Forsyrup LogoForsyrup Logo

Privacy Policy

Last Updated: December 19, 2024

1. Introduction

Forsyrup ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App"). Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access or use the App.

2. Information We Collect

2.1 Information You Provide to Us

  • Account Information: When you create an account or sign in using Google Sign-In or Apple Sign-In, we collect your email address, first name, last name, and authentication tokens.
  • Profile Information: We may collect information you provide when setting up your profile, including your name and preferences.
  • QR Code Data: We generate and store unique QR code identifiers associated with your account for loyalty program purposes.
  • Location Data: With your permission, we collect your device's location data (latitude and longitude) to provide location-based services and find nearby stores.

2.2 Information Collected Automatically

  • Device Information: We collect information about your device, including device type, operating system, unique device identifiers, and mobile network information.
  • Usage Data: We collect information about how you interact with the App, including features used, time spent, and actions taken.
  • Crash Reports: We use Firebase Crashlytics to collect crash reports and error logs to improve App stability and fix bugs.

2.3 Information from Third-Party Services

  • Authentication Services: When you sign in using Google Sign-In or Apple Sign-In, we receive authentication tokens and basic profile information (email, name) from these providers.
  • Location Services: We use your device's location services to provide location-based features.

3. How We Use Your Information

3.1 Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal bases:

Data TypeLegal BasisPurposeRetention Period
Account InformationContract (Art. 6(1)(b))To provide the App and manage your accountUntil account deletion
Profile InformationContract (Art. 6(1)(b))To personalize your experienceUntil account deletion
Location DataConsent (Art. 6(1)(a))To provide location-based servicesUntil you withdraw consent or delete account
Device InformationLegitimate Interest (Art. 6(1)(f))To ensure App compatibility and securityUp to 2 years
Usage DataLegitimate Interest (Art. 6(1)(f))To improve App functionalityUp to 2 years
Crash ReportsLegitimate Interest (Art. 6(1)(f))To improve App stabilityUp to 1 year
Authentication TokensContract (Art. 6(1)(b))To maintain your login sessionUntil logout or account deletion

3.2 Purposes of Processing

We use the information we collect to:

  • Contract Performance: Provide, maintain, and improve the App and its features; process and manage your account and loyalty program participation; authenticate your identity and manage your account access
  • Legitimate Interests: Collect crash reports to improve App stability; detect, prevent, and address technical issues and security threats; analyze App usage patterns (anonymized)
  • Consent: Provide location-based services and store recommendations (with your permission)
  • Legal Obligations: Comply with legal obligations and enforce our Terms of Service
  • Notifications: Send you notifications related to your account and loyalty programs (you can opt out)

4. Data Storage and Security

4.1 Data Storage

Your data is stored securely using:

  • Supabase: We use Supabase as our backend service provider for authentication and database storage. Your data is stored on Supabase's secure servers.
  • Secure Storage: Sensitive authentication tokens are stored locally on your device using secure storage mechanisms (Expo SecureStore).

4.2 Security Measures

We implement appropriate technical and organizational security measures to protect your personal information, including:

  • Encryption of data in transit and at rest
  • Secure authentication mechanisms
  • Regular security assessments
  • Access controls and authentication requirements
  • Regular security audits and vulnerability assessments
  • Employee training on data protection

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

4.3 Data Breach Notification

If a data breach occurs that may affect your personal information:

  • Notification Timing: We will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach (as required by GDPR Article 33)
  • Notification Content: The notification will include:
  • Description of the nature of the breach
  • Categories and approximate number of data subjects affected
  • Categories and approximate number of personal data records concerned
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach and mitigate its effects
  • Delivery Method: Notifications will be sent via email to the address associated with your account, or through an in-App notification if email is not available
  • What You Should Do: If you receive a breach notification:
  • Review the information provided
  • Change your password immediately if your account credentials may have been compromised
  • Monitor your account for suspicious activity
  • Contact us at help@forsyrup.com if you have questions or concerns

5. Third-Party Services

The App uses the following third-party services that may collect information:

5.1 Supabase

  • Purpose: Backend database and authentication services
  • Data Collected: Account information, user profiles, loyalty program data, location data
  • Privacy Policy: https://supabase.com/privacy

5.2 Firebase Crashlytics (Google)

  • Service Used: Firebase Crashlytics
  • Purpose: Crash reporting and error logging to improve App stability
  • Data Collected: Crash reports, error logs, device information (device model, OS version, app version)
  • Privacy Policy: https://policies.google.com/privacy

Note: We only use Firebase Crashlytics for crash reporting. We do not use Firebase Analytics or any other analytics services.

5.3 Google Sign-In

  • Purpose: User authentication
  • Data Collected: Email address, name, authentication tokens
  • Privacy Policy: https://policies.google.com/privacy

5.4 Apple Sign-In

  • Purpose: User authentication
  • Data Collected: Email address, name (if provided), authentication tokens
  • Privacy Policy: https://www.apple.com/privacy/

6. Location Data

6.1 How We Use Location Data

The App requests access to your device's location to:

  • Find nearby stores and offers
  • Provide location-based recommendations
  • Enable location-based features of the loyalty program

6.2 Location Data Collection Details

  • Frequency: Location is collected when you open the App and request location-based features, or when you grant background location permission
  • Sharing: Location data may be shared with Stores to help them provide location-based offers. We do not share your exact location with other users.
  • Storage: Location data is stored on our servers (via Supabase) for the duration of your account, or until you delete your account
  • History: We may store a history of your location data to improve recommendations, but this is anonymized and aggregated

6.3 Your Control Over Location Data

  • Permissions: You can control location permissions through your device settings (iOS: Settings > Privacy > Location Services; Android: Settings > Location)
  • App Settings: You can disable location-based features through the App settings
  • Deletion: You can request deletion of your location data by contacting us at help@forsyrup.com
  • Consequences: If you disable location services, location-based features (finding nearby stores, location-based recommendations) will not be available

6.4 Location Data Retention

  • Active Use: Location data is retained while your account is active
  • Account Deletion: Location data is deleted when you delete your account
  • Withdrawal of Consent: You can withdraw consent at any time, and we will stop collecting new location data (existing data may be retained for a reasonable period for legal purposes)

7. Camera and Photo Access

The App may request access to your device's camera and photo library to:

  • Scan QR codes
  • Upload profile pictures or images related to loyalty programs

You can control camera and photo permissions through your device settings.

8. Cookies and Similar Technologies

8.1 What Are Cookies and Similar Technologies?

Cookies are small text files that are placed on your device when you visit a website or use an app. Similar technologies include:

  • Local Storage: Data stored locally on your device
  • Session Storage: Temporary data stored during your app session
  • Device Identifiers: Unique identifiers associated with your device
  • Tracking Pixels: Small images used to track user behavior

8.2 Types of Technologies We Use

Essential Technologies

These technologies are necessary for the App to function properly.We require your use of these technologies to provide the App service (legal basis: Contract - GDPR Art. 6(1)(b)):

  • Authentication Tokens: Used to maintain your login session (stored securely using Expo SecureStore)
  • Session Management: Used to manage your app session
  • Local Storage (MMKV): Stores App data locally on your device, including user preferences, App settings, and cached data

Purpose: Essential for App functionality

Retention: Session-based or until you log out/delete the App

Can be disabled: No (App will not function without these)

Consent Required: No (essential for service provision)

Functionality Technologies

These technologies enable enhanced functionality and personalization.We require your explicit consent before using these technologies (legal basis: Consent - GDPR Art. 6(1)(a)):

  • Preferences: Store your App preferences and settings
  • Location Data: Store location preferences (with your explicit permission)
  • User Preferences: Remember your choices and preferences

Purpose: Provide personalized features and remember your preferences

Retention: Until you delete the App or clear App data

Can be disabled: Yes (may limit App functionality)

Consent Required: Yes (explicit consent required - you can withdraw consent at any time)

Third-Party Technologies

We use third-party services that may use their own technologies:

  • Google Sign-In: Authentication tokens (essential for service - Contract basis)
  • Apple Sign-In: Authentication tokens (essential for service - Contract basis)
  • Supabase: Backend services and authentication tokens (essential for service - Contract basis)
  • Firebase Crashlytics: Crash reporting and error logging (Legitimate Interest - GDPR Art. 6(1)(f))

Purpose: Enable third-party services and integrations, improve App stability

Retention: As determined by third-party providers

Can be disabled:

  • Authentication services: No (essential for App functionality)
  • Crash reporting: No (essential for App stability and improvement)

Consent Required:

  • Authentication: No (essential for service)
  • Crash reporting: No (legitimate interest, but you can contact us to opt out)

8.3 How We Use These Technologies

We use cookies and similar technologies to:

  • Authenticate Users: Maintain your login session and verify your identity
  • Remember Preferences: Store your App settings and preferences
  • Provide Features: Enable location-based services and personalized content
  • Ensure Security: Protect against fraud and security threats
  • Improve Stability: Collect crash reports to identify and fix bugs

8.4 Your Choices and Controls

Device Settings

You can control some technologies through your device settings:

  • iOS: Settings > Privacy & Security > Location Services, Camera, etc.
  • Android: Settings > Privacy > Location, Camera, etc.

App Settings

You can control certain features through App settings:

  • Location: Control location tracking through App permissions
  • Preferences: Adjust App preferences and settings

Clearing Data

You can clear stored data by:

  • Deleting the App (this will remove all local data)
  • Clearing App data through device settings
  • Logging out of your account

Note: Clearing data may require you to log in again and may reset some preferences.

8.5 Impact of Disabling Technologies

If you disable certain technologies:

  • Essential Technologies: The App may not function properly
  • Functionality Technologies: Some features may not work as expected
  • Location Technologies: Location-based features may not be available

8.6 Cookies and Mobile Apps

Unlike websites, mobile apps typically use:

  • Device Identifiers: Instead of traditional cookies
  • Local Storage: For storing App data
  • Push Notification Tokens: For sending notifications

This Privacy Policy covers all of these technologies, even though they may not be traditional "cookies."

9. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

  • Access: You can request access to the personal information we hold about you
  • Correction: You can request correction of inaccurate or incomplete information
  • Deletion: You can request deletion of your personal information
  • Data Portability: You can request a copy of your data in a portable format
  • Account Deletion: You can delete your account at any time through the App settings

To exercise these rights, please contact us using the information provided in Section 14.

10. Children's Privacy

The App is not intended for children under the age of 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

11. Data Retention

We retain your personal information for as long as necessary to:

  • Provide the App and its services
  • Comply with legal obligations
  • Resolve disputes and enforce our agreements

When you delete your account, we will delete or anonymize your personal information, except where we are required to retain it for legal purposes.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using the App, you consent to the transfer of your information to these countries.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy in the App
  • Updating the "Last Updated" date at the top of this Privacy Policy
  • Sending you a notification (if we have your contact information)

Your continued use of the App after any changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: help@forsyrup.com

Company Address:

SOFTWARE AND SERVICES Sp. z o.o.

ul. Marsz. Józefa Piłsudskiego 74/45

50‑020 Wrocław

Poland

Company Registration:

KRS: 0001095109

NIP: 8971935453

REGON: 528110814

15. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

To exercise these rights, please contact us using the information provided in Section 14.

16. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent

To exercise these rights, please contact us using the information provided in Section 14.

17. Digital Services Act (DSA) Compliance

If you are located in the European Union, the App complies with the Digital Services Act (Regulation (EU) 2022/2065). This section outlines our compliance with DSA requirements:

16.1 Transparency Requirements

We provide clear and transparent information about:

  • Our Services: The App is a loyalty program platform that connects users with participating merchants ("Stores") to access loyalty programs and offers.
  • Terms and Conditions: Our Terms of Service are easily accessible and clearly explain the rules and restrictions applicable to the use of our services.
  • Content Moderation: We have policies and procedures in place to address illegal content and content that violates our Terms of Service.

16.2 Content Moderation

We implement content moderation measures to:

  • Remove or restrict access to illegal content when we become aware of it
  • Address content that violates our Terms of Service
  • Protect users from harmful or abusive content
  • Comply with applicable laws and regulations

If you encounter illegal content or content that violates our Terms of Service, please report it using the mechanisms described in Section 16.3.

17.3 Reporting Illegal Content

If you believe that content in the App is illegal or violates our Terms of Service, you can report it by:

  • Email: help@forsyrup.com (subject line: "Illegal Content Report")

When reporting, please provide:

  • Description of the content
  • Location of the content (screenshot or specific location in the App)
  • Reason for the report
  • Your contact information (optional, but helpful for follow-up)

We will review reports promptly and take appropriate action in accordance with our policies and applicable law.

17.4 User Rights and Redress

Under the DSA, you have the right to:

  • Information: Receive clear information about our services, terms, and policies
  • Transparency: Understand how we moderate content and make decisions
  • Redress: Challenge our decisions regarding content moderation or account restrictions
  • Complaint: File a complaint with us or with your national Digital Services Coordinator

17.5 Challenging Our Decisions

If you disagree with a decision we have made regarding:

  • Content removal or restriction
  • Account suspension or termination
  • Other moderation actions

You can challenge the decision by:

  1. Contacting Us: Email us at help@forsyrup.com with "DSA Challenge" in the subject line, including:
  • Description of the decision you are challenging
  • Reasons why you believe the decision was incorrect
  • Any relevant evidence or documentation
  1. Response Time: We will review your challenge and respond within a reasonable timeframe, typically within 14 days.
  1. Appeal: If you are not satisfied with our response, you may contact your national Digital Services Coordinator or seek other available remedies under applicable law.

17.6 Recommender Systems

The App may use algorithms to recommend stores, offers, or loyalty programs based on:

  • Your location
  • Your usage history
  • Store availability

We provide information about how these recommendations work in our Terms of Service.

17.7 Contact for DSA Matters

For questions or concerns related to DSA compliance, please contact us at:

Email: help@gmail.com

Subject Line: "DSA Inquiry"

Address:

SOFTWARE AND SERVICES Spółka z ograniczoną odpowiedzialnością

ul. Marsz. Józefa Piłsudskiego 74/45

50‑020 Wrocław

Poland