EyesTalkEyesTalk
Version 1.1 · Effective April 27, 2026
Русский

Privacy Policy

This Privacy Policy explains how SAMPLIFY FZCO ( "EyesTalk", "we", "us", "our") collects, uses, shares and protects personal data of users of the EyesTalk mobile applications, the website at https://eyestalk.app, the Venue Owner Panel and related services (together, the "Service"). Please read it together with our Terms of Service.

By creating an account or using the Service you confirm that you have read this Policy. If you do not agree, please do not use the Service.

1. Who is the data controller

The data controller is SAMPLIFY FZCO, a Free Zone Company licensed by the Dubai Silicon Oasis Authority (DSOA) under commercial licence No. 10142, UAE Federal Tax Authority TRN 104045419900003, D-U-N-S 850103731, registered at Building A2, Office 101, Dubai Digital Park, Dubai Silicon Oasis, Dubai, United Arab Emirates. Contact: admin@eyestalk.app.

For users in the United Arab Emirates this Policy is intended to comply with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data ("PDPL") and the regulations issued thereunder. For users in the European Economic Area, the United Kingdom and Switzerland, this Policy is intended to comply with the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the UK GDPR. For users in California we follow the California Consumer Privacy Act, as amended by the CPRA ("CCPA").

2. The data we collect

2.1. Information you give us

  • Account data — email address and password (stored as a salted hash by our identity provider). Optionally a third-party sign-in identifier if you use one.
  • Profile data — nickname, age range, gender (if provided), avatar photo, additional photos, short bio, interests, industry, hobbies, favourite movie / band, "about me", optional public social handles (Instagram, Telegram, LinkedIn).
  • Venue Owner data — venue name, type, address, coordinates, geofence radius, business description, logo, QR code configuration, services and slots, loyalty tiers, announcements.
  • User content — chat messages, waves, activity submissions (poll votes, contest entries, bids), reports and moderation requests you submit.
  • Payment-related data — handled by our payment processor; we receive only a transaction reference, amount, status and last four digits / brand of the card. We do not see or store full card numbers.

2.2. Information we collect automatically

  • Approximate & precise geolocation — used to show nearby venues, verify check-ins inside a venue's geofence, and tag your active session to a venue. Precise location is only captured while the app is in use and you have granted the relevant OS permission. We do not record continuous location history.
  • Presence data — your current check-in status (which venue you are at, when you arrived, when you checked out) and activity status (online / in-venue / away).
  • Device & technical data — IP address, device model, OS and version, app version, locale, time zone, push notification token, crash and diagnostic logs, network type.
  • Usage data — events such as opening a screen, sending a wave, joining an activity, spending tokens. Used to operate features, prevent abuse and improve the Service.
  • Cookies and similar technologies — on the website and Venue Owner Panel we use strictly necessary cookies (session, authentication, CSRF), and storage required for the app to work. See section 11.

2.3. Information from others

We may receive information from venues you check in to (e.g. that you scanned their QR code), and from users who interact with you (e.g. reports about your behaviour). If you sign in with a third-party identity provider, we receive the identifiers and basic profile data that you authorise that provider to share.

2.4. Special category data

We do not ask for special categories of personal data (such as data revealing race, political opinions, health, religious beliefs, biometric data for unique identification, or sexual orientation). If you choose to disclose such data in your profile or chats, you do so at your own risk and you give us your explicit consent (Art. 9(2)(a) GDPR / Art. 5 PDPL) to host that content for the purpose of providing the Service. We do not use facial recognition on your photos.

3. Why we use your data and the legal basis

We process your personal data for the following purposes:

  • To provide the Service — create your account, authenticate you, show nearby venues, run check-ins, deliver messages, run activities, manage tokens, operate the Venue Owner Panel.
    Legal basis: performance of a contract (Art. 6(1)(b) GDPR; Art. 4(2) PDPL).
  • To process geolocation — verify check-ins inside venue geofences and show what is around you.
    Legal basis: your explicit OS-level consent (Art. 6(1)(a) GDPR; Art. 6 PDPL) and performance of a contract.
  • To keep the Service safe — detect, investigate and prevent abuse, fraud, harassment and security incidents; enforce our Terms; respond to reports; moderate content; ban repeat offenders.
    Legal basis: legitimate interests (Art. 6(1)(f) GDPR; Art. 4(7) PDPL) and legal obligations (Art. 6(1)(c) GDPR).
  • To support and communicate with you — answer your requests, send service emails (password resets, security alerts, policy changes), and send push notifications about events you opted into.
    Legal basis: contract and legitimate interests.
  • To process payments and prevent fraud.
    Legal basis: contract and legal obligations (UAE tax / accounting rules).
  • To analyse and improve the Service — measure feature usage, debug issues, build aggregated statistics. We aggregate or pseudonymise data wherever possible.
    Legal basis: legitimate interests.
  • To comply with the law — respond to lawful requests from competent authorities, retain records required by tax or anti-money-laundering rules.
    Legal basis: legal obligations (Art. 6(1)(c) GDPR).

We do not sell your personal data, and we do not use it to train third-party AI models.

4. How long we keep your data

  • Account & profile — for the life of your account. After you delete your account, identifiable data is removed within 30 days, except where we must keep it to (a) resolve disputes (up to 3 years), (b) meet legal, tax or accounting obligations (up to the period required by law), or (c) prevent fraud and abuse on the Service.
  • Check-in records — kept while you are checked in and archived for up to 12 months for analytics and abuse prevention.
  • Chats — venue and direct chats automatically expire 24 hours after you check out of the venue, unless we are required to preserve a message in connection with a report or a legal obligation. After expiry, message content is deleted from our active databases.
  • Reports & moderation records — kept up to 24 months to support repeat-offender enforcement.
  • Technical logs — up to 12 months.
  • Payment records — for the period required by applicable UAE tax law (typically up to 7 years under UAE Federal Decree-Law No. 47 of 2022 on Corporate Tax and the VAT regulations).

5. Who we share data with

We do not sell your personal data. We share it only with the following categories of recipients, under written contracts that require them to protect your data:

  • Other users — your profile (nickname, age range, avatar, photos, bio, interests, social handles you chose to make public) is visible to other users who are checked in at the same venue, and to people you chat or match with.
  • Venue Owners — venues you check in to receive aggregated and individual presence data (your nickname and avatar, arrival time) about guests in their venue, and contents of messages you send to general venue chat or activities.
  • Cloud hosting and backend (Supabase / AWS / Vercel) — for storing data, running APIs and authentication. Data may be processed on servers located outside the United Arab Emirates, including in the European Economic Area and the United States.
  • Payment processors — to process top-ups and subscriptions. Payment processors are PCI DSS Level 1 certified and we never receive full card data.
  • Push notification providers (Apple Push Notification service, Firebase Cloud Messaging) — to deliver push notifications to your device.
  • Email delivery providers — to send service emails (password recovery, account notifications).
  • Crash and analytics providers — to receive aggregated, pseudonymised diagnostics about app stability and feature usage.
  • Legal & safety — competent state authorities where required by law, and our professional advisers (lawyers, accountants, auditors), bound by confidentiality.
  • Successors — in case of merger, acquisition, reorganisation or sale of assets, your data may be transferred to the successor entity, subject to this Policy or a notice of changes.

6. International data transfers

Some of our service providers are located outside the United Arab Emirates or your country of residence. Where your data is transferred to a country that does not provide an equivalent level of protection, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UAE Data Office model clauses (where issued), and additional technical measures (encryption in transit and at rest). By using the Service you consent to such transfers, to the extent permitted by applicable law.

7. How we protect your data

We use a combination of organisational and technical measures:

  • TLS encryption for data in transit;
  • encryption at rest for backups and selected stores;
  • strict access controls and least-privilege roles;
  • row-level security in our database, scoped per user;
  • rate-limiting and abuse detection;
  • regular backups and incident-response procedures.

No system can be fully secure. We will notify you and the relevant regulator of a personal-data breach where required by law.

8. Your rights

You have the right to:

  • Access the personal data we hold about you;
  • Rectify inaccurate or incomplete data;
  • Erase your account and personal data (subject to retention requirements in section 4);
  • Restrict or object to certain processing, including based on legitimate interests;
  • Withdraw consent at any time, without affecting processing carried out before withdrawal;
  • Data portability — receive a copy of data you provided to us in a structured, machine-readable format;
  • Lodge a complaint with a competent supervisory authority — for example, the UAE Data Office (federal regulator under PDPL), or the supervisory authority in your EU/EEA member state.

To exercise any right, write to admin@eyestalk.app from the email registered to your account. We will respond within 30 days (extendable as permitted by applicable law). We may need to verify your identity before acting on a request. If you believe we have not handled your request properly, you can complain to your local supervisory authority.

9. California (CCPA / CPRA) privacy rights

If you are a California resident, you have additional rights to know, delete, correct and limit the use of certain sensitive personal information, and to opt out of any "sharing" of personal information for cross-context behavioural advertising. We do not sell or share your personal information for such advertising. To exercise your rights, contact us at admin@eyestalk.app. We will not discriminate against you for exercising these rights.

10. Children

The Service is not directed at children under 18. We do not knowingly collect personal data from children under 18 (or under 16 in the EEA / UK). If you believe a minor has registered, please contact us at admin@eyestalk.app and we will remove the account.

11. Cookies and storage

Our website and Venue Owner Panel use cookies and similar storage for authentication, security (CSRF protection, session integrity), language preference and theme preference. These are strictly necessary cookies and do not require consent under EU rules. We do not use third-party advertising cookies. The mobile app uses local storage on your device for authentication tokens and offline caches; clearing app data will sign you out.

12. Automated decision-making

We do not make decisions producing legal effects on you, or similarly significantly affecting you, based solely on automated processing. We do use automated tools for spam filtering, abuse detection and recommendations, but human review is available before we permanently disable an account.

13. Profiles, chats and messages — visibility

  • Your profile is visible only to people checked in at the same venue and to direct chat partners.
  • Direct chats are visible only to participants. They auto-expire 24 hours after you check out, unless preserved due to a report.
  • General venue chat messages are visible to everyone checked in to that venue and to the Venue Owner.
  • Reports you submit are visible to our moderation team and the Venue Owner of the relevant venue, but not to the reported user (we do not disclose the reporter's identity).

14. Mobile app permissions

The EyesTalk mobile app requests the following operating-system permissions. Each is requested only when the related feature is used, and you can revoke any of them at any time from your device settings.

  • Location (precise & approximate) — used while the app is open to show nearby venues on the map and to verify that you are inside a venue's geofence when you check in. We do not collect background location and we do not build a continuous location history.
  • Camera — used solely to scan QR codes for venue check-in. We do not record photos or video and we do not access the microphone.
  • Photos / media library — used only when you choose to set or replace your profile picture or upload an additional profile photo.
  • Push notifications — used to deliver in-app event notifications you opted into (waves, mutual interests, venue announcements). You can disable them in OS settings without affecting other features.

We do not request permissions for the microphone, contacts, calendar, body sensors, SMS, call logs, accounts beyond sign-in, advertising ID, or files outside what you explicitly upload.

15. Account deletion (Google Play / Apple App Store)

You can delete your account and the personal data we hold about you at any time:

  • Inside the app — open Profile → Settings → Delete account and confirm. Your profile is anonymised immediately and the residual data is purged within 30 days.
  • From the web, including without signing in — visit https://eyestalk.app/delete-account for the full instructions and contact route.

We comply with the Google Play User Data policy (account deletion from Apr 2024) and the Apple App Store guideline 5.1.1(v) (in-app account deletion since Jun 2022).

16. Tracking and advertising

We do not track you across other companies' apps and websites. We do not use third-party advertising SDKs, we do not share data with advertising networks, and we do not use your data for behavioural advertising. The advertising identifier (Apple IDFA / Android Advertising ID) is not collected. Under Apple App Tracking Transparency we declare "Data Not Linked to You: None" and "Data Used to Track You: None".

17. Changes to this Policy

We may update this Policy from time to time. The current version and effective date are shown at the top of the page. Material changes will be notified to you via in-product notice or email at least 14 days before they take effect. Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

18. Contact

Questions, requests and complaints regarding this Policy or your personal data:

SAMPLIFY FZCO
Building A2, Office 101, Dubai Digital Park, Dubai Silicon Oasis, Dubai, United Arab Emirates
Commercial Licence No.: 10142 (Dubai Silicon Oasis Authority (DSOA))
UAE TRN: 104045419900003
D-U-N-S: 850103731
Email: admin@eyestalk.app

Privacy Policy — EyesTalk · EyesTalk