Privacy Policy

Last Updated: April 9, 2025

1. Introduction

We are deeply committed to protecting your privacy and ensuring transparency in how your personal data is collected, used, and shared. This Privacy Policy applies to the community platform (the “Platform”) accessible through a mobile application published by a third party (the “Publisher”), and powered by a technical solution provided by Octopus Community '(the “Provider”).

By “personal information” or “personal data”, we mean any information that directly identifies you (e.g., your photo, name, or email address) or indirectly identifies you (e.g., your user ID, location, or device-related technical details).

By using the Platform, you accept the practices described in this Privacy Policy.

2. Who We Are

The Publisher of the application is the data controller responsible for your personal data.

Octopus Community, a SAS incorporated in France with its registered office at 14 avenue du Général de Gaulle, 94160 Saint-Mandé, France, acts as the technical provider and data processor.

If you have any questions about this Policy, you can contact us at contact@octopuscommunity.com.

3. Data We Collect

3.1 Data you provide to us directly

Sign-up data: To use the Platform, you need to create an account. To do so, we need basic personal information: email and date of birth. The Platform is not available for people under the age of 16.

To finalize your account creation, you will have to choose a username. As an option, you can also upload a profile picture and write a short description about yourself (”Bio”), which can include links to other social networks’ profiles or websites.

As part of a login to the Platform via Single Sign-On (SSO), authentication is handled through the Publisher’s authentication service. The Publisher may share certain information necessary to create a user account, such as the email address, age, username, profile picture, or bio.

Content you share with the community: When you use the Platform, we will process and store the contents you share such as photos, videos, messages. We also process the interactions you may have with the community such as reactions to other users’s content, share of content, answers to polls.

We also need to process the technical data associated with the content you post or actions you take (such as the date, device information, IP address).

Please be aware that any content you share on our platform may be visible to other users you interact with. These users may save your content using their devices (e.g., by taking a screenshot). This content may also be indexed by search engines, potentially making it accessible beyond our platform.

We discourage sharing sensitive information such as your racial or ethnic origin, political opinions, religious beliefs, health status, sexual orientation, or details about your sex life. It is, however, your freedom of expression to do so as long as you respect the rules in force on the platform. In this case, you should be aware that you are manifestly making this information public.

Direct interactions with us: If you report a user or content, request help, make a claim, or exercise your privacy rights, we will process the information contained therein. This kind of information is not shared nor visible to other users.

3.2 Data we collect automatically when you use the Platform

Data concerning devices and hardware: We collect the following information relating to the device(s) and hardware you use to access our services:

• IP address,
• device brand and model,
• app bugs and crashes,
• version and language,
• country,
• device’s operating system,
• user ID - a unique ID associated with your account,
• install ID - an ID reset each time you uninstall / reinstall our apps.

Information about your community activity. Your use of our services leads to the collection of the following data:

• app performance metrics,
• the dates and hours you signed up, logged in, logged out,
• your settings, such as notification preferences (to send updates or community alerts) or display settings,
• your interactions with the community features and other users, such as likes, shares, visited topics, content viewed, app open - with the hour and dates of such actions.

3.3 Data we receive from third parties

Other users. We may receive information from other users, especially in user-generated content, support requests and user reports.

Business partners. We may receive information from our business partners,  which may include app stores or operating system providers, analytics providers, or other publishers and social media platforms.

4. How We Use Your Data

We process your data for the following purposes:

4.1 Account management, Service Access and User Relationship

• Account Management: Creating, verifying, and managing your user account.
• Providing access to community features, such as posting content and interacting with other users;
• Customer support and assistance: handling and responding to your requests, questions, or complaints submitted to our support team;
• Managing communications with Users via in-app notifications and emails;
• Sending push notifications and/or emails to inform Users about interactions with other users, new features on the Platform, or updates related to the community and security.

We rely on our Terms of Use as a legal basis for processing your personal data under this Section 4.1.

4.2. Statistics, Audience Measurement, Analysis, and Improvement of the Platform and User Experience

• Measure your use of the services, generate statistics, and analyze them to improve the overall user experience;
• Develop new features and conduct A/B tests to assess their performance;
• Understand technical issues you may encounter in order to resolve them;
• Improve the user experience, optimize the technical performance of the Platform, and enhance communication features within the Platform;
• Assess the quality of our services and user satisfaction through feedback and surveys;
• Send information about service updates and improvements;
• Collect and consider your feedback on the Platform and its services through optional satisfaction surveys;
• Perform audience and usage analyses to generate usage statistics;
• Generate audience statistics related to community content;
• Analyze user audiences and usage habits to tailor content display and suggest relevant features or posts based on user interactions and history;
• Ensure continuity of your user experience, in particular by remembering your interactions with content (such as reactions, participation in discussions, or poll results).

We rely on legitimate interests as a legal basis for processing your personal data under this Section 4.2.

4.3 Online safety

• Enforcement of policies to moderate content and profiles that go against Community Guidelines. We can review your profile and activity and take action in the event of a safety issue. This may include actions like sending you a warning, removing or filtering inappropriate content, or suspending your account temporarily or permanently. Actions that may materially affect your use of the Services (such as a permanent ban) are decided by human moderators, according to our internal policies. Some content can be automatically filtered to prevent users from being exposed to it.
• Development and use of automated technologies to detect violations of our Community Guidelines and/or manifestly illicit content. These technologies can scan content and detect violations of our rules. We strive to detect violations such as violence, drug use, child abuse, spam, and sexually explicit, hateful, or discriminatory content as quickly as possible, even before they are reported. These tools support our moderation efforts and allow us to take immediate action when such violations happen.
• Development and implementation of procedures and technologies to fight against fraudulent profiles.
• Account tracking. We track every report made by other users or by internal moderators, allowing our moderators to conduct investigations and take moderation action, if necessary.
• Evaluation of the performance of our safety procedures, policies, and technologies mentioned in this Section 4.4, in order to improve them. This includes, for example, the quality review of the work done by our moderators and support specialists, and training of our automated technologies to improve their accuracy over time.

We rely on our legitimate interests and applicable legal obligations as the legal basis for processing your personal data under Section 4.3, in order to ensure that our community remains a safe and respectful environment, and to maintain user trust.

We also rely on our Terms of Use as a legal basis to enforce those terms in case of violations of our Conditions or Community Guidelines.

Content and profile moderation is carried out in accordance with the Community Guidelines. These rules outline the types of prohibited content, possible moderation actions (such as content removal, account suspension, etc.), and available appeal procedures. We encourage users to review these guidelines to better understand the standards that apply.

4.4 Compliance

• User or content reporting, allowing users to report users or content that you believe violates Community Guidelines. The reports will then be reviewed by our moderators, who will take action against the reported content or user where appropriate.
• Law enforcement and unlawful content moderation: promptly remove or disable access to unlawful content as soon as we become aware of it, to notify competent authorities of some types of infringements, and to preserve data for investigations upon request.
• Compliance with any applicable legal or regulatory requirement, including the processing of your requests to exercise your privacy rights in accordance with Section 7.
• User assistance and report to competent authorities: reporting situations or content presenting a life threat (such as self-harm or violence) to the competent authorities.

We rely on the relevant legal obligation to which we are subject as a legal basis for processing your personal data under this Section 4.4.

5. Data Retention

5.1. Account Validity Period

We retain Users’ personal information for as long as necessary to enable the use of the Platform.

A Community Account will be deleted if:

• the User remains inactive for 3 years, meaning they do not access the Services or contact us for a continuous period of 3 years;
• the User requests the deletion of their account.

Upon deletion of the Community Account:

• access to the Services is terminated and the User’s profile is no longer accessible or visible to other Users;
• public interactions with the community (e.g., likes, posts, comments, or photos) are anonymized but not deleted;
• data used for analytical or statistical purposes (as described in Section 4.2) is anonymized;
• all other data will be deleted.

These provisions are subject to any data we are legally required to retain, particularly under the French Law for Confidence in the Digital Economy (LCEN), which will be deleted once the legal retention periods have expired.

5.2. Specific Data Retention Periods

The following types of data have a specific maximum retention period that applies:

• Moderated content or User profiles: 3 years after the moderation decision or account ban,
• Data related to contact with our Customer Service (inquiries, complaints, etc.): 3 years after the message is sent or the last activity on the account,
• Data processed as part of a request to exercise a right: 3 years after the request,
  • If an ID document is provided as proof of identity to process a request, it will be deleted after the request is processed.
• Online service navigation data, based on cookies or analytics software: 13 months after consent

Notwithstanding the provisions of Sections 5.1 and 5.2. above, we will retain some personal data for an additional period of time if we are legally required to do so. We may also need to keep personal information for the time necessary to resolve a dispute or to exercise or defend our legal rights.

Beyond these maximum retention periods, the data will be permanently deleted or fully anonymized.

6. Sharing Your Data

We share your data only as necessary, including:

• Publisher or Provider’s Personnel. Our authorized employees have access to and process your personal data as necessary to carry out the purposes listed in Section 4 above. They are subject to confidentiality obligations and access restrictions according to their duties.
• Third-party Service Providers. We share your personal data with service providers to help us operate and improve our services. We use service providers to: host our services; to monitor the performance of the services; to moderate content or detect violations of our Community Guidelines; to store support tickets and/or provide assistance to users; to offer additional features in our services. We only select service providers who offer strong data protection guarantees and who agree to security and confidentiality obligations.
• Change of Ownership. In the event of a bankruptcy, merger, acquisition, reorganization, or other change of control, your personal data may be transferred to the relevant entity as part of the transaction.
• Affiliates. We may disclose personal data to Octopus Community’s affiliated companies to help operate the services or for any other purpose listed in Section 4 above.
• Legal Rights Enforcement. As we deem necessary to defend our legal rights or to enforce any agreement such as our Terms of Use, prepare our defense, and engage in any litigation or lawsuit, we may share data with competent courts, public officials or bodies, legal counsel, and/or experts.
• Legal Obligations and Public Safety. We may communicate personal data to law enforcement, judicial, or administrative authorities, and/or to other organizations: in response to lawful orders or requests, subpoena or search warrant; to protect the safety or integrity of any person; to preserve the security and integrity of the services or to protect the rights and freedoms or property of us or of other users.

7. Your Privacy Rights

Here are your privacy rights:

• You have a right to access your personal data and a right to data portability, in which case you may receive a copy of such data in a commonly used format.
• You have a right to obtain rectification of your personal data should they be inaccurate, incomplete, or obsolete. You can update some of your data directly in your account.
• You have a right to erasure (or “right to be forgotten”) of your personal data. You can also request to delete your account in the app settings My Account > Delete my account.
• You have a right to withdraw your consent if we rely on your consent to process your data. In most cases, you can withdraw your consent in the app settings and/or in your device settings.
• You have a right to object to the processing of your personal data if you have a reason due to your particular situation.
• You have the right to restrict data processing in certain situations, such as when you dispute the accuracy of your data, if processing is unlawful, or if you require the data to establish, exercise, or defend legal claims..
• You have the right to issue instructions regarding the retention, deletion, and disclosure of your personal data after your death.

To exercise these rights, contact the Publisher or send an email at contact@octopuscommunity.com.

The conditions for exercising these rights may differ according to the applicable laws and regulations. These rights may be limited as provided by applicable laws and regulations, the rights and freedoms of other people, our confidentiality obligations, trade secrets, and/or the protection of intellectual property rights. We may retain some personal data if we are legally required to do so; or if we need to keep personal information for the time necessary to resolve a dispute or to exercise or defend our legal rights. Where relevant, you will be informed of the reasons why we could not fulfill all or part of your request.

To process your request, we may require a copy of your ID or another document to verify your identity if there is reasonable doubt.

If you believe your rights have been violated, you may file a complaint with the French supervisory authority, the Commission Nationale de l'Informatique et des Libertés (CNIL), through their website at https://www.cnil.fr or by mail at: CNIL, 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France.

8. Data Security

We take all necessary measures to maintain security appropriate to the level of risk. We employ industry-leading technical security measures to protect personal data, such as communications encryption using TLS 1.3.

We also ensure long-term security through:

• Secure deployment processes, including peer reviews and CI/CD pipelines for frequent updates, especially for security patches.
• Strict scrutiny of external tools and libraries to maintain security standards.
• Keeping up-to-date with the highest security standards and following OWASP MASVS guidelines for mobile application security audits.
• Regular audits to evaluate security practices
• Access control: Limiting employee access to sensitive data.

We have a data breach notification process that complies with GDPR requirements, ensuring notifications are issued within 72 hours when necessary.

9. Children’s Privacy

The Platform is not intended for children under 16 years. If we learn that data from children has been collected, we will delete it promptly after notice.

10. International Data Transfers

We ensure that all processed data remains within the European Economic Area (EEA) or in countries deemed to provide an adequate level of personal data protection, in accordance with Article 45 of the GDPR. Our servers are hosted in data centers compliant with GDPR security and data protection standards.

In some cases, personal data may be transferred to partners located outside the EEA. These transfers strictly adhere to GDPR rules, including specific agreements (known as Standard Contractual Clauses) that ensure a high level of data protection:

• If the third country does not benefit from an adequacy decision by the European Commission, transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission or another authorized transfer mechanism.
• We ensure that these subcontractors implement appropriate security measures to guarantee the confidentiality and protection of the transferred personal data.

Additionally, we require all our subcontractors, whether located within the EEA or in third countries, to comply rigorously with GDPR through detailed contractual agreements that specify:

• Obligations regarding data protection.
• Standards of legality, transparency, and data minimization.
• Mechanisms for monitoring and audits that we may perform to verify their compliance.

These provisions ensure strict compliance with GDPR data transfer requirements while providing the highest level of data protection for our users.

11. Changes to This Policy

We will update this Privacy Policy from time to time to take into account any technical, economic, regulatory, or legal evolution, or if we change our practices regarding the processing of personal data, especially to comply with any changes in applicable laws and regulations, or if we change our practices regarding the processing of personal data.

We will notify you in advance, through appropriate channels, of significant changes to this Privacy Policy. Following advanced notification, your continued use of any website or app operated by Octopus Community means you accept these changes.

12. Contact Us

Should you have any questions concerning this Privacy Policy or requests concerning your personal data, you can contact the Publisher or send us an e-mail to contact@octopuscommunity.com.

‍