Privacy Policy for Octopus Community Apps.

Last Updated: January 22, 2025

1. Introduction

At Octopus Community, we are deeply committed to protecting your privacy and ensuring transparency in how your personal data is collected, used, and shared. This Privacy Policy applies to our mobile applications and services ("Services").

By “personal information” or “personal data”, we mean any information that directly identifies you (e.g., your photo, name, or email address) or indirectly identifies you (e.g., your user ID, location, or device-related technical details).

By using our Services, you accept the practices described in this Privacy Policy. If you have any concerns, please contact us at contact@octopuscommunity.com.

2. Who We Are

The data controller responsible for your personal information is Octopus Community SAS, located at 14 Avenue du Général de Gaulle, 94160 Saint-Mandé, France.

Contact : contact@octopuscommunity.com

3. Data We Collect

3.1 Data you provide to us directly

Sign-up data: To use our Services, you need to create an account. To do so, we need basic personal information: email and date of birth. Our Services are not available for people under the age of 16.

We may offer a simplified sign-up process using Apple ID log-in or Google log-in. In this case, we will receive personal data from Apple or Google, such as your name, Google or Apple ID and your email address. Such data will only be used to set up your account.

To finalize your account creation, you will have to choose a username. As an option, you can also upload a profile picture and write a short description about yourself (”Bio”), which can include links to other social networks’ profiles or websites.

Content you share with the community: When you use our Services, we will process and store the contents you share such as photos, videos, messages. We also process the interactions you may have with the community such as reactions to other users’s content, share of content, answers to polls.

We also need to process the technical data associated with the content you post or actions you take (such as the date, device information, IP address).

Please be aware that any content you share on our platform may be visible to other users you interact with. These users may save your content using their devices (e.g., by taking a screenshot). This content may also be indexed by search engines, potentially making it accessible beyond our platform.

We discourage sharing sensitive information such as your racial or ethnic origin, political opinions, religious beliefs, health status, sexual orientation, or details about your sex life. It is, however, your freedom of expression to do so as long as you respect the rules in force on the platform. In this case, you should be aware that you are manifestly making this information public.

Direct interactions with us: If you report a user or content, request help, make a claim, or exercise your privacy rights, we will process the information contained therein. This kind of information is not shared nor visible to other users.

Access to your camera and photos. In order to send and upload your photos from your device, we need your permission to access your media and your camera.

3.2 Data we collect automatically when you use our services

Data concerning devices and hardware: We collect the following information relating to the device(s) and hardware you use to access our services:

  • IP address,

  • device brand and model,

  • app bugs and crashes,

  • version and language,

  • country,

  • device’s operating system,

  • user ID - a unique ID associated with your account,

  • install ID - an ID reset each time you uninstall / reinstall our apps.

Information about your community activity. Your use of our services leads to the collection of the following data:

  • app performance metrics,

  • the dates and hours you signed up, logged in, logged out,

  • your settings, such as notification preferences (to send updates or community alerts) or display settings,

  • your interactions with the community features and other users, such as likes, shares, visited topics, content viewed, app open - with the hour and dates of such actions.

3.3 Data we receive from third parties

Other users. We may receive information from other users, especially in user-generated content, support requests and user reports.

Business partners. We may receive information from our business partners,  which may include app stores or operating system providers, analytics providers, or other publishers and social media platforms.

4. How We Use Your Data

We process your data for the following purposes:

4.1 Account management, Service Access and Customer Relationship

  • Account Management: Creating, verifying, and managing your user account.

  • Services access & community features: Enabling communication and interaction with other users, including reading content, publicly posting images and messages, liking or sharing content, answering polls, adding details in your profile, writing or answering private messages.

  • Help and support: Managing and responding to your requests, questions and complaints addressed to our support team.

We rely on our Terms of Use as a legal basis for processing your personal data under this Section 4.1.

4.2. Services and user experience enhancement

  • Measuring how you use our services, making usage statistics of our apps, and analyzing them to improve overall experience.

  • Developing new features, and performing AB tests to measure their performance.

  • Understanding the technical issues you may encounter, to resolve them.

  • Managing our internal communication and marketing activities, by tracking your consent about receiving notifications and emails.

  • Enhancing the user experience, optimizing the app's technical performance, and improving communication features within the app.

  • Checking our Services’ quality and your satisfaction thanks to user reviews and polls.

  • Sending you information about evolution of our Services.

  • Analyzing audience and usage habits to personalize content display and suggest tailored content based on your interactions and history.

We rely on Octopus Community legitimate interests as a legal basis for processing your personal data under this Section 4.2.

4.3 Tailored services and communication

  • Personalizing services according to navigation and interaction history.

  • Accessing to your device's photo album and camera to share images with the community.

  • Measuring the performance of marketing campaigns and attribution.

  • Sending push notifications and/or emails containing information about our services, community and safety updates, and interactions with other users.

We rely on your consent as a legal basis for processing your personal data under this Section 4.3 where consent is the legal basis required under applicable laws.

You may withdraw your consent whenever you want or opt out of the processing of your data (depending on applicable laws). You can contact us for any request relative to consent: contact@octopuscommunity.com

4.4 Online safety

  • Enforcement of policies to moderate content and profiles that go against Community Guidelines. We can review your profile and activity and take action in the event of a safety issue. This may include actions like sending you a warning, removing or filtering inappropriate content, or suspending your account temporarily or permanently. Actions that may materially affect your use of the Services (such as a permanent ban) are decided by human moderators, according to our internal policies. Some content can be automatically filtered to prevent users from being exposed to it.

  • Development and use of automated technologies to detect violations of our Community Guidelines and/or manifestly illicit content. These technologies can scan content and detect violations of our rules. We strive to detect violations such as violence, drug use, child abuse, spam, and sexually explicit, hateful, or discriminatory content as quickly as possible, even before they are reported. These tools support our moderation efforts and allow us to take immediate action when such violations happen.

  • Development and implementation of procedures and technologies to fight against fraudulent profiles.

  • Account tracking. We track every report made by other users or by internal moderators, allowing our moderators to conduct investigations and take moderation action, if necessary.

  • Evaluation of the performance of our safety procedures, policies, and technologies mentioned in this Section 4.4, in order to improve them. This includes, for example, the quality review of the work done by our moderators and support specialists, and training of our automated technologies to improve their accuracy over time.

We rely on Octopus Community legitimate interests as a legal basis for processing your personal data under this Section 4.4. so that our community remains a safe and respectful place of expression and safeguards the trust of our users.

We also rely on our Terms of Use to enforce them in the event of a violation of our Terms of Service and/or our Community Guidelines.

4.5 Compliance

  • User or content reporting, allowing users to report users or content that you believe violates Community Guidelines. The reports will then be reviewed by our moderators, who will take action against the reported content or user where appropriate.

  • Law enforcement and unlawful content moderation: promptly remove or disable access to unlawful content as soon as we become aware of it, to notify competent authorities of some types of infringements, and to preserve data for investigations upon request.

  • Compliance with any applicable legal or regulatory requirement, including the processing of your requests to exercise your privacy rights in accordance with Section 7.

  • User assistance and report to competent authorities: reporting situations or content presenting a life threat (such as self-harm or violence) to the competent authorities.

We rely on the relevant legal obligation to which we are subject as a legal basis for processing your personal data under this Section 4.5.

5. Data Retention

5.1. Account Validity Period

We keep your personal information as long as we need it to enable you to use our services.

You can delete your account at any time in the app settings from your profile page, by clicking on Parameters > My community profile > Delete my account. When you delete your account, you will no longer be able to use our services, and your profile will no longer be accessible or visible to other users.

Your public interactions with the community (e.g., likes, posts, comments, or pictures) will be anonymized but not erased. Data used for analytical or statistical purposes (as detailed in Section 4.2) is anonymized, other data are deleted.

These provisions are subject to data that we are legally required to retain, such as under the French LCEN (Law on Confidence in the Digital Economy), which will be deleted as soon as the legal retention period expires.

We will delete your account if you are inactive for 3 years, meaning that you do not access the Services or don’t contact us for a continuous period of 3 years.

All data related to your account (as detailed in Section 3.1 and 3.2) will as well be erased after 3 years of inactivity or silence.

5.2. Specific Data Retention Periods

The following types of data have a specific maximum retention period that applies:

  • Moderated content or User profiles: 3 years after the moderation decision or account ban,

  • Data related to contact with our Customer Service (inquiries, complaints, etc.): 3 years after the message is sent or the last activity on the account,

  • Data processed as part of a request to exercise a right: 3 years after the request,

    • If an ID document is provided as proof of identity to process a request, it will be deleted after the request is processed.

  • Online service navigation data, based on cookies or analytics software: 13 months after consent

Notwithstanding the provisions of Sections 5.1 and 5.2. above, we will retain some personal data for an additional period of time if we are legally required to do so. We may also need to keep personal information for the time necessary to resolve a dispute or to exercise or defend our legal rights.

Beyond these maximum retention periods, the data will be permanently deleted or fully anonymized.

6. Sharing Your Data

We share your data only as necessary, including:

  • Octopus Community’s Personnel. Our authorized employees have access to and process your personal data as necessary to carry out the purposes listed in Section 4 above. They are subject to confidentiality obligations and access restrictions according to their duties.

  • Third-party Service Providers. We share your personal data with service providers to help us operate and improve our services. We use service providers to: host our services; to monitor the performance of the services; to moderate content or detect violations of our Community Guidelines; to store support tickets and/or provide assistance to users; to offer additional features in our services. We only select service providers who offer strong data protection guarantees and who agree to security and confidentiality obligations.

  • Change of Ownership. In the event of a bankruptcy, merger, acquisition, reorganization, or other change of control, your personal data may be transferred to the relevant entity as part of the transaction.

  • Affiliates. We may disclose personal data to Octopus Community’s affiliated companies to help operate the services or for any other purpose listed in Section 4 above.

  • Legal Rights Enforcement. As we deem necessary to defend our legal rights or to enforce any agreement such as our Terms of Use, prepare our defense, and engage in any litigation or lawsuit, we may share data with competent courts, public officials or bodies, legal counsel, and/or experts.

  • Legal Obligations and Public Safety. We may communicate personal data to law enforcement, judicial, or administrative authorities, and/or to other organizations: in response to lawful orders or requests, subpoena or search warrant; to protect the safety or integrity of any person; to preserve the security and integrity of the services or to protect the rights and freedoms or property of us or of other users.

7. Your Privacy Rights

Here are your privacy rights:

  • You have a right to access your personal data and a right to data portability, in which case you may receive a copy of such data in a commonly used format.

  • You have a right to obtain rectification of your personal data should they be inaccurate, incomplete, or obsolete. You can update some of your data directly in your account.

  • You have a right to erasure (or “right to be forgotten”) of your personal data. You can also request to delete your account in the app settings My Account > Delete my account.

  • You have a right to withdraw your consent if we rely on your consent to process your data. In most cases, you can withdraw your consent in the app settings and/or in your device settings.

  • You have a right to object to the processing of your personal data if you have a reason due to your particular situation.

  • You have the right to restrict data processing in certain situations, such as when you dispute the accuracy of your data, if processing is unlawful, or if you require the data to establish, exercise, or defend legal claims..

  • You have the right to issue instructions regarding the retention, deletion, and disclosure of your personal data after your death.

To exercise these rights, contact us at contact@octopuscommunity.com.

The conditions for exercising these rights may differ according to the applicable laws and regulations. These rights may be limited as provided by applicable laws and regulations, the rights and freedoms of other people, our confidentiality obligations, trade secrets, and/or the protection of intellectual property rights. We may retain some personal data if we are legally required to do so; or if we need to keep personal information for the time necessary to resolve a dispute or to exercise or defend our legal rights. Where relevant, you will be informed of the reasons why we could not fulfill all or part of your request.

To process your request, Octopus Community may require a copy of your ID or another document to verify your identity if there is reasonable doubt.

If you believe your rights have been violated, you may file a complaint with the French supervisory authority, the Commission Nationale de l'Informatique et des Libertés (CNIL), through their website at https://www.cnil.fr or by mail at: CNIL, 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France.

8. Data Security

We take all necessary measures to maintain security appropriate to the level of risk. We employ industry-leading technical security measures to protect personal data, such as communications encryption using TLS 1.3.

We also ensure long-term security through:

  • Secure deployment processes, including peer reviews and CI/CD pipelines for frequent updates, especially for security patches.

  • Strict scrutiny of external tools and libraries to maintain security standards.

  • Keeping up-to-date with the highest security standards and following OWASP MASVS guidelines for mobile application security audits.

  • Regular audits to evaluate security practices

  • Access control: Limiting employee access to sensitive data.

We have a data breach notification process that complies with GDPR requirements, ensuring notifications are issued within 72 hours when necessary.

9. Children’s Privacy

Our services are not intended for children under 16 years. If we learn that data from children has been collected, we will delete it promptly after notice.

10. International Data Transfers

We ensure that all processed data remains within the European Economic Area (EEA) or in countries deemed to provide an adequate level of personal data protection, in accordance with Article 45 of the GDPR. Our servers are hosted in data centers compliant with GDPR security and data protection standards.

In some cases, personal data may be transferred to partners located outside the EEA. These transfers strictly adhere to GDPR rules, including specific agreements (known as Standard Contractual Clauses) that ensure a high level of data protection:

  • If the third country does not benefit from an adequacy decision by the European Commission, transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission or another authorized transfer mechanism.

  • We ensure that these subcontractors implement appropriate security measures to guarantee the confidentiality and protection of the transferred personal data.

Additionally, we require all our subcontractors, whether located within the EEA or in third countries, to comply rigorously with GDPR through detailed contractual agreements that specify:

  • Obligations regarding data protection.

  • Standards of legality, transparency, and data minimization.

  • Mechanisms for monitoring and audits that we may perform to verify their compliance.

These provisions ensure strict compliance with GDPR data transfer requirements while providing the highest level of data protection for our users.

11. Changes to This Policy

We will update this Privacy Policy from time to time to take into account any technical, economic, regulatory, or legal evolution, or if we change our practices regarding the processing of personal data, especially to comply with any changes in applicable laws and regulations, or if we change our practices regarding the processing of personal data.

We will notify you in advance, through appropriate channels, of significant changes to this Privacy Policy. Following advanced notification, your continued use of any website or app operated by Octopus Community means you accept these changes.

12. Contact Us

Should you have any questions concerning this Privacy Policy or requests concerning your personal data, you can contact us by sending an e-mail to contact@octopuscommunity.com.