Privacy Policy

Last updated: December 2024

1. Data Controller

The data controller responsible for your personal data is:

tsat.gr
Xanthi, Greece
Email: info@connectit.gr

2. What Data We Collect

2.1 Data You Provide

Account Information: Email address, mobile phone number, password (encrypted)
Profile Information: Nickname (optional)
Messages: Text messages, images, GIFs shared in chats and groups
Contacts: Phone numbers from your device (only with your permission, used to find friends)

2.2 Data Collected Automatically

Device Information: Device type, operating system, push notification tokens
Usage Data: Login times, feature usage for service improvement
Technical Data: IP address, browser type (when using web features)

3. Legal Basis for Processing (GDPR Article 6)

Purpose	Legal Basis
Account creation and authentication	Contract performance
Sending and receiving messages	Contract performance
Push notifications	Consent (you can disable)
Contact synchronization	Consent (you can deny permission)
Service improvement	Legitimate interest
Security and fraud prevention	Legitimate interest

4. How We Use Your Data

We use your personal data to:

Create and manage your account
Enable messaging between you and your friends
Send you notifications about new messages and calls
Help you find friends who also use tsat.gr
Provide customer support
Improve our services and fix bugs
Ensure security and prevent abuse

5. Data Sharing

We do NOT sell your personal data. We may share data with:

Other Users: Your nickname and messages are visible to people you chat with
Service Providers: Cloud hosting (for data storage), Firebase (for push notifications)
Legal Requirements: When required by law or to protect our rights

6. Data Retention

Account Data: Retained while your account is active
Messages: Stored until you or the other party deletes them
After Account Deletion: Data is deleted within 30 days, except where legal retention is required

7. Your Rights (GDPR Articles 15-22)

Under GDPR, you have the following rights:

Right of Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate data
Right to Erasure: Request deletion of your data ("right to be forgotten")
Right to Restrict Processing: Limit how we use your data
Right to Data Portability: Receive your data in a portable format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at info@connectit.gr. We will respond within 30 days.

8. Data Security

We protect your data using:

Encrypted connections (HTTPS/TLS) for all data transmission
Encrypted password storage (bcrypt hashing)
Secure token-based authentication (JWT)
Regular security updates and monitoring

9. International Data Transfers

Your data is primarily stored within the European Union. If data is transferred outside the EU, we ensure appropriate safeguards are in place (Standard Contractual Clauses or adequacy decisions).

10. Children's Privacy

Our Service is not intended for children under 18 years old. We do not knowingly collect data from minors. If you believe a minor has provided us with personal data, please contact us.

11. Cookies

Our mobile app does not use cookies. The web admin interface uses essential cookies for authentication only.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the app or via email. The "Last updated" date at the top indicates when the policy was last revised.

13. Contact Us

For privacy-related questions or to exercise your rights:

Email: info@connectit.gr
General Support: support@connectit.gr

14. Supervisory Authority

If you are not satisfied with our response, you have the right to lodge a complaint with a supervisory authority. In Greece, this is:

Hellenic Data Protection Authority (HDPA)
Website: www.dpa.gr