Privacy Policy – Clany

Last updated: May 2025

1. Introduction

Clany is committed to protecting your privacy and data. This Policy explains what data we collect, how we use it, and your rights under GDPR and Spanish data protection law (LOPDGDD).

2. Personal Data Collected

Registration Data: name, surname, email address, date of birth.
Calendar and Events: event descriptions, dates, participants.
Notifications: device tokens for push, login records (date, IP).

3. How We Collect and Store Data

Via in-app forms and our self-hosted Keycloak API.
Stored in secure, encrypted databases (PostgreSQL, MongoDB).
User management and access control are handled by Keycloak.

4. Use of Personal Data

Service Operation: create and sync calendars, send event notifications.
Security and Fraud Prevention: detect unauthorized access.
App Improvement: anonymous analytics (Firebase) to optimize performance.
Advertising: Clany displays ads using the AdMob platform. These ads may be personalized based on your interests if you give consent. Otherwise, you will see non-personalized ads.
To show personalized ads, Clany may use advertising identifiers (such as the IDFA on iOS or the Advertising ID on Android). You can enable or disable ad personalization directly in the "Privacy Settings" section of your user profile in the app, or from your device’s privacy settings.
Subscription management: We use RevenueCat to process and validate subscriptions and in-app purchases. We do not store banking data; payments are handled by the app store (App Store or Google Play).

5. Data Sharing with Third Parties

We may share data with:

Authentication data is not shared externally: user management runs on our self-hosted Keycloak instance.
Firebase (analytics and monitoring).
RevenueCat (subscription management).

All sharing is under strict data processing agreements and applicable regulations.

6. Security and Protection

SSL/TLS encryption in transit.
AES encryption at rest for sensitive data.
Role-based access control and regular audits.
For premium subscriptions, transaction-related data will be retained as required by law for compliance purposes.

7. User Rights

Access: know what data we hold.
Rectification: correct inaccurate data.
Erasure: delete your data (“right to be forgotten”).
Restriction/Objection: limit certain processing.
Portability: receive your data in a structured format.

8. Exercising Your Rights

You can exercise your rights of access, rectification, erasure, restriction of processing, data portability, and objection under the General Data Protection Regulation (GDPR).

By email: Send your request along with proof of identity to ragnorakdev@gmail.com. We will respond within one month.
From the app: You can also delete your account directly from the Profile section in the app. This will remove all personal data associated with your account.

9. Cookies and Similar Technologies

The native app does not use tracking cookies. On our website, we use only strictly necessary cookies and anonymous analytics.

10. Changes to This Policy

We may update this Policy. We will post the date of last update and notify you in-app or by email if there are material changes. If changes affect advertising use, users will be informed accordingly.