Privacy Policy
Last updated: [2026-01-27]
This Privacy Policy describes how Spunto (“the App”) collects, uses, and protects personal data in accordance with Regulation (EU) 2016/679 (GDPR).
By using the App, you acknowledge that you have read and understood this Privacy Policy.
1. Data Controller
Nectares DevLabs
Email: nectares.devlabs@gmail.com
Nectares DevLabs is the data controller responsible for the processing of personal data through the Spunto application.
2. Types of Data Collected
The App may collect and process the following personal data:
2.1 Account Data
Collected during store registration:
- Email address
- Password (handled securely by Firebase Authentication)
- Store name
- Phone number
- Store addresses
- Social media links
- Profile images
- Photos of posts, offers, menus, and promotional content
2.2 Location Data
The App may request access to the device’s location in order to:
- Display the user’s position on the map
- Show nearby stores and offers
Location data is used only locally and in real time and is not stored on our servers.
2.3 Usage Data
Anonymous technical data may be collected automatically, including:
- Device type
- Operating system version
- App version
- Crash logs
This data is used solely to improve stability and performance.
3. Purpose of Data Processing
Personal data is processed for the following purposes:
- Allow store owners to create and manage their store profiles
- Publish offers and events on the map
- Display store information to users
- Provide customer support
- Ensure security and prevent abuse
- Comply with legal obligations
4. Legal Basis for Processing
Personal data is processed on the basis of:
- Contractual necessity (account creation and service usage)
- User consent, where required (e.g. location access)
- Legitimate interest (security, service improvement)
- Legal obligations, where applicable
5. Data Storage and Processing
Data is processed using services provided by:
- Google Firebase (Authentication, Firestore Database, Cloud Functions, Cloud Storage)
Firebase servers may be located within or outside the European Union.
In such cases, data transfers are protected through Standard Contractual Clauses (SCCs) in compliance with GDPR.
6. Data Retention
Personal data is retained only for as long as necessary to provide the service.
Store owners may request complete deletion of their account, which includes:
- Removal of store profile data
- Deletion of posts, images, menus, and addresses
- Deletion of authentication credentials
Once deleted, data cannot be recovered.
7. Data Sharing
Personal data is not sold or shared with third parties for marketing purposes.
Data may be shared only with:
- Technical service providers strictly necessary for app functionality (e.g. Firebase)
- Authorities, when legally required
8. User Rights
Under GDPR, users have the right to:
- Access their personal data
- Rectify inaccurate data
- Request deletion of their data
- Restrict or object to processing
- Request data portability
- Withdraw consent at any time
Requests can be made by contacting:
9. Security Measures
We adopt appropriate technical and organizational measures to protect personal data, including:
- Secure authentication systems
- Access control rules
- Encrypted communications (HTTPS)
- Restricted database and storage permissions
10. Children’s Privacy
Spunto is not intended for use by children under the age of 16.
We do not knowingly collect personal data from minors.
11. Changes to This Privacy Policy
This Privacy Policy may be updated periodically.
Any changes will be published on this page with an updated revision date.
12. Contact
For any questions regarding this Privacy Policy or data processing:
© Spunto – Nectares DevLabs