Snetch – Privacy Policy (GDPR Compliant)
This Privacy Policy explains how SC INNEVO GROUP SRL (“Snetch”, “we”, “us”, “our”) processes personal data when you use the Snetch mobile application and related services (“the App” or “the Service”).
We are committed to protecting your privacy and complying with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the ePrivacy Directive, and all applicable Romanian data protection laws.
We are committed to protecting your privacy and complying with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the ePrivacy Directive, and all applicable Romanian data protection laws.
TABLE OF CONTENTS
1. DATA CONTROLLER
2. AGE RESTRICTION
3. CATEGORIES OF PERSONAL DATA WE PROCESS
4. PURPOSES OF PROCESSING & LEGAL BASES
5. LOCATION DATA – SPECIAL CONDITIONS
6. DATA RETENTION
7. DATA SHARING & RECIPIENTS
8. INTERNATIONAL DATA TRANSFERS
9. YOUR GDPR RIGHTS
10. SECURITY MEASURES
11. AUTOMATED DECISION-MAKING & PROFILING
12. CHANGES TO THIS POLICY
13. CONTACT INFORMATION
1. DATA CONTROLLER
The Data Controller responsible for your personal data is:
SC INNEVO GROUP SRL
Vasile Lucaciu street, no. 8/18,
Baia Mare, Maramureș 430341,
Romania
Email: contact@snetchapp.com
We do not have a Data Protection Officer (DPO), as this is not legally required for our processing activities.
SC INNEVO GROUP SRL
Vasile Lucaciu street, no. 8/18,
Baia Mare, Maramureș 430341,
Romania
Email: contact@snetchapp.com
We do not have a Data Protection Officer (DPO), as this is not legally required for our processing activities.
2. AGE RESTRICTION
Snetch is intended exclusively for users aged 18 and above.
We do not knowingly collect personal data from individuals under 18 years of age.
We do not knowingly collect personal data from individuals under 18 years of age.
3. CATEGORIES OF PERSONAL DATA WE PROCESS
We may process the following categories of personal data:
3.1. Account and Profile Data
• Username
• Email address
• Country
• Profile information
• In-app persona information
• Email address
• Country
• Profile information
• In-app persona information
3.2. Authentication Data
• Google Sign-Inm Facebook Sign-In and Apple Sign-In IDs
• Firebase/Amplify authentication tokens
• Internal user identifiers
• Firebase/Amplify authentication tokens
• Internal user identifiers
3.3. Device and Technical Data
• Device model, OS version
• IP address
• Device IDs (where applicable)
• Connection information (wifi/mobile network details)
• Crash and performance logs
• IP address
• Device IDs (where applicable)
• Connection information (wifi/mobile network details)
• Crash and performance logs
3.4. Precise Geolocation Data
Collected only when:
• You have explicitly granted permission
• You have started an active 8-hour Session, and
• You are using the app (foreground or consented background use)
Your precise, real-time location is displayed to other nearby users on the in-app map as part of the game mechanics.
• You have explicitly granted permission
• You have started an active 8-hour Session, and
• You are using the app (foreground or consented background use)
Your precise, real-time location is displayed to other nearby users on the in-app map as part of the game mechanics.
3.5. Gameplay and Transaction Data
• Pickpocketing actions
• Session activity
• Wins and losses
• Interaction logs
• In-app purchases
• Balance (Snetch Coins, tickets, etc.)
• Session activity
• Wins and losses
• Interaction logs
• In-app purchases
• Balance (Snetch Coins, tickets, etc.)
3.6. Communication Data
• Support requests
• Emails
• In-app messages (if applicable)
• Emails
• In-app messages (if applicable)
4. PURPOSES OF PROCESSING & LEGAL BASES
4.1. To operate and provide the Snetch game
• Display your real-time location during an active Session
• Enable real-time proximity-based gameplay (“pickpocketing”)
• Authenticate and maintain your account
• Store gameplay history, balances, and progress
Legal basis:
Art. 6(1)(b) GDPR – Contract performance
Art. 6(1)(a) GDPR – Consent (for precise location)
• Enable real-time proximity-based gameplay (“pickpocketing”)
• Authenticate and maintain your account
• Store gameplay history, balances, and progress
Legal basis:
Art. 6(1)(b) GDPR – Contract performance
Art. 6(1)(a) GDPR – Consent (for precise location)
4.2. Precise Real-Time Location Tracking
Used exclusively to enable the core game mechanics during your active Session.
Legal basis: Art. 6(1)(a) – Explicit Consent
Legal basis: Art. 6(1)(a) – Explicit Consent
4.3. Analytics, Performance & Error Monitoring
• App performance monitoring
• Crash analytics
• Engagement metrics
Legal basis: Art. 6(1)(f) – Legitimate Interests
• Crash analytics
• Engagement metrics
Legal basis: Art. 6(1)(f) – Legitimate Interests
4.4. Fraud Prevention & Security
• Detect suspicious or abusive activity
• Prevent manipulation of location or gameplay
Legal basis: Art. 6(1)(f) – Legitimate Interests
• Prevent manipulation of location or gameplay
Legal basis: Art. 6(1)(f) – Legitimate Interests
4.5. Payments and Purchases
Processing in-app purchases and financial records.
Legal basis: Art. 6(1)(b) – Contract Performance
Art. 6(1)(c) – Legal Obligation
Legal basis: Art. 6(1)(b) – Contract Performance
Art. 6(1)(c) – Legal Obligation
4.6. Marketing (if applicable)
Marketing requires separate consent, which is never bundled with location consent.
Legal basis: Art. 6(1)(a) – Consent
Legal basis: Art. 6(1)(a) – Consent
5. LOCATION DATA – SPECIAL CONDITIONS
5.1. Collection Conditions
Your precise location is collected only when all conditions below are met:
1. You have granted explicit location permission
2. You have started an active 8-hour Session
3. You are inside the App (or background usage is explicitly permitted)
1. You have granted explicit location permission
2. You have started an active 8-hour Session
3. You are inside the App (or background usage is explicitly permitted)
5.2. Visibility to Other Users
Your real-time position appears on the map as a yellow/black circle and is visible to nearby users only during your active Session.
5.3. When Location Is NOT Collected or Displayed
We do not collect or display your location when:
• You have not granted permission
• You are not in an active Session
• You exit the App
• The Session ends
• You withdraw permission
• You have not granted permission
• You are not in an active Session
• You exit the App
• The Session ends
• You withdraw permission
5.4. Retention of Location Data
Your precise real-time location is:
• Not stored after your Session
• Not retained once you exit the app
• Not used for any secondary or marketing purposes
• Deleted or anonymized immediately at Session end
This meets the GDPR principles of data minimization and storage limitation.
• Not stored after your Session
• Not retained once you exit the app
• Not used for any secondary or marketing purposes
• Deleted or anonymized immediately at Session end
This meets the GDPR principles of data minimization and storage limitation.
6. DATA RETENTION
We retain personal data only as long as necessary for the purposes described:
Data Type:
Precise location data.
Precise location data.
Retention Period:
Deleted immediately after Session ends
Deleted immediately after Session ends
Data Type:
Account profile & identifiers
Account profile & identifiers
Retention Period:
Until account deletion
Until account deletion
Data Type:
Gameplay history
Gameplay history
Retention Period:
As long as the account is active
As long as the account is active
Data Type:
Analytics logs
Analytics logs
Retention Period:
12–24 months (depending on service provider)
12–24 months (depending on service provider)
Data Type:
Transaction & payment records
Transaction & payment records
Retention Period:
5–10 years (legal requirement)
5–10 years (legal requirement)
Data Type:
Support correspondence
Support correspondence
Retention Period:
12–36 months
12–36 months
7. DATA SHARING & RECIPIENTS
We may share data with:
7.1. Service Providers (Processors)
7.1. Service Providers (Processors)
Including but not limited to:
• Google Firebase (Authentication, Firestore, Analytics, Crashlytics) • AWS Amplify (Backend services) • Google Maps API (Geolocation/Map rendering) • RevenueCat (In-app purchases) • Google AdMob (Advertising, if applicable) • Apple (Apple Sign-In, App Store services, device-level services) • Facebook (Meta Login / Facebook Login, if enabled)
All providers are bound by Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs).
• Google Firebase (Authentication, Firestore, Analytics, Crashlytics) • AWS Amplify (Backend services) • Google Maps API (Geolocation/Map rendering) • RevenueCat (In-app purchases) • Google AdMob (Advertising, if applicable) • Apple (Apple Sign-In, App Store services, device-level services) • Facebook (Meta Login / Facebook Login, if enabled)
All providers are bound by Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs).
7.2. Other Users
Only the following data is visible to other users:
• In-app username/persona
• Real-time location during active Session only
• Basic gameplay status
• In-app username/persona
• Real-time location during active Session only
• Basic gameplay status
7.3. Legal Authorities
Only when legally required by GDPR Article 6(1)(c).
We never sell personal data.
We never sell personal data.
8. INTERNATIONAL DATA TRANSFERS
Because some service providers (e.g., Google, AWS) are located outside the EU, personal data may be transferred internationally.
We rely on:
• Standard Contractual Clauses (SCCs)
• Additional security measures
• Data Processing Agreements
This ensures compliance with GDPR Chapter V.
We rely on:
• Standard Contractual Clauses (SCCs)
• Additional security measures
• Data Processing Agreements
This ensures compliance with GDPR Chapter V.
9. YOUR GDPR RIGHTS
Under GDPR, you have the following rights:
1. Right of access (Art. 15)
2. Right to rectification (Art. 16)
3. Right to erasure (Art. 17)
4. Right to restriction of processing (Art. 18)
5. Right to data portability (Art. 20)
6. Right to object (Art. 21)
7. Right to withdraw consent at any time (Art. 7)
8. Right to lodge a complaint with the Romanian Data Protection Authority (ANSPDCP)
To exercise your rights, contact us at: contact@snetchapp.com
1. Right of access (Art. 15)
2. Right to rectification (Art. 16)
3. Right to erasure (Art. 17)
4. Right to restriction of processing (Art. 18)
5. Right to data portability (Art. 20)
6. Right to object (Art. 21)
7. Right to withdraw consent at any time (Art. 7)
8. Right to lodge a complaint with the Romanian Data Protection Authority (ANSPDCP)
To exercise your rights, contact us at: contact@snetchapp.com
10. SECURITY MEASURES
We implement appropriate technical and organizational measures, including:
• Encrypted connections (TLS/SSL)
• Access controls
• Data minimization
• Secure cloud infrastructure
• Regular audits
• Permission-based data access
• Encrypted connections (TLS/SSL)
• Access controls
• Data minimization
• Secure cloud infrastructure
• Regular audits
• Permission-based data access
11. AUTOMATED DECISION-MAKING & PROFILING
Snetch does not use personal data for automated decision-making that produces legal or significant effects under GDPR Article 22.
12. CHANGES TO THIS POLICY
We may update this Privacy Policy to reflect changes in law or app features.
You will be notified of material changes within the App.
You will be notified of material changes within the App.
13. CONTACT INFORMATION
For all privacy matters, contact:
SC INNEVO GROUP SRL
Email: contact@snetchapp.com
SC INNEVO GROUP SRL
Email: contact@snetchapp.com