Privacy Policy
1. Introduction
OcheBase is a mobile application operated by Revelopt j.d.o.o. ("we", "our", or "us"), a company registered in Croatia, located at Augusta Cesarca 8, 33514 Cacinci, Croatia. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the OcheBase application ("the App"). By using the App, you consent to the practices described in this policy.
2. Information We Collect
We collect the following categories of information:
Account Data: When you register, we collect your name or username, email address, and password. Your password is securely hashed and never stored in plaintext.
Profile Data: You may optionally upload a profile photo from your device gallery.
Financial Data: If you subscribe to OcheBase Pro, we collect your billing address. Payment processing (including credit/debit card transactions) is handled entirely by Apple App Store, Google Play Store, and RevenueCat. We do not directly store or process your credit or debit card numbers. We receive only limited transaction information from these processors, such as subscription status, plan type, and expiry dates, which is necessary to manage your access to Pro features.
Usage Data: We collect data related to your use of the App, including game scores, match history, tournament results, and community activity.
Device Data: We automatically collect device type, operating system version, and app version for compatibility and troubleshooting purposes.
Analytics Data: We collect anonymous usage patterns to understand how the App is used and to improve our services.
3. How We Use Your Information
We use your information to:
- Provide, operate, and maintain the App and its features
- Create and manage your account
- Process subscription payments through third-party payment processors
- Send transactional emails (account verification, password resets)
- Send marketing communications if you have opted in
- Send push notifications about matches, tournaments, and community activity (if you have enabled them)
- Analyze usage patterns to improve the App
- Prevent fraud, abuse, and unauthorized access
- Ensure compliance with applicable laws and regulations
- Respond to your support requests
Legal Basis for Processing (GDPR): We process your personal data based on the following legal grounds:
- Contract Performance: Processing necessary to provide you with the App's services (account management, match scoring, tournament features)
- Consent: Processing based on your explicit consent (marketing emails, push notifications, optional profile data)
- Legitimate Interests: Processing necessary for our legitimate business interests (analytics, fraud prevention, service improvement), balanced against your rights
- Legal Obligations: Processing required to comply with applicable laws and regulations
4. Device Permissions
The App may request the following device permissions:
Camera: Used for scanning physical scoreboards and dart setups. The camera is accessed only when you initiate a scan. Images captured for scanning are processed locally and are not stored on our servers.
Photo Gallery: Used to select a profile photo from your device. We only access the specific photo you choose and do not browse or collect other photos from your gallery.
Push Notifications: Used to notify you about match updates, tournament activity, community messages, and important account information. You can enable or disable push notifications at any time through your device settings. We do not send push notifications without your permission.
Local Storage: We use your device's local storage to save your preferences, session data, and authentication tokens. This data remains on your device and is used to maintain your logged-in state and personalized settings.
5. Data Storage and Security
Your data is stored on secure servers with industry-standard security measures. We implement appropriate technical and organizational safeguards, including:
- Encryption of data in transit (TLS/SSL)
- Secure password hashing (never stored in plaintext)
- Access controls limiting who can access personal data
- Regular security reviews
While we strive to protect your data, no method of electronic storage or transmission is completely secure. We cannot guarantee absolute security.
6. Third-Party Services
We use the following third-party services that may process your data:
- Google Sign-In: For authentication purposes. Subject to Google's Privacy Policy.
- Apple Sign-In: For authentication purposes on iOS. Subject to Apple's Privacy Policy.
- RevenueCat: For managing subscriptions and in-app purchases. Subject to RevenueCat's Privacy Policy.
- Analytics Provider: For collecting anonymous usage statistics to improve the App.
These services have their own privacy policies and data handling practices. We encourage you to review them.
7. Cookies and Tracking Technologies
The App uses the following tracking technologies:
- Cookies and Web Beacons: Used for authentication and session management.
- Local Storage: Used to store user preferences and authentication tokens on your device.
- Sessions: Used to maintain your authenticated state while using the App.
We use these technologies solely for authentication and anonymous analytics. We do not use them for advertising, retargeting, or tracking across other apps or websites. We do not use Facebook Pixel or any advertising tracking technologies.
8. Sharing of Information
We do not sell, rent, or trade your personal information to third parties. We may share your data only in the following circumstances:
- With payment processors (Apple, Google, RevenueCat) to process your subscriptions
- With authentication providers (Google, Apple) to verify your identity during sign-in
- With our analytics provider in anonymized form
- When required by law, regulation, or legal process
- To protect our rights, property, or safety, or that of our users
- In connection with a merger, acquisition, reorganization, or sale of assets, in which case your data may be transferred to the successor entity. We will notify you before your personal data becomes subject to a different privacy policy
9. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
Under GDPR (European Union residents):
- Right of access: Request a copy of your personal data
- Right to rectification: Correct inaccurate personal data
- Right to erasure: Request deletion of your personal data
- Right to data portability: Receive your data in a structured, machine-readable format
- Right to restrict processing: Limit how we use your data
- Right to withdraw consent: Withdraw consent at any time
- Right to object: Object to processing based on legitimate interests
Under CCPA (California residents):
- Right to know: What personal information we collect and how it is used
- Right to delete: Request deletion of your personal information
- Right to opt-out: Opt out of the sale of personal information (we do not sell your data)
- Right to non-discrimination: Equal service regardless of exercising your rights
Under CalOPPA:
- We conspicuously post this Privacy Policy within our App
- We include the effective date of the policy
- We describe how we notify users of changes
- We honor Do Not Track signals
To exercise any of these rights, contact us at [email protected]. We will respond to your request without undue delay and in any event within 30 days of receipt. If we need additional time due to the complexity of your request, we will notify you of the extension and the reasons for the delay.
10. Children's Privacy
OcheBase is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at [email protected].
11. International Data Transfers
Revelopt j.d.o.o. is based in Croatia, a member of the European Union. Your data is primarily stored and processed within the EU in compliance with GDPR. If you access the App from outside the EU, your data may be transferred to and processed in the EU. For California residents, we comply with the CCPA in handling your personal information.
12. Email Communications
We send two types of emails:
Transactional Emails: Account verification, password resets, and important account notifications. These are necessary for the operation of your account and cannot be opted out of while your account is active.
Marketing Emails: Newsletters and promotional communications. You can opt in to receive these during registration or in your account settings. You may opt out at any time by using the unsubscribe link in any marketing email or by updating your preferences in the App.
13. Data Retention
We retain your personal data for as long as your account is active or as needed to provide you services. Specifically:
- Account data is retained while your account exists
- Upon account deletion, your personal data is deleted within 30 days
- Anonymized analytics data may be retained indefinitely as it cannot be linked to you
- We may retain certain data as required by law or for legitimate business purposes (e.g., fraud prevention)
To request deletion of your account and associated data, use the account deletion option in App settings or contact us at [email protected].
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will:
- Update the "Last updated" date at the top of this policy
- Notify you through the App or via email
- If required by law, obtain your renewed consent
Your continued use of the App after changes are posted constitutes your acceptance of the updated policy.
15. Contact
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
Revelopt j.d.o.o.
Augusta Cesarca 8
33514 Cacinci, Croatia
Email: [email protected]