Privacy Policy

Connexa GmbH – Switzerland

Mobile Applications: NoMask, Relink, Blink

Last updated: 12 May 2025

Important Notice: This Privacy Policy applies to all mobile applications published by Connexa GmbH, including but not limited to NoMask, Relink, Blink, and any other apps that reference this policy. These applications are available on Apple App Store and Google Play Store, as well as our associated web services. By downloading, installing, or using any of our apps, you agree to the collection and use of information in accordance with this policy.

1. Introduction

Connexa GmbH ("we," "us," or "our") is committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains how we collect, use, and protect your personal information when you use our mobile applications (NoMask, Relink, Blink, and other apps) and associated services. We comply with applicable data protection laws including the Swiss Federal Act on Data Protection (FADP), the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and platform-specific requirements for Apple App Store and Google Play Store.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, username, and profile information you choose to share
  • Content: Photos, videos, and text messages you upload or share through the app
  • Pairing Data: Information about your NFC/Bluetooth connections with other users
  • Communications: Messages, comments, and other communications you send through the app

2.2 Information Collected Automatically

  • Device Information: Device type, operating system version, unique device identifiers, and mobile network information
  • App Usage Data: How you interact with our app, features used, and performance data
  • Location Data: Approximate location (city/region level) for service optimization (with your consent)
  • Technical Logs: IP address, browser type, crash reports, and system logs for debugging and security

2.3 Information from Third Parties

  • App Store Analytics: Basic download and usage statistics from Apple App Store and Google Play Store
  • Firebase Services: Analytics and crash reporting data (anonymized where possible)
  • Apple App Store: We receive basic analytics data from Apple, including download numbers, crash reports, and performance metrics. This data is aggregated and anonymized
  • Google Play Store: We receive basic analytics data from Google Play, including download numbers and user ratings. This data is aggregated and anonymized

2.4 Information We Do NOT Collect

To be transparent about our privacy practices, we want to clarify what we do NOT collect:

  • No Advertising IDs: We do not collect or use Apple's IDFA (Identifier for Advertisers) or Google's Advertising ID for advertising purposes
  • No Biometric Data: We do not collect biometric data such as fingerprints or facial recognition data
  • No Health Data: We do not collect health or fitness data from HealthKit or Google Fit
  • No Financial Data: We do not collect credit card numbers, bank account information, or other financial data
  • No Precise Location: We do not collect precise GPS location data. Any location data is approximate (city/region level) and only with your explicit consent

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Provision: To provide, maintain, and improve our mobile applications and services
  • User Authentication: To verify your identity and secure your account
  • Communication: To enable messaging and content sharing between paired users
  • Technical Support: To troubleshoot issues and provide customer support
  • Security: To detect and prevent fraud, abuse, and security threats
  • Legal Compliance: To comply with applicable laws and regulations
Important: We do NOT use your personal information for advertising, marketing, or profiling purposes. We do NOT sell, rent, or share your personal data with third parties for commercial purposes.

3.1 Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

  • Consent: When you provide explicit consent for specific data processing activities (e.g., location data, analytics)
  • Contract Performance: To fulfill our contractual obligations to provide you with our services
  • Legal Obligation: To comply with legal obligations, such as data retention requirements or law enforcement requests
  • Legitimate Interests: For our legitimate business interests, such as security, fraud prevention, and service improvement (always balanced against your privacy rights)

4. Data Storage and Processing

4.1 Firebase Services

We use Google Firebase services for data storage and processing:

  • Firebase Storage: For storing photos and videos you upload
  • Cloud Firestore: For storing text data, user profiles, and app data
  • Firebase Authentication: For secure user authentication
  • Firebase Analytics: For app performance monitoring (anonymized data only)

All Firebase services are hosted in the eu-west (Belgium) region to ensure GDPR compliance. We have a Data Processing Agreement (DPA) with Google that ensures your data is processed in accordance with applicable data protection laws.

4.2 Data Security

  • Encryption: All data is encrypted in transit (TLS/SSL) and at rest
  • Access Controls: Strict role-based access controls and two-factor authentication
  • Regular Audits: Security assessments and penetration testing
  • Backup Security: Encrypted backups with secure access protocols

5. App Tracking Transparency (iOS)

Our app fully complies with Apple's App Tracking Transparency (ATT) framework and iOS privacy requirements:

  • No Cross-App Tracking: We do not track your activity across other apps or websites. We do not use the IDFA (Identifier for Advertisers) for tracking purposes
  • No Third-Party Tracking: We do not share your data with third-party advertisers or analytics providers for advertising purposes
  • ATT Permission: If our app requests permission to track you across apps and websites, you can choose to allow or deny this permission in your device settings. We respect your choice
  • Transparent Data Use: We clearly explain what data we collect and how we use it in this Privacy Policy
  • User Control: You can control your privacy settings within the app and through your iOS device settings
  • Privacy Nutrition Labels: Our App Store listing includes accurate privacy nutrition labels that reflect our actual data collection and usage practices
  • No Fingerprinting: We do not use device fingerprinting or other techniques to identify you across apps

iOS Privacy Requirements: Our app complies with all iOS privacy requirements, including but not limited to:

  • Clear disclosure of data collection in App Store privacy labels
  • Proper use of privacy permissions (camera, microphone, location, etc.)
  • Respect for user privacy choices and settings
  • No collection of sensitive data without explicit consent

6. Children's Privacy

Our app is designed for users aged 16 and older. We do not knowingly collect personal information from children under 16.

6.1 COPPA Compliance

  • Age Verification: We implement reasonable measures to verify user age
  • Parental Consent: If we discover we have collected data from a child under 16, we will delete it immediately
  • No Targeting: We do not target children with advertising or content
  • Educational Content: We provide resources for parents about online safety

6.2 Family-Friendly Features

  • Content Filtering: Automated and manual content moderation
  • Reporting System: Easy reporting of inappropriate content or behavior
  • Parental Controls: Information and tools for parents to monitor app usage

7. Data Sharing and Third Parties

7.1 Service Providers

We may share your information with trusted service providers who assist us in operating our app:

  • Google Firebase: For data storage and authentication (as described above)
  • Hosting Providers: For app infrastructure and security
  • Support Services: For customer service and technical support

All service providers are bound by strict data protection agreements and may only use your data as directed by us.

7.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

7.3 No Commercial Sharing

We do not sell, rent, or trade your personal information to third parties for commercial purposes.

8. Your Rights and Choices

8.1 Access and Control

You have the following rights regarding your personal information:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your personal data ("right to be forgotten")
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to certain types of processing

8.2 App Settings

  • Privacy Controls: Manage your privacy settings within the app
  • Location Services: Control location data collection
  • Notifications: Manage push notification preferences
  • Account Deletion: Delete your account and all associated data

8.3 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the CCPA, including the right to know what personal information we collect and how we use it.

9. Data Retention

We retain your personal information only as long as necessary to provide our services:

  • Active Accounts: Data is retained while your account is active
  • Account Deletion: Data is deleted within 30 days of account deletion
  • Legal Requirements: Some data may be retained longer if required by law
  • Backup Deletion: Backups are automatically deleted after 90 days

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

  • EU Adequacy: We use EU-based servers for data storage
  • Standard Contractual Clauses: Where applicable, we use approved transfer mechanisms
  • Swiss Adequacy: Switzerland has been recognized as providing adequate data protection

11. Security Measures

We implement comprehensive security measures to protect your data:

  • Encryption: End-to-end encryption for sensitive communications
  • Access Controls: Multi-factor authentication and role-based access
  • Regular Updates: Security patches and vulnerability assessments
  • Incident Response: Procedures for handling security incidents
  • Employee Training: Regular privacy and security training for staff

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes:

  • App Updates: Through app store updates and in-app notifications
  • Email Notification: For significant changes affecting your privacy
  • Website Updates: Updated policy will be posted on our website
  • Effective Date: Changes will be effective 30 days after notification

13. Platform-Specific Information

13.1 Apple App Store

Our applications are designed to fully comply with Apple's App Store Review Guidelines and privacy requirements:

  • Privacy Labels: Our App Store listing includes accurate privacy nutrition labels that reflect our actual data collection and usage practices. These labels are updated whenever our practices change
  • ATT Framework: Full compliance with App Tracking Transparency (ATT). We request permission before tracking users across apps and websites, and we respect user choices
  • Family Sharing: Our free applications are compatible with Apple's Family Sharing features. Premium subscriptions are not eligible for Family Sharing unless explicitly stated
  • App Store Review: Compliant with all App Store Review Guidelines, including but not limited to:
    • Guideline 1.1 (Safety): No content that is offensive, insensitive, or could cause harm
    • Guideline 1.2 (User Generated Content): Clear moderation and reporting mechanisms
    • Guideline 2.1 (App Completeness): Fully functional applications with no placeholder content
    • Guideline 3.1 (In-App Purchase): Proper implementation of In-App Purchase system
    • Guideline 5.1 (Privacy): Comprehensive privacy policy and data handling practices
  • iOS Privacy Requirements: We comply with all iOS privacy requirements, including proper use of privacy permissions and clear disclosure of data collection
  • Age Rating: Our applications are rated appropriately for their content (typically 17+ for social networking apps)

13.2 Google Play Store

Our Android applications comply with Google Play Store policies:

  • Family Policy: Compliant with Google Play Families Policy. Our apps are properly categorized and rated
  • Data Safety: Accurate Data Safety section in Play Console that accurately reflects our data collection and sharing practices
  • Target Audience: Properly labeled for appropriate age groups. We clearly indicate the minimum age requirement (16+)
  • Content Rating: Appropriate content rating for all audiences. Our apps are rated "Teen" or higher as appropriate
  • Permissions: We only request permissions that are necessary for app functionality, and we clearly explain why each permission is needed

14. Contact Information

If you have questions about this Privacy Policy or your personal data, please contact us:

14.1 Supervisory Authorities

You have the right to lodge a complaint with your local data protection authority:

  • Switzerland: Federal Data Protection and Information Commissioner (FDPIC)
  • EU: Your local EU data protection authority
  • California: California Privacy Protection Agency (CPPA)

15. Additional Resources

Effective Date: This Privacy Policy is effective as of May 12, 2025, and applies to all users of the mobile applications and associated services.