Privacy Policy

1. Data Controller

The entity responsible for processing your personal data is:

SAFER Technologies UG (haftungsbeschränkt)

Hauptstraße 35a, 77839 Lichtenau, Germany

Represented by: Dr. Pascal Oser

E-Mail: flare@safer.network

Trade Register: Mannheim, HRB 749608

VAT ID: DE 365778955

2. Data We Collect

We collect only the data necessary to operate the FLARE app. The following categories of data may be processed:

2.1 Account Data

Data	Purpose	Required?
Username	Unique identifier displayed publicly	Yes
Email address	Account login, notifications, support	Yes
Password (hashed)	Secure authentication (never stored in plain text)	Yes
Display name	Shown on profile and leaderboards	Optional
Profile picture	Shown on your public profile	Optional
Bio	Shown on your public profile	Optional

2.2 User-Generated Content

Photos you submit to trends and battles. These are stored on our servers and shown publicly within the app.
Votes (Flares) you cast on other users' photos.

2.3 Location Data

FLARE uses your approximate location to show you local trends and battles and to assign your content to a geographic radius. Location is only collected while the app is in use (When In Use permission). We do not track location in the background. You can disable location access in your iOS Settings at any time — the app will fall back to a manually entered city.

2.4 Device & Technical Data

Device type and operating system version
App version
Crash logs and error reports (for debugging purposes only)
IP address (logged temporarily for security rate-limiting)

2.5 Usage Data

Battles viewed and votes cast (aggregated for ranking algorithms)
Trends you browse or participate in
Session activity for app functionality and abuse prevention

2.6 Purchase Data

If you purchase a Premium subscription, transaction receipts are processed via Apple App Store / Google Play and validated server-side through RevenueCat. We do not store full payment card details. Your subscription status is stored.

2.7 Advertising Data (optional)

If you consent to ad tracking via Apple's App Tracking Transparency (ATT) prompt, Google AdMob may collect your Advertising Identifier (IDFA) for personalized ads. If you decline, you will still see ads, but they will not be personalized. See Section 5 for full details.

3. Purpose & Legal Basis

Processing Activity	Legal Basis (GDPR Art. 6)
Providing the core app features (account, battles, trends, rankings)	Art. 6(1)(b) — Performance of contract
Location-based content discovery	Art. 6(1)(b) — Performance of contract
Security, fraud prevention, rate-limiting	Art. 6(1)(f) — Legitimate interests
Sending transactional emails (account confirmation, support replies)	Art. 6(1)(b) — Performance of contract
Displaying non-personalized ads (AdMob)	Art. 6(1)(f) — Legitimate interests
Displaying personalized ads (AdMob with ATT consent)	Art. 6(1)(a) — Consent
Analytics for app improvement	Art. 6(1)(f) — Legitimate interests
Processing in-app purchases (RevenueCat)	Art. 6(1)(b) — Performance of contract
Compliance with legal obligations	Art. 6(1)(c) — Legal obligation

4. Third-Party Services

We use the following third-party services that may process your data:

Service	Purpose	Privacy Policy
Google AdMob Google LLC, USA	Displaying advertisements in the free app	policies.google.com/privacy
RevenueCat RevenueCat Inc., USA	In-app purchase & subscription management	revenuecat.com/privacy
Apple App Store / Google Play	App distribution and purchase processing	apple.com/privacy, policies.google.com/privacy
Self-Hosted Backend EU-based servers	Core app data (accounts, photos, battles, rankings)	Data remains under our control on EU infrastructure

We do not sell your personal data to any third party. Data shared with third parties is limited to what is strictly necessary for the stated purpose.

5. Advertising & Tracking (ATT)

FLARE is free to download and is supported by advertising via Google AdMob. On iOS 14.5+, Apple requires us to request your permission before accessing your device's Advertising Identifier (IDFA) for personalized ads. This is done via Apple's App Tracking Transparency (ATT) framework.

If you grant permission:

AdMob may use your IDFA to show personalized, interest-based ads.
Ad performance may be measured across apps and websites.

If you decline (or on Android where ATT is not applicable):

You will still see ads, but they will be contextual and non-personalized.
Your IDFA will not be used for ad targeting.

You can change your ATT decision at any time:
iOS Settings → Privacy & Security → Tracking → FLARE

AdMob may still collect certain non-identifying information (e.g., general device type, approximate location at country level) for fraud prevention and aggregated reporting, regardless of your ATT choice. See Google's Privacy Policy for details.

6. Data Retention

Data Category	Retention Period
Account data	Until account deletion, plus 30 days grace period
Photos & user-generated content	Until deleted by user or account deletion
Location data	Last known location retained while account is active; deleted on account deletion
Server logs / IP addresses	Maximum 14 days for security purposes
Purchase receipts	As required by tax law (10 years in Germany per HGB)
Support correspondence	3 years from last contact

You can request deletion of your account at any time from within the app (Profile → Settings → Delete Account) or by contacting flare@safer.network.

7. International Data Transfers

Our primary backend infrastructure is hosted in the EU. However, some third-party services (Google AdMob, RevenueCat) are based in the United States. Data transfers to these providers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of data protection.

8. Your Rights (GDPR)

As a data subject under the GDPR, you have the following rights. You can exercise any of these by contacting us at flare@safer.network:

Right of access (Art. 15) — Request a copy of all personal data we hold about you.
Right to rectification (Art. 16) — Request correction of inaccurate data.
Right to erasure / "right to be forgotten" (Art. 17) — Request deletion of your data.
Right to restriction of processing (Art. 18) — Request that we limit how we use your data.
Right to data portability (Art. 20) — Receive your data in a structured, machine-readable format.
Right to object (Art. 21) — Object to processing based on legitimate interests.
Right to withdraw consent (Art. 7(3)) — Withdraw any consent you have given (e.g., ATT) at any time without affecting prior processing.

You also have the right to lodge a complaint with a supervisory authority. In Germany, the competent authority is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Postfach 10 29 32, 70025 Stuttgart, Germany
www.baden-wuerttemberg.datenschutz.de

9. Children's Privacy

FLARE is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has created an account, please contact us immediately at flare@safer.network and we will delete the account and associated data promptly.

Users between 13 and 16 years of age in the EU may require parental consent under applicable national laws.

10. Changes to this Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by displaying a notice in the app or by email. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of FLARE after changes constitutes acceptance of the updated policy.

11. Contact & Data Requests

For any privacy-related questions, data access requests, or account deletion requests: