Privacy policy

Last updated July 15, 2024

Introduction & Definitions

Paralino: “we”, “us”, “Company”, or “our”
Personal Data: Any information relating to an identified or identifiable natural person.
Processing: Any operation or set of operations performed on personal data, whether or not by automated means.
User, You, Data Subject: The individual whose personal data is being processed.

This privacy notice describes how and why Paralino might collect, store, use, and/or share ("process") your information when you use our services ("Services"), such as when you:

• Download and use our mobile application (Paralino) or any other application of ours that links to this privacy notice.
• Use our website.
• Engage with us in other related ways, including any support inquiries, sales, marketing, or events. By using the Services provided here, you consent to the terms outlined in this privacy policy.
  

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at contact @ paralino . com.

Summary

• We do not collect or process sensitive personal information.
• We do not sell, share, or trade your personal information.
• Your data is always end-to-end encrypted; we cannot access it, nor would we want to.
• We utilize strong security and privacy practices, and everything done at Paralino is with a privacy-first mindset.

Legal framework

Paralino is governed by the laws and regulations of Austria and is fully committed to GDPR compliance. This includes, but is not limited to:
Transparency: Clear communication about what data is collected and how it is used.
Data Minimization: Limiting data collection to what is necessary for the purposes for which it is processed.
Security: Implementing appropriate technical and organizational measures to protect personal data.
Rights of Individuals: Respecting and facilitating the rights of individuals to access, correct, delete, or restrict their personal data.

Data collection

Paralino strives to collect as little user information as possible and facilitates end-to-end encryption to secure your data. Therefore, we are not able to access, see or process your encrypted data (including your location and whereabouts). Our data collection is outlined as:

Visiting paralino.com website

We use a self-hosted Plausible analytics instance to gain insight into website traffic in a privacy-respecting way. You can learn more here: Plausible Privacy

Account Creation

You can create a Paralino Account either anonymously or by providing an email and password. Any emails provided to the Service during account creation, including through sign-up, waiting list, email verification, or recovery email settings in your account, are considered personal data. Your email address will be used solely for the following purposes:

• Logging you into the Service.
• Contacting you with important notifications about the Service.
• Verifying your account.
• Sending you password recovery links.
  

If you choose to create an anonymous account, no email address is required.
We employ various verification and protection methods that shield us from account creation by bots or human spammers. The legal basis for this processing is our legitimate interest in protecting our service from malicious activities.

Account Activity

Depending on the device used, this data may include information such as your IP address, device and application identification numbers, browser type, push notifications token, hardware model, operating system, and system configuration information.

IP logging

By default, we do not maintain permanent IP logs associated with your Account. However, temporary IP logs are kept to prevent abuse and fraud and to provide you options for multiple device management. If you engage in activities that violate our terms and conditions, such as spamming, DDoS attacks, or brute force attacks, your IP address may be permanently retained. The legal basis for this processing is our legitimate interest in protecting our service from malicious activities and to provide you with device management features.

Other Logs and Usage Data

Other forms of logs are diagnostic, usage, and performance information our servers automatically collect when you access or use our Services. Depending on how you use the Services, this log data may include your device hardware information and type, operating system, information about your activity in the Services (such as the date/time stamps associated with your usage and other actions you take). The legal basis for this processing is our need to maintain the security and operation of our Services, and for our internal analytics and reporting purposes. These logs are only stored temporarily, up to a maximum of 14 days.

Crash Reporting

We use a self-hosted GlitchTip instance for crash reports (see GlitchTip: GlitchTip ), so not even anonymized data leaves Paralino. Crash logs are not tied to your account or your specific device. In case of app malfunctioning or crash, crash stack trace along with device hardware information is sent as a crash log. Crash logs are collected in order for us to promptly react and fix any bugs. These logs are only processed if needed and are not stored longer than 180 days. You may opt out of anonymous crash reports from the mobile application by turning it off in settings for each device you use to access our Services.

Information from Minors

Our Services are not intended for children under 13 and do not target this age group.

Mobile Device Access

The Paralino app may request access or permission to certain features from your mobile device, including your mobile device’s location sensors (GPS), notifications, and network information. Data provided by these sources of your device is never shared with us and is always end-to-end encrypted before being saved. Access to some of these sources is required for certain Paralino app features (i.e. you need to enable location permission in order to share your location). None of these features are required to access our Service, and if you wish to change Paralino app access or permissions, you may do so in your device’s settings.

Third-Party Data

The only third-party data Paralino collects is payment-related information in order to provide you with optional premium Services (see more at the Payment Information section).

Payment Information

We may collect data necessary to process your payment in the form of payment confirmations, identifiers, subscription activation and deactivation dates, payment amount, subscription plan associated with your payment, payment time, payment type, payment method, whether a discount or voucher was applied, upcoming and previous payment dates. We use this information to provide you with the selected Subscription Plan. We use RevenueCat to handle in-app purchases directly inside Paralino app and for subscription management. All your personal payment data (i.e. credit cards) is handled and stored by Google and/or Apple . We do not collect, process or store your payment information such as credit card numbers.

Communicating with the Company

Messages you send to us, such as support inquiries, bug reports, or feature suggestions, may be stored by our team to help us improve Services, build Services documentation, and frequently asked questions (FAQs) if deemed useful.

Links to External Websites

Our website may include links to other websites and products of interest. However, we do not take responsibility for the content found on those linked websites. Please note that external websites operate under their own terms and conditions and privacy policies.

Embedded Content

We may use third parties to provide embedded content on our website, such as pictures and videos. Embedded content may collect information about you. The legal basis for this is to provide rich and educational content in order for us to drive interest and growth.

Cookie Policy

We do not use any cookies in the Services.

Data Usage

We use the information that you provide to:

• Provide our Services under our Terms and Conditions.
• Facilitate account creation and authentication and otherwise manage user accounts.
• Respond to user inquiries/offer support to users.
• Control access permissions to your data and your account.
• Deliver and facilitate the delivery of services to the user.
• Send administrative information to you (details about our products and services, changes to our terms and policies, and other similar information).
• Fulfill and manage your Subscription Plans.
• Protect our Services from fraud, abuse, and spam.
• Maintain and improve our systems and Services.
• Anonymously analyze collected data and information statistically (this helps us ensure an optimal level of protection for the personal data we process).

Data Storage

Paralino facilitates end-to-end encryption to secure your data, hence we are not able to decrypt and see your data. Therefore, we are not able to process it in any capacity nor share it with third parties. The following information is encrypted end-to-end:

• All encryption keys.
• Your private identity key.
• Profile name and image.
• Paralino.ID.
• Group name and image.
• Place name, image, geographical location, and radius.
• Group member name, image, device name, and type.
• Device status (signal strength and network type, battery, location sharing duration, timestamps).
• User geographical location (latitude and longitude), accuracy, speed, elevation.
• Push notifications content.
• Any other technical data that complements the above categories (e.g., group settings or feature flags).
  

Data shared with other users of the Service when in the same Group is also end-to-end encrypted. You will exchange cryptographic keys to facilitate data sharing with end-to-end encryption.
All servers we use to provide you with the Service are located in Germany.
Data backups only contain encrypted information, are stored in Germany, and kept for up to 30 days.
Additionally, our Services also use HTTPS while in transit and encryption at rest.
We store personal data only as long as needed to fulfill its purpose or as required by European or other relevant laws. If the purpose no longer applies or the legal storage period ends, we routinely block or delete the data according to legal requirements (i.e., account inactivity).

Transparency & Data Portability

We clearly show all the information we have linked to your account and allow you to easily view, delete, or export your data directly in the Paralino app. Since we can’t decrypt your encrypted data, you can access it in both the encrypted format as stored on our servers or in decrypted form only you can view.

Service Providers and Data Subprocessors

To deliver our Services, we utilize various data subprocessors, each handling specific categories of data. The subprocessors include:

• Apple:
  Purpose: Apple Maps, push notifications, App Store, iOS payments, iOS app infrastructure
  Apple Privacy Policy
• Google:
  Purpose: Google Maps, push notifications, Play Store, Android payments, Android app infrastructure
  Google Privacy Policy
• Mapbox:
  Purpose: Map provider, geocoding
  Mapbox Privacy Policy
• Appwrite:
  Purpose: Hosting, server infrastructure, data storage
  Appwrite Privacy Policy
• Hetzner:
  Purpose: Hosting, server infrastructure
  Hetzner Privacy Policy
• Cloudflare:
  Purpose: Networking and firewall
  Cloudflare Privacy Policy
• RevenueCat:
  Purpose: In-app purchases and subscription management.
  RevenueCat Privacy Policy
• Postmark:
  Purpose: Transactional emails
  Postmark Privacy Policy
• GitHub:
  Purpose: Feature request, bug reports, roadmap
  GitHub Privacy Policy
• Proton:
  Purpose: Email communication
  Proton Privacy Policy

Data Retention

Active users: We keep your data while you are subscribed and using our Service, subject to rights set in our Terms.
Account termination: You can request your data to be irrevocably deleted (Right to be forgotten). You may do so at any time directly in the Paralino app, which also is the only way to prove you are the owner of your account. Upon account deletion request, all user data we have on record, including the encrypted content of data that belongs to a user, is promptly removed from our production servers. Deleting an account removes all permanent traces of data from our production database. However, deleted data may persist in our backups for up to 30 days strictly for disaster recovery. These backups are encrypted with user-specific keys, ensuring that the data remains inaccessible to us or any third party.
Other cases: If your account is suspended or terminated, we might keep your account information if we think it’s needed to prove a breach of our Terms or if there’s ongoing or expected action from law enforcement or other parties.

Data Disclosure

We have no technical means to decrypt, access, or share your encrypted data. We do not sell, trade, rent, or transfer your personal information to others without prior notice. However, there may be instances where Paralino shares your personal information with others to facilitate the delivery of our Services, such as:
Disclosure provided by law or for protection: We will only share the minimal user data we have if required by an enforceable court order or we believe it is necessary or appropriate to protect the rights, property, or safety of Paralino, our employees, our customers, or others. Should there be a request for encrypted user data, which we cannot decrypt, we may provide the fully encrypted data or other user information mentioned in the data collection section. Whenever legally allowed, we will notify the user prior to any data disclosure, provided we have a means to contact them (i.e., email address).
Disclosure in the event of merger or sale: We may disclose personal information if there is a merger, sale of the business, or similar event.

Your Privacy Rights at Paralino

If you believe your rights have been violated, you have the right to file a complaint with the appropriate supervisory authority.
You have control over your personal data processed by Paralino when using our services. You can access, edit, delete, or export your data through your Account in the Paralino app.
If your Account has been suspended due to a breach of our terms and conditions and you wish to exercise your data rights, please contact our support team.

Amendment of this Privacy Policy

Subject to applicable law, Paralino reserves the right to update this Privacy Policy from time to time to comply with changed legal requirements or to implement new functionalities in the Privacy Policy. You are responsible for reviewing the Terms regularly while using your Account or the Services. Continued use of your Account or Services, or not deleting your Account after changes, signifies your acceptance of the updated Terms. The latest Terms will apply to all future use and any disputes arising thereafter. The current Privacy Policy is always linked on the Paralino website and in the Paralino app.