Controller
Webcracy SNC, Via Arbigo 7, 6616 Losone, Switzerland.
Legal
Privacy Policy
This Privacy Policy explains how GoldenSimp collects, uses, shares, stores, and deletes personal data when you use the mobile app, related support channels, and the public website.
Privacy contact
Primary hosting
Application and database infrastructure are hosted in Switzerland.
Public company site
1. Who this policy applies to
This policy applies when you create a GoldenSimp account, join or create a workspace, upload contacts for matching, submit incidents, comment, vote, contact support, or visit our public legal pages.
GoldenSimp is designed for private friend groups. It is not intended for anyone under 16 years old, and we
do not knowingly provide the service to users below that age threshold.
2. Personal data we collect
Account and profile data
- Email address
- Username
- Password hash
- Optional phone number
- Authentication identifiers from Apple or Google, if those sign-in options are offered and you use them
Workspace, social, and account settings data
- Friend requests, friendships, workspace memberships, invite codes, invite status, and workspace role
- Privacy settings, including profile visibility, username search, and invite preferences
- Notification preferences, including push delivery settings
User-generated content
- Incident reports, including reporter, target user, description, workspace, and timestamps
- Comments and votes, including score-related values and timestamps
- Support emails, bug reports, and other support context you choose to send us
Contacts data
- If you allow contacts access, GoldenSimp reads your device contacts locally to help find existing users and invite others.
- To perform matching, we send contact phone numbers and email addresses, together with a local contact ID, to our servers in Switzerland.
- Contact display names stay on your device for in-app presentation unless you separately choose to share them.
Technical and device data
- Session tokens, push tokens, device platform, device name when available, app version, and request timestamps
- IP address and basic security / server logs
- Anti-duplication and request-integrity records used to prevent duplicate submissions and abuse
- Analytics data from Google Analytics, if enabled in your deployment of GoldenSimp
3. How we use personal data
- To create and maintain accounts and authenticate sign-in sessions
- To operate workspaces, friendships, invitations, incidents, comments, votes, and leaderboards
- To apply your privacy and notification preferences
- To match contacts to existing GoldenSimp accounts when you choose to use that feature
- To deliver push notifications through Expo push infrastructure
- To detect abuse, protect account security, rate-limit requests, and keep the service reliable
- To review bug reports, answer support requests, and improve the service
- To comply with legal obligations and enforce our Terms
4. Legal bases
Depending on where you are located, we rely on one or more of the following grounds:
- Contract: to provide the GoldenSimp service you ask us to deliver
- Legitimate interests: to secure the service, prevent abuse, moderate content, and improve stability
- Consent: for optional contacts access, push permission, analytics where required, and optional social sign-in
- Legal obligation: where we must keep or disclose information under applicable law
5. What other users can see
GoldenSimp is a group product, so some information is visible to other users in the relevant social context. Depending on your settings and relationships, other users may see your username, workspace membership, reports you submit, comments you post, and other activity needed to operate the workspace.
Your privacy settings help control profile visibility, username-based discovery, and who can invite you directly. Contacts matching also respects visibility logic before returning a match.
Votes are processed to calculate group scores and incident outcomes. Not every app surface exposes the same
vote details to every user, but GoldenSimp does store vote data in order to run the scoring system.
6. How we share data
We do not sell personal data. We share data only as needed to run the service, when you direct us to, or when law requires it.
- Swiss hosting providers: application and database infrastructure hosted in Switzerland
- Expo push services: used to deliver push notifications to devices
- Google Analytics: used for product analytics if enabled
- Apple and Google: used if you choose their sign-in methods where available
- Email providers or mail apps: when you send support emails or bug reports
- Authorities or legal counterparties: where disclosure is required by law or needed to protect rights and safety
7. International transfers
Our core hosting is in Switzerland, but some service providers may process data outside Switzerland, including in the United States or other jurisdictions. This may happen in particular for Expo push notifications, Google Analytics, and Apple or Google sign-in services.
When cross-border transfers apply, we use appropriate safeguards under applicable law, such as contractual protections or other lawful transfer mechanisms.
8. Data retention
- Account, profile, friendship, workspace, incident, comment, vote, and support data: kept until you ask us to delete it or delete your account
- Server and security logs: kept for up to 3 months
- Session tokens: normally expire after 30 days
- Technical anti-duplication request records: kept for up to 30 days
- Workspace invite links: normally expire after 14 days unless used sooner
We may keep limited information for longer if we need it to comply with law, resolve disputes, complete a security investigation, or prove that a deletion request was honored.
9. Your rights
Subject to applicable law, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Request deletion of your account or personal data
- Object to or restrict certain processing
- Receive a copy of data you provided to us in a portable format where applicable
- Withdraw consent for optional processing at any time
- Lodge a complaint with the Swiss FDPIC or your local data protection authority
To exercise these rights, email contact@webcracy.com. We may ask you to verify your identity before acting on a request.
10. Security
We use appropriate technical and organizational measures designed to protect personal data, including access controls, authentication safeguards, and security logging. No system is perfectly secure, so please use a strong password and protect access to your device and account.
GoldenSimp does not use solely automated decision-making with legal or similarly significant effects.
11. Changes to this policy
We may update this Privacy Policy from time to time. If we make a material change, we will publish the new version here and update the effective date. Where required by law, we will also provide a more direct notice.
12. Contact
Webcracy SNC
Via Arbigo 7
6616 Losone
Switzerland
Email: contact@webcracy.com