Privacy Policy of Qisara

Effective Date: January 1, 2025
Last Updated: January 1, 2025

Qisara, an app developed by Deen Labs GmbH, is committed to protecting your privacy. ...

Overview

This Privacy Policy applies to all users of Qisara. It explains:

• The types of data we collect and why.
• How we process and share your data.
• Your rights regarding your data.
• Security measures we have implemented.

Key Points

• Qisara is designed for users aged 16 years or older.
• Personal data is used solely for the purposes outlined in this policy.
• We do not sell or share personal data for targeted advertising purposes.
• Data transfers comply with GDPR, CCPA, and other applicable laws.

Policy Summary

Data Processed

• Personal Data: Names, ages, genders, email addresses, usage data, and payment information.
• Usage Data: Device information, app activity, crash reports (optional if user consents).

Purposes

• Personalized story creation using OpenAI API.
• Account management and app functionality.
• Analytics to improve app performance (Crashlytics).
• Payment processing via RevenueCat, Google Pay, and Apple Pay.

Data Collection and Usage

Categories of Data Collected

User Information

• Name, email address, account preferences.
• Purpose: Account creation, personalized experience.

Child Information

• Name, age, gender (provided by parents/guardians).
• Purpose: Story generation.

Technical Data

• Device type, operating system, app version, IP address.
• Purpose: App analytics, debugging.

Payment Data

• Transaction ID, subscription status, purchase history.
• Purpose: Payment processing and account validation.

Methods of Processing

• Encryption: All personal data is encrypted during transit and at rest using AES-256.
• Data Minimization: We collect only the necessary data for specified purposes.

Cookies and Tracking Technologies

Although Qisara does not currently use cookies or similar tracking technologies, ...

Legal Basis for Processing

By using Qisara, you agree to the Terms & Conditions and this Privacy Policy.

Our legal basis for processing data includes:

• Contractual Necessity: Some processing is required to provide Qisara’s core services (e.g., Cloudflare, RevenueCat, Hetzner).
• Consent: We ask for explicit consent for features such as personalized stories and non-essential analytics (can be managed in settings).
• Legitimate Interest: Security monitoring, fraud prevention, and app optimization.
• Legal Compliance: Data is processed as required by law.

Qisara does not process personal data beyond what is necessary for providing its services.

Your Privacy Rights & Data Control

You have full control over your data and can:

• Request access to your stored data.
• Modify or update any incorrect data.
• Delete your account (permanently removes data within 30 days).
• Manage non-essential data collection (e.g., analytics) in settings.

Cloudflare and other essential services cannot be opted out of as they are required for app security and functionality.

Region-Specific Rights

GDPR (EU/EEA)

• Right to erasure ("right to be forgotten").
• Right to data portability.
• Right to lodge complaints with data protection authorities.

CCPA (California)

• Right to opt-out of the "sale" of personal data.
• Right to know what data is collected.

LGPD (Brazil)

• Right to confirm processing activities.
• Right to anonymization or deletion of excessive data.

Swiss Users

• Right to access, correct, and object to data processing.

Data Retention

• Active Accounts: Data is retained as long as your account is active.
• Deleted Accounts: Data is removed within 30 days.
• Backups: Retained for up to 90 days.

Third-Party Services & Data Processing

Qisara integrates third-party services to provide essential functionalities. ...

• Cloudflare (Security & Performance) – Required for network security.
• RevenueCat (Subscription Management) – Required for payments and access.
• Brevo (SendGrid) (Email Services) – Required for email verification.
• Hetzner (Backend Hosting) – Required for storing user accounts and content.

These services process data strictly for app functionality. There is no opt-out option for these services because Qisara cannot function without them.

For non-essential processing (e.g., analytics), you can manage your preferences in settings.

OpenAI API

• Purpose: Personalized story generation.
• Data Shared: Names, ages, and genders.
• Retention: Data processed only temporarily for the requested story.

RevenueCat

• Purpose: Subscription management.
• Data Shared: Transaction IDs, payment methods.

Cloudflare

• Purpose: Security, performance optimization, and network traffic protection.
• Data Processed: All app traffic is routed through Cloudflare, which processes IP addresses, request headers, and technical metadata to prevent abuse and enhance security.
• Required Processing: Cloudflare processing is essential for Qisara to function. There is no opt-out option.
• Privacy Compliance: Cloudflare adheres to GDPR, CCPA, and other applicable laws.
• Privacy Policy: See Cloudflare’s Privacy Policy for more details.

Brevo (SendGrid)

• Purpose: To send transactional and promotional emails (e.g., user verification, login OTP code, etc.).
• Data Shared: Names, email addresses, and email content.
• Retention: Metadata (e.g., delivery and engagement data) is stored as per Brevo’s retention policies.
• Privacy Policy: Brevo Privacy Policy

Hetzner

• Purpose: VPS hosting and database storage.
• Data Shared: User data stored in the backend infrastructure.
• Location: Data is stored in EU-based data centers.
• Privacy Policy: Hetzner Privacy Policy

Behavioral Analytics

Qisara collects anonymized behavioral data, such as app usage trends, to improve functionality ...

Data Transfers

We ensure compliance with GDPR, CCPA, LGPD, and Swiss data protection laws for international transfers:

• Standard Contractual Clauses (SCCs): Used for data transfers outside the EU/EEA.
• Data Protection Agreements (DPAs): Signed with all subprocessors.

Security Measures

• Encryption: AES-256 for data at rest and TLS 1.2 for data in transit.
• Access Controls: Role-based access for employees.
• Regular Audits: Security checks and vulnerability testing.
• Incident Response: 24/7 monitoring and breach notification protocols.

Data Breach Notification

In the unlikely event of a data breach involving your personal information, ...

Parental Use & Children’s Privacy

Qisara is designed for parents and guardians to generate personalized children’s stories. While the content is suitable for children, the app itself is intended for adult use.

Parental Responsibility

- If a child under 16 uses Qisara, they must do so under parental supervision.
- Parents must review and approve the processing of their child’s data before use.
- By allowing a child to use Qisara, parents agree to the processing of personal data (name, age, gender) as described in this Privacy Policy.

Collection of Children's Data

- We do not knowingly collect personal data from children under 13 years old without parental consent.
- If a child under 13 has provided personal data without verification, we will delete it upon request.
- Parents may request access or deletion of their child’s data by contacting us at [email protected].

AI Processing & Data Protection

- Story generation requires processing personal data (name, age, gender) via OpenAI.
- Children should not enter sensitive personal details when using the app.
- All processed data is not permanently stored beyond its intended use.

Parental Controls & Safeguards

To comply with COPPA (USA), GDPR-K (EU), and LGPD (Brazil):

• A Parental Gate is required before first-time story generation and subscription purchases.
• If a parent wishes to revoke consent, they may delete the account or contact support.

Region-Specific Compliance

Qisara complies with child privacy laws worldwide:

• GDPR-K (EU): Parental consent required for users under 16.
• COPPA (USA): Users under 13 cannot provide personal data without verified parental consent.
• LGPD (Brazil): Parental consent is required for children under 12.
• Swiss FADP: Parental consent applies to users under 16.
• CCPA (California): Parents may request data deletion for users under 18.

For any concerns regarding children’s data, please contact us at [email protected].

Accessibility Statement

Qisara is committed to accessibility and aims to ensure that all users, ...

Special Cases for Legal Obligations

We may disclose personal data in the following circumstances:

• To comply with legal obligations, such as court orders or subpoenas.
• To respond to requests from law enforcement or public authorities.
• To protect our legal rights, safety, or property, or that of others.

Such disclosures will always comply with applicable laws and regulations.

Opt-Out Mechanisms for Non-Essential Processing

Users have the option to opt out of non-essential data processing, ...

Updates to This Policy

We may update this policy periodically. Users will be notified of any significant changes ...

Contact Information

For questions or concerns, contact us at:
Deen Labs GmbH
Propsteistrasse 3
65795 Hattersheim, Germany
Email: [email protected]