This Privacy Policy explains how Synergy Data Talks App ("we", "us", or "our") collects, uses, stores, and shares information when you use the mobile application (the "App"). By using the App you agree to the collection and use of information in accordance with this policy.
Overview — What the App Does
The App provides news content organized by categories (CSR, ESG, Sustainability, Jobs, Events, Grants, Tenders). It also includes user authentication, a friend system based on QR codes, a QR scanner, user profile editing, and standard account recovery flows (password reset via email).
Information We Collect
We may collect and process the following categories of information:
Account information: Email address and password (used for authentication). Passwords are not stored in plaintext on our servers — instead, secure hashing is used server-side.
Authentication tokens: When you choose "Remember me", the App stores a JSON Web Token (JWT) in secure device storage (e.g., Flutter secure storage). The JWT is used to authenticate API requests and is validated by our backend.
User profile: Display name and other optional profile fields that you set in the app. This data is stored in our backend database and used to create your in-app identity (including generating your personal QR code).
QR code & friend connections: The App generates a QR code that encodes a user identifier. When you scan another user’s QR code (with your consent), the scanned identifier is sent to our server to create a "friend" connection; a record of the connection is stored in the database.
Device & usage data: Non-identifying analytics data to improve the App (e.g., which categories are most-read). We may use third-party analytics providers — see Third-Party Services below.
Camera permission: If you use the QR scanner, the App will request camera permission. The camera feed is used locally to detect and decode QR codes; it is not recorded or uploaded unless you explicitly trigger an action that sends decoded data to our servers (for example, adding a friend).
Email verification & password reset: We use SMTP to send verification codes, password reset codes, and other transactional emails to your email address. We do not share your email with third parties for marketing without your consent.
How We Use Your Information
We use the collected information for the following purposes:
Authentication: Validate your credentials and provide secure access to your account.
Session persistence: When "Remember me" is enabled, the JWT stored securely on the device allows automatic re-authentication on app launch.
Profile features: Generate your QR code, show your name and avatar to friends, and enable profile editing.
Friend connections: Add and manage friends when QR codes are scanned or exchanged.
Password recovery: Send verification codes via SMTP to permit secure password resets and email verification.
News delivery: Provide news items by category and manage pagination. We may adjust content ranking using non-personal analytics signals.
Support: Respond to support requests and process account deletion or export requests.
Sharing and Disclosure
We do not sell your personal data. We may share information only as described below:
Service providers: We use trusted third-party providers (e.g., email delivery via SMTP, analytics, hosting, database providers) who process data on our behalf under contractual obligations to protect your data.
Legal requirements: We may disclose information if required by law or to respond to lawful requests from public authorities.
With your consent: Any other data sharing will be done only with your explicit consent.
Where and How We Store Data
User profile data and friend connections are stored in our backend database. Authentication tokens (JWTs) are generated by the server and stored on the user's device using secure storage (e.g., Flutter secure storage). We use industry-standard security practices (TLS for network transport, hashed passwords server-side, access controls) to protect data.
Important: Although we take reasonable measures to protect data, no method of transmission or storage is 100% secure. Do not share sensitive information publicly.
Data Retention
We retain user account data (profile, email, friend connections) for as long as the account exists. If you request account deletion, we will remove your personal data within a reasonable timeframe, except where we are required to retain certain records for legal or safety reasons.
Camera and QR Scanner
The App requests camera access only when you open the QR scanner. Camera access is used to decode QR codes in real time. No video or image data is uploaded by default. Only the decoded QR payload (typically a user identifier) is sent to our server when you confirm adding a friend.
Cookies and Tracking
The App itself does not use browser cookies. We may use mobile analytics SDKs that store non-personal identifiers on the device to measure app usage and performance. You can opt out of analytics tracking where device settings or app settings allow.
Third-Party Services
The App uses third-party services that may collect data about you. These services include (but are not limited to):
SMTP provider — for sending verification and password reset codes to your email.
Analytics providers — to collect non-personal usage statistics.
Hosting and database providers — to store backend data.
Each third-party provider has its own privacy policy. We recommend you review those policies before using the App. Where required, we only use GDPR-compliant providers and data processing agreements.
Your Rights and Choices
You have control over your personal information. You can:
Access and correct: Update your display name and profile in the App.
Delete your account: Request account deletion (contact us; see Contact Us below).
Password reset: Use the App's "Forgot password" flow to reset a password via a verification code sent to your email.
Opt-out of analytics: Where the App supports it, you may opt out of anonymous analytics tracking.
International Transfers
Your data may be processed or stored in countries other than your residence. We take reasonable steps to ensure appropriate safeguards (e.g., contracts, encryption) are in place to protect your data across borders.
Security
We use technical and organizational measures to protect your information, including TLS for network communications, secure storage for tokens on-device, and industry-standard controls on our servers. Access to personal data within our organization is restricted to authorized personnel only.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will post the revised policy at this same URL and update the "Last updated" date above. Continued use of the App after such changes indicates your acceptance of the updated terms.
Contact Us
If you have questions about this Privacy Policy, to request data access, correction, or deletion, or to complain about our privacy practices, contact:
This Privacy Policy is governed by the laws of the country where Synergy Apps is incorporated. Where applicable, users retain the rights provided by local data protection laws.