Ooples

Privacy

Privacy Policy

Last updated: May 2025

This privacy policy describes how Ooples collects, uses and protects information about you when you use the Ooples application (the "App").

We take your privacy seriously. The App was designed from the ground up to minimise data collection and to keep the content of your conversations inaccessible to any third party, including Ooples.

1. Data Controller

The data controller for your personal data is the publisher of the Ooples App. For any questions regarding data processing, contact us at privacy@ooples.fr.

2. Data Collected

2.1 Data you provide

  • Profile: at first launch, you choose a display name and avatar. This information is stored locally on your device and shared only with your partner during pairing.

2.2 Data collected automatically

  • Technical identifier: a unique identifier is generated for your device to enable the service (message delivery, notifications).
  • Push notification token: if you accept push notifications, an APNs token is sent to our servers to alert you of new messages.
  • Connection metadata: technical logs (connection timestamps, IP addresses) may be temporarily retained for security and monitoring purposes.

2.3 Data not collected

Ooples does not collect and cannot access the content of your messages, photos, audio or shared documents. This content is end-to-end encrypted on your device and decrypted only by the recipient. Our servers only store encrypted data they cannot read.

Ooples also does not collect location data, advertising identifiers or browsing information.

3. Purposes of Processing

  • Service delivery: transmitting encrypted messages and files, managing device pairing, sending push notifications.
  • Security: detecting and preventing abuse, protecting against unauthorised access.
  • Maintenance and improvement: anonymised technical monitoring of the service.

4. Legal Basis for Processing

  • Contract performance: processing of technical data is necessary to provide the service you requested.
  • Legitimate interest: security monitoring and service maintenance constitute a legitimate interest justifying minimal processing of connection data.
  • Consent: for push notifications, your explicit consent is required.

5. Retention Periods

  • Account data and messages: retained until you delete your account or erase your data from the app.
  • Technical logs: retained for a maximum of 30 days, then automatically deleted.
  • Push token: retained until you uninstall the app or withdraw consent.

6. Recipients of Data

Your data is not sold, rented or shared with third parties for commercial or advertising purposes.

Technical service providers may access certain data for hosting and maintenance purposes, strictly limited to what is necessary and under confidentiality obligations.

7. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • End-to-end encryption of messages and files
  • Secure transmission via HTTPS (TLS)
  • Encrypted data storage on secure servers
  • Restricted staff access to data
  • Admin access logging

8. Data Transfers

Data processing takes place within the European Union. Our servers are hosted in France. No transfers to third countries are currently carried out.

9. Your Rights

Under the General Data Protection Regulation (GDPR), you have the following rights over your personal data: access, rectification, erasure, objection, restriction of processing and data portability.

To exercise these rights, see our personal data page or contact us at privacy@ooples.fr.

10. Changes to This Policy

We may update this privacy policy from time to time. For material changes, you will be notified via the app or by other appropriate means. The last updated date is shown at the top of this document.

11. Contact

For any questions about this policy or the processing of your personal data: privacy@ooples.fr