1. What data we collect

If Google authentication is used:

• Email address and display name shown in the Google account.
• The unique Google ID (sub), used exclusively for authentication.
• Profile image URL (if available).

If classic authentication (via email and password) is used:

• Email address, first name, last name, username, and password.

The password is stored in an unrecoverable form, through a secure hashing mechanism, detailed in the security measures section.

2. Why we collect this data

Account Creation and Management: The data is used to create a unique user account and to allow secure authentication (login) into the application, as well as to manage the registered profile.

Application Functionality: We use the data to personalize your experience and to ensure the correct functioning of all features within the application.

Service Improvement: We may process aggregated and anonymized data for the purposes of analysis, optimization, and improvement of the application's quality and performance.

Commitment to Privacy:

We will not use your data for advertising, unsolicited direct marketing, or external tracking (behavioral tracking by third parties). Your data is not sold or transferred to other entities for commercial purposes.

3. How we store and protect the data

The data is stored in a secure database, on servers located in the European Union. Access is restricted by authentication and TLS encryption and is only permitted to authorized administrators.

4. How we protect passwords

Passwords entered during classic authentication are never stored in clear text format. They are transformed through an advanced protection process conforming to internationally recognized security standards, which combines multiple unidirectional cryptographic methods—each having an irreversible character—with the addition of at least one step involving a unique, server-specific private key.

The result is an irreversible cryptographic value that does not allow the reconstruction of the initial password, even in the event of unauthorized access to the database. The original password is not saved, transmitted, or accessible at any time, not even to system administrators.

During authentication, the entered password is processed through the same methods, and the result is securely compared with the stored one, without the need to know the clear-text password.

The combination of multiple unidirectional hashing methods, along with the use of private keys, has been adopted as a long-term protection measure. Thus, even in the event of significant advances in computing power or artificial intelligence, the system will maintain a level of protection that excludes the possibility of reconstructing the brute password.

5. How long we retain the data

The data is retained as long as an active account exists or until its deletion is requested, in accordance with Article 17 of the GDPR ("the right to be forgotten").

6. Data sharing

We do not sell or distribute your data to third parties. Exceptions are made only in situations provided by law, when we are legally obligated to provide certain information to the authorities.

7. User rights

Data subjects benefit from the following rights, in accordance with the GDPR: the right to data access, the right to rectification, erasure, portability, restriction of processing, and objection. The exercise of these rights can be made by a written request sent to the address mentioned below.

8. Additional security measures

All communications with the server are encrypted via the TLS protocol (HTTPS). The system includes technical measures to protect against unauthorized access, including limiting the number of authentication attempts. Access to data is restricted exclusively to authorized personnel for strictly administrative and technical purposes.

9. Contact

For any questions or requests regarding the processing of personal data, you can write to us at:

Last updated: 16 Dec 2025