Privacy Policy

1. Introduction and Data Controller

This Privacy Policy explains how Truemium OÜ ("we", "us", "Company") collects, uses, stores, and protects your personal data when you use the Are you OK mobile application ("App") and website ("Website").

Data Controller:

• Company: Truemium OÜ
• Address: Paavli tn 5a/1, Tallinn 10412, Estonia
• Email: info@truemium.studio
• Website: truemium.studio

We are committed to protecting your privacy and processing your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data We Collect

2.1 Data Collected Automatically

• Device UUID: A unique identifier for your device, used for anonymous authentication.
• Device Tokens: Push notification tokens (FCM/APNs) for delivering check-in reminders and alerts.
• Device Information: Device type, operating system, and app version for compatibility and troubleshooting.

2.2 Data You Provide

• Profile Information (Optional): Name, email address, phone number.
• Emergency Contact Information: Name, phone number, and/or email address of your designated emergency contacts.
• Check-in Schedules: Times and days you configure for safety check-ins.
• Pet-at-Home Notes: Optional notes about pets for emergency contacts.

2.3 Data Generated Through Use

• Check-in History: Records of check-in confirmations, missed check-ins, and extensions.
• Activity Logs: History of actions within the App.
• Location Data: GPS coordinates shared only when you explicitly trigger location sharing with emergency contacts.
• Subscription Data: Subscription status and entitlements, managed through RevenueCat.

3. How We Use Your Data

We use your personal data for the following purposes:

• Service Delivery: Sending check-in reminders, processing check-in confirmations, and alerting emergency contacts when a check-in is missed.
• Account Management: Authenticating your identity, managing your profile, and processing account deletion requests.
• Subscription Management: Processing subscriptions, managing trial periods, and verifying entitlements.
• Notifications: Delivering push notifications, SMS alerts, and email notifications related to check-ins and account activity.
• Service Improvement: Analyzing usage patterns to improve app functionality and user experience.
• Legal Compliance: Fulfilling legal obligations and responding to lawful requests.

Legal Basis (GDPR Article 6):

• Contract Performance (Art. 6(1)(b)): Processing necessary to provide the service you requested.
• Legitimate Interest (Art. 6(1)(f)): Service improvement and security.
• Consent (Art. 6(1)(a)): Location sharing, optional profile data, marketing communications.
• Legal Obligation (Art. 6(1)(c)): Compliance with applicable laws.

4. Third-Party Services

We use the following third-party services to operate the App:

All third-party services are required to comply with GDPR. Where data is transferred outside the EU/EEA, appropriate safeguards (such as Standard Contractual Clauses) are in place.

5. Data Storage and Security

• Server Location: Our servers are located in the European Union (AWS eu-west-1 region, Ireland).
• Encryption: Data is encrypted in transit using TLS/SSL and at rest using AES-256 encryption.
• Access Control: Access to personal data is restricted to authorized personnel only.
• API Security: API authentication is handled via Laravel Sanctum with token-based authentication.

6. Data Sharing

We share your personal data only in the following circumstances:

• With Your Emergency Contacts: When you miss a check-in, your designated emergency contacts receive alerts containing your name, the nature of the alert, and optionally your location.
• With Third-Party Service Providers: As listed in Section 4, solely for the purposes described.
• Legal Requirements: When required by law, court order, or other legal process.

We never sell your personal data to advertisers or third parties.

7. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights:

• Right of Access (Art. 15): Request a copy of your personal data.
• Right to Rectification (Art. 16): Request correction of inaccurate data.
• Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to Object (Art. 21): Object to processing based on legitimate interest.
• Right to Restrict Processing (Art. 18): Request temporary restriction of processing.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise your rights, contact us at info@truemium.studio. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. The lead supervisory authority for Truemium OÜ is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).

8. Your Rights Under KVKK (Turkish Users)

If you are located in Turkey, you also have rights under the Turkish Personal Data Protection Law No. 6698 (KVKK). Under Article 11 of KVKK, you have the right to:

• Learn whether your personal data has been processed
• Request information about the processing if your data has been processed
• Learn the purpose of the processing and whether data is used in accordance with that purpose
• Know the third parties to whom your data has been transferred, domestically or abroad
• Request correction of your data if it is incomplete or inaccurate
• Request deletion or destruction of your data under conditions set forth in Article 7
• Request notification of corrections, deletions, or destruction to third parties to whom your data has been transferred
• Object to a result that is to your detriment arising from an analysis of your data exclusively through automated systems
• Request compensation for damages arising from unlawful processing of your data

To exercise your KVKK rights, please send your request to info@truemium.studio with the subject line "KVKK Request".

9. Children's Privacy

The App is not intended for children under 13. We do not knowingly collect personal data from children under 13. If you become aware that a child under 13 has provided us with personal data, please contact us and we will take steps to remove such data.

10. Location Data

Location data is handled with special care:

• When Collected: Location is only collected when you explicitly trigger the "Share Location" action during a missed check-in alert.
• What Is Shared: GPS coordinates and a timestamp.
• Who Sees It: Only your designated emergency contacts.
• Storage: Location data is stored in your activity history and can be deleted by deleting your account.

We do not track your location in the background or continuously.

11. Data Retention

• Active Accounts: Personal data is retained for as long as your account is active.
• Activity Logs: Check-in history and activity logs are retained for the duration of the account.
• Deleted Accounts: Upon account deletion, all personal data is permanently removed within 30 days, except where retention is required by law.
• Emergency Contact Data: Contact information is removed when the contact is deleted by the user or when the user's account is deleted.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the App or via email. The "Last updated" date at the top of this page indicates when the policy was last revised. Your continued use of the App after changes constitutes acceptance of the updated policy.

13. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Company: Truemium OÜ
• Address: Paavli tn 5a/1, Tallinn 10412, Estonia
• Email: info@truemium.studio
• Website: truemium.studio