Contents

  1. Policy details
  2. Who we are
  3. Scope of this policy
  4. App-specific information
  5. Information we collect
  6. How we collect information
  7. How we use information
  8. Legal bases under GDPR
  9. Cookies, analytics, SDKs, and similar technologies
  10. Sharing and disclosure
  11. International transfers
  12. Retention and deletion
  13. Security
  14. Children and minors
  15. Automated decision-making and profiling
  16. Your rights
  17. App Store and Google Play privacy consistency
  18. Third-party links and services
  19. Changes to this policy
  20. Contact us

Effective policy

Policy details

Company
DataRiver OÜ
Country
Estonia
Effective date
6 July 2026
Privacy contact
support@data-river.app

Who we are

DataRiver OÜ is a software company established in Estonia. References to “DataRiver,” “we,” “us,” or “our” mean DataRiver OÜ, unless a specific application or separate agreement states otherwise.

Legal name
DataRiver OÜ
Registry code
17201027
Registered address
Harju maakond, Tallinn, Kesklinna linnaosa, Järvevana tee 9, 11314, Estonia
Privacy contact email
support@data-river.app

Scope of this policy

This policy applies to DataRiver websites, mobile and desktop applications, software services, APIs, support channels, customer and business communications, documentation, and app-store or platform listings that link to this policy. It also applies when we process information to operate, secure, maintain, improve, or support those services.

This policy does not replace a written customer agreement, data processing agreement, or app-specific notice that expressly says it controls for a particular service. If there is a conflict, the more specific document normally controls to the extent permitted by law.

App-specific information

Data practices vary by app and feature. The app-store privacy details, Google Play Data Safety section, permission prompts, consent screens, and in-app disclosures for each app describe which of the practices in this umbrella policy apply to that release.

Apps or services covered
DataRiver websites, mobile apps, and related services, including future apps unless a specific app has its own separate notice.
Typical data categories
Account or platform identifiers, profile or member display names, user-created content and records when a cloud or sharing feature is used, device and app identifiers, app usage events, crash logs and diagnostics, subscription or purchase entitlement status, advertising identifiers and ad interaction data where ads are used, and support messages if a user contacts support.
Mobile app permissions
Permissions such as location, camera, photos or files, microphone, contacts, notifications, and similar platform capabilities are used only when required by a specific app feature and allowed by the user or platform.
Processors, SDKs, and tools
Cloudflare for website and API hosting, DNS, security, email routing, and databases where an app uses cloud storage; Firebase Authentication, Firebase Analytics, and Firebase Crashlytics only for apps where those SDKs are actually integrated; Google AdMob for advertising where used; RevenueCat for subscriptions, entitlements, receipt validation, restore purchases, and purchase-related analytics or support where used; Apple App Store and Google Play for app distribution and in-app purchase processing; and Gmail/Google for receiving support email forwarded through Cloudflare.

No optional SDK, permission, or data category applies to every DataRiver app. Firebase Analytics and Firebase Crashlytics apply only where those SDKs are integrated; advertising and subscription practices apply only where those features are present. User-created content may remain solely on the device in offline apps even when separate diagnostic or usage data is processed by an analytics or crash-reporting provider.

Information we collect

Depending on the service or app, DataRiver may process the categories of information below. Not every category applies to every product.

How we collect information

How we use information

DataRiver uses information for the purposes described below, depending on the applicable service, user relationship, and legal basis.

Legal bases under GDPR

Where the General Data Protection Regulation or similar European data protection law applies, DataRiver relies on one or more legal bases for processing personal data. The applicable basis depends on the context.

Cookies, analytics, SDKs, and similar technologies

DataRiver websites or apps may use cookies, local storage, software development kits, analytics tools, crash reporting tools, diagnostics, hosting infrastructure, support tools, or similar technologies where applicable. These technologies may help keep a service secure, remember preferences, understand usage, diagnose crashes, measure performance, or provide support.

DataRiver apps may use Google AdMob, RevenueCat, Apple App Store, Google Play, Cloudflare, and Gmail/Google support email services where applicable. Firebase Analytics and Firebase Crashlytics apply only to apps where those SDKs are actually integrated into the app build. No Firebase Analytics or Firebase Crashlytics SDK is used by a specific app unless that app adds it. Where consent is required for analytics, advertising identifiers, personalized ads, non-essential cookies, or similar technologies, DataRiver should obtain and respect that consent.

Sharing and disclosure

DataRiver may share information in the circumstances below, depending on the service. Where an app uses advertising, advertising identifiers or similar data may be shared with Google AdMob or other advertising partners to show, personalize where permitted, measure, prevent fraud in, and improve ads. App-store and regional privacy disclosures may classify some advertising activity as tracking, targeted advertising, sharing, or sale depending on the law and platform rules that apply.

International transfers

DataRiver is based in Estonia. Depending on the service and providers used, information may be processed in Estonia, elsewhere in the European Economic Area, or in other countries. Where required, DataRiver should use appropriate safeguards for international transfers, such as adequacy decisions, standard contractual clauses, processor agreements, or other transfer mechanisms recognized by applicable law.

Retention and deletion

DataRiver keeps information for as long as reasonably necessary for the purposes described in this policy, including providing services, maintaining accounts, responding to support requests, meeting legal, accounting, tax, security, and dispute-resolution needs, and enforcing terms. Retention depends on the type of information, the service involved, user choices, legal requirements, and operational needs.

Support communications may be retained for up to 24 months. Account, analytics, crash, advertising, and purchase or entitlement data are retained as needed to provide services, comply with legal obligations, prevent fraud, resolve disputes, and improve apps, unless a shorter period is required by law, platform rules, provider settings, or an app-specific notice. If accounts exist, users may request account or data deletion by contacting support@data-river.app. App Store and Google Play requirements may require clear in-app or web account deletion instructions where account creation is offered.

To request deletion, use any deletion control available in the relevant app or email support@data-river.app with the app or service name and the account, profile, member, or anonymous identifier shown by that service. A verified account-deletion request removes the account identifier, profile or membership data, and cloud content controlled by that account. Users may also request deletion of individual cloud records without deleting the account where the service supports record-level deletion. Data that remains only on a device can be deleted in the app, by clearing app storage, or by uninstalling the app.

DataRiver may retain limited security, fraud-prevention, transaction, support, or legal records where required or permitted by law. Analytics, crash, and diagnostic information already processed by a service provider follows that provider's configured retention and deletion controls and is not used to reconstruct deleted user-created content.

Security

DataRiver uses reasonable administrative, technical, and organizational safeguards appropriate to the nature of the services and information processed. No method of transmission, storage, software operation, or security control can be guaranteed to be completely secure. Users should use strong credentials, protect devices, and contact DataRiver if they believe an account, app, or service has been misused.

Children and minors

DataRiver services are intended for adults or general audiences and are not directed to children unless a specific app or service expressly says otherwise and includes appropriate disclosures, age prompts, and safeguards. DataRiver does not knowingly collect personal data from children in a way that requires parental consent unless the relevant app has been designed, documented, and configured for that audience. If you are a guardian and believe a child has provided personal data, contact support@data-river.app so the matter can be reviewed and deletion can be requested where appropriate.

Automated decision-making and profiling

DataRiver does not currently identify any solely automated decision-making that produces legal or similarly significant effects for users. Apps may use advertising profiling or personalization through Google AdMob or similar providers where permitted by law, platform rules, and user consent settings. If a specific service uses automated eligibility decisions, personalized pricing, or similarly significant processing, app-specific details should be provided before release.

Your rights

Depending on where you live and how DataRiver processes your information, you may have privacy rights under GDPR or other applicable laws. These rights may include the right to:

To make a request, use the privacy contact listed on this page and identify the relevant app, service, account, and request. DataRiver may need to verify your identity and may retain certain information where required or permitted by law.

App Store and Google Play privacy consistency

App Store privacy nutrition labels, Google Play Data Safety answers, in-app permission prompts, account deletion disclosures, and this privacy policy should describe the same actual data practices. Before submitting or updating an app, DataRiver should confirm the app or service names, collected data categories, purposes, sharing, retention, deletion process, permissions, SDKs, analytics, crash reporting, advertising, subscription management, and in-app purchase processing. A privacy URL should not be used for store registration if it conflicts with the live app behavior. Firebase Analytics and Firebase Crashlytics should be disclosed only for apps that actually compile and initialize those SDKs.

Third-party links and services

DataRiver services may link to third-party websites, platforms, integrations, app stores, advertising services, subscription management services, payment services, or documentation that DataRiver does not control. Those third parties may process information under their own terms and privacy policies. Users should review those policies before using third-party services.

Changes to this policy

DataRiver may update this policy when services, apps, vendors, legal requirements, or business practices change. The effective date should be updated when a revised policy is published. Where required by applicable law or platform rules, DataRiver should provide additional notice or seek consent for material changes.

Contact us

For privacy questions, requests, or concerns, contact DataRiver OÜ at support@data-river.app. Include the relevant app or service name, account identifier if applicable, and a clear description of the request. Company details: registry code 17201027; registered address Harju maakond, Tallinn, Kesklinna linnaosa, Järvevana tee 9, 11314, Estonia.