Privacy Policy

1) Information about the Collection of Personal Data and Contact Details of the Controller

1.1 We are pleased that you are using our application (hereinafter referred to as the "Application" or "App"). In the following provisions, we inform you comprehensively about the processing of your personal data when using our Application. Personal data is all data with which you can be personally identified, either directly or indirectly.

1.2 The controller responsible for the processing of personal data with respect to this Application within the meaning of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 is:

• Unlock Futurix Ltd
• 71–75 Shelton Street
• Covent Garden
• London, WC2H 9JQ
• United Kingdom
• Email: [email protected]

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

1.3 For reasons of security and in order to protect the transmission of personal data and other confidential content (for example, inquiries to the controller), the Application uses encryption technology.

2) Contact

When contacting us (for example, via email or contact form on our website), personal data will be collected. Which data is collected depends on the details you provide in your communication. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration.

The legal basis for the processing of this data is our legitimate interest in responding to your request pursuant to Article 6(1)(f) UK GDPR. If your contact is aimed at concluding or performing a contract, the additional legal basis for processing is Article 6(1)(b) UK GDPR. Your data will be deleted once your request has been fully answered, provided that no statutory retention obligations apply.

3) Categories of Data We Process

3.1 No User Accounts

The Application does not require you to create a personal account or register an identity with us. We do not collect or store account data such as names, email addresses, or passwords.

3.2 App Store and Play Store Data

When you download or purchase our Application via the Apple App Store or Google Play Store (in the future), certain information is transmitted to us by the respective store provider. This may include your customer identifier, country of origin, information about the device used, details of the purchase (for example, subscription status, purchase confirmation, or refund status), and other data required for processing the transaction. We do not control this data collection. The legal basis is Article 6(1)(b) UK GDPR (contract performance).

3.3 RevenueCat (In-App Purchases)

In order to manage in-app purchases and subscriptions, we use the services of RevenueCat Inc., 300 Euclid Avenue, San Francisco, CA 94118, USA. When you make a purchase within the Application, the information you provide, together with purchase details such as transaction identifiers, purchase receipts, and subscription status, may be transmitted to RevenueCat. This data is processed for the purpose of verifying and managing subscriptions. The legal basis is Article 6(1)(b) UK GDPR (contract performance). We have concluded a data processing agreement with RevenueCat pursuant to Article 28 UK GDPR, obliging the provider to protect the data of app users and not to pass it on to unauthorized third parties. For further information on data protection by RevenueCat, please visit: https://www.revenuecat.com/privacy.

3.4 Crash Reports – Firebase Crashlytics

To improve the stability, reliability, and functionality of the Application, we use "Firebase Crashlytics", a service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. If the Application crashes, certain technical information will be transmitted to Google servers. This information may include the app status at the time of the crash, installation UUID, crash trace, device model, operating system version, and last log messages. This data does not include direct identifiers such as name or email address. Transfers to Google LLC in the United States are also possible. Processing is based on our legitimate interest under Article 6(1)(f) UK GDPR in maintaining the stability and security of the Application. For more information, please see https://firebase.google.com/support/privacy.

3.5 iCloud Backup

The Application may allow you to optionally store or restore your app data using Apple iCloud. If you choose to enable this feature, your data will be stored and processed exclusively by Apple Inc. under Apple’s terms and privacy policy. The Company does not have access to this data.

4) Legal Bases of Processing

The processing of your personal data takes place on the basis of the following legal grounds in accordance with Article 6 UK GDPR:

• Article 6(1)(a) UK GDPR – if you have given your consent to the processing of your personal data for one or more specific purposes.
• Article 6(1)(b) UK GDPR – if processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract.
• Article 6(1)(c) UK GDPR – if processing is necessary for compliance with a legal obligation to which we are subject.
• Article 6(1)(f) UK GDPR – if processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, provided that such interests are not overridden by your interests or fundamental rights and freedoms which require protection of personal data.

5) Retention and Deletion of Data

Unless otherwise specified in this Privacy Policy, we retain personal data only for as long as necessary to fulfil the purposes stated herein or as required by statutory retention obligations. Once the purpose no longer applies or the statutory period has expired, the personal data will be deleted in accordance with legal requirements.

6) Your Rights as a Data Subject

The applicable data protection law grants you comprehensive rights (rights to information and intervention) vis-à-vis the controller with regard to the processing of your personal data. These rights include:

• Right of access (Article 15 UK GDPR): You have the right to obtain confirmation as to whether personal data concerning you is being processed, and, if so, access to the personal data and detailed information about its processing.
• Right to rectification (Article 16 UK GDPR): You have the right to obtain immediate rectification of inaccurate personal data concerning you, and completion of incomplete personal data.
• Right to erasure (Article 17 UK GDPR): You have the right to request deletion of your personal data if the conditions in Article 17 are met. This does not apply if processing is necessary for exercising freedom of expression and information, compliance with a legal obligation, reasons of public interest, or the establishment, exercise or defence of legal claims.
• Right to restriction of processing (Article 18 UK GDPR): You have the right to request the restriction of processing under the conditions set out in Article 18.
• Right to be informed (Article 19 UK GDPR): If you have exercised your rights of rectification, erasure or restriction, we are obliged to notify all recipients to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort.
• Right to data portability (Article 20 UK GDPR): You have the right to receive the personal data you provided to us in a structured, commonly used, and machine-readable format, and to transmit this data to another controller where technically feasible.
• Right to object (Article 21 UK GDPR): You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Article 6(1)(f) UK GDPR (legitimate interest). If your personal data is processed for direct marketing, you also have the right to object at any time to processing for such marketing.
• Right to withdraw consent (Article 7(3) UK GDPR): You have the right to withdraw your consent at any time with effect for the future. Withdrawal does not affect the lawfulness of processing prior to the withdrawal.
• Right to lodge a complaint (Article 77 UK GDPR): Without prejudice to other remedies, you have the right to lodge a complaint with a supervisory authority, in particular in the United Kingdom with the Information Commissioner’s Office (ICO), if you consider that the processing of your personal data infringes the UK GDPR.

7) Transfers to Third Countries

If personal data is transferred to a country outside the United Kingdom or the European Economic Area (for example, the United States for services provided by Google or RevenueCat), such transfer will only take place where the conditions of Articles 44–49 UK GDPR are fulfilled. We rely on appropriate safeguards such as Standard Contractual Clauses to protect your data.

8) Automated Decision-Making

We do not use automated decision-making, including profiling, within the meaning of Article 22 UK GDPR.

9) Updates to This Privacy Policy

We reserve the right to amend this Privacy Policy at any time to ensure it always complies with current legal requirements or to reflect changes to our services. The amended Privacy Policy will apply upon your next use of the Application.

Contact

If you have any questions about this Privacy Policy or wish to exercise your rights, you can contact us at:

• Unlock Futurix Ltd
• 71–75 Shelton Street
• Covent Garden
• London, WC2H 9JQ
• United Kingdom
• Email: [email protected]