Privacy Policy
NachoVerbs App

We do not knowingly or intentionally collect personal information from children under 13 in USA or under 16 in the European Economic Area and contains no child-targeted content, ads, or external links. Parents or guardians can request data deletion by contacting us (see Section 10) and are encouraged to supervise usage for younger Users.

We encourage parents and legal guardians to actively monitor their children’s online activities and to reinforce this Policy by advising their children not to share any personal information through the App without explicit permission.

The data collected by the app is gathered in two main ways: directly from you and automatically through third-party services. During the sign-up or sign-in process, you provide your email and password, which are required for authentication. In addition, authentication identifiers, such as tokens or credentials, are automatically collected through third-party services like Firebase Authentication, Apple Sign-In API (for iOS users), and Google Sign-In API (for Android users).

When using the app, anonymized data regarding your device and usage patterns is also collected through Firebase Analytics and Firebase Crashlytics, but only if these services are enabled. This data may include information such as app performance, crash logs, and general interaction metrics to improve the app’s functionality and troubleshoot any issues.

It’s important to note that the app does not request access to sensitive device features, such as location, camera, microphone, photos, or other personal data. Data is only collected while the app is actively being used, and no data is gathered in the background when the app is not in use.

We process data for the following purposes:

• Providing and Maintaining the App. We may collect data to provide app services, such as account creation, sign-in, favorites saving, and subscription management.
• Improving the App. We may collect aggregated technical data to analyze usage trends, track crashes, identify errors, to develop new features and refine the user experience.
• Compliance & Legal Obligations. We may collect certain data to comply with applicable laws, regulations, or legal processes and to prevent or investigate potential fraud or security issues.

No data is used for personalization, marketing, or legal compliance beyond what is necessary for authentication and diagnostics.

We rely on the following legal bases to process your personal data:

• Performance of a Contract. Processing is necessary for us to provide the requested services under Terms of Service (i.e., enabling the App functionalities you choose to use).
• Legitimate Interests. Where our interests in processing your anonymized/aggregated technical data are not overridden by your data protection rights. We use this data to maintain, improve, and secure the App.
• Compliance with Legal Obligations. Where needed to comply with applicable laws or regulations.

We retain personal data collected during your use of the NachoVerbs for as long as necessary to provide App functionality:

• Account data (email, authentication identifiers) are retained while your account is active. You can delete it anytime.
• Anonymized analytics and crash logs can be retained for limited internal diagnostic purposes, typically up to 12 months, but without personal identifiers.
• Local data (favorites, settings, themes) are stored on your device until cleared or app is uninstalled.

Additionally, we reserve a right to retain data for an extended period as necessary to comply with legal obligations, resolve disputes, and protect our legitimate interests, in accordance with applicable laws and regulations.

We are committed to safeguarding your personal data and ensuring its confidentiality, integrity, and security. To this end, we implement appropriate organizational, physical, and technical measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. They include:

• All authentication and data transfers use HTTPS connections.
• Passwords are hashed and never stored in plain text.
• Authentication tokens from Apple Sign-In and Google Sign-In are handled securely within their APIs and Firebase.
• Local data like favorites and settings is sandboxed in the app, inaccessible to other apps.
• We follow best practices for access control, encryption, and secure retention.

Our approach to data protection is guided by industry standards and applicable legal requirements. We regularly review and update our security practices to address evolving risks and ensure ongoing compliance with data protection obligations. By maintaining robust policies and procedures, we strive to provide a secure environment for the processing of your personal data.

We may share your personal data to the extent necessary for the operation of the App and the provision of our services to the following parties:

• Our Employees and Contractors: Personal data may be shared with our employees or trusted contractors to ensure the proper fulfilment of our obligations under contracts with you;
• Cloud Hosting Services: We engage trusted cloud hosting providers to store and manage data necessary for the operation of App and services;
• Third parties: Google (via Firebase Authentication, Analytics, and Crashlytics) for account management, anonymized analytics, and crash diagnostics; Apple (via Apple Sign-In API on iOS) for authentication; Google (via Google Sign-In API on Android) for authentication; Apple App Store and Google Play for subscription validation and payments.
• Government Authorities, Local Authorities, Courts, or Law Enforcement Agencies: We may share your data with courts, law enforcement agencies, and other governmental authorities upon receiving a lawful request, order, or other enforceable decision from them.

European Economic Area and United Kingdom residents
‍You, as data subjects, have the following rights under EU GDPR and UK GDPR:

• Right to be Informed: You have the right to receive clear and transparent information about the collection and use of your personal data;
• Right of Access: You have the right to request access to your personal data held by us;
• Right to Rectification: You have the right to request the correction of inaccurate or incomplete personal data concerning you;
• Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal data under certain conditions, such as when the data is no longer necessary for the purposes for which it was collected;
• Right to Restrict Processing: You have the right to request the limitation of processing your personal data under certain circumstances, such as when the accuracy of the data is contested;
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another data controller without hindrance;
• Right to Object: You have the right to object to the processing of your personal data for certain purposes including direct marketing and profiling;
• Rights Related to Automated Decision-Making and Profiling: You have the right not to be subject to decisions based solely on automated processing, including profiling, which significantly affects you;
• Right to Withdraw Consent: You have the right to withdraw your consent at any time, where data processing activities were based on your consent;
• Right to Complain to a Supervisory Authority: You have the right to lodge a complaint with supervisory authority.

To exercise your rights, contact us. If your request was not satisfied, you can submit a complaint to your local Data Protection Authority. You may find it here.

UK residents enjoy the same rights but may lodge a complaint at the other Authority in the UK – Information Commissioner’s Office. You can contact them at 0303 123 1113 or go online at www.ico.org.uk/concerns.

We will respond to your request regarding personal data within one month of receipt. If a request is complex or numerous, we may extend the response time by an additional two months and will inform you within the initial one-month period. In cases of manifestly unfounded or excessive requests, we reserve the right to refuse the request and will provide a justification for the refusal.

Some states do not have privacy laws. The rights of residents of such states are governed by U.S. federal law. If your state is not on the list, please contact us to exercise your rights.

Depending on the state and legislative requirements, we have from 30 to 60 days to exercise your request, with the right to postpone it for 30 days more. If your complaint is not satisfied, you can file a complaint with the Federal Trade Commission.

We may update Policy from time to time. If we make material changes, we will notify you by updating the “Last Updated” date at the top of Policy or through other reasonable means. Your continued use of the App following any updates signifies your acceptance of the revised Policy.