Privacy Policy

Welcome to Stanza ("we", "us", "our"). Stanza is a product of Centurix EOOD, a company registered in Bulgaria ("Centurix", "Company"). The Stanza website and the Stanza mobile application are owned and operated by Centurix EOOD. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, store, share, and protect your information when you use our mobile application ("App"), website, and related services (collectively, the "Service"). It also describes your rights regarding your personal data and how applicable law protects you.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

1. Information We Collect

We collect information in several ways, depending on how you interact with the Service:

1.1 Information You Provide Directly

• Account Information: When you create an account, we collect your email address and any username or display name you choose.
• Payment Information: When you make purchases through the App, payment processing is handled entirely by Apple (App Store) or Google (Google Play). We do not collect, store, or have access to your credit card numbers, bank account details, or other payment credentials.
• Communications: If you contact us for support, we collect the content of your messages, your email address, and any attachments you provide.

1.2 Information Collected Automatically

• Location Data: With your explicit permission, we collect real-time GPS location data to trigger audio playback at points of interest. We only access GPS location while the App is open and actively in use. You can revoke location permissions at any time through your device settings.
• Usage Data: We collect information about your interactions with the Service, including audio tracks played, tour completion status, venues visited, language preferences, time spent in the app, and feature interactions.
• Device Information: We collect device type, operating system version, unique device identifiers, and app version to ensure compatibility and diagnose technical issues.
• Crash and Performance Data: We automatically collect crash reports and performance diagnostics to identify and fix bugs.

1.3 Information From Third Parties

• Authentication Providers: If you sign in via Apple Sign-In or Google Sign-In, we receive your name and email address (or a relay address, in Apple's case) as authorized by you during the sign-in flow.
• App Store Platforms: Apple and Google may share subscription status and purchase receipts with us to validate your access to paid content.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Provide the Service: To deliver GPS-triggered audio tours, manage your account, process purchases, track your Digital Passport progress, and deliver offline content.
• Improve the Service: To analyze usage patterns, identify bugs, optimize performance, and develop new features.
• Communicate with You: To respond to support requests, send essential service notifications (such as changes to our terms), and, where you have opted in, send product updates.
• Ensure Security: To detect, prevent, and respond to fraud, abuse, and security incidents.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable government requests.

We do not use your personal data for automated decision-making or profiling that produces legal effects or similarly significant effects on you.

3. Location Services

Location data is central to the Stanza experience. Our GPS-triggered tours use your device's location to automatically play relevant audio content while the App is open and you move through a venue or landmark.

• We request location permission explicitly before accessing any location data.
• Location data is processed on-device for tour triggering and is not continuously transmitted to our servers.
• We do not sell, rent, or share your precise location data with any third party for advertising or marketing purposes.
• We do not request background location permission for the current App Store or Google Play release.
• You can disable location permissions at any time through your device's settings. Without location access, GPS-triggered features will be unavailable, but you can still manually browse and play audio content.

4. Data Sharing and Disclosure

We do not sell your personal data. We may share your information only in the following limited circumstances:

• Service Providers: We work with third-party providers who perform functions on our behalf, such as cloud hosting (Google Cloud Platform), analytics, and crash reporting. These providers are contractually obligated to use your data only for the services we have engaged them to provide and to maintain appropriate security measures.
• Legal Requirements: We may disclose your information if required by law, court order, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.
• Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your data.
• With Your Consent: We may share information for other purposes when we have your explicit consent to do so.

5. Data Retention

We retain your personal data only for as long as reasonably necessary to fulfill the purposes for which it was collected, including:

• Active Accounts: Account data is retained for as long as your account exists and is active.
• Inactive Accounts: If your account has been inactive for 24 months, we may contact you to confirm whether you wish to keep your account. If we receive no response, we may delete your account and associated data.
• After Deletion: When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain certain data for legal, tax, audit, or regulatory obligations (typically up to 7 years for financial records).
• Aggregated Data: We may retain anonymized, aggregated data (which cannot identify you) indefinitely for analytics and product improvement purposes.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

• Encryption of data in transit (TLS/HTTPS) and at rest.
• Access controls limiting data access to authorized personnel on a need-to-know basis.
• Regular security assessments and monitoring.
• Secure authentication mechanisms.

While we strive to protect your personal data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we commit to promptly notifying affected users and relevant authorities in the event of a data breach as required by applicable law.

7. International Data Transfers

Your information may be transferred to, and processed in, countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your country. We take appropriate safeguards to ensure that your personal data remains protected in accordance with this Privacy Policy, including the use of Standard Contractual Clauses approved by the European Commission or other legally recognized transfer mechanisms where applicable.

8. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

• Right of Access: You have the right to request a copy of the personal data we hold about you.
• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
• Right to Erasure: You have the right to request that we delete your personal data, subject to certain legal exceptions.
• Right to Restriction: You have the right to request that we restrict the processing of your personal data in certain circumstances.
• Right to Data Portability: You have the right to request a machine-readable copy of the personal data you have provided to us.
• Right to Object: You have the right to object to our processing of your personal data where we rely on legitimate interests as the legal basis.
• Right to Withdraw Consent: Where we process your data based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your jurisdiction if you believe our processing of your personal data violates applicable law.

To exercise any of these rights, please contact us at support@stanzapp.com. We will respond to your request within 30 days (or such shorter period as required by applicable law).

9. Account Deletion

You can delete your account and all associated personal data at any time using either of the following methods:

• In-App: Navigate to Settings > Account > Delete Account.
• Online: Visit stanzapp.com/account-deletion and follow the instructions.
• By Email: Send a deletion request to support@stanzapp.com from the email address associated with your account.

Upon receiving your request, we will permanently delete your account, profile information, tour history, Digital Passport data, and any other personal data within 30 days. Purchased content licenses managed by Apple or Google are governed by their respective refund policies.

10. Children's Privacy

The Service is not directed to children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will take prompt steps to delete that information. If you believe a child has provided us with personal data, please contact us at support@stanzapp.com.

11. Third-Party Links and Services

The Service may contain links to third-party websites or services that are not owned or controlled by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our Service.

12. Analytics and Cookies

Our App does not use browser cookies. For our website, we may use essential cookies required for the site to function. We use analytics tools to understand how users interact with our Service. Analytics data is collected in aggregate form and does not personally identify you. You may opt out of analytics collection through your device's privacy settings.

13. Push Notifications

With your permission, we may send push notifications related to your active tours, new content available for venues you've visited, or essential service updates. You can manage your notification preferences in your device settings at any time.

14. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (as amended by the CPRA):

• Right to Know: You may request details about the categories and specific pieces of personal information we have collected, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share data.
• Right to Delete: You may request deletion of personal information we have collected from you, subject to legal exceptions.
• Right to Opt Out of Sale: We do not sell your personal information. If this changes, we will provide a "Do Not Sell My Personal Information" mechanism.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise your California privacy rights, contact us at support@stanzapp.com.

15. European Economic Area Residents (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and equivalent local laws apply to our processing of your personal data. In addition to the rights listed in Section 8:

• Legal Basis: We process your personal data based on: (a) your consent (e.g., location data), (b) performance of a contract (e.g., providing the Service you've purchased), (c) legitimate interests (e.g., improving the Service, preventing fraud), or (d) legal obligations.
• Data Controller: Centurix EOOD is the data controller for the personal data processed through the Service.
• Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy within the App and updating the "Last Updated" date at the top of this page. For significant changes that affect how we process your personal data, we will provide additional notice (such as an in-app notification or email) before the changes take effect.

Your continued use of the Service after the effective date of a revised Privacy Policy constitutes your acceptance of the updated terms.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Centurix EOOD
Email: support@stanzapp.com