Privacy Policy

Appalex Limited · Effective Date: January 13, 2025

This Privacy Policy applies to the following Appalex apps:

Photography Poses (iOS, Android)
TCG Card Scanner (iOS)
Tree Identifier (iOS)
Hungary Public Transit (Android)
Fun Facts: Did You Know (Android)
Daily Positive Affirmations (Android)
Motivation Daily — Quotes (Android)

Exception — Wordy: The Wordy language-learning app is governed by a separate privacy policy at wordy.info/privacy. This policy does not apply to Wordy.

Our Commitment to Privacy

Appalex Limited (“we”, “our”, “us”) is committed to protecting the privacy and security of our users’ personal information. We strive to be transparent about our data practices and to provide you with control over your personal information.

This Privacy Policy explains how we collect, use, share, and protect your information when you use the Appalex apps listed above (the “Apps”). We comply with the General Data Protection Regulation (GDPR) for our European users and applicable US privacy laws for our American users.

1. Data Controller

Company Name: Appalex Limited
Address: 1012 Budapest, Logodi utca 48. A. lház. 1. em. 2. ajtó, Hungary
Company Registration: 01-09-433441
Tax Number: 32612600-2-41
Representative: Sándor Lóránt Bogyó
Email: info@appalex.hu
Phone: +36 70 213 3578

Data Protection Officer:
Sándor Lóránt Bogyó
Email: info@appalex.hu
Phone: +36 70 213 3578

2. Data Processors

We work with trusted third-party service providers who process data on our behalf. Not every processor applies to every App; the actual set used depends on the specific App and platform.

Processor Name and Location	Purpose
Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) (DPF certified)	Firebase Analytics, Crashlytics, Cloud Messaging; Google Play Billing (Android IAP)
Apple Inc. (One Apple Park Way, Cupertino, CA 95014, USA)	StoreKit (iOS in-app purchases), App Store services
RevenueCat Inc. (1032 E Brandon Blvd #3003, Brandon, FL 33511, USA)	Subscription and in-app purchase management
OneSignal Inc. (201 S. B Street, Suite 200, San Mateo, CA 94401, USA) (DPF certified)	Push notifications

3. Information We Collect

The specific data collected depends on which App you use and on the App’s functionality.

3.1. Device and Technical Data

Data collected:

Device type and model
Operating system version
App version
Network status
Device identifier (IDFV on iOS, advertising ID on Android where applicable)
IP address
Country (from locale)
Language settings

Purpose: Compatibility, troubleshooting, security
Legal basis: Legitimate interest (GDPR Art. 6(1)(f))
Retention: 1 year

3.2. Usage Analytics

Data collected:

Screen views
Feature usage
In-app events
Session duration
App launches

Purpose: Service improvement, user experience enhancement, troubleshooting
Legal basis: Legitimate interest (GDPR Art. 6(1)(f))
Retention: 2 years

3.3. Purchase and Subscription Data (only for Apps with in-app purchases)

Data collected:

Purchase ID
Product identifier
Subscription status (where applicable)
Purchase date
Renewal date (where applicable)

Purpose: Subscription management, billing, customer support
Legal basis: Contract performance (GDPR Art. 6(1)(b))
Retention: As required by tax law (typically 7–10 years)

3.4. Push Notifications (only for Apps that send notifications)

Data collected:

Push notification token
Notification preferences
OneSignal user ID (where OneSignal is used)

Purpose: Sending notifications you have opted in to receive
Legal basis: Consent (GDPR Art. 6(1)(a)) — you may revoke this in your device settings at any time
Retention: Until opt-out

3.5. Camera and Photo Library (only for Apps that use the camera)

Apps such as TCG Card Scanner, Tree Identifier, and Photography Poses may request access to your device camera and/or photo library to provide their core functionality (e.g., scanning a card, identifying a tree, viewing reference photos). Camera input is processed on-device or transiently for the requested feature; we do not store your photos on our servers unless explicitly required by the App and disclosed in-app.

Legal basis: Contract performance (GDPR Art. 6(1)(b)) — access is granted by you on first request

3.6. Location Data (only for Apps that use location)

Hungary Public Transit may use location data to find nearby stops and provide route information. Location is accessed only while you are using the relevant feature and is not stored on our servers.

Legal basis: Contract performance (GDPR Art. 6(1)(b))

4. Cookies and Tracking Technologies

We use only the tracking technologies necessary to operate the Apps and improve user experience:

Firebase Analytics: App usage analysis
Device identifiers: IDFV on iOS (non-unique, app-specific), advertising ID on Android (where applicable)

4.1. Opt-out Options

iOS: Settings > Privacy & Security > Tracking > disable “Allow Apps to Request to Track”
Android: Settings > Privacy > Ads > reset or delete advertising ID
Disabling tracking does not affect core App functionality

4.2. Advertising Data

We do not sell your personal data to third parties for marketing purposes. Data collected by analytics providers is used solely for service improvement, not for targeted advertising by us.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

Encryption: All data is encrypted in transit (HTTPS/TLS)
Access control: Only authorized personnel have access to personal data
Regular security reviews
Data leak prevention

6. Your Rights

Under data protection laws, you have the following rights:

6.1. Right to Access

You can request information about what personal data we process about you.

6.2. Right to Rectification

You can request correction of inaccurate personal data.

6.3. Right to Erasure (“Right to be Forgotten”)

You can request deletion of your personal data when:

The data is no longer needed
You withdraw consent
You object to processing
The data was unlawfully processed

6.4. Right to Restriction

You can request restriction of processing in certain circumstances.

6.5. Right to Data Portability

You have the right to receive your personal data in a structured, machine-readable format. Upon request, we provide your data within 30 days in JSON or CSV format.

6.6. Right to Object

You can object to processing based on legitimate interests.

6.7. Right to Withdraw Consent

You can withdraw previously given consent at any time.

7. International Data Transfers

Some of our processors are located outside the European Economic Area. We ensure appropriate safeguards:

7.1. EU-US Data Privacy Framework (DPF) Certified Partners

Google LLC — Firebase services
OneSignal Inc. — Push notifications

7.2. Standard Contractual Clauses (SCC) Protected Partners

Apple Inc. — iOS app services
RevenueCat Inc. — Subscription management

7.3. Safeguards

All transfers include appropriate protection levels
DPF certifications are regularly verified
SCCs are based on EU Commission Decision 2021/914
Details available upon request

8. Children’s Privacy

Our Apps are intended for users aged 12 and above. We do not knowingly collect personal data from children under 12. If we become aware that we have collected data from a child under 12, we will promptly delete it.

9. Data Retention

Usage analytics: 2 years
Technical logs: 1 year
Purchase data: As required by law (7–10 years)
Push notification data: Until opt-out

10. Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal effects or similarly significant impacts on you.

11. Data Breach Management

In case of a data breach:

We notify the supervisory authority within 72 hours
We notify affected users in case of high risk
We document the incident and measures taken

12. Your California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to know what personal information we collect, use, and share
Right to delete personal information
Right to opt-out of the sale of personal information (we do not sell personal information)
Right to non-discrimination for exercising privacy rights

13. Contact Us

For privacy-related questions or to exercise your rights, contact us:

Appalex Limited
Email: info@appalex.hu
Phone: +36 70 213 3578
Address: 1012 Budapest, Logodi utca 48. A. lház. 1. em. 2. ajtó, Hungary

14. Supervisory Authority

EU users can file complaints with their local data protection authority. Our lead supervisory authority is:

Hungarian National Authority for Data Protection and Freedom of Information (NAIH)
Address: 1055 Budapest, Falk Miksa utca 9-11., Hungary
Email: ugyfelszolgalat@naih.hu
Phone: +36 (1) 391-1400

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of changes via the Apps. Changes become effective 30 days after posting.

16. Governing Law

This Privacy Policy is governed by the laws of Hungary. However, this does not affect your rights under applicable data protection laws in your country of residence, including GDPR for EU residents and state privacy laws for US residents.

Last Updated: January 13, 2025
Version: 2.0

← Back to home