1. Introduction
Welcome to FlashList! Your privacy is important to us. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our mobile application (available on Android and iOS). FlashList is committed to complying with the General Data Protection Regulation (GDPR), ensuring transparency and security in data processing.
By using FlashList, you consent to the data practices described in this policy.
2. Data We Collect
We collect the following categories of personal data:
2.1 Information You Provide
Account Information: Name, email address, phone number, and password when registering.
Payment Information: Managed by third-party services (Apple Pay, Google Pay via RevenueCat). We do not store payment details.
Support Requests: Any data shared when contacting customer support.
2.2 Automatically Collected Information
Device & Usage Data: IP address, device model, operating system, app version.
Analytics Data: User interactions, crash logs (via Firebase Analytics).
Push Notification Preferences: If enabled, stored via Firebase FCM.
2.3 Third-Party Services
We integrate with third-party services, including:
Firebase Authentication (Google, Apple, Email login)
Firebase Firestore (Data storage)
Firebase FCM (Push notifications)
RevenueCat (Subscription management)
3. How We Use Your Data
We use collected data for the following purposes:
To provide and improve FlashList services.
To manage user authentication and account security.
To process payments and subscriptions.
To send notifications (if consent is given).
To analyze app performance and optimize user experience.
To comply with legal obligations.
4. Legal Basis for Data Processing
Under GDPR, our data processing relies on:
Consent: Users provide consent when signing up.
Contractual Necessity: Processing required to provide requested services.
Legal Compliance: To meet GDPR and other regulatory requirements.
Legitimate Interests: Improving app functionality and ensuring security.
5. User Rights & Control Over Data
Under GDPR, you have the following rights:
5.1 Right to Access (Article 15 GDPR)
You may request a copy of the personal data we store about you.
5.2 Right to Rectification (Article 16 GDPR)
You can correct or update inaccurate personal data within the app settings.
5.3 Right to Erasure (‘Right to be Forgotten’) (Article 17 GDPR)
You can delete your account via the app, which removes associated data within 30 days.
5.4 Right to Data Portability (Article 20 GDPR)
You can request an export of your personal data in a structured format (JSON or CSV).
5.5 Right to Restrict Processing (Article 18 GDPR)
You can request that we limit data processing under certain conditions.
5.6 Right to Object (Article 21 GDPR)
You may object to direct marketing and tracking.
5.7 Right to Withdraw Consent
You can withdraw consent for notifications or analytics tracking in app settings.
6. Data Retention Policy
We retain personal data as long as necessary to provide services, comply with legal obligations, and resolve disputes:
Active User Data: Retained for the duration of the account.
Deleted Accounts: Data is erased within 30 days of deletion.
Payment & Transaction Data: Retained as required by tax laws.
7. Security Measures
We implement industry-standard security practices, including:
Encryption: Data encrypted using AES-256.
Secure Authentication: Multi-factor authentication (MFA) for admins.
Access Controls: Restricted database access.
Data Minimization: Collecting only essential data.
8. Data Breach Notification
In the event of a data breach:
Users will be notified within 72 hours.
Authorities will be informed as required by GDPR.
Corrective measures will be taken to prevent future breaches.
9. Third-Party Data Sharing
We do not sell personal data. However, we share data with third-party service providers for functionality:
Firebase (Google, Apple, Email Auth, Firestore, FCM) – Secure authentication & cloud storage.
RevenueCat – Manages subscription purchases via Apple Pay & Google Pay.
Legal Compliance – If required by law, data may be shared with regulatory authorities.
10. Cookies & Tracking Technologies
FlashList does not use cookies but utilizes tracking tools via Firebase Analytics. Users can disable tracking in settings.
11. Admin Panel & GDPR Requests
A dedicated admin panel allows us to process GDPR-related requests efficiently:
Handling user access and deletion requests.
Managing consent preferences.
Generating GDPR compliance reports.
12. Children’s Privacy
FlashList is not intended for children under 16. We do not knowingly collect data from minors. If such data is identified, it will be deleted.
13. Changes to this Privacy Policy
We may update this policy periodically. Users will be notified of changes via app notifications or email.
14. Contact Information
For GDPR-related inquiries or to exercise your rights, contact us at:
FlashList Data Protection Officer
Email: info@myflashlist.com
By using FlashList, you acknowledge and agree to this Privacy Policy. If you do not agree, please discontinue use of the application.