This Privacy Policy explains how UX STUFF SRL ("we", "us", "our") collects, uses, and protects information when you use the Osteopathy101 mobile application and the website at osteopathy101.app and osteopatie101.app (together, the "Service").
We are based in Romania, and we comply with the EU General Data Protection Regulation (GDPR), Regulation (EU) 2016/679, and Romanian Law no. 190/2018.
1. Who we are (Data Controller)
UX STUFF SRL
Strada Sergent Ilie Petre 100B, etaj 8, apt 287
Chiajna, Ilfov, Romania
Trade Registry: J23/6261/25.09.2023
Tax ID (CUI): RO48838274
Email: privacy@osteopathy101.app
2. What data we collect
We collect only what is necessary to operate the Service:
Account data
- Email address
- Authentication identifier (Apple ID or Google ID, if you sign in with Apple/Google)
- Encrypted password (if you create an account with email)
- Account creation date
Subscription & purchase data
- Subscription status (free, monthly, yearly, or lifetime)
- Purchase receipts (handled by Apple App Store, Google Play, and Adapty)
- We do not receive or store your credit card number, bank details, or payment credentials. Payment processing is handled entirely by Apple, Google, and our subscription analytics provider (Adapty).
Usage data
- Which modules and screens you visit
- Which techniques and anatomy entries you view
- Quiz progress and results
- Device type, operating system version, app version
- Approximate region (country level only)
- Crash logs and error reports
Technical data
- IP address (used transiently for security and to detect abuse)
- Device identifier (ad-tracking identifier only if you grant App Tracking Transparency permission)
We do NOT collect:
- Your real name (unless you provide it)
- Your phone number
- Your precise location
- Health data, medical records, or patient information
- Photos, contacts, calendar, or microphone data
3. Why we collect it (legal basis)
Under GDPR Art. 6, we rely on the following legal bases:
| Purpose | Legal basis |
|---|---|
| Creating and maintaining your account | Performance of contract (Art. 6(1)(b)) |
| Processing subscriptions | Performance of contract (Art. 6(1)(b)) |
| Providing access to content | Performance of contract (Art. 6(1)(b)) |
| Diagnosing crashes and improving stability | Legitimate interest (Art. 6(1)(f)) |
| Anonymous analytics on feature usage | Legitimate interest (Art. 6(1)(f)) |
| Marketing communications | Consent (Art. 6(1)(a)) — opt-in only |
| Compliance with tax and accounting law | Legal obligation (Art. 6(1)(c)) |
4. Who we share data with
We use the following third-party processors. Each acts as a data processor under a Data Processing Agreement (DPA):
- Apple Inc. — App Store, Sign in with Apple
- Google LLC — Google Play, Google Sign-In
- Adapty Inc. — Subscription management and revenue analytics
- Firebase / Google Analytics for Firebase — Crash reporting and anonymous usage analytics
- Vimeo Inc. — Video hosting (if used for embedded lectures)
Some processors may be located outside the EU/EEA. Where this is the case, transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission.
We do not sell your personal data. We do not share data with advertisers.
5. How long we keep your data
- Account data: for as long as your account is active, plus 30 days after deletion
- Subscription/purchase records: 10 years (Romanian fiscal retention requirements)
- Usage analytics: 14 months (anonymised after this period)
- Crash logs: 90 days
- Support correspondence: 2 years after last contact
6. Your rights under GDPR
You have the right to:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete data
- Erase your data ("right to be forgotten") — subject to legal retention requirements
- Restrict how we process your data
- Port your data to another service in a machine-readable format
- Object to processing based on legitimate interest
- Withdraw consent at any time, where consent is the legal basis
- Lodge a complaint with the Romanian Data Protection Authority (ANSPDCP) at www.dataprotection.ro
To exercise any of these rights, email privacy@osteopathy101.app. We will respond within 30 days.
To delete your account directly: open the app, go to Profile → Settings → Delete Account.
7. Security
We implement appropriate technical and organisational measures including encryption in transit (TLS 1.3), encryption at rest, access controls on our backend, and regular security review. No system is perfectly secure; in the event of a breach affecting your data, we will notify you and the supervisory authority within 72 hours as required by GDPR Art. 33–34.
8. Children
The Service is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe we have collected data from a child, contact privacy@osteopathy101.app for immediate deletion.
9. Apple-specific privacy disclosures
In compliance with the Apple App Store privacy nutrition label, the data we collect linked to your identity is: email address, purchase history, subscription status, and product interaction. Crash and performance data is collected but not linked to your identity. We do not track you across other apps and websites owned by other companies.
10. Cookies and similar technologies
The website uses only strictly necessary cookies for session management. We do not use marketing or tracking cookies on the website. The mobile app does not use cookies.
11. Changes to this policy
We may update this Policy. Material changes will be communicated by email and via an in-app notice at least 30 days before they take effect. The "Last updated" date at the top reflects the most recent revision.
12. Contact
For any privacy-related question:
privacy@osteopathy101.app
UX STUFF SRL
Strada Sergent Ilie Petre 100B, etaj 8, apt 287
Chiajna, Ilfov, Romania
You may also contact our Data Protection Officer at the same address.