Meor – Privacy Policy

1. Who We Are

We are Triple Tap AB, a company based in Sweden. If you have any questions or concerns about this Privacy Policy or our data practices, you can contact us at:

• Email: support@meorapp.com

2. Scope of This Privacy Policy

This Privacy Policy applies to:

• The Meor mobile application (iOS and Android)
• Any associated website(s) or pages operated by Triple Tap AB, containing only basic HTML

It does not cover any third-party sites or services that you may access through Meor. Those services are governed by their own privacy policies.

3. Personal Data We Collect

We collect personal data necessary to provide and maintain Meor, including:

1. Account Information:
   • Email address, username, and password (via Firebase Authentication).
   • Phone numbers (if used for Firebase Authentication).
2. User-Generated Content:
   • Text-based challenges or other content you create or receive within Meor.
3. Usage Data:
   • Device information, IP addresses, user agent, and crash reports (e.g., via Firebase Crashlytics).
   • Push notification tokens (for Firebase Cloud Messaging).
   • Firebase installations IDs or similar identifiers for configuration, security (App Check), and crash reporting.
4. Purchase Data:
   • Subscription details through Apple In-App Purchases or Google Play Billing (handled by RevenueCat), which may include user ID, subscription status, and receipt information.
5. AI Moderation Data:
   • Some content may be processed by AI services (e.g., OpenAI) for moderation or text generation. Certain minimal data may be sent to external servers (located outside the EU) to provide these AI features.

We do not use advertising networks or analytics tools that track behavior across apps. All data is used only for the purpose of enabling app features.

4. Legal Bases for Processing (GDPR)

For individuals in the European Economic Area (EEA), we process personal data in accordance with the General Data Protection Regulation (GDPR). Our legal bases include:

• Performance of a Contract: We collect and process your data to provide you with the core Meor functionality, including account creation, subscription management, and text-based challenges.
• Legitimate Interests: We may process some data (e.g., crash logs, security logs) to ensure the stability, security, and integrity of our services.
• Legal Obligation: We may process data to comply with applicable laws, regulations, or government requests.

We do not rely on consent for marketing purposes because we do not perform marketing or advertising.

5. How We Use Your Data

We primarily use your data to:

• Provide and Personalize the App: Create and manage user accounts, store challenges, and deliver push notifications.
• Manage Subscriptions: Handle premium subscription status with RevenueCat, Apple, and Google.
• AI Moderation or Text Completion: When AI is used for content moderation or generation, minimal data may be sent to an AI service (e.g., OpenAI). We strive to limit what is shared to the minimum needed for these features.
• User Support: Respond to inquiries and assist with account issues.
• Security and Fraud Prevention: Maintain a safe environment by detecting unauthorized logins or suspicious activities, if any.

6. Sharing and Disclosure of Data

We do not sell or rent your personal data to third parties. However, we do share limited data with service providers to operate Meor:

• Firebase: Authentication, Cloud Functions, App Check, Cloud Messaging, Crashlytics, Remote Config. These services are operated by Google and may involve data stored on servers outside the EU.
• RevenueCat: For managing subscription purchases, we send a user identifier. RevenueCat processes receipts and purchase information from Apple/Google.
• OpenAI (if applicable): Text-based challenges or content may be sent to OpenAI servers (in the U.S.) for moderation or text generation.

We may also disclose personal data if required by law or in response to valid requests by public authorities.

7. Data Retention

We generally retain personal data (account information, user-generated content) for up to 2 years unless a longer retention period is required to:

• Fulfill legal or regulatory obligations,
• Resolve disputes, or
• Enforce our agreements.

After this period, or upon a valid deletion request, we will either anonymize or securely delete personal data. Some data shared among multiple users (e.g., challenge content) may be anonymized rather than fully deleted to preserve other users’ experiences.

8. Your Rights

If you are located in the EEA or UK, you have the right to request:

• Access to your personal data;
• Rectification of any inaccurate or incomplete personal data;
• Erasure of your personal data (subject to certain exceptions);
• Restriction of or objection to processing of your personal data;
• Data portability (in certain circumstances).

If you wish to exercise any of these rights, please email us at support@meorapp.com. We may ask for verification of your identity before complying with your request.

CCPA (California Residents): We do not sell personal data, so the CCPA “right to opt out of sale” does not apply. If you have additional questions or wish to exercise other rights under CCPA, you may still contact us at the email above.

9. International Data Transfers

Your personal data may be transferred and stored on servers located in countries outside of the EEA (e.g., the United States via our providers). When we transfer data internationally, we do so in accordance with applicable data protection laws, using measures such as Standard Contractual Clauses or other safeguards to ensure your data is adequately protected.

10. Security Measures

We take commercially reasonable steps to protect your personal data, including:

• Using secure connections (HTTPS) for data transmission;
• Storing data with reputable cloud providers (e.g., Firebase/Google Cloud) that maintain industry-standard security practices;
• Restricting access to personal data to authorized personnel only.

However, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.

11. Children’s Privacy

Meor is not intended for individuals under the age of 16. If you are under 16, please do not create an account or submit personal data. If we discover that a minor under 16 has provided personal data without parental consent, we will take reasonable steps to delete such information. If you believe a minor is using Meor without appropriate consent, contact us at support@meorapp.com.

12. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. We will post the revised policy with a new “Last Updated” date. Your continued use of Meor after any changes indicates your acceptance of the revised policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

• Email: support@meorapp.com