🔐 Privacy Policy – NORA

This Privacy Policy explains how personal data is processed when you use the NORA mobile application (the “Service”). We process personal data only to the extent necessary for providing, securing, and improving the Service, and in accordance with applicable law (including, where relevant, the GDPR).

📥1. Categories of Data We May Process

Depending on how you use the Service, we may process the following categories of data:

• Account data: email address; phone number (for verification); basic profile details you provide.
• Verification data: information necessary to confirm your verified status (including possible social network verification signals for “Super Verified”).
• Content data: events and other content you create or upload (e.g., descriptions, images).
• Location data (optional): city/region or approximate location if you grant permission.
• Technical data: device identifiers (where available), app version, OS, logs, diagnostics, and security-related signals.

🎯2. Purposes and Legal Bases

We may process personal data for the following purposes:

• Service delivery: creating and managing accounts; enabling core features; displaying events.
• Verification and safety: preventing fraud, abuse, and misuse; enforcing rules; protecting users.
• Service improvement: diagnostics, analytics, bug fixing, and performance monitoring.
• Legal compliance: fulfilling legal obligations and responding to lawful requests.

Depending on the context, processing may be based on performance of a contract (providing the Service), legitimate interests (security, fraud prevention, improvement), consent (e.g., optional location), and/or legal obligations.

📱3. Device Permissions

The Service may request access to certain device functions, such as:

• internet access (data synchronization),
• notifications (event updates),
• location (optional, to show relevant content).

Permissions are optional and can be changed in your device settings. Some features may be limited if permissions are denied.

🤝4. Third-Party Service Providers

We may use third-party providers to operate the Service, including in particular Firebase (authentication, database, analytics/diagnostics) and payment platform providers (e.g., Apple/Google) for in-app purchases.

These providers may process data under their own terms and privacy policies and may operate servers in different regions. We use such providers to the extent necessary to run the Service.

🔒5. Security

We implement reasonable technical and organizational measures to protect personal data. However, no system is perfectly secure, and we cannot guarantee absolute security of data transmitted over the internet.

🗑️6. Retention and Deletion

We retain personal data only as long as necessary for the purposes described above, including operating the account and ensuring security and compliance. You may request deletion of your account as described in the “Account and Data Deletion” document.

🌍7. International Users

The Service may be used outside the Czech Republic. Data may be processed using infrastructure located in other countries. Where applicable, appropriate safeguards are used as required by law.

✏️8. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version is always available on this page. Where required, the App may request renewed consent.

📧9. Contact