Privacy Policy
Information notice on the processing of personal data pursuant to EU Regulation 2016/679 (GDPR) and Legislative Decree 196/2003
Ultimo aggiornamento: June 2025
1. Data Controller
The data controller for personal data is Oraloco, reachable at the email address: [email protected].
For any request regarding your personal data, including deletion of your account, you may write to the address indicated above or visit the Account Area of the website or the app.
2. Personal Data Collected
Oraloco collects the following personal data in the course of your use of the application and the website:
- Registration and profile data: name, email address, unique user identifier (user ID). If you sign in with Google, we receive your Google profile (name, email, profile picture).
- Push notification token: the device token generated by Expo (provided by APNs or FCM) for sending push notifications. You can disable them from your device settings.
- Diagnostic and crash logs: anonymous technical data and stack traces collected by Sentry in the event of application errors. They may include information about the device, the operating system version and the error path.
- In-app purchase history: information about purchases of virtual currency (Gems) through Google Play or the App Store, managed by RevenueCat. We do not store payment data — this remains with Google/Apple.
- User-generated content: predictions made, chosen nickname, scores and rankings.
- Usage data: aggregated information about interaction with the app (pages visited, features used), collected in anonymous or aggregated form.
3. Purposes and Legal Basis of Processing
The data is processed for the following purposes:
- Provision of the service (basis: performance of the contract): account management, saving of predictions, calculation of scores and rankings.
- Push notifications (basis: consent): sending updates on transfers, results and new content. Consent may be withdrawn at any time from the device settings.
- Diagnostics and security (basis: legitimate interest): detection and resolution of bugs, monitoring of application stability through Sentry.
- Purchase management (basis: performance of the contract): processing of in-app purchases through RevenueCat.
- Legal obligations (basis: legal obligation): retention of the data necessary to comply with tax or regulatory obligations.
4. Service Providers (Sub-processors)
Oraloco relies on the following third-party providers, each of which processes data in compliance with the GDPR and under adequate contractual safeguards:
- Clerk (clerk.com) — authentication and management of user accounts.
- Sentry (sentry.io) — collection of error logs and application diagnostics.
- RevenueCat (revenuecat.com) — management of in-app purchases and subscriptions.
- Expo / EAS — distribution of the application and sending of push notifications through APNs (Apple) and FCM (Google).
- Cloudflare R2 (cloudflare.com) — storage of static assets (profile pictures, media content).
Data is not disclosed to third parties for marketing or commercial profiling purposes.
5. Retention Period
Personal data is retained for the time strictly necessary for the purposes for which it was collected:
- Active account: for the entire duration of the contractual relationship (use of the app).
- Deleted account: following a deletion request, the data is anonymized within a grace period of 30 days (to allow for reconsideration), after which it is permanently deleted (hard-delete).
- Diagnostic logs: retained by Sentry for a maximum of 90 days.
- Tax data: retained for the periods provided for by applicable law (up to 10 years).
6. Rights of the Data Subject
As a data subject, you have the right to:
- Access: obtain confirmation of the processing and a copy of your data (Art. 15 GDPR).
- Rectification: correct inaccurate data (Art. 16 GDPR).
- Erasure: request the deletion of your data (Art. 17 GDPR) — see section 7.
- Restriction: restrict processing in certain cases (Art. 18 GDPR).
- Portability: receive your data in a structured format (Art. 20 GDPR).
- Objection: object to processing based on legitimate interest (Art. 21 GDPR).
- Withdrawal of consent: withdraw the consent given at any time, without affecting the lawfulness of prior processing.
To exercise your rights, write to [email protected]. You also have the right to lodge a complaint with the Italian Data Protection Authority (Autorità Garante per la Protezione dei Dati Personali) (www.garanteprivacy.it).
7. How to Delete Your Data and Your Account
You may request the deletion of your account and all associated data at any time, following one of the methods below:
- From the app: go to Profile → Settings → Delete account.
- From the website: log in to your account area and follow the guided procedure.
- By email: write to [email protected] with the subject “Account deletion”, indicating your registered email.
After the request, your account is suspended immediately (you can no longer log in or make new predictions). You have a 30-day grace period during which you can cancel the deletion by logging in to the app. Once the 30 days have elapsed, all personal data is permanently and irreversibly deleted.
Note: certain accounting data may be retained for the period required by law even after the deletion of the account.
8. Data Security
Oraloco adopts appropriate technical and organizational measures to protect personal data from unauthorized access, loss, destruction or disclosure. All communications between the app/website and our servers take place through HTTPS/TLS (encryption in transit). Data at rest is protected by the infrastructure of certified service providers (Clerk, Cloudflare R2).
9. Minors
Oraloco is intended for users aged 13 years or older. For users between 13 and 17 years of age, the consent of a parent or legal guardian is required. If we believe that a user is under 13 years of age without parental consent, we will proceed to delete the account.
10. Changes to the Privacy Policy
We reserve the right to modify this policy. Substantial changes will be notified through push notification or email. Continued use of the app after notification constitutes acceptance of the changes.