Privacy Policy

1. Introduction

This Privacy Policy describes how the Avarii mobile application ("the App", "we", "us") collects, uses, stores, and protects your personal data in accordance with the Bulgarian Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, GDPR).

By using the App, you confirm that you have read this Policy and agree to the data processing practices described herein.

2. Data Controller

The controller of personal data collected through the App is the operator of Avarii.

Contact: support@avariite.com

3. Categories of Personal Data We Collect

3.1. Registration Data

When creating an account, we collect:

• Email address – for account identification and communication
• Password – encrypted and securely stored via Firebase Authentication

3.2. Google Sign-In Data

If you choose to sign in with a Google account, we receive:

• Email address – associated with your Google account
• Name – the public name from your Google profile
• Profile photo – URL of your profile picture (if available)

3.3. Subscription Data

To provide the service, we store:

• Selected locations – cities and areas for which you wish to receive notifications
• Selected providers – water utility companies you follow
• Push token – a unique device identifier for sending notifications

3.4. Technical Data

We automatically collect:

• Device information – device type, operating system version
• Usage data – anonymized statistics for service improvement

4. Purposes of Processing

We process your personal data for the following purposes:

• Providing and maintaining the App's services
• Sending push notifications about outages and interruptions in your subscribed areas
• Authentication and ensuring the security of your account
• Improving the App and user experience
• Communication regarding important changes to the service
• Compliance with legal obligations

5. Legal Basis for Processing

The processing of your personal data is based on:

• Performance of a contract – providing the services you registered for (Art. 6(1)(b) GDPR)
• Legal obligation – compliance with applicable legislation (Art. 6(1)(c) GDPR)
• Legitimate interest – improving services and security (Art. 6(1)(f) GDPR)
• Consent – for sending marketing communications, where applicable (Art. 6(1)(a) GDPR)

6. Sharing Data with Third Parties

We do not sell your personal data. We share data only with the following categories of recipients:

• Firebase (Google LLC) – for authentication, database, and push notification delivery. Google processes data in accordance with its own privacy policy and standard contractual clauses for international data transfers.
• Competent authorities – when required by law or to protect our rights

7. Storage and Security

Your data is stored in Firebase (Google Cloud Platform) infrastructure, which meets international security standards including SOC 2 and ISO 27001.

We implement appropriate technical and organizational measures to protect your data from unauthorized access, alteration, disclosure, or destruction, including encryption of data in transit and at rest.

Retention period: We retain your personal data as long as you have an active account in the App. Upon account deletion, data is permanently removed within a reasonable timeframe, unless we are legally required to retain it longer.

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access – to obtain confirmation of whether your data is being processed and a copy of it
• Right to rectification – to request correction of inaccurate or incomplete data
• Right to erasure ("right to be forgotten") – to request deletion of your data
• Right to restriction – to request restriction of processing under certain conditions
• Right to data portability – to receive your data in a structured, machine-readable format
• Right to object – to object to processing based on legitimate interest
• Right to withdraw consent – to withdraw your consent at any time when processing is based on consent

To exercise these rights, you can delete your account directly from the App's settings or contact us at support@avariite.com.

9. Account Deletion

You can delete your account at any time from the App's settings. Upon deletion:

• All your personal data will be permanently deleted
• All notification subscriptions will be removed
• Device registrations will be deleted
• This process is irreversible

10. Children

The App is not intended for persons under 16 years of age. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us and we will take steps to delete it.

11. Changes to This Policy

We may update this Policy periodically. In case of significant changes, we will notify you via an in-app notification or email before the changes take effect. We recommend that you review this page periodically.

12. Supervisory Authority

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with:

13. Contact

If you have questions about this Policy or the processing of your data, you can contact us:

Email: support@avariite.com