PRIVACY POLICY
Valid from 02/02/2026
ER.YO PRIVACY POLICY
This Privacy Policy sets out the rules for processing personal data of users of the ER.YO mobile application and the related website (landing store) (collectively referred to as the “Service”), in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”).
1. Data Controller
The controller of personal data is: ER.YO Sp. z o.o. with its registered office at: [ADDRESS] VAT ID: [NIP] Company registration number: [REGON] (hereinafter referred to as the “Controller”)
For all matters related to personal data protection, the Controller may be contacted via the email address provided in the Application or on the ER.YO website.
2. Scope of processed data
The Controller processes only the data necessary to provide digital services.
2.1. Processed data includes:
email address, user identifier (User ID), information about an active subscription, technical device data (operating system, application version), diagnostic and performance data (e.g. application errors, performance metrics).
2.2. The Controller does NOT process:
special categories of personal data (sensitive data), location data, device contacts, user photos or media files, payment card or banking details.
Users cannot upload content or communicate with other users. The Application is used solely to view content published by a single Creator.
3. Purposes of data processing
Personal data is processed for the following purposes: concluding and performing an agreement for the provision of electronic services, creating and managing user accounts, verifying access to subscription-based content, handling payments (indirectly via external payment providers), ensuring the security and proper functioning of the Application and the Service, handling user inquiries, complaints and support requests, fulfilling the Controller’s legal obligations.
4. Legal basis for processing
Personal data is processed on the basis of:
art. 6 ust. 1 lit. b RODO – performance of a contract,
art. 6 ust. 1 lit. c RODO – compliance with a legal obligation,
art. 6 ust. 1 lit. f RODO – legitimate interests of the Controller
(security, fraud prevention, error analysis and service stability).
5. Subscriptions and payments
Subscriptions may be purchased: within the Application via: Apple In-App Purchase (Apple Inc.), Google Play Billing (Google LLC), outside the Application via the Creator’s official website (landing store), using Stripe.
The Controller does not have access to users’ payment card details or financial data.
Payment operators act as independent data controllers in accordance with their own privacy policies.
6. Data recipients
Personal data may be disclosed only to: IT service providers, hosting and infrastructure partners, Apple Inc. and Google LLC – to the extent necessary to process subscriptions, payment service providers (Stripe), public authorities, where required by applicable law.
Personal data is not sold and is not used for advertising profiling.
7. Transfer of data outside the EU
Personal data may be transferred outside the European Economic Area only where required in connection with the use of services provided by Apple, Google or Stripe, and only with appropriate safeguards in place (e.g. standard contractual clauses).
8. Data retention period
Personal data is stored: for the duration of an active subscription, after termination – for the period required by applicable law, until the expiry of potential legal claims.
9. User rights
Users have the right to: access their personal data, rectify inaccurate data, request erasure of data (“right to be forgotten”), restrict processing, data portability, object to processing, lodge a complaint with the competent data protection authority.
10. Data security
The Controller applies appropriate technical and organizational measures to protect personal data against loss, unauthorized access or unlawful processing.
11. Age restriction
The ER.YO Application is intended exclusively for users aged 18 or older.
The Controller does not knowingly process personal data of minors.
If the Controller becomes aware that personal data of a person under the age of 18 has been processed, it will take immediate steps to delete such data, unless retention is required by law.
12. Changes to the Privacy Policy
The Controller reserves the right to amend this Privacy Policy.
The current version will always be available within the Application and on the ER.YO website.
13. Contact
For matters related to personal data processing, please contact the Controller using the email address provided in the Application or on the ER.YO website.
By using the ER.YO Application, the user confirms that they have read and accepted this Privacy Policy.
