InPerson Platform | Platform for Associations

This privacy policy describes how the InPerson Platform application (hereinafter: the Application) collects, uses, processes, and protects users' personal data in accordance with Regulation (EU) 2016/679 (GDPR) and applicable Slovenian legislation.

1. Data Controller

The personal data controller is:

Športno kulturno društvo Vrh

Address: Vrh Sv. Treh Kraljev 11, 1373 Rovte, Slovenia
Data protection email: martin@inperson-platform.com

2. Purpose and Legal Basis of Processing

The Application processes data exclusively for the following purposes:

2.1. Connection with Meta (Facebook and Instagram) Accounts

enabling login via Meta OAuth (Facebook Login)
obtaining access to Facebook pages or Instagram profiles managed by the user
managing content on behalf of the user (publishing, scheduling posts)

Legal basis: performance of a contract (Article 6(1)(b) GDPR).

2.1a. Connection with Google Account for Sending Email

Why we need access to your Google account:

User identification: We need your email address and name to create your account in the application and identify who is sending emails to association members.
Sending email: The Application uses the Gmail API to send email messages (notifications, invitations, newsletters) to your association members on your behalf. This ensures that recipients see your email address as the sender, which builds trust and credibility.

Scope of permissions (Google OAuth scopes):

https://www.googleapis.com/auth/userinfo.email - To access your email address, which is used to identify your account and serve as the sender address.
https://www.googleapis.com/auth/userinfo.profile - To access your name and profile picture, which are displayed in the application.
https://www.googleapis.com/auth/gmail.send - To send email messages on your behalf via the Gmail API. The Application can ONLY send email and has no access to read, view, or delete your existing email messages.

Legal basis: performance of a contract (Article 6(1)(b) GDPR).

IMPORTANT: The Application uses the sensitive gmail.send scope, but NEVER accesses your inbox, drafts, archived messages, or any other files in your Gmail account. The Application exclusively sends email that you create and approve within the application.

2.2. Editing and Publishing Content

The Application enables:

creating events, announcements, and other content
designing templates
converting templates to images
manual or scheduled publishing on Facebook and Instagram

Data is processed solely for the execution of these functionalities.

2.3. Technical Operation of the Application

To ensure the operation of the Application, we may collect technical data such as:

device information
browser information
server logs
post metadata (date, time, post ID)

Legal basis: legitimate interest (Article 6(1)(f) GDPR).

3. What Data We Collect

The Application may process the following data:

3.1. Data from Meta (Facebook/Instagram) APIs

In accordance with permissions:

basic information about the Facebook page you manage (page name, page ID)
basic information about the Instagram business profile (profile name, ID)
permissions for publishing content (e.g., pages_manage_posts, pages_read_engagement, instagram_basic, instagram_content_publish)
list of pages/profiles to which you have management rights
content you create within the application and wish to publish

The Application does not access personal data of your members, followers, or other users.

3.1a. Data from Google APIs

In accordance with permissions (OAuth scopes), we collect only:

Email address: Obtained via the userinfo.email scope, used to identify your account and serve as the sender address when sending emails.
Name and profile picture: Obtained via the userinfo.profile scope, used to display your profile in the application.
Email message content: ONLY the text and attachments that you create within the application and explicitly approve for sending via the "Send Email" functionality.

WE CATEGORICALLY DO NOT COLLECT: The Application NEVER accesses, reads, stores, or processes your inbox, sent mail, drafts, archived messages, or any other folders and files in your Gmail account. The gmail.send permission allows ONLY sending new email, not reading existing messages.

3.2. Data You Enter Yourself

text of posts and events
images or graphics you create in the application
publication time (if you use scheduling)

3.3. Technical Data

IP address
device type
diagnostic data about application operation

3A. Compliance with Google API Services User Data Policy

InPerson Platform's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Limited Use of Google User Data

All data obtained from Google APIs (email address, name, profile picture) is used EXCLUSIVELY for:

Providing or improving user-facing features that are visible in InPerson Platform
Complying with applicable security or privacy requirements
Complying with applicable laws

InPerson Platform will NOT transfer, sell, or share Google user data with third parties, except where expressly permitted (e.g., necessary for providing the service, with user consent, or for legal purposes).

Storage and Security of Google Data

Google user data is stored securely using encryption (HTTPS/TLS) in transit and secure storage at rest.
Access to Google data is restricted to authorized personnel only, on a need-to-know basis for service delivery.
We retain Google data only for as long as necessary to provide the service, or until you request its deletion.

Revoking Access to Your Google Account

You may revoke InPerson Platform's access to your Google account at any time by:

Visiting the Google Account Permissions page
Locating "InPerson Platforma" and removing access
OR using the "Remove Google Account Connection" option in the application settings

Upon revocation, we will cease using your Google data and delete it from our systems within 30 days, unless longer retention is required by law.

4. Sharing Data with Third Parties

The Application does not sell, rent, or share personal data with third parties.

We only share data with:

Meta Platforms, Inc., when publishing content on their platforms (Facebook, Instagram) – in accordance with permissions you explicitly grant.
Google LLC, when sending email via Gmail API – in accordance with permissions you explicitly grant.

Both external services (Meta and Google) act as data processors in the execution of our services.

5. Data Retention

Data is retained:

as long as you have an active account in the application
or until you request deletion

Data about created posts may be retained for activity tracking and application operation purposes, but you can request their deletion at any time.

6. User Rights Under GDPR

Users have the following rights:

right of access to their data
right to rectification of data
right to erasure ("right to be forgotten")
right to restriction of processing
right to data portability
right to object to processing
right to revoke permissions on Facebook/Instagram via Meta Account Center
right to revoke permissions (OAuth scopes) for Google account via Google Account Settings

To exercise your rights, contact us at: martin@inperson-platform.com

7. Data Protection

We protect data with appropriate technical and organizational measures, including:

encryption of data in transit (HTTPS)
data access restrictions
security protocols against unauthorized access
regular security updates

8. Cookies

The Application may use essential cookies for system operation and login.

We do not use cookies for advertising or tracking.

9. Changes to the Privacy Policy

We may update this privacy policy from time to time.

We will notify you of significant changes within the application or by email.

10. Contact

For any questions regarding data protection, you can contact us:

InPerson Platforma
Email: martin@inperson-platform.com