1. Data controller
SOFTWARE FACTORY SPOLKA Z OGRANICZONA ODPOWIEDZIALNOSCIA, ul. Czerwonego Pradnika 8/80, 31-431 Krakow, Polska, KRS: 0000786464 | NIP: 6762566157 | REGON: 383375950.
Contact for privacy matters: office@softwarefactory.guru.
Privacy Policy (GDPR)
This policy explains how personal data is processed when using DiroChat services.
2. Data categories
Depending on how you use the service, we process account and service metadata needed for operations and security.
- Phone number used for OTP login.
- Device identifiers and device role metadata.
- Push notification tokens and delivery metadata.
- Technical diagnostics and security event metadata.
3. Purposes and legal basis
Data is processed to deliver core messaging features, secure account access and prevent abuse.
- Performance of service contract (Art. 6(1)(b) GDPR).
- Legitimate interest in service security and anti-abuse (Art. 6(1)(f) GDPR).
- Legal obligations where applicable (Art. 6(1)(c) GDPR).
4. Payload handling model
DiroChat is designed so message and media payload are delivered directly between user devices.
Server-side services are used for metadata coordination and do not serve as persistent payload history storage.
5. Data recipients and processors
Operational partners may process data strictly for infrastructure, hosting and notification delivery.
- Cloudflare services for web delivery and metadata control plane.
- Apple and Google notification infrastructure for push delivery metadata.
- Other vetted providers necessary for secure operation and incident response.
6. Transfers outside EEA
If data transfers outside EEA occur, they are based on lawful safeguards such as SCCs or equivalent mechanisms.
7. Retention
Data retention is limited to what is necessary for account maintenance, security and legal obligations.
- Account and device metadata: while account remains active and for justified post-closure periods.
- Security and technical logs: retained for operational and compliance windows.
- Server-side payload history: not a normal persistence target in the direct-only model.
8. Your rights
You may request access, rectification, erasure, restriction, portability or object to processing where applicable.
You also have the right to lodge a complaint with a competent supervisory authority.
9. Cookies and local storage
Technical cookies or local storage can be used for essential session continuity and language preferences.
Details are described in the dedicated Cookies Policy.
10. Policy updates
This policy may be updated as service architecture, law or security practices evolve.
Legal notice: this privacy policy should be reviewed by legal counsel before final publication.