Legal

Privacy Policy

Effective date: June 1, 2026

Proapptiva S.R.L.S — proapptivasrls@gmail.com

🇮🇹 Italiano 🇬🇧 English 🇪🇸 Español

1. Who We Are and Scope

This Privacy Policy describes how Proapptiva S.R.L.S ("we", "us", "our"), an Italian limited liability company, collects, uses, and protects your personal data when you use the Lumideo mobile application ("the Service"). Effective date: June 1, 2026. We act as the data controller under the EU General Data Protection Regulation (GDPR) and other applicable privacy laws. We may update this policy at any time; material changes will be notified via email or in-app notification.

2. Data We Collect

We collect the following categories of personal data: Account data: your name, email address, username, and profile photo (if uploaded). Video capsule data: the video files and optional text messages you record and submit through the Service. Video files are stored encrypted in Google Cloud Storage (Firebase). Capsule metadata (creation date, unlock date, recipient, duration) is stored in Google Firestore. Authentication data: hashed password credentials, or social authentication tokens (Apple or Google), managed by Firebase Authentication. Device and technical data: device type, operating system version, app version, and push notification token, collected automatically. Usage analytics: anonymized, aggregated data about which features are used and how often, via Firebase Analytics. This data cannot be used to identify you individually. Error reports: in the event of a crash, technical diagnostic data is sent to Sentry for debugging. Error reports do not include the content of your video capsules.

3. How We Use Your Data

We use your data exclusively for the following purposes: • To create and manage your account and authenticate your identity. • To store your video capsules and deliver them to you or your designated recipients on the specified unlock date. • To send push notifications informing you when a capsule has been unlocked or when someone sends you a capsule. • To detect and prevent fraud, abuse, and security threats. • To diagnose and fix technical errors via Sentry. • To understand aggregated usage patterns via Firebase Analytics to improve the Service. • To comply with our legal obligations. We will never sell your personal data to third parties, and we will never use it for advertising or marketing purposes.

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your personal data on the following legal bases: • Contract performance (Art. 6(1)(b) GDPR): processing your account data and video content is necessary to provide the Service. • Legitimate interests (Art. 6(1)(f) GDPR): error monitoring (Sentry) and anonymized analytics (Firebase Analytics) are necessary for maintaining a safe and functional service. • Legal obligation (Art. 6(1)(c) GDPR): where we are required to retain or disclose data by applicable law.

5. Third-Party Data Processors

We use the following sub-processors, each bound by a Data Processing Agreement: Google Firebase / Google Cloud Platform (Google LLC, USA): provides database (Firestore), file storage (Cloud Storage), authentication, and cloud infrastructure. Certified under the EU-US Data Privacy Framework. Google privacy policy Sentry (Functional Software, Inc., USA): receives anonymized crash and error reports. Does not receive video content. Certified under the EU-US Data Privacy Framework. Sentry privacy policy Apple Inc. (USA): push notification delivery via Apple Push Notification Service (APNS) for iOS. Expo (Expo Technology, Inc., USA): push notification infrastructure.

6. Video Capsule Privacy

Your video capsules are stored encrypted at rest in Google Cloud Storage. Access to video files is controlled via Firebase Storage Security Rules, which restrict read access to the capsule sender and designated recipient(s). We do not view, analyze, or process the content of your capsules except as technically required to store and deliver them. The recipient cannot access the video content before the designated unlock date.

7. Data Retention

We retain your personal data for as long as your account is active. If you delete your account: • Your account data and capsule metadata in Firestore are deleted within 30 days. • Your video files in Google Cloud Storage are deleted within 30 days. • Anonymized, aggregated analytics data may be retained longer for statistical purposes. • Certain data may be retained longer if required by law. Error logs in Sentry are retained for 90 days and then automatically deleted.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data: • Right of access: request a copy of the personal data we hold about you. • Right to rectification: request correction of inaccurate or incomplete data. • Right to erasure ("right to be forgotten"): request deletion of your account and all associated data. You can do this directly from the app settings, or by contacting us. • Right to restriction: request that we limit processing of your data in certain circumstances. • Right to data portability: request your data in a machine-readable format. • Right to object: object to processing based on legitimate interests. For EU/EEA users, you also have the right to lodge a complaint with your national data protection authority. In Italy, this is the Garante per la Protezione dei Dati Personali. To exercise any of these rights, contact us at proapptivasrls@gmail.com. We will respond within 30 days.

9. International Data Transfers

Some of our third-party service providers (including Google LLC and Functional Software, Inc.) are based in the United States. We ensure that international data transfers comply with GDPR by relying on providers certified under the EU-US Data Privacy Framework or that have executed EU Standard Contractual Clauses (SCCs) with us.

10. Security

We implement industry-standard security measures including: • Encryption of video files at rest and in transit (TLS). • Firebase Security Rules restricting database and storage access to authorized users only. • Regular security reviews of our Firebase configuration. In the event of a data breach likely to result in a risk to your rights and freedoms, we will notify the appropriate supervisory authority within 72 hours.

11. Children's Privacy

The Service is not directed to children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe we may have such data, please contact us at proapptivasrls@gmail.com.

12. Analytics and Tracking

We do not use advertising trackers or sell data to advertisers. Firebase Analytics collects only anonymized, aggregated data about app usage to help us improve the Service. This data is not linked to your identity. The Service does not use cookies (as it is a native mobile app). This website may use essential technical cookies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or via an in-app notification at least 14 days before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

14. Contact and Data Protection

For any privacy-related questions, requests to exercise your rights, or concerns about how we handle your data: Email: proapptivasrls@gmail.com Proapptiva S.R.L.S, Italy We aim to respond to all privacy requests within 30 days.