Privacy Policy for Surl

This Privacy Policy ("Policy") governs the collection, use, storage, disclosure, and protection of personal information of users ("Users") of the mobile application "Surl" ("App"). By accessing or using the App, you confirm that you are at least 18 years of age and agree to the terms of this Policy. If you are under 18 years of age, you are prohibited from using the App. This Policy complies with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and other applicable data protection laws, including those related to in-app purchases and digital transactions.

1. Definitions

Personal Data: As defined under GDPR, any information relating to an identified or identifiable natural person ("Data Subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
User-Generated Content (UGC): Any content, including but not limited to text, images, videos, audio, comments, reviews, or other materials, that Users post, upload, share, or otherwise make available through the App.
Processing: As defined under GDPR, any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
In-App Purchases (IAP): Digital products, services, or subscriptions offered for purchase within the App, including but not limited to premium features, virtual currency, subscription plans, and digital content. All in-app purchases are processed through the official App Store payment system (Apple App Store).

2. Collection of Personal Data

2.1 Voluntarily Provided Information

When you register an account, use the App’s features, or interact with the App, you may voluntarily provide us with the following Personal Data:

Account information: Username, email address, password, and profile information (if you choose to provide it).
UGC: Any content you post, upload, share, or submit through the App, including text, images, videos, audio, and other materials.
Communication data: Information you provide when contacting our customer support (e.g., queries, feedback, or complaints sent to help@surlonline.com).
In-app purchase preferences: Information about the IAP products you select, wishlist, or inquire about (e.g., premium subscription plans, virtual goods).

2.2 Automatically Collected Information

When you use the App, we may automatically collect certain information about your device and usage patterns, including:

Device information: Device model, operating system version, unique device identifiers, IP address, and mobile network information.
Usage data: Information about how you access and use the App, such as the features you use, the time and duration of your use, the pages or content you view, and your interaction with UGC.
In-app purchase data: Transaction identifiers (provided by the App Store), purchase timestamps, the type of IAP purchased, and payment confirmation status (we do not collect or store your payment card details, billing addresses, or other sensitive financial information).

3. Use of Personal Data

We process your Personal Data for the following legitimate purposes, as permitted under GDPR:

To provide, operate, and maintain the App, including registering your account, authenticating your access, and delivering the features and services you request.
To manage and moderate UGC, including reviewing content to ensure compliance with this Policy and our Terms of Service, and preventing the posting of prohibited content.
To facilitate communication between Users and between Users and our customer support team (e.g., responding to your inquiries sent to help@surlonline.com).
To process and fulfill in-app purchases, including verifying transaction details (via App Store APIs), activating premium features/subscriptions, and resolving purchase-related issues or refunds.
To manage subscription lifecycle: Renewing active subscriptions, processing subscription cancellations, and sending renewal reminders (if you opt in to receive such notifications).
To improve and optimize the App, including analyzing usage patterns, identifying areas for improvement, and developing new features and services (including optimizing IAP offerings based on user preferences).
To ensure the security and integrity of the App, including detecting and preventing fraud, unauthorized access, and other malicious activities (including fraudulent in-app purchase attempts).
To comply with legal obligations, such as responding to lawful requests from public authorities, enforcing our Terms of Service, and protecting our rights, property, or safety and the rights, property, or safety of Users or others.

4. UGC Guidelines and Prohibited Content

4.1 UGC Rights and Responsibilities

You retain ownership of your UGC, but by posting, uploading, or sharing UGC through the App, you grant us a non-exclusive, worldwide, royalty-free, perpetual, irrevocable, and sublicensable license to use, reproduce, distribute, display, modify, and adapt your UGC for the purpose of operating, promoting, and improving the App. You warrant that you have all necessary rights to grant this license and that your UGC does not infringe the intellectual property rights, privacy rights, or other rights of any third party.

4.2 Prohibited UGC

You are strictly prohibited from posting, uploading, sharing, or submitting any UGC that falls into the following categories. We reserve the right to remove any prohibited UGC and take appropriate action against Users who violate these guidelines, including suspending or terminating their accounts:

Pornographic, Sexual, or Explicit Content: Any content that depicts or promotes sexual activity, nudity, or pornographic material, including but not limited to explicit images, videos, or text of a sexual nature.
Disturbing or Disgusting Content: Any content that is grossly offensive, disgusting, or likely to cause significant emotional distress or discomfort to other Users, including but not limited to images or videos of violence, mutilation, death, bodily fluids, or other graphic and disturbing material.
Gambling-Related Content: Any content that promotes, advertises, or facilitates gambling, betting, or other gaming activities that involve the wager of money or other valuable consideration, unless such activities are legal in the User’s jurisdiction and comply with all applicable laws and regulations.
Drug-Related Content: Any content that promotes, advertises, or facilitates the sale, distribution, use, or abuse of illegal drugs, controlled substances, or drug paraphernalia.
Political Content: Any content that involves political campaigns, political advocacy, political protests, or the promotion of political parties, candidates, or agendas. This includes but is not limited to content that endorses or opposes political figures, policies, or ideologies.
Discriminatory or Hate Speech Content: Any content that discriminates against, harasses, intimidates, or demeans individuals or groups based on race, ethnicity, national origin, religion, gender, gender identity, sexual orientation, age, disability, or any other protected characteristic. This includes hate speech, slurs, and incitement to discrimination, violence, or harm.
Other Prohibited Content: Any content that is illegal, fraudulent, misleading, defamatory, libelous, invasive of privacy, or violates any third-party rights; any content that contains viruses, malware, or other harmful code; any content that spams, floods, or disrupts the App or other Users’ experience; any content that promotes or facilitates unauthorized in-app purchase fraud or hacking.

5. UGC Reporting Mechanism

We are committed to maintaining a safe and respectful environment for all Users and promptly addressing prohibited UGC. If you encounter any UGC that violates this Policy or our Terms of Service, you may report it using the following steps:

5.1 Reporting Process

Locate the UGC you wish to report (e.g., a post, comment, image, or video).
Click on the "Report" button or icon associated with the UGC (the exact location may vary depending on the App’s interface).
Select the appropriate reason for reporting from the provided options (e.g., "Pornographic Content," "Disturbing Content," "Gambling," "Drug-Related," "Political Content," "Discrimination/Hate Speech," or "Other").
Provide any additional details or context that may help us review the reported content (optional but encouraged).
Submit the report.

5.2 Review and Action

Upon receiving a report, we will review the reported UGC promptly to determine if it violates this Policy.
If we confirm that the UGC is prohibited, we will take immediate action, which may include removing the UGC, issuing a warning to the User who posted it, restricting the User’s access to certain features (including in-app purchase functionality), or suspending or terminating the User’s account (depending on the severity of the violation and whether it is a repeat offense).
We may also take legal action if the prohibited UGC violates applicable laws.
We will notify the reporting User of the outcome of their report, if appropriate, but we reserve the right to keep certain details confidential to protect the privacy of the parties involved.

5.3 False Reports

We prohibit filing false or malicious reports. If we determine that a report is false, frivolous, or intended to harass another User, we may take action against the reporting User, including issuing a warning, restricting access to in-app purchase features, or suspending their account.

6. Disclosure of Personal Data

We will not disclose your Personal Data to third parties except in the following circumstances:

With your consent: We will disclose your Personal Data to third parties if you have given us explicit consent to do so.
Service providers: We may share your Personal Data with third-party service providers who perform services on our behalf, such as hosting, data storage, analytics, customer support, UGC moderation, and in-app purchase transaction verification. These service providers are contractually obligated to protect your Personal Data and only process it in accordance with our instructions and applicable laws.
App Store Platform: We may share transaction-related data (e.g., purchase timestamps, IAP type) with Apple Inc. to verify in-app purchase transactions, resolve refund requests, and comply with App Store terms of service. Apple’s privacy practices apply to data shared with them.
Legal compliance: We may disclose your Personal Data if required to do so by law, regulation, or legal process (e.g., a court order, subpoena, or request from a public authority), or to protect our rights, property, or safety and the rights, property, or safety of Users or others.
Business transfers: In the event of a merger, acquisition, sale of assets, or other business transfer, your Personal Data (including in-app purchase history) may be transferred to the successor entity as part of the business transaction. We will notify you of any such transfer and ensure that the successor entity complies with this Policy.

7. Data Security

We implement appropriate technical and organizational measures to protect your Personal Data against unauthorized access, use, disclosure, alteration, or destruction, in accordance with GDPR requirements. These measures include:

Encryption of Personal Data in transit (e.g., using SSL/TLS) and at rest (e.g., using encryption algorithms).
Access controls to limit access to Personal Data (including in-app purchase records) to authorized personnel only.
Regular security audits and assessments to identify and address potential vulnerabilities.
Training for our employees on data protection and security best practices, including protocols for handling in-app purchase data.

However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee the absolute security of your Personal Data, but we will take reasonable steps to mitigate risks and respond to data breaches promptly.

8. Data Retention

We will retain your Personal Data for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law. When your Personal Data is no longer needed, we will delete it or anonymize it in accordance with applicable laws and regulations.

Account information: We will retain your account information for as long as your account is active. If you deactivate or delete your account, we will delete your account information within a reasonable period, unless we are required to retain it for legal or regulatory purposes.
UGC: We will retain your UGC for as long as it is posted on the App. If you delete your UGC or your account, we will delete the UGC within a reasonable period, unless we are required to retain it for legal or regulatory purposes.
Usage data and other automatically collected information: We will retain this information for a limited period after your last use of the App, unless we need to retain it for longer to improve the App, ensure security, or comply with legal obligations.
In-app purchase data: We will retain your purchase history and transaction records for the duration of your account plus the period required to comply with tax, accounting, and legal obligations (typically 7 years). Anonymized purchase data (excluding personal identifiers) may be retained indefinitely for analytics and service improvement purposes.

9. User Rights Under GDPR

As a Data Subject under GDPR, you have the following rights with respect to your Personal Data:

Right to access: You have the right to request access to your Personal Data that we process, including information about the purposes of processing, the categories of Personal Data processed, the recipients of the Personal Data, and a copy of your in-app purchase history.
Right to rectification: You have the right to request that we correct any inaccurate or incomplete Personal Data (including incorrect in-app purchase records).
Right to erasure ("right to be forgotten"): You have the right to request that we delete your Personal Data, subject to certain exceptions (e.g., if we need to retain it for legal, tax, or accounting purposes related to in-app purchases).
Right to restriction of processing: You have the right to request that we restrict the processing of your Personal Data in certain circumstances (e.g., if you contest the accuracy of the data or dispute an in-app purchase).
Right to data portability: You have the right to receive your Personal Data (including in-app purchase history) in a structured, commonly used, and machine-readable format and to transmit it to another controller, where technically feasible.
Right to object: You have the right to object to the processing of your Personal Data on grounds relating to your particular situation, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms (including processing related to in-app purchases for fulfillment purposes).
Right to withdraw consent: If you have given us consent to process your Personal Data, you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal (and will not impact completed in-app purchase transactions).

To exercise any of these rights, please contact us at help@surlonline.com with your request. We will respond to your request within one month of receipt, and we may extend this period by a further two months in complex cases (we will notify you of any such extension). We may ask you to provide additional information to verify your identity before processing your request, particularly for requests related to in-app purchase data.

10. Cookies and Similar Technologies

The App may use cookies and similar tracking technologies (e.g., web beacons, pixels) to collect information about your usage of the App. Cookies are small text files that are stored on your device when you access a website or app. We use cookies for the following purposes:

To authenticate your account and remember your login preferences.
To analyze usage patterns and improve the App’s performance and functionality (including tracking interactions with in-app purchase prompts).
To deliver personalized content and advertisements (if applicable), including tailored in-app purchase recommendations based on your usage history.

You can control cookies through your device settings or browser settings. Most devices and browsers allow you to block or delete cookies, but please note that disabling certain cookies may affect the functionality of the App (including in-app purchase processing).

11. Third-Party Links and Services

The App may contain links to third-party websites, apps, or services. This Policy does not apply to third-party websites, apps, or services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party websites, apps, or services that you access through the App (including Apple’s privacy policy for App Store transactions).

12. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, legal obligations, technological developments, or modifications to our in-app purchase offerings. We will notify you of any material changes by posting the updated Policy on the App and updating the effective date at the top of this Policy. We may also notify you of material changes via email (sent to the email address associated with your account) or through a pop-up notification in the App. Your continued use of the App (including making in-app purchases) after the effective date of the updated Policy constitutes your acceptance of the changes.

13. Contact Us

If you have any questions, concerns, or requests regarding this Policy, your Personal Data, our data protection practices, or in-app purchase transactions, please contact us at:

Email: help@surlonline.com

For in-app purchase related inquiries (e.g., refunds, subscription cancellations, transaction issues), please include your transaction ID (available in your App Store purchase history) in your email to facilitate a faster resolution. We will respond to your inquiry within a reasonable period and address any issues promptly.