing with third parties
Besta uses European or GDPR-certified providers: Data hosting is provided by Supabase (European Union) and Vercel (United States). Firebase (Google) may also be used for notifications. All processors are contractually bound to Besta to comply with GDPR obligations. Their privacy policies are available on the providers’ websites.
- Supabase — data hosting (European Union)
- Firebase / FCM — notifications (Google)
- Stripe — payments and billing
- OVH — application hosting
- Vercel — application hosting (United States)
- GDPR-compliant monitoring and analytics tools
10. Transfers outside the EU
Data are mostly hosted in the European Union. Some processors may handle data outside the EU in countries with an adequacy decision or covered by Standard Contractual Clauses (SCCs). Besta requires: - European hosting when possible, - standard contractual clauses (SCCs), - pseudonymization or anonymization measures.
11. Your GDPR rights
Right of access, rectification, objection (if based on legitimate interest), erasure, restriction, portability, withdrawal of consent. To exercise your rights: contact@besta-app.fr Response time: 30 days.
12. Account deletion
Individual users: immediate deletion of email, profile, and related logs; anonymization of statistics. Venues: deletion of private data linked to the manager. Public venue data and events may be kept because they are not personal data. To contest or edit public venue information: contact@besta-app.fr
13. Security
Encryption of data in transit and at rest Strict internal access controls Only authorized Besta team members (engineering, support, billing) can access data with limited, logged access Logging of access and sensitive operations Regular security audits
14. Policy changes
In case of major changes, users will be informed by notification or email.
15. DPO / GDPR contact
For any questions: contact@besta-app.fr Address: 60 Rue François Ier, 75008 Paris – France