Privacy Policy
Last updated: February 20, 2026
1. Data Controller
The Data Controller of your personal data is:
- Name: Luca Saccone
- Registered address: Via Giuseppe Mazzini, 19, 41042 Fiorano Modenese (MO), Italia
- Email: lucasaccone04@gmail.com
- Tax Code / VAT Number: SCCLCU99D22I462X
(hereinafter referred to as "we", "us", "our" or the "Data Controller")
2. Applicable Legislation
This Privacy Policy is provided in accordance with:
- Regulation (EU) 2016/679 ("GDPR");
- Italian Legislative Decree no. 196/2003 ("Privacy Code"), as amended by Legislative Decree no. 101/2018;
- Guidelines and decisions of the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali);
- Apple App Store Guidelines and Apple Developer Program License Agreement;
- Google Play Developer Distribution Agreement and Developer Program Policies.
3. What Personal Data We Collect
3.1 Data You Provide Directly
| Data Category |
Specific Data |
Purpose |
| Account Registration Data |
Email address, password (stored in hashed form) |
Account creation, authentication, and management |
3.2 Data Collected Automatically
| Data Category |
Specific Data |
Purpose |
| Device Information |
Device model, operating system version, unique device identifiers, language settings |
App functionality, compatibility, and troubleshooting |
| Usage Data |
App interaction data, features used, session duration, crash logs |
Improving app performance and user experience |
| Analytics Data (Firebase) |
App opens, screen views, in-app events, session data, device model, OS version, app version, language, country (derived from IP) |
Understanding app usage patterns, measuring feature adoption, and improving user experience via Google Firebase Analytics |
| Advertising Identifiers |
IDFA (iOS), Google Advertising ID (Android) |
Serving personalized advertisements via Google AdMob |
| Purchase Data |
Transaction identifiers, subscription status, purchase history (processed via RevenueCat) |
Managing in-app purchases and subscriptions |
| Network Information |
IP address, connection type |
Security, fraud prevention, and service delivery |
3.3 Data We Do NOT Collect
We do not collect: precise geolocation, contacts, photos, health data, financial data (payment processing is handled entirely by Apple/Google and RevenueCat), or any special categories of data as defined in Article 9 GDPR.
4. Legal Basis for Processing (Art. 6 GDPR)
| Purpose |
Legal Basis |
| Account creation and authentication |
Performance of a contract (Art. 6(1)(b) GDPR) — necessary to provide the service you requested |
| In-app purchase management |
Performance of a contract (Art. 6(1)(b) GDPR) — necessary to fulfil your purchases |
| Personalized advertising (AdMob) |
Consent (Art. 6(1)(a) GDPR) — only processed after your explicit consent |
| Non-personalized advertising |
Legitimate interest (Art. 6(1)(f) GDPR) — to sustain free features of the app |
| Analytics and app improvement (Firebase Analytics) |
Consent (Art. 6(1)(a) GDPR) — only processed after your explicit consent |
| Security and fraud prevention |
Legitimate interest (Art. 6(1)(f) GDPR) — to protect our service and users |
| Legal compliance |
Legal obligation (Art. 6(1)(c) GDPR) — to comply with applicable laws |
5. Third-Party Service Providers (Data Processors)
We use the following third-party services that may process your personal data on our behalf:
5.1 Amazon Web Services (AWS) — Authentication and Infrastructure
- Service: AWS Cognito (authentication), and related AWS infrastructure services
- Data processed: Email address, hashed password, authentication tokens, IP address
- Provider: Amazon Web Services EMEA SARL (Luxembourg) / Amazon Web Services, Inc. (USA)
- Privacy policy: https://aws.amazon.com/privacy/
- Transfer safeguards: EU Standard Contractual Clauses (SCCs), AWS Data Processing Addendum
5.2 RevenueCat — In-App Purchase Management
- Service: Subscription and purchase tracking
- Data processed: Anonymous app user ID, purchase/subscription data, device identifiers
- Provider: RevenueCat, Inc. (USA)
- Privacy policy: https://www.revenuecat.com/privacy/
- Transfer safeguards: EU Standard Contractual Clauses (SCCs), Data Processing Agreement
5.3 Google Firebase Analytics — Analytics
- Service: Mobile app analytics (screen views, events, user engagement, crash reporting)
- Data processed: App instance ID, device information (model, OS version), app version, language, country (derived from IP address), in-app events and screen views, session data
- Provider: Google Ireland Limited (Ireland) / Google LLC (USA)
- Privacy policy: https://policies.google.com/privacy
- Firebase-specific: https://firebase.google.com/support/privacy
- Transfer safeguards: EU-US Data Privacy Framework, Standard Contractual Clauses (SCCs)
- Note: Firebase Analytics data collection is only activated after you grant consent for analytics. IP addresses are used to derive country-level location and are not stored by Firebase Analytics.
5.4 Google AdMob — Advertising
- Service: Display of advertisements within the app
- Data processed: Advertising identifiers (IDFA/GAID), device information, IP address, ad interaction data
- Provider: Google Ireland Limited (Ireland) / Google LLC (USA)
- Privacy policy: https://policies.google.com/privacy
- Transfer safeguards: EU-US Data Privacy Framework, Standard Contractual Clauses (SCCs)
- Note: Personalized ads are only served with your explicit consent. You may opt out at any time (see Section 8).
5.5 Apple / Google — App Distribution and Payments
6. International Data Transfers
Some of our third-party service providers are located outside the European Economic Area (EEA), primarily in the United States. When personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place, including:
- EU Standard Contractual Clauses (SCCs) approved by the European Commission;
- The EU-US Data Privacy Framework (where the recipient is certified);
- Adequacy decisions of the European Commission, where applicable.
You may request a copy of the applicable safeguards by contacting us at the email address provided in Section 1.
7. Data Retention
| Data |
Retention Period |
| Account data (email, credentials) |
Until you delete your account |
| Purchase/subscription data |
For the duration of the subscription plus the legally required retention period for tax/accounting purposes (10 years under Italian law, Art. 2220 Civil Code) |
| Usage and analytics data |
12 months from collection |
| Firebase Analytics data |
14 months (default Firebase retention) or 2 months (configurable in Firebase Console) |
| Advertising data |
Managed by Google AdMob according to their retention policies |
| Server logs (IP, access logs) |
Maximum 12 months |
When you delete your account, we will erase or anonymize your personal data within 30 days, except where retention is required by law.
8. Your Rights Under GDPR
Under the GDPR and the Italian Privacy Code, you have the following rights:
- Right of access (Art. 15 GDPR): Obtain confirmation of whether your data is being processed and receive a copy of it.
- Right to rectification (Art. 16 GDPR): Request correction of inaccurate personal data.
- Right to erasure ("right to be forgotten") (Art. 17 GDPR): Request deletion of your personal data. You can delete your account directly from the app's Profile section.
- Right to restriction of processing (Art. 18 GDPR): Request limitation of processing in certain circumstances.
- Right to data portability (Art. 20 GDPR): Receive your data in a structured, commonly used, machine-readable format.
- Right to object (Art. 21 GDPR): Object to processing based on legitimate interest, including profiling.
- Right to withdraw consent (Art. 7(3) GDPR): Withdraw consent at any time for processing based on consent (e.g., personalized advertising). Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
How to Exercise Your Rights
- Account deletion: Directly from the app > Profile section > Delete Account.
- Advertising consent: You can manage your ad preferences through the consent dialog within the app, or through your device settings (iOS: Settings > Privacy > Tracking; Android: Settings > Google > Ads).
- All other requests: Send an email to lucasaccone04@gmail.com. We will respond within 30 days as required by the GDPR.
Right to Lodge a Complaint
If you believe that the processing of your personal data violates the GDPR or the Italian Privacy Code, you have the right to lodge a complaint with the Italian Data Protection Authority:
- Garante per la Protezione dei Dati Personali
- Piazza Venezia 11, 00187 Roma, Italy
- Website: www.garanteprivacy.it
- Email: garante@gpdp.it
- PEC: protocollo@pec.gpdp.it
9. Consent for Advertising and Tracking
In compliance with the ePrivacy Directive (as implemented in Italy by Art. 122 of the Privacy Code) and the Garante's Guidelines on cookies and tracking tools (June 2021), we request your explicit consent before:
- Collecting analytics data through Google Firebase Analytics;
- Serving personalized advertisements through Google AdMob;
- Using advertising identifiers (IDFA/GAID) for ad targeting or measurement;
- Sharing data with advertising partners for profiling purposes.
You may grant, deny, or withdraw your consent at any time through the consent dialog within the app. If you deny consent, you will still see advertisements, but they will be non-personalized.
On iOS, we also comply with Apple's App Tracking Transparency (ATT) framework and will present the system tracking authorization prompt before accessing your device's advertising identifier.
10. Children's Privacy
Our app is not directed to children under the age of 16 (the minimum age for consent under Italian implementation of the GDPR, Art. 2-quinquies of the Privacy Code). We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without appropriate consent, we will take steps to delete that information as soon as possible.
11. Automated Decision-Making
We do not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you, as defined in Article 22 GDPR. Google AdMob may use automated processes to select advertisements; however, this does not produce legal or similarly significant effects on you.
12. Security Measures
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption of data in transit (TLS/SSL) and at rest;
- Secure password hashing via AWS Cognito;
- Access controls and authentication mechanisms;
- Regular security reviews of our infrastructure.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Displaying a notice within the app;
- Updating the "Last updated" date at the top of this page.
Where changes involve new processing activities that require your consent, we will seek your consent before implementing such changes. We encourage you to review this Privacy Policy periodically.
14. Contact Us
For any questions or requests regarding this Privacy Policy or the processing of your personal data, please contact us at:
- Email: lucasaccone04@gmail.com
- Address: Via Giuseppe Mazzini, 19, 41042 Fiorano Modenese (MO), Italia