The purpose of this Privacy Policy is to describe how personal data provided by users of the Startion website (startion.io) and its related services (“Website”) is collected, processed, and protected. This document informs users, customers, and all natural or legal persons interacting with Startion about the principles, rules, and security measures applied in the course of data processing.

Startion complies with applicable Hungarian and European Union data protection legislation, including GDPR. The Data Controller considers the protection of personal data and the right to informational self-determination essential.

This Privacy Policy is available at:
https://startion.io/privacy-policy/

Data Controller

Name: Startion Software Technologies Kft.
Address: 4025 Debrecen, Simonffy u. 4–6. fsz. 41.
Email: strg.official@gmail.com
Website: www.startion.io
Tax Number: 32174429-1-09
Company Registration Number: 09-09-034725

1. Personal Data Processed

1.1. Personal Data Required During Registration

To create a Startion account, users must provide:

• First name

• Last name

• Email address

• Password

• Username

• IP address (automatically collected)

• Date and time of registration

Purpose:
Account creation, authentication, identification, communication, contractual performance.
Legal basis: GDPR Article 6(1)(b).

1.2. Profile Information Provided After Registration (Optional)

Users may choose to provide additional profile data:

• Date of birth

• Gender

• Social gender / gender identity

• Country

• City

• Primary occupation or role in the music/creative industry

Purpose: Networking, profile personalisation, recommendations, improved platform functionality.
Legal basis: GDPR Article 6(1)(a).
Users may modify or delete this information at any time.

2. Login via External Accounts

Users may log in through:

• Google

• Facebook

• Microsoft

• LinkedIn

Startion may receive:

• Full name

• Email address

• Profile picture

• Third-party User ID

• Any other authorised data

Startion does not receive passwords or sensitive credentials.
Data is used only for identification, authentication, and account access.

3. Facebook Login Integration

When using Facebook Login, Startion may receive:

• Full name

• Email address

• Facebook User ID

• Profile picture URL

• Any other authorised data

Used for authentication, account access, profile personalisation.
Startion does not post to Facebook without explicit permission.

Data deletion page: https://startion.io/data-deletion/
Processed within 72 hours.

4. Authentication via Keycloak

Startion uses Keycloak for identity and access management.
Keycloak handles:

• email/password login

• social logins

• session management

• token generation

• login security

Keycloak processes:

• encrypted session identifiers

• access/refresh tokens

• IP address

• login timestamps

• device metadata

Keycloak acts as Data Processor.
Startion is the Data Controller.

5. Data Collected While Using Startion

• Profile data

• Media content

• Event and rider-related data

• Membership information

• Activity duration and frequency

• Device information

• Network data

• Cookies

• System logs

6. Workspace, Project and Brand Data

Startion enables users to create separate workspaces for professional activities, including:

• festivals

• bands

• venues

• creative teams

• companies

• other projects

Users may upload and store:

• event information

• stage plots, riders, technical requirements

• schedules, itineraries

• team member names and roles

• partner or artist contact details

• documents, notes, media, and project files

Purpose:

Providing workspace functionality, collaboration, storage, syncing, organisational tools.

Legal basis:

GDPR Article 6(1)(b) – contract performance
GDPR Article 6(1)(a) – consent for optional uploads

Ownership:

Users retain ownership of all uploaded workspace data.
Startion does not use workspace data for marketing or profiling beyond operational necessity.

Access:

Accessible only to:

• workspace creator

• users they invite

• Startion technical staff (for operational reasons)

Deletion:

Workspace data is deleted:

• when the user deletes it

• when the account is deleted

• upon request via https://startion.io/data-deletion/

7. Technical Data

Automatically logged data includes:
IP address, device details, user-agent, timestamps, session identifiers.
Not used for identification unless legally required.

8. Cookies

Cookies ensure proper operation, secure login, preferences, analytics, and user experience.

8.1. Google Analytics

Used for statistical analysis and improving site performance.
Privacy Policy: https://support.google.com/analytics/answer/6004245

8.2. Meta (Facebook) Pixel

Used for ad measurement, remarketing, and audience insights.
Meta may collect IP, device data, interactions, hashed email.
Privacy Policy: https://facebook.com/policy

9. Use of Personal Data

Used for:

• authentication

• communication

• profile display

• recommendations

• event/rider management

• workspace functionality

• marketing (where consented)

• analytics and service improvement

• security and fraud prevention

10. Marketing and Partner Communications (Optional Consent)

Users may voluntarily consent to receive promotional communications, discounts, or industry partner offers from Startion and selected partners.
This consent is optional, not a condition for using Startion, and can be withdrawn at any time.

Withdrawal options:

• via account settings

• or by emailing strg.official@gmail.com

Upon withdrawal, Startion immediately stops sending partner-related messages.

Legal basis: GDPR Article 6(1)(a).

11. Publicity of Personal Data

Music-industry-relevant profile data may be visible to other registered users.
Technical and behavioural data remain private.

If Startion’s ownership changes, data may be transferred to the new controller.

12. Legal Basis

Processing is based on:

• consent

• performance of contract

• legal obligations

• legitimate interest (security, analytics, service improvement)

13. Applicable Legislation

• GDPR (EU 2016/679)

• Hungarian Civil Code

• Infotv. (2011)

• Electronic Communications Act

• Advertising Act

14. Data Retention

Data is stored until deleted by the user or until the purpose of processing ceases.

15. Data Storage and Security

startion.io hosting:

Icon Media Kft.
6000 Kecskemét, Csóka u. 26.
info@webdigital.hu

app.startion.io hosting:

Amazon Web Services (AWS)
410 Terry Avenue North, Seattle, WA 98109
abuse@amazonaws.com

Startion applies strict technical and organisational security measures.

16. Payment Processing via Stripe

Startion uses Stripe for payment processing.

Stripe may collect:

• card number

• CVC

• expiry date

• billing address

• transaction metadata

Startion does NOT store bank card details.

Stripe handles sensitive data under PCI DSS Level 1 security standards.

Startion only receives:

• last 4 digits

• expiry date

• payment status

• subscription status

• transaction ID

Stripe Privacy Policy: https://stripe.com/privacy

17. Data Access

Only authorised employees and contracted processors access data.
No data is shared with third parties unless required by law.

18. User Rights

Users may request:

• access

• correction

• deletion

• restriction

• data portability

• withdrawal of consent

• objection

• avoidance of automated decision-making

Responses within 30 days.

19. Remedies

National Data Protection and Freedom of Information Authority (NAIH)
1125 Budapest, Szilágyi Erzsébet fasor 22/C
1530 Budapest, Pf. 5
+36 (1) 391-1400
ugyfelszolgalat@naih.hu

20. External Links

Third-party sites have their own privacy practices.
Startion is not responsible for external policies.

21. Children

Startion does not knowingly collect data from children under 14.

22. Other Provisions

Authorities may request data under applicable laws. Only the minimum necessary data will be provided.