CosaFare

Privacy Policy

Last updated: April 2026

1. Who we are

CosaFare is an event discovery platform for Sicily, Italy. We help people discover concerts, DJ sets, theatre, art exhibitions and other events at local venues across Sicily. We are operated by Fredrik Balck. Our website is cosafare.app.

Contact: info@cosafare.app

2. What data we collect

We collect the minimum data necessary to operate the service.

End users (app and website visitors)

  • Push notification token — if you grant notification permission on the mobile app, we store an anonymous device push token (provided by Expo) to send event reminders. This token is not linked to your name or email address.
  • Anonymous usage data — we collect anonymous data about which events and venues are viewed to help us improve the service. This data cannot be used to identify you personally.

Venue owners (registered venues)

  • Registration data — venue name, Instagram handle, city, address and email address, collected when a venue registers on CosaFare.
  • Event data — event titles, dates, times, descriptions and images, collected automatically from your public Instagram posts or entered manually.
  • Analytics data — anonymous counts of how many users viewed or clicked through to your events from CosaFare.
  • Push notification queue data — for premium venues, records of push notifications sent on your behalf including event ID, city and send timestamp.

3. How we use your data

  • To display upcoming events from registered venues on CosaFare
  • To send push notifications to app users about events in their city (end users)
  • To notify venue owners when we detect and publish their events
  • To provide venue owners with anonymous analytics about their event reach
  • To improve the platform and user experience

We do not sell your data to third parties. We do not use your data for advertising purposes.

4. Public Instagram data

We monitor public Instagram posts from registered venues to automatically detect and publish event announcements. We only process data from accounts that have explicitly registered on CosaFare and consented to this at registration. We use Apify to collect this public data and Anthropic Claude to analyse it.

5. Data storage and security

All data is stored securely on Supabase (PostgreSQL database hosted in the EU). We use industry-standard security practices including row-level security, encrypted connections (TLS), and access controls. Push tokens are stored separately from any personally identifiable information.

6. Data retention

  • Push tokens — retained until you remove them via the app settings ("Rimuovi notifiche push") or uninstall the app
  • Venue data — retained until the venue owner requests deletion
  • Event data — retained indefinitely as a public record of past events
  • Anonymous usage data — retained for 12 months then deleted

7. Third-party services

  • Supabase — database, storage and authentication (EU region)
  • Vercel — website hosting
  • Expo / EAS — mobile app delivery and push notification infrastructure
  • Resend — transactional emails (e.g. deletion confirmation emails)
  • Apify — collection of public Instagram data from registered venues
  • Anthropic Claude — AI processing of public event data. No personal data is sent to this service.

8. Cookies

We use only essential cookies required for the app to function (authentication session management). We do not use tracking, analytics or advertising cookies.

9. Data deletion

End users

To remove your push notification token from our systems, open the CosaFare app, go to Settings and tap "Rimuovi notifiche push". This immediately deletes your push token from our database and you will no longer receive notifications.

Venue owners

To delete all your venue data from CosaFare, visit cosafare.app/manage/delete and enter your registered email address. You will receive a confirmation email with a secure link. Clicking the link permanently deletes:

  • Your venue profile and all registration data
  • All events published on CosaFare on your behalf
  • All analytics data associated with your venue
  • Your push notification queue entries

This action is irreversible. The confirmation link expires after 24 hours.

10. Your rights (GDPR)

If you are in the European Union, you have the following rights regarding your personal data:

  • Right of access — request a copy of the data we hold about you
  • Right to rectification — request correction of inaccurate data
  • Right to erasure — request deletion of your data (see Section 9)
  • Right to object — object to processing of your data
  • Right to data portability — request your data in a portable format

To exercise any of these rights, contact us at privacy@cosafare.app. We will respond within 30 days.

11. Age restriction

CosaFare is intended for users aged 18 and over. The platform primarily covers nightlife and evening entertainment events. We do not knowingly collect data from users under 18.

12. Changes to this policy

We may update this privacy policy from time to time. We will notify registered venue owners of any significant changes by email. The date at the top of this page indicates when the policy was last updated.

13. Contact

For any privacy-related questions or requests:

privacy@cosafare.app

CosaFare — Sicily, Italy