Privacy Policy
Effective Date: December 31, 2025
This privacy policy governs the Grafy mobile application ("Application") developed by Graffalo SRL ("we", "us", "our", or "Service Provider"). Grafy is a freemium service offered free with optional paid subscriptions for premium features. This service is provided "AS IS" and your use constitutes acceptance of this policy.
What information users provide
When you download and use the Application, we collect information you voluntarily provide during registration, such as your name and email address. Registration is optional but required for premium features and subscriptions.
Users may upload photos via the device camera; these images are stored securely in Firebase Storage solely for use within your account and Application features (e.g., viewing your uploaded content). We do not share uploaded photos publicly or with third parties except as described below.
For premium subscriptions, we collect limited billing information including Stripe customer ID, subscription status, and invoice metadata stored in Firebase Firestore. Full payment card details are processed securely by Stripe and not stored by us.
Automatically collected information
The Application collects certain technical data automatically, including device type, unique device ID, IP address, operating system, browser type, and usage patterns to improve functionality and performance.
We use Google Analytics for Firebase to collect aggregated usage statistics, crash reports via Firebase Crashlytics, and performance data. This helps analyze app performance, identify trends, and enhance user experience without identifying individuals.
Precise location data
The Application does not collect precise real-time location information from your device.
Artificial Intelligence
The Application does not use AI technologies to process personal data or provide features.
Third-party services
The Application integrates third-party services with their own privacy policies:
- Google Play Services
- Google Analytics for Firebase
- Firebase Crashlytics
- Firebase Storage & Firestore
- Stripe (Payments)
Only anonymized, aggregated analytics data is shared with these services. Payment data is processed by Stripe per their policy; we store only necessary billing references in Firebase, not shared with other parties.
Data sharing
We may disclose information:
- As required by law or legal process;
- To protect our rights, your safety, or investigate fraud;
- With trusted service providers (like those listed above) who operate under strict confidentiality and have no independent use of the data.
Opt-out rights
Stop all data collection by uninstalling the Application. For account deletion or data access requests, email office@graffalo.com. We'll respond within 30 days and delete your data (including Firebase records and photos) unless legally required to retain.
Data retention
User-provided data (registration, photos) is retained while your account is active. Photos remain until you delete them or request account deletion.
Billing/invoice data in Firebase is kept as long as your subscription is active, plus a reasonable period for legal/accounting compliance (typically 7 years).
Analytics data is retained up to 24 months in aggregate form. Contact us at office@graffalo.com for deletion requests.
Children's privacy
Grafy does not target children under 13. We do not knowingly collect data from children under 13. If we discover such data, it will be deleted immediately. Parents/guardians can contact office@graffalo.com.
Security
We implement physical, electronic, and procedural safeguards including Firebase security features (encryption in transit/rest). However, no system is completely secure.
Policy changes
We may update this policy. Changes will be posted here with the new effective date. Continued use constitutes acceptance.
Contact us
Questions? Email office@graffalo.com