Privacy Policy

1. Information We Collect

1.1 Personal Information You Provide

When you create an account and use Souvi, we collect the following information:

Account Information: Username, email address, and password
Profile Information: Profile picture, display name, and any other information you choose to add to your profile
Content: Photos, videos, and any metadata associated with the content you upload and share
Communication Data: Messages, comments, and other communications within the app

1.2 Automatically Collected Information

We automatically collect certain technical information when you use our app:

Device Information: Device type, operating system, unique device identifiers
Usage Information: Features used, time spent in the app, crash reports
Network Information: IP address, connection type

1.3 Information We Do NOT Collect

We want to be clear about what we do not collect:

We do not collect your photos or videos for statistical analysis or any purpose other than providing our service
We do not track your location unless explicitly required for app functionality
We do not collect data for advertising or marketing purposes
We do not analyze your content for commercial purposes

2. How We Use Your Information

We use your personal information exclusively for the following purposes:

Service Provision: To provide, maintain, and improve our photo and video sharing services
Account Management: To create and manage your account, authenticate your identity
Content Storage: To store and display your photos, videos, and shared albums
Communication: To send you service-related notifications and respond to your inquiries
Payment Processing: To process payments for storage upgrades beyond the free 5GB limit
Security: To protect against fraud, abuse, and security threats
Legal Compliance: To comply with applicable laws and regulations

3. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

Data Category	Legal Basis	Purpose
Account Information	Contract Performance	To provide our services to you
Photos & Videos	Contract Performance	To store and share your content as requested
Payment Information	Contract Performance	To process payments for premium features
Technical Data	Legitimate Interest	To maintain and improve our services

4. Data Storage and Security

4.1 Storage Infrastructure

Your data is stored on Google Firebase, which provides enterprise-grade security and complies with international data protection standards including:

SOC 2 Type II certification
ISO 27001 certification
GDPR compliance

4.2 Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

Encryption: Data is encrypted both in transit and at rest
Access Controls: Strict access controls limit who can access your data
Regular Security Audits: We regularly review and update our security practices
Incident Response: We have procedures in place to respond to security incidents

4.3 Data Location

Your data may be stored and processed in servers located in the United States and other countries where Google operates its Firebase infrastructure. All transfers comply with applicable data protection laws.

5. Data Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties, except in the following limited circumstances:

5.1 Service Providers

Google Firebase: For data storage and hosting services
Stripe: For payment processing (only payment-related information)

5.2 Legal Requirements

We may disclose your information if required by law or in response to:

Court orders or legal processes
Law enforcement requests
Protection of our rights, property, or safety
Investigation of fraud or security issues

5.3 User-Initiated Sharing

Information you choose to share through the app (photos, videos in shared albums) will be accessible to other users you've granted access to.

6. Your Rights Under GDPR

If you are in the European Union, you have the following rights regarding your personal data:

6.1 Right of Access

You can request information about the personal data we hold about you and receive a copy of your data.

6.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

6.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain circumstances.

6.4 Right to Restrict Processing

You can request that we limit how we use your personal data.

6.5 Right to Data Portability

You can request a copy of your data in a structured, machine-readable format.

6.6 Right to Object

You can object to our processing of your personal data in certain circumstances.

6.7 Right to Withdraw Consent

Where we rely on your consent, you can withdraw it at any time.

How to Exercise Your Rights: To exercise any of these rights, please contact us using the information provided in the "Contact Information" section below. We will respond to your request within 30 days.

7. Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy:

Account Data: Until you delete your account or request deletion
Content (Photos/Videos): Until you delete them or delete your account
Payment Information: As required for tax and legal compliance (typically 7 years)
Technical Data: Generally for 2 years unless needed for security purposes

When you delete your account, we will delete your personal information within 30 days, except where we are required to retain it for legal purposes.

8. Payment and Billing

Souvi offers 5GB of storage for free. Additional storage requires a paid subscription processed through Stripe:

Payment processing is handled by Stripe, which complies with PCI DSS standards
We do not store your credit card information on our servers
Billing information may be retained for accounting and tax purposes
You can cancel your subscription at any time through your account settings

9. Children's Privacy

Souvi is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

Google Firebase provides adequate protection under GDPR Article 45
Stripe complies with applicable data protection frameworks
We implement Standard Contractual Clauses where necessary

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do:

We will post the updated policy on this page
We will update the "Last Updated" date
For material changes, we will notify you via email or app notification
Your continued use of Souvi after changes constitutes acceptance of the updated policy

12. Data Protection Officer and Supervisory Authority

If you have concerns about how we handle your personal data, you have the right to:

Contact our Data Protection Officer (contact information below)
Lodge a complaint with your local data protection supervisory authority
Contact the Information Commissioner's Office (ICO) if you are in the UK

13. Contact Information

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: agnel.dev@agneldorian.fr

Mailing Address:
Souvi Privacy Team
5 rue Jean de la Fontaine
12100 Millau

Response Time: We will respond to all privacy-related inquiries within 30 days of receipt.