GDPR Compliance
Introduction to GDPR compliance
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for individuals within the European Union and the European Economic Area. At Ovdix, we are committed to protecting and properly handling all personal data in accordance with the requirements of GDPR.
This policy explains how we collect and process your personal data, the legal grounds for such processing, and your rights regarding your personal information.
Data we collect
We collect various types of personal data to provide and improve our services:
Registration data
When you register to create an Ovdix account, we collect your first name (required) and email address. Your last name is optional and is collected only if you provide it.
Listing data
When you create listings, we collect information such as category, title, description, photos, and price details to show your listings to potential buyers.
Geolocation data
With your consent, we collect coordinates and address information using Google Maps geocoder to help display relevant listings in your area. We do not collect sensitive location data such as floor or apartment information.
Translation data
We log requests made to GPT-4o-mini for instant translations of listings and chat messages to provide our core translation functionality.
Payment information
For one-time boosts and subscriptions, payment data is processed through Google Play and App Store payment systems. We store subscription status and history but not your actual payment data.
Technical data
We collect technical data such as IP addresses, cookies, and device information to ensure the proper functioning of our service and for security purposes. We also use analytics services like AppsFlyer to collect technical data and analyze app usage to improve our service and marketing campaigns.
Purposes and legal bases for processing
We process your personal data based on the following legal grounds:
- Contract performance: To provide our services in accordance with our Terms of Use.
- Legitimate interests: To improve the quality of translations and enhance the overall level of our service.
- Consent and legitimate interests: To show relevant ads through Google AdMob for users of our free tier.
- Legal obligations: To comply with applicable laws and regulations.
Disclosure to third parties
We may share your information with the following third-party service providers:
Supabase (Cloud Servers)
We use Supabase cloud servers located in the European Union to store and process your personal data. This allows us to ensure a high level of data protection in accordance with GDPR.
Google OAuth v2
Used for authentication purposes, allowing you to log in with your Google account.
Google Maps Services
Used for geocoding, displaying maps, and providing place information (Places API). We apply these Google services to convert coordinates into addresses, display maps in the interface, and assist the user in selecting a location related to their listing. Google may collect and process this data in accordance with its Privacy Policy.
Google AdMob
Used to display ads to users of our free tier. AdMob may collect and process data about your use of the app for ad targeting.
Google Play and App Store
Used for processing payments and subscriptions. These platforms process all payment data in accordance with their own privacy policies.
AppsFlyer
We use AppsFlyer to analyze how users interact with our mobile application. AppsFlyer collects data such as device identifiers, usage data, and interactions to help us improve our services and marketing campaigns. This data may be transferred outside the European Economic Area (EEA). You can find more detailed information in the AppsFlyer Privacy Policy at https://www.appsflyer.com/legal/services-privacy-policy/.
Your rights under GDPR
Under GDPR, you have several rights regarding your personal data:
- Right of access: You may request a copy of your personal data that we hold.
- Right to rectification: You may request correction of inaccurate personal data.
- Right to erasure: You may request deletion of your personal data under certain circumstances.
- Right to restriction of processing: You may request restriction of processing your personal data.
- Right to object: You may object to processing based on legitimate interests.
- Right to withdraw consent: You may withdraw your consent at any time when we rely on consent to process your personal data.
- Right to data portability: You may request to receive your data in a structured, machine-readable format.
To exercise any of these rights, please contact us at egorozh.dev@gmail.com. We will respond to your request within one month.
Data retention and security
We store various categories of data for different periods. Your personal data is processed and stored on servers in the European Union, provided by our cloud provider Supabase, in accordance with GDPR requirements.
- Account data: Retained as long as you have an active account and for 30 days after account deletion.
- Listing data: Retained as long as the listing is active, plus 90 days after deletion for legal and analytical purposes.
- Message data: Retained as long as both users have active accounts, and for 30 days after account deletion.
- Payment records: Retained for the legally required period (usually 7 years for tax purposes).
- Technical data: Retained for up to 90 days for security and performance analysis.
Security measures
We implement appropriate technical and organizational security measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
These measures include encryption of personal data, regular security assessments, access controls, and staff training on data protection and security.
Contact details of the data controller
Address: 21102, Novi Sad, MiΕ‘e DimitrijeviΔa 38, Floor 3, Apartment 10
Email: egorozh.dev@gmail.com