Privacy Policy

Introduction

At SIROC LABS, we respect your privacy. We believe that the less we know about you, the better; that is why we aim to limit the information we collect to the minimum necessary. The purpose of this privacy policy (“Privacy Policy”) is to inform you in detail what personally identifiable information or personal information we collect from you when you use our application, how we use such information, and the choices you have regarding our use of, and your ability to review and correct, the information.

We reserve the right to change this policy, which we will do through online posting. We use your data solely to provide you with services in which you enroll.

For purposes of this Privacy Policy, the terms “SIROC”, “SIROC LABS”, “we,” “us” and “our” refer to the company Siroc Ltd; the terms “application“, “service” and “product” refer to the TwinCeb software and related services; and “you” refers to you, as a user of the application as applicable.


Who We Are

Siroc Ltd is a EU company located in Koumasion 1, Building 11, 8560 Peyia, Paphos, CYPRUS. We comply with the European law for Data Protection (“GDPR”).


What Information We Collect and How We Use It

We collect solely information that is necessary to provide you with our services and to improve our product.


Basic Subscriber Information. To manage and verify your subscription across multiple devices, we collect your digital purchase receipts from Apple and Google together with a unique device identifier. The digital purchase receipts only include information about the type and the time of a purchase. We do not see any contact or payment information. We also do not have access to your Apple ID or Google ID. We are using a unique, pseudonymized identifier that is only accessible to our app. - Legal basis Art. 6(1)(b) GDPR


Purchase Statistics. For statistical reasons and fraud protection, we collect pseudonymized data about the time and type of a purchase or the redeemed trial or promotional code, the unique user identifier, an anonymous device identifier, the version of the app and the language settings. In addition, we collect the App Store and Play Store promotion campaign for TwinCeb (if applicable) as well as the displayed purchase options within the app. - Legal basis Art. 6(1)(b) and 6(1)(f) GDPR


Usage Data (Optional). To improve our services we periodically collect pseudonymized data about the number and types of devices you use, the operating systems installed on those devices (e.g., iOS, Android), the version of the app, and usage analytics. If you do not want us to collect this data, you can disable its tracking in the application’s Privacy Policy settings. - Legal basis Art. 6(1)(f) GDPR


Diagnostic Data (Optional). To help identify and solve specific problems with our products and services, we occasionally solicit diagnostic reports and other troubleshooting, bug, and crash reports from customers. - Legal basis Art. 6(1)(a) GDPR


Email Newsletter Subscription (Optional). To inform our users about new features, releases and blog posts, we provide a newsletter for which you can subscribe with your email address.

We use Mailchimp to manage our newsletter and other email lists. Mailchimp provides us with data concerning your email activity, that is, the place, date and time where and when you open our messages, the device type you are using, and your interactions with our messages such as clicking a link.

You can unsubscribe from our newsletter by clicking on the unsubscribe link provided at the end of the newsletter. If you don’t want us to track your email activity, you can click the preferences link at the end of the newsletter. It will take you to your newsletter preferences, where you can opt out from email activity tracking. You can also email twinceb@siroclabs.com to update or unsubscribe your email address, to request that we delete your email address, or that we stop tracking your email activity. - Legal basis Art. 6(1)(a+f) GDPR


Affinity Matching. In order to provide the affinity score, the pictures you take are sent to our servers hosted by Digital Ocean, where they are processed to calculate the affinity score. After processing the pictures are automatically and instantly deleted on the server. - Legal basis Art. 6(1)(b) GDPR


Chat Input and Output. When utilizing the AI Chat feature within our application, the text input and output data, along with a pseudonymized user identifier, are processed and temporarily stored on OpenAI's servers. OpenAI retains this data for a limited period, as specified in OpenAI's data usage policy. We do not have direct access to the retained data on OpenAI's servers.  - Legal basis Art. 6(1)(b) GDPR


Cookies, Analytics and Automated Information Collection

Please note that companies delivering advertisements on our services may also use cookies or other technologies as described below, and those practices are subject to those companies’ own policies. More information on how third parties may use your data in our services go to “Data Processors” and "Advertising Networks and Their Partners" further below.


Privacy Policies of Linked Third-Party Services and Advertisers

Our websites, apps and games may contain advertisements from Third-Party Services, which are companies other than SIROC that may link to their own websites, online services or mobile applications. We are not responsible for the privacy practices or the content of these Third-Party Services. If you have any questions about how these Third-Party Services use your information, you should review their policies and contact them directly.


Where We Store Your Data

Personal Content. Your content, such as your pictures, is temporarily processed on our servers (in-memory only, never stored) and then immediately flushed from memory. We never have access to this data because it is never permanently stored. The permanent storage of this data is done locally on your device. Only the resulting affinity scores are stored in our database, which is hosted on MongoDB. All data is stored anonymized.

In case you are using the iCloud function of the application, synchronized with your personal iCloud Drive storage (Apple service). iCloud Drive creates backups of your data and syncs it between your devices automatically. You always have the option to disable iCloud from the system settings.


Basic Subscriber Information. The digital purchase receipts, as well as the redeemed trial or promotional codes, are stored in Apple’s CloudKit to sync your subscription data between your Apple devices. We do not have direct access to any data stored in your iCloud account.


Purchase Statistics. The purchase statistics are stored on the servers of Mixpanel, Adjust and RevenueCat.


Usage Data and Device Information. The usage data and device information are stored with a pseudonymized user and device ID on the servers provided by Mixpanel. It is not possible for us to resolve your name or other personal information from this data. 


Diagnostic Data (Optional). Crash reports of the application are collected and sent to Firebase and ShipBook. This data will only be collected with your consent.


Customer Support Emails. For customer support and email services, we use Google Workspace as our help desk software. This means that every email you send to us will be stored at Google. We are legally required to archive all email traffic for ten years.


Push Notifications. Device IDs are collected by OneSignal for the purpose of managing push notification.


Chat History. The chat history generated within our application is stored on our servers as a backup for user convenience and to optimize token consumption while enhancing our Natural Language Processing (NLP) model. The storage duration of chat history is unlimited until the user chooses to delete the conversation using the delete feature of the chat conversation. All chat conversations are pseudonymized, and we do not store any user information. Only the device ID is retained to associate the chat history with a specific device, ensuring the privacy of users' personal information.


How Long We Store Your Data For

We store your data for as long as Cypriot law requires, or as is necessary for the fulfillment or the initiation of a contract, or as long as we claim legitimate interests. After the expiration of that period, the corresponding data is routinely deleted or completely anonymized. We have detailed some of the deletion periods under “Where We Store Your Data”. Statistical and diagnostic data is generally never deleted.

We clarify that the provision of personal data is partly required by law (e.g., tax regulations) or can result from contractual provisions (e.g., information on the contractual partner).


Data Processors

Depending on the usage of our services your personal data might be processed by the following services:


Apple

CloudKit database service and iCloud Drive file storage service provided by Apple, Inc.

Personal Data: Digital purchase receipts, usage of promotions and trials, pseudonymized user identifier

Location of Data Processing: EU or USA


Mailchimp

Email marketing service provided by The Rocket Science Group LLC d/b/a Mailchimp.

Personal Data: Email address

Location of Data Processing: USA


Google Workspace

Help desk software provided by Google, Inc.

Personal Data: Support emails

Location of Data Processing: EU or USA


MongoDB

Database hosting service provided by MongoDB, Inc.

Personal Data: Affinity scores

Location of Data Processing: Germany


Digital Ocean

Hosting service provided by DigitalOcean, LLC.

Personal Data: Affinity processing

Location of Data Processing: Germany


Firebase

Crash analytics software provided by Google, Inc.

Personal Data: Crash report, pseudonymized user identifier

Location of Data Processing: USA


Mixpanel

Application analytics software provided by Mixpanel.

Personal Data: Application analytics, pseudonymized user identifier

Location of Data Processing: EU


Adjust

Marketing analytics software provided by Adjust GmbH.

Personal Data: Purchases Analytics

Location of Data Processing: EU, USA


RevenueCat

Subscription management and purchase analytics software provided by RevenueCat, Inc.

Personal Data: Purchases Analytics 

Location of Data Processing: USA


ShipBook

Error tracking service provided by ShipBook.

Personal Data: Error messages (anonymized), pseudonymized user identifier

Location of Data Processing: EU


OneSignal

Push Notifications service provided by OneSignal.

Personal Data: Pseudonymized user identifier

Location of Data Processing: EU


OpenAI

GPT API provided by OpenAI, Inc.

Personal Data: Pseudonymized user identifier, text input and text output data

Location of Data Processing: USA



Advertising Networks and Their Partners

AppLovin

AppLovin is an advertising service provided by AppLovin Corporation (US)

Privacy Policy: https://www.applovin.com/privacy


Facebook Audience Network

Facebook Audience Network is an advertising service provided by Facebook, Inc. (US) that may collect or receive information from our apps and other apps and use that information to provide measurement services and targeted ads.

Privacy Policy: https://www.facebook.com/about/privacy/


Google AdSense

Google, as a third-party vendor, uses cookies to serve ads on our Service. Google’s use of the DoubleClick cookie enables it and its partners to serve ads to our users based on their visit to our Service or other websites on the Internet

You may opt out of the use of the DoubleClick Cookie for interest-based advertising by visiting the Google Ads Settings web page: http://www.google.com/ads/preferences/


AdMob by Google and their partners

AdMob by Google is provided by Google Inc. (US)

For more information on how AdMob uses the collected information, please visit the Privacy Policy of Google: http://www.google.com/policies/privacy/

For more information on AdMob Partners, please visit: https://support.google.com/admob/answer/9012903

You can opt-out from AdMob by Google service by following the instructions described by Google: https://support.google.com/ads/answer/2662922?hl=en


IronSource

IronSource is an advertising service provided by IronSource, Inc. (US)

Privacy Policy: http://www.ironsrc.com/wp-content/uploads/2017/01/ironSource-Privacy-Policy.pdf


Liftoff

Liftoff is an advertising service provided by Liftoff, Inc. (US)

Privacy Policy: https://liftoff.io/privacy-policy/


Unity Ads

Unity Ads is an advertising service provided by Unity Ads Inc. (US)

Privacy Policy: https://unity3d.com/legal/privacy-policy


Vungle

Vungle is provided by Vungle, Inc. (US)

You can opt-out from Vungle service by following the instructions as described by Vungle on their Privacy Policy page: http://vungle.com/privacy/


Mintegral

Mintegral is an advertising service provided by Mobvista International Technology Ltd (China).

Privacy Policy: https://www.mintegral.com/privacy/



Your Privacy Rights (Under GDPR)

Right to Access. You can request SIROC LABS to provide you with information on how we collect, use, and store your personal information, and to provide you with a copy of your personal information we store.


Right of Rectification. You can request that we correct inaccurate information about you.


Right to Delete. You can request that we delete information collected about you, given that we are not required by law to preserve it, that it is not necessary for contract fulfillment and that we can still identify your records.


Right to Object. You can object to the processing of your information in certain cases, as well as request that SIROC LABS does not use your personal information for direct marketing purposes.


Right to Data Portability. If requested, we will provide you all data under our control in common, machine-readable formats. If requested, we will provide you with instructions to obtain your data, in cases where we do not have direct access.


Contact for Data Privacy

If you have any questions regarding your personal data as well as your privacy rights, please contact

Siroc Ltd
Koumasion 1, Building 11
8560 Peyia, Paphos
CYPRUS

Email: twinceb@siroclabs.com


Responsible Body for Data Privacy

Responsible body for the processing of personal data within the meaning of the law. Art. 4 (7) GDPR :

Siroc Ltd
Koumasion 1, Building 11
8560 Peyia, Paphos
CYPRUS

Email: twinceb@siroclabs.com


Contacting You

We may use your contact information to communicate with you about our product, diagnostic data and error reports, provide support, and send you other information such as product updates and announcements. You can opt out of news and announcements by unsubscribing from our newsletter.


Breach Notification

If the confidentiality of customer data is breached, we recognize our responsibility to our customers and to the public to disclose the nature of the risk and provide a transparent account of the events without undue delay. At a bare minimum, we must inform the applicable supervisory authorities as required by law and regulation.


Consent for Underage Enrollment

Those under the age of 18 are not allowed to use the services without the consent or authorization of their parent or legal custodian.


Updates to Our Privacy Policy

At our discretion, we may make changes to this Policy and note the date of the last revision. You should check here frequently if you need to know of updates to our Privacy Policy. We maintain the right to inform you of substantive changes via email. Previous versions of this page will be made available.


Glossary

TwinCeb

TwinCeb refers to the TwinCeb application.

SIROC

SIROC or SIROC Labs (or sometimes “we”, “us” or “our”) refers to the company Siroc Ltd.

Pseudonymization

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to an identified or identifiable natural person without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.


Last updated: March 30, 2023