Privacy Policy

Effective date: 10 May 2026 · Last updated: 10 May 2026

This Privacy Policy explains how Narity Limited ("Narity", "we", "us") collects, uses, and protects personal data when you use our mobile applications (the "Apps"). We comply with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and Cyprus Law 125(I)/2018.

1. Data controller

The data controller responsible for your personal data is:

Narity Limited
Cyprus
Email: [email protected]

If you have any questions about this policy or how we handle your data, contact us at the address above.

2. What data we collect

We only collect data that we actually need to operate the Apps:

  • Account information — when you register or sign in: your name and email address, and an authentication identifier. Some Apps may operate fully on-device and not require an account.
  • Usage and diagnostic data — anonymous or pseudonymous analytics events (screen views, feature usage, app version, OS version, device model, language, country) and crash reports (stack traces, device state at the time of the crash). This data does not include the contents of your messages or files.
  • Information you provide voluntarily — when you contact support or send us feedback (e.g. your message and email address).

We do not collect precise location data, contacts, photos, advertising identifiers, or biometric data unless an App explicitly asks you for it and you grant the corresponding OS permission. Where an App requires such data, the in-App permission prompt and store listing describe its specific purpose.

3. How we use your data and legal basis

We process personal data under the following GDPR legal bases (Article 6):

  • Performance of a contract (Art. 6(1)(b)) — to create and manage your account, to provide the Apps' core features, and to support you when you contact us.
  • Legitimate interests (Art. 6(1)(f)) — to keep the Apps secure, prevent abuse, diagnose crashes, and understand aggregate usage so we can improve the product. Our interest is balanced against your rights and freedoms; you can object at any time (see Section 7).
  • Consent (Art. 6(1)(a)) — for any optional analytics or features that require it. You can withdraw consent at any time without affecting the lawfulness of prior processing.
  • Legal obligation (Art. 6(1)(c)) — to comply with applicable laws (e.g. tax, accounting, lawful requests from authorities).

4. Who we share data with

We do not sell your personal data and we do not share it with advertisers. We use the following categories of processors, each bound by a data processing agreement:

  • Cloud infrastructure — Amazon Web Services and/or Microsoft Azure, in EU regions, for hosting application backends, databases, and backups.
  • Authentication, analytics, and crash reporting — Google Firebase / Google Cloud for sign-in, app analytics, and crash diagnostics.
  • App stores — Apple Inc. (App Store) and Google LLC (Google Play) for app distribution, in-app purchases, and receipts. Their own privacy policies govern data they collect independently of us.
  • Service providers we engage directly — e.g. email delivery, customer support tooling, security monitoring. We only share the minimum data needed.

We may also disclose data when required by law, court order, or to protect our rights, users, or the public.

5. International transfers

Some of our processors (notably Google and Apple) are based outside the European Economic Area. Where data is transferred outside the EEA, we rely on appropriate safeguards under GDPR Chapter V, including the European Commission's Standard Contractual Clauses and, where applicable, adequacy decisions. You may request a copy of the safeguards by contacting us.

6. How long we keep data

  • Account data — for as long as your account is active, plus up to 90 days after deletion to allow recovery and to handle disputes.
  • Analytics and crash data — typically up to 14 months in identifiable form, then aggregated or deleted.
  • Support correspondence — up to 24 months after the last interaction.
  • Records required by law — for the period required by applicable accounting, tax, or other legal obligations (typically up to 7 years).

When the retention period ends, data is deleted or fully anonymised.

7. Your rights under GDPR

You have the following rights regarding your personal data:

  • Access (Art. 15) — request a copy of the data we hold about you.
  • Rectification (Art. 16) — correct inaccurate or incomplete data.
  • Erasure (Art. 17) — request deletion of your data ("right to be forgotten").
  • Restriction (Art. 18) — ask us to limit how we process your data.
  • Portability (Art. 20) — receive your data in a structured, machine-readable format.
  • Objection (Art. 21) — object to processing based on legitimate interests.
  • Withdraw consent — at any time, where processing is based on consent.
  • Not to be subject to automated decision-making (Art. 22) — we do not make automated decisions with legal or similarly significant effects.

To exercise any of these rights, email [email protected]. We will respond within one month, as required by GDPR. If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Cyprus Office of the Commissioner for Personal Data Protection (dataprotection.gov.cy) or with your local supervisory authority in the EU.

8. Security

We apply technical and organisational measures appropriate to the risk: encryption in transit (TLS) and at rest, least-privilege access, audit logging, regular patching, and security review of third-party processors. No method of transmission or storage is perfectly secure, but we work hard to reduce risk and to detect and respond to incidents quickly.

9. Children

Our Apps are not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, contact us and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top and, where appropriate, notify you in-app or by email before the changes take effect. Your continued use of the Apps after changes take effect constitutes acceptance of the revised policy.

11. Contact

For any privacy-related question or to exercise your rights, contact us at [email protected].