← Back to No Fair

Privacy Policy

Last updated: February 15, 2026

1. Data Controller

The data controller for the No Fair app is:

Paweł Szczabel
ul. Wygodnowa 51/2A
45-402 Opole, Poland
NIP: 9910361892
Email: pawelszczabel@gmail.com

For any questions about your data, please contact us at the email address above.

2. What Data We Collect

We collect the minimal amount of data necessary to provide the service:

• Account information: email address (or Apple ID token if you sign in with Apple), used for authentication.
• Signals: when you send a signal (e.g., "No Fair," "Anger," "Loneliness"), we store the signal type, timestamp, and your anonymous user ID.
• Support interactions: when someone supports your signal, we record the anonymous count.
• Device tokens: a push notification token to deliver notifications to your device. We do not link this to your identity.
• Usage data: rate-limiting timestamps (recent presses, cooldown/lockout times) to enforce fair usage.

We do NOT collect:

• Your real name, phone number, or physical address.
• Location data.
• Contacts, photos, or any data from other apps.
• Browsing history or advertising identifiers.

3. Legal Basis for Processing (Art. 6 GDPR)

We process your data based on:

• Contract performance (Art. 6(1)(b)): we need your account data to provide the service you signed up for.
• Legitimate interest (Art. 6(1)(f)): we process usage data for rate-limiting and abuse prevention.
• Consent (Art. 6(1)(a)): push notifications are only sent with your explicit opt-in.

4. How We Use Your Data

Your data is used exclusively to:

• Authenticate your account and maintain your session.
• Send and receive anonymous emotional signals.
• Deliver push notifications about support milestones (if you opted in).
• Enforce rate-limiting to prevent abuse.
• Respond to your support requests.

5. Data Sharing

We do NOT sell your data to anyone. We share data only with:

• Firebase (Google Cloud): authentication, database, and cloud functions. Data is stored in the EU/US under Google's standard contractual clauses.
• OneSignal: push notification delivery. Only your device token is shared, not your identity.
• Apple/Google: in-app purchase processing through their respective platforms.

No data is shared with advertisers, data brokers, or any other third parties.

6. Data Retention

• Account data: retained while your account is active. Deleted within 30 days of account deletion.
• Signals: retained for the lifetime of the service to maintain support counts.
• Rate-limiting data: automatically pruned after the rate-limit window expires (5 minutes).
• Push notification tokens: deleted when you disable notifications or delete your account.

7. Your Rights (GDPR Art. 15–22)

As a user in the EU/EEA, you have the right to:

• Access: request a copy of all data we hold about you.
• Rectification: correct inaccurate data.
• Erasure ("Right to be Forgotten"): request deletion of your account and all associated data.
• Restriction: request we limit processing of your data.
• Data Portability: receive your data in a machine-readable format.
• Objection: object to data processing based on legitimate interest.
• Withdraw Consent: withdraw consent for push notifications at any time via Settings.

To exercise any of these rights, email us at pawelszczabel@gmail.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Polish supervisory authority:
UODO (Urząd Ochrony Danych Osobowych)
ul. Stawki 2, 00-193 Warszawa
uodo.gov.pl

8. Account Deletion

You can delete your account at any time from the Settings screen in the app. This will:

• Permanently delete your account and authentication data.
• Remove your signals and associated data.
• Revoke push notification permissions.

Deletion is irreversible and completed within 30 days.

9. Security

We use industry-standard security measures:

• All data is transmitted over HTTPS/TLS encryption.
• Authentication is handled by Firebase Authentication with secure token management.
• Cloud Functions run in Google Cloud's secure infrastructure.
• We do not store passwords — authentication uses Firebase's secure hashing.

10. Children's Privacy

No Fair is not intended for children under 13 years of age. We do not knowingly collect data from children. If you believe a child has provided us with data, contact us immediately and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted within the app and the "Last Updated" date will be revised. Continued use of the app after changes constitutes acceptance of the updated policy.

12. Contact

For privacy-related questions or requests:

Paweł Szczabel
Email: pawelszczabel@gmail.com
Address: ul. Wygodnowa 51/2A, 45-402 Opole, Poland