Privacy Policy - Flahora

← Back to Home

This privacy policy is provided in accordance with Articles 13 and 14 of EU Regulation 2016/679 (GDPR), ePrivacy Directive 2002/58/EC, and Italian Legislative Decree 196/2003.

1. Data Controller

Flahora App
Developer: Francesco Di Tullio
Email: support@flahora.com
Privacy Officer: Francesco Di Tullio (pro tempore)

2. Personal Data Collected

2.1 Data provided voluntarily by the user

Email, name, username, password (hashed)
Avatar, bio, friends list, posts, comments, reactions
Notification and privacy preferences
2FA codes (TOTP), phone number for SMS, recovery codes

2.2 Data collected automatically

IP address, device type, operating system
App version, access logs, errors, crashes
Anonymous app events (with consent)

2.3 Data NOT collected

Real-time GPS location
Contact list
Private messages from other apps
Health, biometric, or judicial data

3. Purpose and Legal Basis

Purpose	Legal Basis	Article
Registration and account management	Contract performance	Art. 6.1.b
Content publication and social interactions	Contract performance	Art. 6.1.b
Security and abuse prevention	Legitimate interest	Art. 6.1.f
Anonymous statistical analysis	Explicit consent	Art. 6.1.a
Push notifications and updates	Explicit consent	Art. 6.1.a
Legal obligations (logs and security)	Legal obligation	Art. 6.1.c

4. Processing Methods and Security Measures

Automated digital processing
Secure servers on Firebase (Google Cloud - EU)
Firestore Rules and Cloud Functions for server-side validation
Encrypted passwords (bcrypt), HTTPS/TLS 1.3 connections
Encrypted daily backups, retained for 90 days
Two-factor authentication (TOTP / SMS)

5. Data Retention

Data Type	Duration	Deletion
Active account	Until user deletes it	Permanent
Inactive account >24 months	Automatic deletion	Complete
Temporary posts	Until expiration (1 min – 30 days)	Automatic deletion
User-deleted posts	Immediate	No backup
User archive	Until user deletes it	Permanent deletion
Analytics data (with consent)	14 months	Automatic deletion
Security logs	90 days	Legal obligation

6. Your Rights (Art. 15-22 GDPR)

Access: Full view within the app
Rectification: Edit profile in real-time
Erasure (right to be forgotten): Deactivation from Settings
Portability: Export to JSON via app
Restriction and objection: Disable consents from Settings
Withdraw consent: Always possible
Complaint to Authority: www.garanteprivacy.it

7. Data Recipients

7.1 Data Processors

Firebase (Google LLC): database, storage, authentication, analytics
Region: Europe (europe-west1 + europe-west4)
Active SCCs, no extra-EU transfers

7.2 We DO NOT share data with:

Advertising platforms
External social networks
Data brokers

7.3 Disclosure only if:

Required by law or judicial authority
Necessary for the protection of rights

8. Extra-EU Transfers

No transfer of personal data outside the EU
All servers are in Europe (Google Cloud - EUR3)
If needed in the future, SCCs and adequate safeguards will be adopted (Art. 46 GDPR)

9. Minors

The app is reserved for users at least 18 years old. If we become aware of underage accounts:

Account deleted without notice
Parents can contact us via email to request intervention

10. Changes to this Policy

Any changes will be communicated via:

In-app notification
Email (if available)

Continued use of the app implies acceptance of the updated version.

11. Contact

For questions or to exercise your rights:
Email: support@flahora.com
In-app: Settings → Support

Document compliant with: EU Regulation 2016/679 (GDPR) · ePrivacy Directive 2002/58/EC · Italian Legislative Decree 196/2003 (Privacy Code) · Digital Services Act (EU Regulation 2022/2065)