Privacy Policy

Last updated: December 16th, 2024

Introduction

Welcome to the App privacy policy.

We respect your privacy and are committed to protecting your data. This privacy policy explains how we handle your data when you use our app, your privacy rights, and how the law protects you.

Іmportant information and who we are. Purpose of this privacy policy

This privacy policy aims to give you information on how our app collects and processes your data when you use this app, including any data you may provide when you sign up for our app.

By accepting this Data Processing Policy, you confirm that you have a complete capacity and legal capacity and have reached the age required by Bulgarian law or by another country of which you are a citizen to accept this privacy policy.

You must read this privacy policy together with any other privacy policy or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements the other notices and is not intended to override them.

You must read and accept this Privacy Policy before using the application. By using the App, by checking the box next to agree with the policy, YOU MESSAGE TO US that: (i) YOU READ, UNDERSTAND, AND AGREE TO THIS PRIVACY POLICY, AND (ii) YOU are over 14 years old (or YOUR parent or guardian has read and agreed to this PRIVACY POLICY for YOU). If you do not accept and agree to these privacy policies, you must immediately discontinue using our app.

Controller

Netpeak EOOD is the controller and responsible for your data (collectively referred to as "we", "us" or "our" in this privacy policy).

Contact details

Our full details are:

Full name of legal entity: Netpeak EOOD

Email address: [email protected]

Registration number: 202895172

Postal address: 43 Cherni Vrah Blvd, Sofia, Bulgaria

Changes to the privacy policy

We reserve the right to and may change this privacy policy from time to time. If we make any material changes, we will notify you through our app or by presenting you with a new version of this privacy policy for you to accept if we, for example, add new processing activities or collect some additional personal data from you.

Your continued use of the app after the effective date of an updated version of the Privacy Policy will indicate your acceptance of the modified privacy policy. Sometimes, you will have to explicitly accept changes to the privacy policy.

Types of data We collect

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We collect (automatically or with your consent), use, store, and transfer different kinds of personal data about you, which we have grouped as follows:

Device Data. Includes model, OS version, language, and time zone. Unique device identifiers (including IDFA);

Location data. Includes internet protocol (IP) address and location;

Usage Data. Includes information about how you use our app, user activity within the application;

Device functions. Includes your camera.

Files and folders are placed on your device. Access to the gallery, photos, documents, and contacts.

Files and folders are placed on your Google Drive and DropBox. Access to the photos, documents, and contacts.

Data on subscription fees. This is the information from the Apple store when you buy our subscription.

Consumption Information. Account Tenure, App Account Token (UUID), Consumption Status, Customer Consented, Delivery Status, lifetime Dollars Purchased, lifetime Dollars Refunded, Platform, play Time, Refund Preference, Sample Content Provided, and User Status

We also collect, use, and share aggregated data such as statistics or demographics. Aggregated data may be derived from your data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific app feature. However, if we combine or connect aggregated data with your data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used under this privacy policy.

We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offenses.

We also undertake to collect only such amount and type of personal data that is strictly required for the purposes mentioned in this section of the privacy policy («data minimization principle»)

Lawful bases for processing

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• performance of the contract — for the processing related to the negotiating on, conclusion, and performance of a contract (mainly, the Terms of Use) with you;
• legitimate interest — for the processing aimed at the development of our services, taking into consideration your interests, rights, and expectations;
• legal obligation — for the processing as required by applicable laws (for example, to comply with tax or KYC/AML regulations) or if requested by a law enforcement agency, court, supervisory authority, or another state-authorized public body;
• consent — for additional specific purposes.

We may process your data if you have given us specific consent to use your personal information for a specific purpose.

If you share personal data with us from a third party, you confirm that the third party gave you consent to our collection and processing of his/her data. We will, in turn, take the same measures and procedures to ensure the safety of such information as we do in relation to your data.

Purposes for which we will use your personal data

In a table format, we have set out below a description of all the ways we plan to use your personal data and which of the legal bases we rely on to do so. We have also identified our legitimate interests where appropriate.

Note that we may process your data for more than one lawful ground, depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground. We are relying on you to process your data where more than one ground has been set out in the table below.

Third-Party Services and disclosures of your data

We may have to share your data with the parties listed below for the purposes listed in the table above.

1. Internal Third Parties: companies inside our Group.
2. External Third Parties: Google LLC, Facebook, Inc., Apple Inc., Appfigures, Inc., Amplitude Inc., Velia.net.

These parties help us with the storage of Personal Data, analyze your data, and show relevant information about the app to us when you use the app to understand how you use the app, engage with particular features, and what you like or dislike the most to generate statistical reports.

Cross-border transfer of personal data. Some of our employees, contractors, and affiliated or other third-party organizations may be located within or outside the USA, EU, or the European Economic Area (EEA); by using our app, you consent to the transfer of such information to them.

We require all third parties to respect the security of your personal data and treat it according to the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process it for specified purposes.

We also use the Google Drive and DropBox API to integrate with our app. This allows users to print files from their accounts on Google Drive and DropBox. Google Drive and DropBox Privacy and Processing Terms and Conditions for Personal Data Processing between users are governed by separate agreements. (Dropbox Privacy Policy, GOOGLE PRIVACY POLICY) 

User’s consumption Information and refund. By requesting a refund in the Apple App Store for an in-app purchase or automatically renewing a subscription, you acknowledge and consent to the transfer by us of Consumption Information described in the "Types of data we collect" section to Apple. Our legitimate interest must prevent fraudulent and deceptive actions by users. Apple uses and protects the data you share through the Send Consumption Information API in accordance with Apple’s Privacy Policy.

Opt-out options.

You can withdraw your consent or opt-out, whatever applies in your case, from sharing your Personal Data under this subsection anytime by using one of the following options:

1. By contacting us at [email protected];
2. By adjusting your device settings in iOS.
3. Stop using our application.

Obtaining data from third parties

When a user buys a subscription, we receive transaction data, ID subscriptions, subscription terms, and application statistics from the Apple App Store.

The Apple App Store data processing policies further regulate the collection, processing, and transmission of data upon purchase via the Apple App Store.

Banking information

When you pay for a subscription to our app, you share your banking information with the Apple App Store. The user and the privacy policies of the Apple App Store further regulate this relationship.

We do not collect or process your bank information when buying a subscription.

Data security

We have implemented appropriate security measures to prevent your data from being accidentally lost, used, accessed unauthorized, altered, or disclosed. In addition, we limit access to your data to employees, agents, contractors, and other third parties who have a business need to know. They will only process your data based on our instructions and are subject to a duty of confidentiality.

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. We also use technical data encryption tools, such as the technology listed below.

HTTPS (Hypertext Transfer Protocol Secure) is the secure version of HTTP, the protocol used for transmitting data over the Internet. HTTPS employs TLS (Transport Layer Security) or its predecessor SSL (Secure Sockets Layer) to encrypt the communication between a client (e.g., a web browser) and a server (e.g., a web server). This encryption helps protect sensitive data, such as login credentials, credit card information, and other personal information, from being intercepted by unauthorized parties.

TLS (Transport Layer Security): TLS is a cryptographic protocol that provides end-to-end encryption and authentication for data transmitted over computer networks. It is the successor to SSL and is widely used to secure various types of communication, including web browsing, email, file transfers, and remote desktop connections.

SSH (Secure Shell): SSH is a cryptographic network protocol that allows secure remote login and command-line access to computers over an unsecured network. It provides encryption and authentication capabilities, protecting the transmitted data from eavesdropping, data tampering, and other security threats.

SFTP (Secure File Transfer Protocol): SFTP is a network protocol that provides file access, file transfer, and file management functionality over a secure, encrypted connection. It is an extension of the SSH protocol and is commonly used for securely transferring files between computers over an unsecured network.

OpenVPN is open-source virtual private network (VPN) software that implements secure point-to-point or site-to-site connections using SSL/TLS protocols. It allows users to access remote resources securely over an unsecured network by creating an encrypted tunnel between the client and the VPN server.

LDAP over SSL (LDAPS): LDAP (Lightweight Directory Access Protocol) is a protocol for accessing and maintaining distributed directory information services. LDAPS refers to using LDAP over an encrypted SSL/TLS connection, which ensures that the communication between the LDAP client and server is secure and protected from unauthorized access or eavesdropping.  

Data retention

How long will you use my personal data?

We will only retain your data for as long as necessary to fulfill the purposes for which we collected it, including to satisfy any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your data, the purposes for which we process your data, and whether we can achieve those purposes through other means, and the applicable legal requirements.

According to GDPR, we store your data while you use our application.

In some circumstances, you can ask us to delete your data. To send an email to our address: [email protected].

In some circumstances, we may anonymize your data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Your legal rights

Under the legislation of the European Union (GDPR), you have the right to:

1. receive information, namely, what personal data we process and why (disclosed by this policy);
2. Right to Erasure. You have the right to delete data under certain circumstances.
3. Right to Rectification. You have the right to ask us to correct your inaccurate data, as well as the right to make additions to it.
4. Right to access. You can request a copy of your data.
5. Right to restriction of the processing. In certain cases, you have the right to request the termination of data processing by allowing the continued storage of data.
6. Right to data portability. You can request a copy of your data in a machine-readable form that can be transferred to another person who processes the personal data.
7. Right to object. Under certain circumstances, including when data is processed for legitimate interests or marketing purposes, you may object to such processing.
8. Rights related to automated decision-making, including profiling. In this area, there are several rights related to the fact that processing carried out exclusively on an automated basis can lead to a decision that has legal and other significant consequences for a person. In such circumstances, you have the right to human interference in the decision-making process.

If you wish to exercise any of the rights set out above, please contact us.

What we may need from you.

We may request specific information from you to help us confirm your identity and ensure your right to access your data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information about your request to speed up our response.

Time limit to respond.

We respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.

Glossary

In this Policy, the following terms shall have the following meanings:

Lawful basis.

Legitimate Interest means the interest of our business in conducting and managing our business, which enables us to give you the best service/product and the best and most secure experience.

We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us at [email protected].

Performance of Contract means processing your data where necessary to perform a contract to which you are a party or to take steps at your request before entering into such a contract.

Complying with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

California privacy rights

This section provides additional details about how we process California consumers' personal data and their rights under the California Consumer Privacy Act (“CCPA”) and California’s Shine the Light law. Therefore, this section applies only to residents of California, United States.

For more details about the personal information we have collected, including the categories of sources, please see the section “Types of data we collect”. We collect this information for purposes described in the section “Purposes for which we will use your personal data” of this Privacy Policy. We may also share your information with certain categories of third parties as indicated in Section “Third-Party Services and Disclosures of Your Data”.

Subject to certain limitations, the CCPA provides California consumers with the right to request more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), to delete their personal information, to opt out of any “sales” that may be occurring, and not to be discriminated against for exercising these rights.

California consumers may make a request under their rights under the CCPA by contacting us at [email protected]. We will verify your request and inform you accordingly. You may also designate an authorized agent to exercise these rights on your behalf.

Contacts

Full name of legal entity: Netpeak EOOD

Email address: [email protected]

Postal address: 43 Cherni Vrah Blvd, Sofia, Bulgaria