Privacy Policy

1. Controller and Contact Details

This Privacy Policy explains how PEOPLET j.d.o.o. ("we", "us", or "our") processes personal data in connection with PRIMP.

Controller: PEOPLET j.d.o.o., Lindar 176, 52000 Lindar, Republic of Croatia. Contact email: info@peoplet.io. VAT/OIB 55344389415. Registered at the Commercial Court in Pazin under number 130141163.

If you have privacy-related questions, complaints, or rights requests, you may contact us using the above contact details.

2. Scope of this Privacy Policy

This Privacy Policy covers the PRIMP mobile application, related websites, landing pages, account systems, subscription and billing workflows, notifications, support interactions, trust-and-safety workflows, and other related services that link to or reference this Privacy Policy.

It applies when you create an account, browse content, upload images, rate content, follow users, search profiles, purchase subscriptions, contact support, interact with moderation or abuse-prevention systems, or otherwise use PRIMP.

PRIMP is a consumer-facing service. For the ordinary operation of PRIMP, we generally act as an independent controller of the personal data processed through the service, except where a specific context or law requires a different role.

3. Important Notice About Age

PRIMP is intended for users aged 16 and older. We do not intend to provide PRIMP to persons under 16.

If we learn or reasonably suspect that an account is being used by a person under 16, or that the user has misrepresented their age, we may suspend or delete the account, remove content, and retain only the data reasonably necessary for legal, safety, fraud-prevention, or evidentiary purposes.

If you believe that a person under 16 is using PRIMP, please contact us.

4. Categories of Personal Data We Process

Depending on how you use PRIMP, we may process the following categories of personal data:

• account and registration data, such as email address, password hash or authentication credential metadata, username, display name, profile image, and account settings;
• user content, including uploaded images, captions, descriptive text, and associated metadata;
• ratings and interaction data, including ratings given, ratings received, average-rating outputs, timing data, and anti-manipulation signals;
• social graph and visibility data, such as follows, profile views, feed placement, profile discoverability, and account relationships;
• technical and device data, such as IP address, app version, device identifiers or pseudo-identifiers, operating system, language, time zone, logs, cookies, tokens, and diagnostic data;
• subscription, entitlement, and transaction metadata received from app-store or payment providers;
• support and moderation data, such as messages sent to support, reports made or received, complaint records, enforcement history, and evidence related to disputes or investigations.

5. Sources of Personal Data

We collect personal data directly from you, automatically from your use of PRIMP, from your device and operating system, from app-store and payment platforms, from our service providers acting on our instructions, from anti-fraud and trust-and-safety systems, and from complaints or reports submitted by users or third parties.

We may also infer or derive certain information from raw data, such as account risk signals, device consistency indicators, visibility states, trust signals, rating eligibility, and fraud or abuse indicators.

6. Purposes of Processing and Legal Bases

We process personal data only where we have an applicable legal basis under data-protection law. Depending on the context, these legal bases may include contract performance, compliance with legal obligations, legitimate interests, and consent where required.

7. Detailed Purposes and Legal Bases

8. Visibility of Data Within PRIMP

Because PRIMP is a social and rating-based application, certain data may be visible to other users, including your username, display name, profile image, public posts, captions, visible rating metrics, follow relationships, and other profile elements depending on the current app design and your feature access.

Data that are technically visible in the app may still be processed internally for additional purposes such as moderation, abuse prevention, analytics, ranking, support, and backup.

You should not upload content to PRIMP if you do not want it to be visible, assessed, discussed, or socially interpreted within the app environment.

9. Ratings and Opinion Data

When users submit ratings, we process both the rating value and related metadata, such as the account that submitted it, timing, device and anti-abuse signals, and eligibility rules for counting or displaying the rating.

A displayed rating average may exclude some ratings or be based on selected eligible ratings, anti-fraud logic, moderation decisions, or plan-based display rules. We process this information to operate the service, preserve platform integrity, and prevent manipulation.

Ratings are user opinions and platform outputs. They are not verified facts about a person.

10. User Content, Including Images

User-uploaded images may contain personal data, including your appearance, clothing, body, accessories, location clues, background objects, third parties, or other identifying elements. Please upload carefully.

We process uploaded content to store it, display it, moderate it, serve it efficiently, generate thumbnails or variants, enforce our policies, respond to complaints, detect abuse, and maintain backups and logs.

Even if content is removed from active display, residual copies may remain temporarily in backups, caches, logs, moderation systems, or records preserved for legal or security reasons.

11. Social Features: Search, Profiles, and Following

PRIMP may allow profile discovery, user search, following, profile pages, feed ranking, or similar features. To provide those features, we process profile identifiers, follow relationships, public content, interaction events, and related metadata.

We may use such data to personalize content ordering, support account discovery, reduce spam, and enforce our policies.

12. Authentication and Account Security

We process login credentials, account-recovery data, session data, security tokens, IP addresses, device signals, and related data to authenticate users, prevent unauthorized access, detect account compromise, and maintain the security of PRIMP.

Where authentication, database, or storage functions are supported by third-party infrastructure providers, those providers process personal data on our behalf under applicable contractual and legal safeguards.

13. Subscriptions, Payments, and App Stores

If you purchase a premium subscription or other paid feature, payment processing may be handled by Apple, Google, or another payment provider rather than directly by us. In that case, we may receive limited transaction and subscription metadata such as product identifier, purchase status, renewal status, territory, currency, and proof of entitlement.

We process that information to activate paid features, maintain records, handle customer support, detect fraud, and comply with tax, accounting, and legal obligations.

Refunds, cancellations, chargebacks, or subscription disputes may also involve the relevant app store or payment provider acting under its own terms and privacy rules.

14. Customer Support and Communications

If you contact us at info@peoplet.io or through in-app or website contact methods, we process your contact details, account details, and the content of your communication to respond, investigate, document, and resolve the issue.

Support interactions may be retained for training, quality, fraud prevention, and legal or evidentiary purposes.

15. Moderation, Trust and Safety, and Abuse Prevention

We process personal data to prevent, detect, investigate, and respond to policy violations, illegal content, underage use, impersonation, coordinated manipulation, spam, fraud, harassment, intellectual-property complaints, privacy complaints, security threats, and other harmful conduct.

This may include automated flags, manual review, reports from users or third parties, account-linkage signals, content-review records, preservation of evidence, and escalation to advisers, providers, law enforcement, or competent authorities where legally justified.

Our legal basis for this processing is typically our legitimate interest in protecting PRIMP, our users, third parties, and the public, and compliance with legal obligations where applicable.

16. Analytics, Diagnostics, and Product Improvement

We may process app usage data, event data, crash data, performance data, device metadata, and feature interaction data to understand how PRIMP is used, to improve the product, to debug problems, to optimise storage and traffic, and to measure the effectiveness of changes.

Depending on the tool and jurisdiction, this processing may be based on our legitimate interests or on consent where required by applicable law.

17. Cookies, SDKs, and Similar Technologies

Our related website and app environment may use cookies, local storage, software development kits (SDKs), pixels, tokens, APIs, and similar technologies for core functionality, authentication, session continuity, fraud prevention, analytics, debugging, subscription validation, and app performance.

Some of these technologies are essential for service operation, while others may depend on your consent where legally required.

18. Recipients and Categories of Service Providers

We may disclose or make personal data available to the following categories of recipients where necessary: hosted back-end providers; database providers; authentication providers; file-storage providers; content-delivery networks; crash-reporting and monitoring providers; analytics providers; email and communications providers; support and productivity providers; legal, accounting, and insurance advisers; app-store and payment providers; anti-fraud and trust-and-safety vendors; and public authorities where legally required.

At the time of this policy, our back-end stack may include Supabase or equivalent providers for account authentication, hosted database, storage, and related infrastructure. Specific providers may change over time.

We do not sell personal data in the ordinary sense of transferring your data to unrelated third parties for their independent marketing purposes for money. However, some disclosures to stores, infrastructure, or analytics providers are necessary to operate the service.

19. International Transfers

Our providers may process data in the European Union, the European Economic Area, the United Kingdom, the United States, and other jurisdictions depending on the provider, selected project region, support structure, disaster-recovery design, app-store infrastructure, or operational needs.

Where personal data are transferred outside the EU/EEA, we seek to rely on lawful transfer mechanisms and safeguards, such as adequacy decisions, Standard Contractual Clauses, supplementary measures, or another valid transfer basis, as applicable.

If we deploy or configure PRIMP to use a Supabase or equivalent project region located in Ireland or another EU region, that does not necessarily mean every related support, logging, email, or app-store data flow remains exclusively in that region.

20. Data Retention

We retain personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, including service provision, account administration, ratings functionality, trust and safety, legal compliance, dispute resolution, and evidentiary preservation.

Retention periods may vary depending on the data type, your plan, the feature logic, whether the content remains published, whether the account remains active, whether a complaint or investigation is ongoing, and whether backup or log cycles still contain copies.

Account data may be retained for the life of the account and for a reasonable period thereafter. Uploaded content may be retained until deleted by the user, removed by moderation, or otherwise no longer needed, subject to backup cycles, fraud-prevention needs, and legal obligations. Security, access, and technical logs may be retained for shorter or longer periods depending on risk and necessity. Billing and accounting records may be retained for statutory periods.

21. Data Security

We implement technical and organisational measures designed to protect personal data against unauthorised access, unlawful processing, accidental loss, alteration, disclosure, or destruction. Such measures may include access controls, credential management, role-based permissions, encryption in transit, backups, logging, monitoring, security review, and provider-level safeguards.

No system is perfectly secure, and we cannot guarantee absolute security. You are also responsible for maintaining device security, password security, and account confidentiality.

22. Your Rights

Subject to applicable law, you may have the right to request access to your personal data, rectification of inaccurate data, erasure, restriction of processing, objection to certain processing, data portability, and withdrawal of consent where processing is based on consent.

To exercise your rights, contact us at info@peoplet.io. We may request information necessary to verify your identity and authority before acting on a request.

You may also have the right to lodge a complaint with a competent supervisory authority, including in Croatia the Croatian Personal Data Protection Agency (AZOP).

23. Legal Claims and Disclosures

We may preserve, use, or disclose personal data where reasonably necessary to establish, exercise, or defend legal claims; to enforce our Terms; to investigate fraud, abuse, or security incidents; to protect the rights, property, and safety of us, our users, service providers, or others; or to comply with legal obligations or lawful requests from public authorities.

This may include preserving content, account records, device signals, or communications that would otherwise have been deleted from ordinary user-facing display.

24. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, providers, platform design, subscriptions, moderation practices, or product functionality. The latest version will apply from its stated effective date.

Where required by law, we will provide notice of material changes through the app, by email, through the relevant store listing, or by another appropriate method.

25. Regional and Supplemental Disclosures

Depending on where you are located, you may be entitled to additional disclosures or rights under local law. We may provide separate or supplemental notices where required for specific jurisdictions, app-store disclosures, or product features.