Privacy policy
Privacy policy for DataRiver OÜ.
This policy describes how DataRiver OÜ handles personal data and other information in connection with websites, software, applications, APIs, support, communications, and app-store listings that link to this page. It is an umbrella policy for DataRiver websites, mobile apps, and related services, including future apps unless a specific app publishes a separate privacy notice.
Contents
- Policy details
- Who we are
- Scope of this policy
- App-specific information
- Information we collect
- How we collect information
- How we use information
- Legal bases under GDPR
- Cookies, analytics, SDKs, and similar technologies
- Sharing and disclosure
- International transfers
- Retention and deletion
- Security
- Children and minors
- Automated decision-making and profiling
- Your rights
- App Store and Google Play privacy consistency
- Third-party links and services
- Changes to this policy
- Contact us
Effective policy
Policy details
- Company
- DataRiver OÜ
- Country
- Estonia
- Effective date
- 6 July 2026
- Privacy contact
- support@data-river.app
Who we are
DataRiver OÜ is a software company established in Estonia. References to “DataRiver,” “we,” “us,” or “our” mean DataRiver OÜ, unless a specific application or separate agreement states otherwise.
- Legal name
- DataRiver OÜ
- Registry code
- 17201027
- Registered address
- Harju maakond, Tallinn, Kesklinna linnaosa, Järvevana tee 9, 11314, Estonia
- Privacy contact email
- support@data-river.app
Scope of this policy
This policy applies to DataRiver websites, mobile and desktop applications, software services, APIs, support channels, customer and business communications, documentation, and app-store or platform listings that link to this policy. It also applies when we process information to operate, secure, maintain, improve, or support those services.
This policy does not replace a written customer agreement, data processing agreement, or app-specific notice that expressly says it controls for a particular service. If there is a conflict, the more specific document normally controls to the extent permitted by law.
App-specific information
Data practices vary by app and feature. The app-store privacy details, Google Play Data Safety section, permission prompts, consent screens, and in-app disclosures for each app describe which of the practices in this umbrella policy apply to that release.
- Apps or services covered
- DataRiver websites, mobile apps, and related services, including future apps unless a specific app has its own separate notice.
- Typical data categories
- Account or platform identifiers, profile or member display names, user-created content and records when a cloud or sharing feature is used, device and app identifiers, app usage events, crash logs and diagnostics, subscription or purchase entitlement status, advertising identifiers and ad interaction data where ads are used, and support messages if a user contacts support.
- Mobile app permissions
- Permissions such as location, camera, photos or files, microphone, contacts, notifications, and similar platform capabilities are used only when required by a specific app feature and allowed by the user or platform.
- Processors, SDKs, and tools
- Cloudflare for website and API hosting, DNS, security, email routing, and databases where an app uses cloud storage; Firebase Authentication, Firebase Analytics, and Firebase Crashlytics only for apps where those SDKs are actually integrated; Google AdMob for advertising where used; RevenueCat for subscriptions, entitlements, receipt validation, restore purchases, and purchase-related analytics or support where used; Apple App Store and Google Play for app distribution and in-app purchase processing; and Gmail/Google for receiving support email forwarded through Cloudflare.
No optional SDK, permission, or data category applies to every DataRiver app. Firebase Analytics and Firebase Crashlytics apply only where those SDKs are integrated; advertising and subscription practices apply only where those features are present. User-created content may remain solely on the device in offline apps even when separate diagnostic or usage data is processed by an analytics or crash-reporting provider.
Information we collect
Depending on the service or app, DataRiver may process the categories of information below. Not every category applies to every product.
- Information you provide. Contact details, messages, support requests, business inquiries, form submissions, and any files, screenshots, logs, Home or organization names, shared records, or other content you choose to send to us or store in a cloud-enabled feature.
- Account and profile data, if applicable. Names, usernames, email addresses, authentication details, preferences, organization details, roles, and account settings for services that require an account.
- Contact and support communications. The content of emails or other communications, support history, troubleshooting notes, diagnostic attachments, and metadata needed to respond to requests.
- Usage, log, device, browser, and diagnostic data. IP address, device type, browser, operating system, referring pages, timestamps, pages or features used, app version, request logs, crash reports, performance data, error messages, security events, and similar technical records.
- Mobile app permissions, if applicable. Permission-based data such as camera, photos, files, notifications, location, microphone, contacts, or other platform capabilities only where an app feature requests and uses those permissions.
- Payment, subscription, and entitlement data, if applicable. Purchase status, subscription status, transaction identifiers, app-store receipt information, entitlement status, restore-purchase status, and related support or analytics data. Apple App Store and Google Play process in-app purchases where applicable; RevenueCat may be used to manage subscriptions, entitlements, receipt validation, restore purchases, and purchase-related analytics or support. DataRiver does not collect full payment card numbers through this website.
- Advertising data, if applicable. Advertising identifiers, ad impressions, clicks, approximate location or contextual signals, device and app information, consent status, fraud-prevention signals, and similar data used to show, personalize where allowed, measure, and secure advertising through Google AdMob or similar advertising services.
- Cookies and local storage. Information stored through cookies, local storage, session storage, or similar technologies for security, preferences, essential site operation, analytics, or diagnostics where applicable.
- Third-party, app-store, and platform data. Information from app stores, operating systems, identity providers, integrations, hosting providers, in-app purchase platforms, subscription management providers, advertising networks, analytics tools, crash reporting tools, or support platforms where a service uses those providers.
How we collect information
- Directly from you. For example, when you contact us, create an account, submit a support request, use a service, purchase a subscription, or provide information inside an app.
- Automatically through the services. For example, through server logs, app logs, cookies, local storage, diagnostics, security monitoring, and similar operational technologies.
- From platforms and processors where applicable. For example, from app stores, operating systems, integrations, identity providers, in-app purchase platforms, subscription management providers, advertising networks, analytics providers, crash reporting providers, support tools, hosting providers, and other service providers used for the relevant app or service.
How we use information
DataRiver uses information for the purposes described below, depending on the applicable service, user relationship, and legal basis.
- Provide, operate, maintain, secure, debug, and improve services, apps, APIs, and websites.
- Process account registration, authentication, settings, and user-requested actions where applicable.
- Respond to support, privacy, legal, security, and business inquiries.
- Send service-related messages such as confirmations, technical notices, security alerts, policy updates, or support replies.
- Administer billing, subscriptions, taxes, refunds, and purchase status where a paid service exists.
- Analyze reliability, performance, errors, diagnostics, crashes, feature usage, and service health where applicable.
- Show, personalize where permitted, measure, secure, and improve advertising where an app uses Google AdMob or another advertising provider.
- Manage in-app subscriptions, entitlements, purchase status, and restore-purchase flows through app stores and RevenueCat where applicable.
- Prevent, detect, investigate, and respond to fraud, abuse, unauthorized access, security incidents, and misuse.
- Comply with legal obligations, accounting requirements, app-store rules, dispute handling, and lawful requests.
- Protect the rights, privacy, safety, property, and legitimate interests of DataRiver, users, customers, and the public.
Legal bases under GDPR
Where the General Data Protection Regulation or similar European data protection law applies, DataRiver relies on one or more legal bases for processing personal data. The applicable basis depends on the context.
- Contract. Processing needed to provide a requested service, account, subscription, support response, or other function.
- Legitimate interests. Processing needed for service operation, security, fraud prevention, diagnostics, improvement, business administration, and protecting rights, where those interests are not overridden by applicable privacy rights.
- Consent. Processing based on consent, such as optional analytics, marketing, certain cookies, or permission-based app features where consent is required. Consent may be withdrawn where applicable.
- Legal obligation. Processing required for tax, accounting, compliance, lawful requests, regulatory obligations, or dispute handling.
Cookies, analytics, SDKs, and similar technologies
DataRiver websites or apps may use cookies, local storage, software development kits, analytics tools, crash reporting tools, diagnostics, hosting infrastructure, support tools, or similar technologies where applicable. These technologies may help keep a service secure, remember preferences, understand usage, diagnose crashes, measure performance, or provide support.
DataRiver apps may use Google AdMob, RevenueCat, Apple App Store, Google Play, Cloudflare, and Gmail/Google support email services where applicable. Firebase Analytics and Firebase Crashlytics apply only to apps where those SDKs are actually integrated into the app build. No Firebase Analytics or Firebase Crashlytics SDK is used by a specific app unless that app adds it. Where consent is required for analytics, advertising identifiers, personalized ads, non-essential cookies, or similar technologies, DataRiver should obtain and respect that consent.
Sharing and disclosure
DataRiver may share information in the circumstances below, depending on the service. Where an app uses advertising, advertising identifiers or similar data may be shared with Google AdMob or other advertising partners to show, personalize where permitted, measure, prevent fraud in, and improve ads. App-store and regional privacy disclosures may classify some advertising activity as tracking, targeted advertising, sharing, or sale depending on the law and platform rules that apply.
- Service providers and processors. Vendors that provide hosting, DNS, security, email routing, analytics, crash reporting, advertising, support, communication, subscription management, entitlement management, billing, tax, development, or other operational services, subject to appropriate contractual controls where required.
- App stores and platforms. Apple, Google, operating systems, in-app purchase platforms, identity providers, or integration partners where needed to distribute, purchase, authenticate, operate, or support an app.
- Legal and compliance reasons. Authorities, courts, regulators, professional advisers, or other parties where disclosure is required by law or reasonably necessary to handle legal requests, disputes, accounting, tax, compliance, or regulatory matters.
- Security and protection of rights. Parties involved in preventing abuse, investigating incidents, enforcing terms, protecting users, or protecting the rights, safety, privacy, or property of DataRiver and others.
- Business transfers. Relevant parties in connection with a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar transaction, subject to applicable law.
- User-directed sharing. Other users, organizations, integrations, or third parties when you direct us to share information or use a feature that makes information available to them.
International transfers
DataRiver is based in Estonia. Depending on the service and providers used, information may be processed in Estonia, elsewhere in the European Economic Area, or in other countries. Where required, DataRiver should use appropriate safeguards for international transfers, such as adequacy decisions, standard contractual clauses, processor agreements, or other transfer mechanisms recognized by applicable law.
Retention and deletion
DataRiver keeps information for as long as reasonably necessary for the purposes described in this policy, including providing services, maintaining accounts, responding to support requests, meeting legal, accounting, tax, security, and dispute-resolution needs, and enforcing terms. Retention depends on the type of information, the service involved, user choices, legal requirements, and operational needs.
Support communications may be retained for up to 24 months. Account, analytics, crash, advertising, and purchase or entitlement data are retained as needed to provide services, comply with legal obligations, prevent fraud, resolve disputes, and improve apps, unless a shorter period is required by law, platform rules, provider settings, or an app-specific notice. If accounts exist, users may request account or data deletion by contacting support@data-river.app. App Store and Google Play requirements may require clear in-app or web account deletion instructions where account creation is offered.
To request deletion, use any deletion control available in the relevant app or email support@data-river.app with the app or service name and the account, profile, member, or anonymous identifier shown by that service. A verified account-deletion request removes the account identifier, profile or membership data, and cloud content controlled by that account. Users may also request deletion of individual cloud records without deleting the account where the service supports record-level deletion. Data that remains only on a device can be deleted in the app, by clearing app storage, or by uninstalling the app.
DataRiver may retain limited security, fraud-prevention, transaction, support, or legal records where required or permitted by law. Analytics, crash, and diagnostic information already processed by a service provider follows that provider's configured retention and deletion controls and is not used to reconstruct deleted user-created content.
Security
DataRiver uses reasonable administrative, technical, and organizational safeguards appropriate to the nature of the services and information processed. No method of transmission, storage, software operation, or security control can be guaranteed to be completely secure. Users should use strong credentials, protect devices, and contact DataRiver if they believe an account, app, or service has been misused.
Children and minors
DataRiver services are intended for adults or general audiences and are not directed to children unless a specific app or service expressly says otherwise and includes appropriate disclosures, age prompts, and safeguards. DataRiver does not knowingly collect personal data from children in a way that requires parental consent unless the relevant app has been designed, documented, and configured for that audience. If you are a guardian and believe a child has provided personal data, contact support@data-river.app so the matter can be reviewed and deletion can be requested where appropriate.
Automated decision-making and profiling
DataRiver does not currently identify any solely automated decision-making that produces legal or similarly significant effects for users. Apps may use advertising profiling or personalization through Google AdMob or similar providers where permitted by law, platform rules, and user consent settings. If a specific service uses automated eligibility decisions, personalized pricing, or similarly significant processing, app-specific details should be provided before release.
Your rights
Depending on where you live and how DataRiver processes your information, you may have privacy rights under GDPR or other applicable laws. These rights may include the right to:
- Request access to personal data DataRiver holds about you.
- Request correction of inaccurate or incomplete personal data.
- Request deletion of personal data, subject to legal and operational limits.
- Request restriction of processing in certain circumstances.
- Object to processing based on legitimate interests or direct marketing where applicable.
- Request portability of personal data provided by you where applicable.
- Withdraw consent where processing is based on consent, without affecting prior lawful processing.
- Lodge a complaint with a supervisory authority, including the Estonian Data Protection Inspectorate, if applicable.
To make a request, use the privacy contact listed on this page and identify the relevant app, service, account, and request. DataRiver may need to verify your identity and may retain certain information where required or permitted by law.
App Store and Google Play privacy consistency
App Store privacy nutrition labels, Google Play Data Safety answers, in-app permission prompts, account deletion disclosures, and this privacy policy should describe the same actual data practices. Before submitting or updating an app, DataRiver should confirm the app or service names, collected data categories, purposes, sharing, retention, deletion process, permissions, SDKs, analytics, crash reporting, advertising, subscription management, and in-app purchase processing. A privacy URL should not be used for store registration if it conflicts with the live app behavior. Firebase Analytics and Firebase Crashlytics should be disclosed only for apps that actually compile and initialize those SDKs.
Third-party links and services
DataRiver services may link to third-party websites, platforms, integrations, app stores, advertising services, subscription management services, payment services, or documentation that DataRiver does not control. Those third parties may process information under their own terms and privacy policies. Users should review those policies before using third-party services.
Changes to this policy
DataRiver may update this policy when services, apps, vendors, legal requirements, or business practices change. The effective date should be updated when a revised policy is published. Where required by applicable law or platform rules, DataRiver should provide additional notice or seek consent for material changes.
Contact us
For privacy questions, requests, or concerns, contact DataRiver OÜ at support@data-river.app. Include the relevant app or service name, account identifier if applicable, and a clear description of the request. Company details: registry code 17201027; registered address Harju maakond, Tallinn, Kesklinna linnaosa, Järvevana tee 9, 11314, Estonia.