Sociano Privacy Policy.
The complete legal version — how we process personal data across the Sociano app and website. For the short, plain-language summary, see the Privacy page.
1. Who we are
Sociano is provided by:
- Name: Jan Macura
- Address: Spojna 617/1, Havirov, Czech Republic
- Contact email: contact@sociano.app
- Business ID (IČO): Not applicable (individual developer)
For privacy law purposes, we are the data controller for personal data processed through Sociano.
2. Scope
This Privacy Policy explains how we process personal data when you:
- use the Sociano iOS app,
- use the Sociano website (sociano.app),
- join the Android waitlist on our website,
- subscribe to Sociano Pro through Apple,
- contact us for support.
This policy does not apply to third-party websites or apps (for example Instagram, TikTok, YouTube, X, Facebook, LinkedIn) that you access through Sociano. Their own policies apply.
3. Data we process
Depending on how you use Sociano, we may process:
3.1 Account and authentication data
- Apple Sign in data (Apple identity token, account identifier, and, where available, email/name from Apple).
- Sociano account/session data in our backend (for example user ID, access/refresh session tokens, profile state).
- Onboarding completion state linked to your user profile.
- Onboarding social-usage answers linked to your user profile when you save them while signed in.
- Legal consent acceptance history linked to your account.
3.2 Subscription and purchase data
- Subscription status and entitlement information (for example active Pro state, product ID, expiration date).
- Purchase restoration and entitlement checks.
- We do not receive your full payment card details. Payments are handled by Apple.
3.3 App usage and settings data (mostly on-device)
- App configuration and preferences (blocking settings, appearance settings, feature flags, app state).
- Usage/insights data such as time spent per supported platform and daily limits.
- Legal consent records stored locally on device in a bounded history and, for signed-in users, synced to our backend so we can verify prior acceptance.
- Device-local website data used by the app browser (cookies/cache/storage) until cleared by you or app actions.
3.4 Device and technical data
- Installation identifiers generated by the app.
- App version/build, rules version, and operational metadata used for app functionality and integrity checks.
- Network request metadata needed for service operations.
3.5 Support communications
- Information you send us by email (for example your message and any details you include).
3.6 Website waitlist data
- If you join the Android waitlist on our website, we process your email address, submission source, and technical metadata (for example hashed IP and user-agent) to manage launch notifications and protect the waitlist from abuse.
3.7 Telemetry (Sentry and PostHog)
- Sociano currently uses Sentry (error monitoring and performance diagnostics) and PostHog (product analytics) in production.
- This telemetry may include event data, diagnostics, crash/error context, app/device metadata, and identifiers needed for analytics and reliability.
- We will keep this section and App Store privacy disclosures aligned with the live production configuration.
3.8 Social platform content and credentials
- Sociano does not collect or store your social platform usernames, passwords, DMs, posts, private account content, watched content, typing, or browsing inside social platforms.
- Sociano is designed to apply controls to supported social surfaces, not to profile what you do inside those platforms for advertising or resale.
- Third-party social platforms may still process your activity under their own terms and privacy policies.
3.9 Referral program data
- Each Sociano account is assigned a referral code.
- If you redeem another user’s referral code, or someone redeems yours, we store a redemption record in our backend linking the two accounts, the code used, timestamps, and qualification status.
- We store reward grant records, including reward type, number of reward days, grant and expiration dates, and whether reward access is stacked after a paid subscription period.
- We store one-time referral prompt decision records when a user applies or skips a referral prompt after their first in-app subscription purchase.
- To determine when a referral qualifies for a reward, our backend processes subscription event notifications delivered via RevenueCat, such as event type, product or plan metadata, app user identifiers and aliases, expiration dates, purchase/conversion timing, cancellation context, and refund, chargeback, or reversal signals.
- Referral qualification data is used to confirm paid conversions, delay rewards during refund-check periods, disqualify unpaid or refunded referrals, grant promotional access, and prevent abuse of the referral program.
- The referral program does not reveal your identity to other users: a referrer only sees an aggregate count of qualified referrals, not who they are.
4. Why we process data (purposes and legal bases)
Under GDPR, we process personal data on these legal bases:
4.1 Contract performance (GDPR Art. 6(1)(b))
- creating and maintaining your account/session,
- providing app functionality,
- providing subscription access and restore flows,
- operating the referral rewards program for participating users,
- handling account deletion requests.
4.2 Legitimate interests (GDPR Art. 6(1)(f))
- service security and abuse prevention,
- reliability and debugging,
- product improvement and operational analytics,
- enforcing app safety and integrity controls.
Where required by law, we will rely on consent for specific analytics/telemetry or similar technologies.
4.3 Legal obligations (GDPR Art. 6(1)(c))
- compliance with consumer, tax, accounting, and regulatory obligations.
4.4 Consent (GDPR Art. 6(1)(a)) where applicable
- for processing that requires consent under applicable law.
- You may withdraw consent at any time, without affecting prior lawful processing.
6. International data transfers
Some providers may process data outside your country, including outside the EEA/UK/Switzerland. When required, we use appropriate safeguards (for example contractual safeguards such as Standard Contractual Clauses, or other lawful transfer mechanisms).
7. Data retention
We keep data only as long as necessary for the purposes described above.
- Account and authentication data: kept while your account is active and for a limited period after deletion if needed for legal, security, or dispute handling.
- Profile data in our backend: kept while your account is active and, after deletion, deactivated or retained only if required for legal, security, fraud-prevention, or dispute handling.
- Onboarding completion and onboarding social-usage answers: kept as part of your profile while your account is active.
- Legal consent records: kept while needed to verify acceptance history and comply with legal or security obligations.
- Subscription/transaction-related data: retained according to Apple/RevenueCat records and legal obligations.
- Referral program data (referral code, redemption records, reward grants, and related subscription event records): kept while your account is active and as needed for program integrity, fraud prevention, and legal compliance; deleted or de-identified after account deletion, subject to the retention exceptions described in this policy.
- Local app usage/insights data: stored on-device; current implementation retains rolling history (for example approximately 35 days for daily usage snapshots).
- Local legal consent history: stored on-device in a bounded history.
- Telemetry data: retained per provider configuration and business need.
- Support emails: retained as needed to resolve your request and for reasonable recordkeeping.
- Android waitlist entries: retained until no longer needed for Android launch communication or related legal/compliance needs.
8. Your rights
Depending on your location, you may have rights including:
- access,
- rectification,
- erasure,
- restriction,
- objection,
- data portability,
- withdrawal of consent (where consent is used),
- complaint to a supervisory authority.
To exercise rights, contact: contact@sociano.app
If you want a copy of the data we hold about you, email contact@sociano.app with the subject line “Privacy Request”. We can provide account/profile data, onboarding completion data, onboarding social-usage answers, referral program data, and legal consent history that we store for your account, subject to applicable law and verification.
Response timelines:
- We respond to verified privacy requests within the timeframe required by applicable law.
- If GDPR applies, our standard response period is one month from verification, and may be extended by up to two additional months for complex or numerous requests (with notice).
- For US state privacy requests, we follow the response and extension timelines required by the applicable state law, including notice where an extension is used.
If GDPR applies, you can also complain to your local EU/EEA supervisory authority. Our lead supervisory authority context is the Czech authority:
- ÚOOÚ (Czech Data Protection Authority): https://uoou.gov.cz/en/
9. US state privacy disclosures
If you are a resident of certain US states (for example California, Colorado, Connecticut, Utah, Virginia, and other states with similar privacy laws), you may have additional rights, subject to applicable exemptions and verification requirements.
These rights may include:
- right to know/access categories and specific pieces of personal data we process,
- right to deletion,
- right to correction of inaccurate data,
- right to data portability,
- right to opt out of certain processing (such as targeted advertising or sale/sharing as defined by applicable law),
- right to non-discrimination for exercising privacy rights,
- right to appeal a denied request (where required by state law).
How to submit requests:
- Email us at contact@sociano.app with the subject line “Privacy Request”.
- We may ask for information needed to verify your identity and process your request securely.
Sale/share statement:
- We do not sell personal data for money.
- We do not knowingly share personal data for cross-context behavioral advertising as those terms are defined under applicable US state privacy law.
Sensitive data statement:
- We do not process sensitive personal information to infer characteristics about you.
- We only process sensitive data where needed to provide the service, for security, or as otherwise permitted by law.
10. Account deletion
You can request deletion from within the app or by email. Deletion is designed to remove your account in our backend and sign you out. Some limited records may be retained where required for legal, security, fraud-prevention, or dispute purposes.
Subscriptions purchased through Apple are managed through Apple and may require separate cancellation in your Apple account subscriptions settings.
Full instructions: Data Deletion Request.
11. Security
We use reasonable technical and organizational measures to protect personal data. No system is 100% secure, but we work to reduce risk and limit access.
12. Children
Sociano is not intended for children under 16. If you believe a child under 16 has provided personal data, contact us and we will take appropriate action.
13. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will update the “Last updated” date and, where required, provide additional notice.
14. Contact
For privacy questions or requests:
- contact@sociano.app
- Jan Macura, Spojna 617/1, Havirov, Czech Republic