Privacy Policy

1. Introduction

Foyer des Essences (“we”, “our”, “us”) operates the Foyer des Essences mobile application and website (the “Service”). We are committed to protecting your privacy and personal data. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Data We Collect

Information you provide

• Email address — account creation, authentication, communications (required).
• Phone number — account recovery (optional).
• Password — authentication, stored as a bcrypt hash, never in plain text (required).
• Language preference — content localization in RU, EN, ET (required).

Information collected automatically

• Usage data — article views, reading progress, language and notification preferences.
• Device information — OS version, device type, app version, crash reporting.
• IP address — security, rate limiting, fraud prevention.
• Push notification token — delivering notifications, if enabled.

Information we do NOT collect

Precise location, contacts, photos/camera/media, health data, advertising identifiers (we serve no ads), or biometric data.

3. How We Use Your Data

To provide the Service (authenticate, deliver content, manage subscriptions), improve the experience, send service-related communications, ensure security, and meet legal obligations. We do not use your data for targeted advertising, marketing profiling, or sale to third parties.

4. Data Sharing

We use Stripe to process subscription payments; Stripe collects payment card information, billing address, and transaction history (stripe.com/privacy). We do not store your credit card information on our servers. We use Expo/EAS for app building and updates (expo.dev/privacy). We do not sell, rent, or trade your personal data to third parties.

5. Data Retention & Account Deletion

Account data is retained until account deletion; refresh tokens expire and rotate within days; usage logs are kept for 90 days; subscription/payment records are retained as required by law. You can request complete deletion of your account and associated data at any time from the in-app Profile screen or by contacting us. Upon deletion we permanently remove your profile, credentials, push tokens, and refresh tokens; Stripe retains payment records per its own policy.

6. Children's Privacy

The Service is not intended for users under the age of 16, and we do not knowingly collect personal information from children under 16.

7. Your Rights (GDPR)

If you are in the European Economic Area, you have the rights of access, rectification, erasure, portability, restriction, objection, and withdrawal of consent. To exercise these rights, contact us at the address below. We respond within 30 days. You may also lodge a complaint with your local data protection authority.

8. Data Security

All data is transmitted over HTTPS/TLS. Passwords are hashed with bcrypt, access tokens are short-lived, and refresh tokens rotate on use. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Changes & Contact

We may update this policy and will post the updated version with a new “Last updated” date. For questions or requests regarding your data, contact us:

Email: support@foyerdesessences.com
Data Protection: privacy@foyerdesessences.com

This Privacy Policy is governed by the laws of the Republic of Estonia and the EU GDPR.