Effective as of May 1st 2018
In case you’re not familiar, Nappsis is a mobile application that automatically captures your social interactions with friends in real-time and allows you to enrich and easily share those experiences with the ones you care about. Have you ever missed an opportunity to join a group of friends hanging out nearby or regret not having pictures from one of your friends’ birthday parties? Never again.
We understand that privacy is important when sharing your location. That’s why we have built-in features that give you both visibility into and control over what you’re sharing.
Before you read on, we would like to highlight important information.
Nappsis Limited is a Limited Company registered in England and Wales with domicile at 20-22 Wenlock Road, N1 7GU, London.
When you use our services you share information with Nappsis and any companies or affiliates within our corporate family.
Nappsis Limited is the data controller and responsible for processing your data. The Information Commissioner’s Office (“ICO”) is the public organization in the United Kingdom in charge of making sure companies like Nappsis comply with data privacy laws.
To create your account we only require your first and last names (“username”) and email address. The username is used to identify you on Nappsis and your email is used to authenticate your account.
We have a data deletion and retention policy in place that details how long we store your information. As a general rule, we store the information we collect as long as you are actively using the Nappsis app. If you haven’t opened or used the app for more than 12 months we will delete most of the data collected by us. For details, have a look at the How long we keep your information section.
You have the right to provide us with instructions on how to handle the deletion and retention of your personal data after your death.
Finally, if you have any concerns about the way we process your data or comply with your individual rights even after speaking with us, you will always have the right to address them with the Information Commissioner’s Office.
Information we collect
There are three categories of information we collect:
*Information you provide
*Information we automatically collect
*Information we may collect from third parties
1) Information you provide
- Your Account. When you register through the app you provide us with a username (which could be your first and last name, or a pseudonym…it’s totally up to you) and email address. During registration you will enter and confirm a password that you will need to use to access the account in any other device.
- Profile picture. If you want, you can also add a profile picture to make it easier and more fun to interact with your friends. Of course, you’re free to change your photo and username anything you’d like: just go to Settings in the app.
- Comments and Media. In order to enrich your experience with your social interactions you can make comments on them as well as upload media items such as pictures.
- Your Connections. When you use Nappsis you necessarily need to add users as friends. We keep a list of who you have friended within the app.
- Nappsis is a location based service. In order for the app to fully function we need permission to collect your precise location even when the app is not in the foreground. Otherwise we would not be able to capture those social experiences. You provide us with your location through the permission settings on your phone. We collect your location using methods that include GPS, wireless networks, cell towers, Wi-Fi access points, and other sensors, such as gyroscopes, accelerometers, and compasses. If, for whatever reason, you’re letting someone else use your phone you can disable location sharing to keep their location private as well as prevent any misunderstandings about your own location and interactions.
- Your Places. Besides collecting your geolocation, Nappsis allows you to tag on your social interactions specific venues where the interaction took place. By default Nappsis use a third party service to identify the street where the interaction is taking place but we leave it up to you to select the exact venue where you effectively spent your time. For example, you may want to tag on your last interaction a particular restaurant or bar.
- Your Exemptions. In order to facilitate the control you have over what you share with your Nappsis friends we have created a feature that allows you to specify locations where you do not want Nappsis to “record” an interaction. These locations may be important for you such as your home or workplace so we take it very seriously to protect their privacy.
- Your suggested interactions. Nappsis allows you to suggest to some of your friends that you meet at a given place and time.
- Customer Support. You may provide us with information related to your use of our Services, including copies of your messages, and how to contact you so we can provide you customer support. For example, you may send us an email with information relating to our app performance or other issues.
2) Information we automatically collect
When you use our services, we collect information about how you use those services so we can provide you with a better experience. Here are some examples:
- Usage information. We collect information with regard to your activity on Nappsis. For example, how you engage with your friends: usernames, times and dates of your posts or likes, your call history (if using the premium services) which features you use from the app more frequently, etc. This helps us understand what you like, and what we should improve!
- Location information. We collect information on the location of your social interactions. This includes the precise coordinates as well as the name of the streets or the venues where the interaction took place. For example, we may identify and capture that you met with certain friend at a nearby café.
- Your social interactions. Nappsis processes the location information that users provide us with in a certain way to identify when you are engaging in a social interaction. We collect information on the location of your social interactions. This includes the precise coordinates as well as the name of the streets or the venues where the interaction took place. For example, we may identify and capture that you met with certain friend at a nearby café.
- Device information. We may collect a variety of device-specific information, such as the divide token, the SSIDs of Wi-Fi terminals, whether or not headphones are connected, phone name, phone hardware model, operating system version, your phone’s advertising identifier, unique application identifiers, unique device identifiers, phone language, wireless network names, IP addresses, and general mobile network information (including the mobile phone number). This helps us protect your security, fix bugs, and improve the precision of your positions, for example.
3) Information we may collect from third parties
- Third-Party Service Providers.We work with third-party service to help us operate, provide, improve, understand, customize, support, and market our Services. For example, we work with companies to distribute our apps, provide our infrastructure, delivery, and other systems, supply location, map, and places information, help us understand how people use our Services, market our Services, conduct surveys and research for us, and help with customer service. These companies may provide us information about you in certain circumstances; for example, app stores may provide us reports to help us diagnose and fix service issues.
- Third-Party Services. We allow you to use our Services in connection with third-party services. If you use our Services with such third-party services we may receive information about you from them; for example, if you use the share button on a particular picture that you like to share it with your WhatsApp contacts or if you choose to access our Services through the Facebook login. Please note that when you use third-party services their own terms and privacy policies will govern those services.
How we use information
Our main goal is to offer the best possible service so you and your friends can enrich your social experiences digitally based on your current location. Specifically, we may use your information to:
- Develop, operate, improve, deliver, maintain, and protect our services.
- Send you communications, including by email. For example, we may use email to respond to support inquiries or to share information about important changes in our policies, as well as providing guidance in the new features that Nappsis may implement.
- Create statistical studies and monitor and analyse trends. For example:
-Statistical studies. Creating statistical studies on an anonymized basis about social interactions. We will never disclose your identity. Not even your username.
-Registration statistics. Determining which groups (e.g. country, users of different phone types, operating systems, etc.) are statistically relevant to the different studies that Nappsis conducts on an aggregate basis.
-Social interactions over time. Measuring and analysing the social interactions of users over time.
-General Usage. Studying which features within the app are most frequently used and which ones are not.
- Personalize the Nappsis service. For example, suggesting friends, calculating your social score or creating exemptions on the places and the people with whom Nappsis will capture social interactions for you.
- Enhance the safety and security of our products and services, for example by detecting and preventing excessive friend requests.
- Allow you to receive promotions and advertisements on services provided by third parties that could relate to the social interactions you are having. For this particular purpose we will ALWAYS request your previous consent and you will be able to disabled the feature via the in-app Settings.
- Send you push notifications. Of course, if you don’t want to receive push notifications, just turn them off in the Settings.
- Verify your identity to prevent fraud or other unauthorized or illegal activity.
- Enforce our Terms of Service and other usage policies.
- Store some information locally on your device, so that you can open the app and view content faster.
How we share information
We (and you) may share your information in the following ways:
With other Nappsis users
Specifically, we may share the following information:
- Information about you, such as your username, friend list, number of friends, profile picture, social interactions and places where you have been. This will only be available for those users whose requests you accepted.
- The location of your social interactions. We will not share your location when you have not engaged in a social interaction. And even when you do it will only be shared with your circle of friends and your social interactions settings are not in private mode. We would also like to draw your attention to the fact that any of your friends that are in private mode will not be able to see your interactions either – we thought it would just be fair. Remember: you can always create exemptions or activate a private mode to limit the creation and sharing of your interactions in the app at any time.
- Information about how you have interacted with the service such as your comments and likes, the pictures you upload and who are the friends you have met with more frequently.
- The location and details of the interactions you suggest. This will be only available for the friends that you actually invite.
- Any other information you have consented for us to share specifically.
With our affiliates
That means that we may share information with entities within the Nappsis Ltd family of companies.
With third parties
- With our service providers and partners. We may share information about you with service providers who perform services on our behalf and business partners that provide services and functionality.
- With third parties for legal reasons. We may share information about you if we reasonably believe that disclosing the information is needed to:
- Comply with any valid legal process, governmental request, or applicable law, rule, or regulation.
- Investigate, remedy, or enforce potential Terms of Service violations.
- Protect the rights, property, and safety of us, our users, or others.
- Detect and resolve any fraud or security concerns.
- Other third parties. We may also share aggregated, non-personally identifiable or de-identified information. Especially about the location, duration or extent of the social interactions.
With third parties as part of a merger or acquisition
If Nappsis Ltd. gets involved in a merger, asset sale, stock sale, share sale, financing, liquidation or bankruptcy, or acquisition of all or some portion of our business to another company, we may share your information with that company before and after the transaction closes. Things like this can happen in the wild world of tech!
Also be aware that your friends may take screenshots of the app and/or share some information about their interactions with you on Nappsis.
Our legal basis for processing your information
Under European law, companies like Nappsis must have a legal basis to process data. You have particular rights available to you depending on which legal basis we use, and we wanted to explain these in detail.
You should know that no matter what legal basis applies, you always have the right to request access to, rectification of, and erasure of your data under the General Data Protection Regulation (the “GDPR”). To exercise your rights, see the How you can exercise your rights section.
- as necessary to fulfil our Terms of Service;
- consistent with your consent, which you can revoke at any time
- as necessary to comply with our legal obligations;
- as necessary for our (or others’) legitimate interests, including our interests in providing an innovative, relevant, safe, and profitable service to our users and partners, unless those interests are overridden by your interests or fundamental rights and freedoms that require protection of personal data.
- As necessary to protect your vital interest or those of another person.
For all people who have legal capacity to enter into an enforceable contract, we process data as necessary to perform our contracts with you (the Terms of Service, the “Terms”). The core data uses necessary to provide our contractual services are:
- To develop, operate, improve, deliver, maintain, and protect our services, including the collecting and processing of your location data at all times
- To promote and enhance the safety and security of our services;
- To transfer, transmit, store, or process your data outside the EEA; and
- To send you communications, for example, on Service-related issues.
- To enforce our Terms of Service and other usage policies
- To send you push notifications
- To store some information locally on your device, so that you can open the app and view content faster
These uses are explained in more detail the How We Use Information section. We’ll use the data we have to provide these services. If you choose not to provide certain data the quality of your experience using Nappsis may be impacted. For example, if you choose not to provide us with your exempted places the interactions that Nappsis captures may not be as meaningful as they should or if you disable the push notifications you might miss out on a fun interaction happening nearby.
When we process data you provide to us as necessary to perform our contracts with you, you have the right to port it under the GDPR. To exercise your rights, visit How you can exercise your rights section.
The other legal bases we rely on in certain instances when processing your data are:
Your Specific Consent
We know how sensitive location information is. That is why, even though this information is necessary to operate our services, we also request that you specifically consent to Nappsis fetching your location data even when the app is no running in the foreground so that we can capture your social interactions with friends. This is something you must consent upon the in-app registration process.
Other data uses we will require your consent for are:
- For collecting and using other information required to provide some features and services such as photo uploads. In this case you will consent via the device-based settings when you enable them (such as camera or gallery).
- For allowing you to receive promotions and advertisements on services provided by third parties that could relate to the social interactions you are having. Should we implement such feature you will be prompted with an in-app consent screen to notify you of the information use and to request your consent.
Where not outweighed by your interests or fundamental rights and freedoms we may use the information we collect to promote our legitimate interests or the legitimate interests of a third party.
For people under the age of majority (under 18, in most EU countries) who have a limited ability to enter into an enforceable contract only, we may be unable to process personal data on the grounds of contractual necessity. Nevertheless, when such a person uses our services, it is in our legitimate interests:
- To develop, operate, improve, deliver, maintain, and protect our services;
- To promote safety and security; and
- To communicate with you, for example, on Service-related issues.
The legitimate interests we rely on for this processing are:
- To create, provide, support, and maintain innovative Services and features that enable people under the age of majority to enrich their social experiences, build community, and utilize tools and features that promote their well-being;
- To secure our platform and network, verify accounts and activity, combat harmful conduct, detect and prevent spam and other bad experiences, and keep our services free of harmful or inappropriate content, and investigate suspicious activity or violations of our terms or policies and to protect the safety of people under the age of majority, including to prevent exploitation or other harms to which such individuals may be particularly vulnerable.
For all people, including those under the age of majority we might use the data as well for:
- Providing measurement, analytics, and other business services where we are processing data as a controller.
The legitimate interests we rely on for this processing are:
- To provide accurate and reliable reporting to businesses and other partners, to ensure accurate pricing and statistics on performance, and to demonstrate the value our partners realise using our Services; and
- In the interests of businesses and other partners to help them understand their customers and improve their businesses, validate our pricing models, and evaluate the effectiveness and distribution of their services and messages, and understand how people interact with them on our Services.
- For providing marketing communications.The legitimate interests we rely on for this processing are:
- To promote Nappsis and issue direct marketing.
- To share information with others including law enforcement and to respond to legal requests. The legitimate interests we rely on for this processing are:
- To prevent and address fraud, unauthorised use of Nappsis products, violations of our terms and policies, or other harmful or illegal activity; to protect ourselves (including our rights, property or Products), our users or others, including as part of investigations or regulatory inquiries; or to prevent death or imminent bodily harm.
We will consider several factors when assessing an objection including: our users’ reasonable expectations; the benefits and risks to you, us, other users, or third parties; and other available means to achieve the same purpose that may be less invasive and do not require disproportional effort. Your objection will be upheld, and we will cease processing your information, unless the processing is based on compelling legitimate grounds or is needed for legal reasons.
If you are under the age of majority in your country and have a limited ability to enter an enforceable contract, we will take particular account of the fact that you are below the age of majority and adjust our assessment of our legitimate interests and the balancing of your interests and rights accordingly.
Compliance with a legal obligation
We will process data when the law requires it, including, for example, if there is a valid legal request for certain data.
Protection of your vital interests or those of another person
The vital interests we rely on for this processing include protection of your life or physical integrity or that of others, and we rely on it to combat harmful conduct and promote safety and security, for example, when we are investigating reports of harmful conduct or when someone needs help.
How you can exercise your rights
All our Privacy practices and policies are subject to the Data Protection laws of the European Union and especially the General Data Protection Regulation (“GDPR”) so we want to make sure you are aware of the rights you have under the law and the process to exercise them.
Under the GDPR or other applicable local laws, you have the right to access, rectify, port, and erase your information, as well as the right to restrict and object to certain processing of your information. This includes the right to object to our processing of your information for direct marketing and the right to object to our processing of your information where we are performing a task in the public interest or pursuing our legitimate interests or those of a third party. You can access or port your information using our in-app Contact Us feature (available under Settings > Contact Us). You can access tools to rectify, update, and erase some pieces of your information directly in-app as described in the Control Over your information section. If we process your information based on our legitimate interests or those of a third party, or in the public interest, you can object to this processing, and we will cease processing your information, unless the processing is based on compelling legitimate grounds or is needed for legal reasons. You can also object to our processing of your information and learn more about your options for restricting the way we use your information contacting us directly at email@example.com.
If you have any concerns about the way we process your data or comply with your individual rights you can always address them with the Information Commissioner’s Office.
How long we keep your information
We store your information as long as necessary and as long as you’re a user of our service. We have different retention protocols in place depending on the information. As a general rule, we store the information we collect as long as you are actively using Nappsis. If you haven’t opened or used the app for more than 12 months we will delete most of the personal data we’ve collected. Also note that we aggregate or anonymize information for certain purposes such as data analytics. Once we’ve anonymized the data we retain it indefinitely.
The following data is stored as long as you are actively using the Nappsis app:
- Your username and email address
- Your profile picture
- Friend requests
- Your social interactions
- Your comments, likes and pictures you voluntarily upload.
- Location data
- Your Places
- Your exemptions
- Your device and usage information
Of course, we also respect your requests for account deletion. The following section, Control over your information, provides more information on how to delete your account.
Control over your information
It is very important to us that you have control over your information. Here are some ways we establish just that:
Visibility. You can select whether your interactions are visible (or not) to your friends at any time in the app settings (the private mode toggle). We also allow you to make private some interactions specifically using the privacy icon at the top right of each interaction screen. We’ve tried to make the most user friendly control settings but things can always be improved. If you have ideas on how to do that, please reach out at firstname.lastname@example.org.
Exemptions. We understand that the information about your social interactions is very dear to you. That is why we also allow you to make exemptions (in the app settings) for places and people so that no interaction data is collected should the exempted criteria apply.
Access. We strive to let you access and update most of the personal information that we have about you. Most of this can be done in the profile section of the app. If you need to access, update, or delete any other personal information that we may have, you can contact email@example.com.
Note, however, that while we try to be as helpful as we can, there are limits though to the requests we’ll accommodate. We may reject a request for a number of reasons, including that the request risks the privacy of other users, requires technical efforts that are disproportionate to the request, is repetitive, or is unlawful. Also, because your privacy is so important to us, we may ask you to verify your identity or provide additional information before we let you access or update your information. We will absolutely try to update and access your information for free, but if it would require a disproportionate effort on our part we may charge a fee. Of course, we’ll disclose the fee before we comply with your request.
Account deletion. We don’t like seeing you leave us but if, for some reason, you want to delete your account you can always contact us at firstname.lastname@example.org or directly through the Contact Us feature in the app settings to request account deletion. You can also send an old school letter to 20-22 Wenlock Road, N1 7GU, London – United Kingdom.
Data transfers outside the European Union
We would like to draw your attention to the fact that if your friends are outside the European Union, your information-including your location-will be available to them. Similar to our transfer of your data to third parties as described in How we share information, your data may be transferred and be accessible to third parties and users outside of the European Union, including to countries that may not have the same level of protection of your information as those within the European Union.
We are always happy to answer any questions you may have about data sharing to countries outside the European Union. If you do have any questions simply let us know at email@example.com.
Our services are not intended for-and we don’t direct them to-anyone under 16. And that’s why we do not knowingly collect personal information from anyone under 16.
That’s all for now
If you have any questions feel free to let us know at firstname.lastname@example.org.