1. Introduction
Phobic AS ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect information when you use our mobile applications ("ataxophobic" and "DyrMatInfo") and our website (phobic.no).
We are based in Buvika, Norway, and comply with the General Data Protection Regulation (GDPR) and applicable Norwegian data protection legislation.
2. Data Controller
The data controller responsible for your personal data is:
3. What Data We Collect
3.1 Account Information
When you create an account, we may collect:
- Name or display name
- Email address
- Authentication credentials (managed securely through Firebase Authentication)
3.2 User-Generated Content
Our applications allow you to create and store content, including:
- Photographs of items (ataxophobic)
- Item descriptions, locations, and organizational data (ataxophobic)
- Scanned barcode data and price submissions (DyrMatInfo)
3.3 Technical Data
We may automatically collect:
- Device type and operating system version
- App version
- Crash reports and performance data
- General usage analytics (anonymized)
3.4 Data We Do NOT Collect
- We do not collect precise location data unless explicitly required for a feature and with your consent
- We do not sell, rent, or share your personal data with third-party advertisers
- We do not track you across other apps or websites
4. How We Use Your Data
We use your data for the following purposes:
- Providing our services: To operate our applications and deliver the features you use
- Cloud sync and backup: To synchronize your data across devices and provide backup functionality
- Family sharing: To enable shared access to inventories among authorized household members (ataxophobic)
- Community data: To aggregate anonymized price data for the benefit of all users (DyrMatInfo)
- Improvement: To analyze usage patterns (anonymized) and improve our applications
- Support: To respond to your inquiries and provide customer support
- Legal compliance: To comply with applicable laws and regulations
5. Legal Basis for Processing
Under the GDPR, we process your data based on the following legal grounds:
- Contract performance (Art. 6(1)(b)): Processing necessary to provide the services you have requested
- Legitimate interest (Art. 6(1)(f)): Improving our services, preventing fraud, and ensuring security
- Consent (Art. 6(1)(a)): Where we ask for your explicit consent, such as for optional analytics
6. Data Storage and Security
Your data is stored using Google Firebase services, which provide enterprise-grade security. Data is stored in the European Economic Area (EEA) where available. We implement the following security measures:
- Encryption in transit (TLS/SSL) and at rest
- Secure authentication via Firebase Authentication
- Access controls and security rules on all data
- Regular security audits of our applications and infrastructure
7. Data Sharing
We do not sell your personal data. We may share data only in these circumstances:
- Service providers: With Google Firebase for hosting and infrastructure (covered by their GDPR-compliant Data Processing Agreement)
- Family sharing: With other household members you explicitly invite (ataxophobic)
- Anonymized community data: Price data is aggregated and anonymized for community use (DyrMatInfo)
- Legal requirements: When required by law, regulation, or valid legal process
8. Your Rights Under GDPR
As a data subject, you have the following rights:
- Right of access (Art. 15): Request a copy of your personal data
- Right to rectification (Art. 16): Request correction of inaccurate data
- Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
- Right to restrict processing (Art. 18): Request limitation of processing in certain circumstances
- Right to data portability (Art. 20): Receive your data in a structured, commonly used format
- Right to object (Art. 21): Object to processing based on legitimate interests
- Right to withdraw consent: Withdraw any previously given consent at any time
To exercise any of these rights, contact us at . We will respond within 30 days.
9. Data Retention
We retain your personal data for as long as your account is active or as needed to provide our services. When you delete your account:
- Your personal data and user-generated content will be permanently deleted within 30 days
- Anonymized, aggregated data may be retained for analytical purposes
- Data required by law may be retained for the legally mandated period
10. Children's Privacy
Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11. Cookies and Tracking
Our website (phobic.no) uses only essential cookies required for basic website functionality. We do not use third-party tracking cookies or advertising cookies.
12. International Transfers
Your data is primarily processed within the EEA. If data is transferred outside the EEA (e.g., for certain Firebase services), it is protected by Standard Contractual Clauses (SCCs) approved by the European Commission.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes through our applications or by email. The "Last updated" date at the top of this page indicates when this policy was last revised.
14. Supervisory Authority
If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet):
Datatilsynet
P.O. Box 458 Sentrum
NO-0105 Oslo, Norway
Website: www.datatilsynet.no
15. Contact Us
For questions or concerns about this Privacy Policy or our data practices, please contact us: