Eponymous Ghost Tribute App

Your privacy matters. Protect yourself with a secure VPN.
Sponsored

# PRIVACY POLICY


 

## Eponymous Ghost Tribute - Mobile Application


 

**Last updated: March 13, 2026**


 

---


 

## 1. DATA CONTROLLER


 

The data controller for personal data processing is:


 

**Eponymous Ghost Tribute**

Email: [INSERT CONTACT EMAIL]


 

---


 

## 2. PERSONAL DATA COLLECTED


 

The application collects the following categories of personal data:


 

### 2.1 Data voluntarily provided by the user


 

- **Name**: provided during initial registration (onboarding)

- **WhatsApp phone number**: provided during initial registration

- **City of residence**: provided during initial registration

- **Email address**: provided when purchasing merchandise

- **Full name**: provided when purchasing merchandise

- **Shipping address**: provided when purchasing merchandise

- **Chat messages**: sent during live streaming sessions

- **Photos and videos**: voluntarily sent to the band through the "Send Photos to the Band" feature


 

### 2.2 Data collected automatically


 

- **Approximate geographic location**: derived from the city entered by the user (city latitude/longitude coordinates), used for concert proximity notifications. The app does NOT collect real-time GPS location in the background.

- **Push notification token**: technical identifier generated by Firebase Cloud Messaging for sending push notifications

- **Language preference**: Italian or English, saved locally on the device


 

### 2.3 Data NOT collected


 

The application does **NOT** collect:

- Browsing data or browser history

- Address book contacts

- Biometric data

- Financial or payment data (any payments are handled through third-party services)

- Continuous background GPS location

- Data from other social accounts

- Audio recordings


 

---


 

## 3. PURPOSES OF PROCESSING


 

Personal data is processed for the following purposes:


 

| Data | Purpose | Legal basis |

|------|---------|-------------|

| Name, WhatsApp, city | Sending updates about concerts near the user | Consent (Art. 6.1.a GDPR) |

| City coordinates | Calculating proximity to concerts for localized notifications | Consent (Art. 6.1.a GDPR) |

| Email, name, address (orders) | Fulfillment of merchandise orders | Contract performance (Art. 6.1.b GDPR) |

| Push notification token | Sending notifications about concerts and updates | Consent (Art. 6.1.a GDPR) |

| Live chat messages | Participation in live streaming chat | Consent (Art. 6.1.a GDPR) |

| Photos/videos submitted | Sharing on the band's official channels (subject to further consent) | Consent (Art. 6.1.a GDPR) |

| Language preference | Displaying the app in the chosen language | Legitimate interest (Art. 6.1.f GDPR) |


 

---


 

## 4. DATA RETENTION


 

Personal data is retained for the time strictly necessary for the purposes for which it was collected:


 

- **Registration data (name, WhatsApp, city)**: retained until account deletion or user request for deletion

- **Merchandise order data**: retained for 24 months from the order date, or for the period required by applicable tax regulations

- **Live streaming chat messages**: retained for the duration of the streaming session and deleted at its conclusion

- **Photos and videos submitted**: retained until the user requests deletion

- **Push notification tokens**: retained until app uninstallation or consent withdrawal


 

---


 

## 5. DATA SHARING


 

Personal data may be shared with the following third parties:


 

### 5.1 Technical service providers


 

- **Google Firebase** (Google LLC, USA): for data storage (Cloud Firestore), authentication, file storage (Firebase Storage), and push notification delivery (Firebase Cloud Messaging). Google acts as a data processor. [Google Privacy Policy](https://policies.google.com/privacy)


 

### 5.2 Extra-EU data transfers


 

Data stored through Google Firebase may be transferred to and stored on servers located in the United States of America. The transfer is based on the Standard Contractual Clauses (SCCs) approved by the European Commission and the EU-US Data Privacy Framework.


 

### 5.3 Non-recipients


 

Personal data is **NOT**:

- Sold to third parties

- Used for advertising profiling

- Shared with social networks

- Transferred to data brokers


 

---


 

## 6. USER RIGHTS


 

In accordance with the GDPR (EU Regulation 2016/679), the user has the right to:


 

- **Access**: obtain confirmation of processing and a copy of their data

- **Rectification**: correct inaccurate or incomplete data

- **Erasure**: request deletion of their data ("right to be forgotten")

- **Restriction**: restrict processing in certain circumstances

- **Portability**: receive their data in a structured, machine-readable format

- **Objection**: object to processing based on legitimate interest

- **Withdrawal of consent**: withdraw consent at any time


 

To exercise these rights, the user may contact the data controller at: [INSERT CONTACT EMAIL]


 

The user also has the right to lodge a complaint with the relevant Data Protection Authority.


 

---


 

## 7. SECURITY


 

Personal data is protected through:


 

- Encrypted transmission (HTTPS/TLS)

- Secure authentication via Firebase Authentication

- Firestore access rules that restrict data read/write operations

- Administrative data access limited to authorized personnel via protected login


 

---


 

## 8. CHILDREN


 

The application is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If a parent or guardian believes their child has provided personal data, they may contact us to request its deletion.


 

---


 

## 9. COOKIES AND TRACKING TECHNOLOGIES


 

The mobile application does NOT use cookies. `SharedPreferences` (local device storage) is used exclusively to save:

- Initial registration completion status

- Language preference (Italian/English)


 

This data remains on the user's device and is not transmitted to external servers.


 

---


 

## 10. CHANGES TO THIS POLICY


 

The data controller reserves the right to modify this privacy policy at any time. Changes will be communicated through app updates or in-app notifications. The date of the last update is indicated at the top of this document.


 

---


 

## 11. CONTACT


 

For any questions regarding personal data processing:


 

**Eponymous Ghost Tribute**

Email: eponymousghosttribute@gmail.com