alba

privacy policy

Last updated: March 02, 2025

1. Introduction

Welcome to Alba (hereinafter "we", "our", or "us"). Alba is a geo-restricted social media platform designed for local communities, with a focus on reducing addictive usage patterns and promoting real-life social connection. We are committed to protecting your personal data and respecting your privacy.

This Privacy Policy explains how we collect, use, store, and share your personal data when you use the Alba mobile application and related services (the "Service"). It also describes your rights under the General Data Protection Regulation (GDPR) (EU) 2016/679 and, where applicable, the Italian Personal Data Protection Code (Legislative Decree 196/2003 as amended by Legislative Decree 101/2018).

For any questions, contact us at: support@albaappofficial.com

2. Data Controller

The data controller responsible for your personal data is:

If you are located in the European Union, Alba acts as the data controller as defined under Article 4(7) of the GDPR.

3. Data We Collect

We collect the following categories of personal data:

• Account & Identity Data: Name, email address, phone number, date of birth, and profile photo.
• Geolocation Data: Precise GPS location data used to assign you to your local community and enable geo-restricted features. Location is collected only when the app is in use, unless you explicitly grant background access.
• User-Generated Content: Posts, photos, videos, messages, comments, reactions, and other content you create on the platform.
• Screen Time & Usage Data: Daily and weekly app usage duration, session frequency, and screen time metrics collected to power Alba's anti-addiction features.
• Device & Technical Data: Device type, operating system, app version, crash logs, and performance diagnostics.
• Payment & Transaction Data: Records of premium subscription purchases and payment method type. We do not store full payment card details; payments are processed by Apple Pay / Google Pay.
• Behavioural & Preference Data: Interaction history, saved content, notification preferences, and algorithm preferences.

4. Legal Basis for Processing

We process your personal data on the following legal bases under Article 6 GDPR:

• Contract (Art. 6(1)(b)): Processing necessary to provide the Service, including account creation, content delivery, and geolocation-based community features.
• Consent (Art. 6(1)(a)): Where we rely on your explicit consent, such as for precise location tracking, screen time monitoring, and marketing communications. You may withdraw consent at any time.
• Legal Obligation (Art. 6(1)(c)): Processing necessary to comply with applicable EU and Italian law, including GDPR data subject requests.
• Legitimate Interests (Art. 6(1)(f)): Processing for fraud prevention, security, abuse detection, and improving core app stability.

5. How We Use Your Data

We use your personal data to:

• Create and manage your account and verify your identity
• Assign you to your local geo-restricted community based on your location
• Enable you to post content, interact with other users, and use messaging features
• Display your personalised feed based on your stated algorithm preferences
• Track and display your screen time usage and enforce any limits you set
• Process premium subscription payments
• Send you notifications about relevant activity, subject to your preferences
• Detect and prevent fraud, abuse, and violations of our Terms of Service
• Improve app performance, fix bugs, and conduct internal analytics
• Comply with legal obligations

6. Data Sharing and Third Parties

We do not sell your personal data. We may share your data with the following categories of third parties, strictly as necessary:

• Cloud Infrastructure: Our backend infrastructure provider (Supabase), which stores and processes data on our behalf under a Data Processing Agreement (DPA) compliant with GDPR.
• Payment Processors: Apple Pay and Google Pay for processing in-app purchases. These providers have their own privacy policies and we do not receive or store full payment card details.
• Analytics & Monitoring: Error tracking and performance monitoring tools (e.g. Sentry) used to identify and fix technical issues.
• Legal Authorities: Law enforcement or regulatory authorities when required by law, court order, or to protect the rights and safety of users.

All third-party processors are contractually bound to process data only on our instructions and in accordance with GDPR.

7. International Data Transfers

Where your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or transfers to countries with an adequacy decision.

8. Data Retention

We retain your personal data only for as long as necessary to provide the Service and comply with our legal obligations:

• Account data: Retained for the duration of your account, plus 30 days after deletion to allow for account recovery.
• User-generated content: Deleted immediately upon account deletion, unless required for legal proceedings.
• Screen time & usage data: Retained for 90 days for diagnostic purposes, then deleted.
• Payment records: Retained for 7 years to comply with Italian and EU tax regulations.
• Device & crash logs: Retained for 30 days on a rolling basis.

9. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

• Right of Access (Art. 15): Request a copy of all personal data we hold about you.
• Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
• Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.
• Right to Restriction (Art. 18): Request that we restrict processing of your data in certain circumstances.
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing.
• Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.
• Right to Lodge a Complaint: Lodge a complaint with the Italian data protection authority (Garante per la protezione dei dati personali) at www.garanteprivacy.it.

To exercise any of these rights, contact us at support@albaappofficial.com. We will respond within 30 days as required by GDPR.

10. Children's Privacy

Alba is intended for users aged 18 and over. We do not knowingly collect personal data from individuals under 18. If we become aware that a user is under 18, we will promptly delete their account and associated data. If you believe a minor has registered, please contact us at support@albaappofficial.com.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These include encryption in transit (TLS), encryption at rest, Row Level Security (RLS) policies on our database, and regular security reviews.

In the event of a personal data breach likely to result in risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay, as required by Articles 33–34 GDPR.

12. Cookies and Tracking

The Alba mobile application does not use browser cookies. We may use equivalent device identifiers (such as advertising IDs) for analytics purposes only, subject to your consent. You can reset or opt out of advertising identifiers through your device settings at any time.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via in-app notification or email at least 14 days before the changes take effect. Continued use of the Service after that date constitutes acceptance of the updated policy.

14. Contact Us

For any privacy-related questions, requests, or complaints, please contact: