Effective Date: January 6, 2026
Last Updated: January 17, 2026
Version: 2.0
Preamble
EASYICAL, a simplified joint-stock company (société par actions simplifiée unipersonnelle - SASU) with a share capital of 100 euros, registered with the Nice Trade and Companies Register under number 938 476 231, with its registered office at 71 Avenue de Pessicart, 06100 Nice, France (hereinafter "EASYICAL", "we", "our" or "us"), publishes the Check mobile application (hereinafter the "Application" or "Check").
This privacy policy (hereinafter the "Policy") is intended to inform users of the Application (hereinafter "User", "you" or "your") about the conditions under which EASYICAL collects, processes and protects their personal data, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the "GDPR").
Article 1 - Data Controller
The data controller for personal data collected through the Application is:
EASYICAL
Simplified Joint-Stock Company (SASU)
Share Capital: €100.00
RCS Nice: 938 476 231
SIRET: 938 476 231 00015
EU VAT Number: FR19938476231
Registered Office: 71 Avenue de Pessicart, 06100 Nice, France
Legal Representative: Mr. Kévin NICOLAS, President
Email:
contact@easyical.com
Article 2 - Data Collected
In connection with the use of the Application, EASYICAL may collect the following categories of personal data:
2.1 Identification and Account Data
- Email address (only for permanent accounts)
- Display name (username)
- Unique account identifier (including for anonymous accounts)
- Account status (anonymous or permanent)
- Profile picture (optional)
Note regarding anonymous accounts: For users in anonymous mode, only a unique technical identifier is collected. No personal identification data (email, password) is required. Data created on an anonymous account is stored but cannot be recovered if access to the device is lost.
2.2 Authentication Data
- Password (stored in encrypted form) - for email registration
- OAuth authentication tokens (Google, Apple)
- Third-party identifiers (Google ID, Apple ID)
- Firebase anonymous authentication token (for anonymous accounts)
Note regarding Sign in with Apple: If you use "Sign in with Apple" with the "Hide My Email" option, Apple generates a private relay email address. We only receive this relay address, not your real email address. You can manage this feature in your Apple ID settings.
Note regarding account conversion: When converting an anonymous account to a permanent account, existing data (verifications, rooms, preferences) is retained and associated with the new permanent account.
2.3 Usage Data
- Verification history (type, timestamp, associated room)
- Verification photographs (premium feature)
- Custom verifications and rooms created by the User
- Application preferences (theme, language, notifications)
2.4 Family Sharing Data
- Family group membership
- Role within the family (administrator/member)
- Family invitation code
2.5 Technical Data
- Device type and model
- Operating system and version
- Firebase technical identifiers
- IP address (not retained)
- Push notification tokens (Expo Push Token)
2.6 Geolocation Data (optional)
- Home GPS coordinates (latitude, longitude) - only if the "Location Reminders" feature is enabled by the User
- Approximate home address - only if the User sets a departure point for reminders
Important: This data is collected only with the User's explicit consent and is stored locally on the device. It is not transmitted to our servers. The User can disable this feature and delete stored location data at any time from the Application settings.
Article 3 - Legal Basis for Processing
In accordance with Article 6 of the GDPR, the processing of personal data carried out by EASYICAL is based on the following legal grounds:
| Purpose of Processing |
Legal Basis |
| Creation and management of user account |
Contract performance (Art. 6.1.b GDPR) |
| Provision of Application features |
Contract performance (Art. 6.1.b GDPR) |
| Data synchronization across devices |
Contract performance (Art. 6.1.b GDPR) |
| Sending push notifications |
Consent (Art. 6.1.a GDPR) |
| Storage of verification photographs |
Consent (Art. 6.1.a GDPR) |
| Location-based reminders |
Consent (Art. 6.1.a GDPR) |
| Service improvement and security |
Legitimate interest (Art. 6.1.f GDPR) |
| Subscription and payment management |
Contract performance (Art. 6.1.b GDPR) |
| Compliance with legal obligations |
Legal obligation (Art. 6.1.c GDPR) |
Article 4 - Purposes of Processing
The personal data collected is processed for the following purposes:
- Enable User registration and authentication
- Provide verification management features
- Synchronize data across the User's different devices
- Enable verification sharing within a family group
- Send verification reminders (if authorized by the User)
- Send reminders when the User leaves home (if the feature is enabled)
- Generate PDF history reports
- Store photographs associated with verifications
- Manage premium subscriptions and related transactions
- Ensure the security and proper technical operation of the Application
- Improve user experience and fix malfunctions
- Respond to User requests
Article 5 - Photograph Processing
As part of the premium "Verification Photos" feature, the User may choose to add photographs to their verifications. These photographs are subject to the following processing:
- Local compression: before any transfer, images are resized (maximum 800 pixels) and compressed (70% quality) on the User's device
- Secure storage: photographs are stored on Google's Firebase Storage servers located in the European Union (europe-west1 region)
- Restricted access: only the User and, where applicable, their family members have access to photographs
- Automatic deletion: photographs are automatically deleted when the associated verification or user account is deleted
The User agrees not to upload unlawful, pornographic, violent content or content infringing on the rights of third parties.
Article 6 - Data Recipients
Personal data collected may be disclosed to the following categories of recipients:
6.1 Internal Recipients
- Authorized EASYICAL personnel for technical support and maintenance purposes
6.2 Processors
- Google Ireland Limited (Firebase): data hosting, authentication, file storage
- Expo (650 Industries, Inc.): push notification service
- RevenueCat, Inc.: subscription and in-app purchase management
- Apple Inc. and Google LLC: payment processing via their respective stores
6.3 Other Recipients
- Members of the User's family group (if family sharing is enabled)
- Judicial or administrative authorities, in case of legal obligation
EASYICAL commits to never selling, renting or transferring for consideration Users' personal data to third parties for commercial or advertising purposes.
Article 7 - International Transfers
Personal data is primarily stored on Google Firebase servers located in the European Union (europe-west1 region, Belgium).
In connection with the use of Google and RevenueCat services, some data may be transferred to countries outside the European Economic Area, particularly the United States. These transfers are governed by:
- Standard contractual clauses adopted by the European Commission
- The EU-US Data Privacy Framework for certified companies
- Additional technical and organizational measures implemented by processors
Article 8 - Data Retention Period
Personal data is retained for the following periods:
| Type of Data |
Retention Period |
| Permanent account data |
Account lifetime + 30 days after deletion |
| Anonymous account data |
Account lifetime or until conversion to permanent account |
| Verification history |
Account lifetime |
| Verification photographs |
Until deletion of verification or account |
| Payment data |
Managed by Apple/Google (see their policies) |
| Connection logs |
12 rolling months |
At the end of these periods, data is deleted or irreversibly anonymized.
Important note regarding anonymous accounts:
Data associated with an anonymous account is retained as long as the authentication token remains valid. In case of Application deletion, sign out or device change, data may become permanently inaccessible. It is strongly recommended to convert an anonymous account to a permanent account to ensure data persistence.
Article 9 - Data Security
EASYICAL implements appropriate technical and organizational measures to ensure the security and confidentiality of personal data, including:
- Data encryption in transit (TLS 1.3)
- Data encryption at rest (AES-256)
- Secure authentication (password hashing with Firebase Authentication)
- Restrictive Firestore security rules per user and per family
- Server access limited to authorized personnel
- Regular updates of software components
- Access monitoring and logging
Article 10 - Data Subject Rights
In accordance with the GDPR, the User has the following rights regarding their personal data:
- Right of access (Art. 15 GDPR): obtain confirmation that data concerning them is being processed and obtain a copy
- Right to rectification (Art. 16 GDPR): request correction of inaccurate or incomplete data
- Right to erasure (Art. 17 GDPR): request deletion of their data under the conditions provided by regulation
- Right to restriction of processing (Art. 18 GDPR): request suspension of processing in certain circumstances
- Right to data portability (Art. 20 GDPR): receive their data in a structured, commonly used format (PDF export available in the Application)
- Right to object (Art. 21 GDPR): object to the processing of their data on legitimate grounds
- Right to withdraw consent (Art. 7 GDPR): withdraw consent given for processing at any time
These rights may be exercised:
- Directly in the Application (for access, rectification and deletion)
- By email to: contact@easyical.com
- By post to: EASYICAL - 71 Avenue de Pessicart, 06100 Nice, France
Any request must be accompanied by a copy of proof of identity. EASYICAL commits to responding within one month of receiving the request.
Article 11 - Cookies and Trackers
The Check Application does not use advertising cookies, marketing trackers or third-party analytics tools.
Only technical identifiers strictly necessary for the operation of the Application are used, particularly for authentication and data synchronization.
Article 12 - Protection of Minors
The Check Application is accessible to all ages. However, for minor users, use of the Application and account creation must be done under the supervision and with the consent of a parent or legal guardian.
EASYICAL does not knowingly collect personal data concerning children without appropriate parental consent. If a parent or legal guardian discovers that their minor child has provided personal data without their consent, they are invited to contact EASYICAL so that necessary measures can be taken to delete this data.
Article 13 - Changes to the Policy
EASYICAL reserves the right to modify this Policy at any time. In case of substantial modification, Users will be notified by notification in the Application at least thirty (30) days before the modifications take effect.
Continued use of the Application after the modifications take effect constitutes acceptance of the new Policy.
Article 14 - Complaint
If the User believes that the processing of their personal data constitutes a violation of the GDPR, they have the right to lodge a complaint with the competent supervisory authority.
In France, the competent authority is the Commission Nationale de l'Informatique et des Libertés (CNIL):
Commission Nationale de l'Informatique et des Libertés
3 Place de Fontenoy, TSA 80715
75334 Paris Cedex 07, France
Phone: +33 1 53 73 22 22
Website:
www.cnil.fr
Article 15 - Data Protection Officer
EASYICAL has designated a Data Protection Officer (DPO) who can be contacted at:
Data Protection Officer
Mr. Kévin NICOLAS
Email:
contact@easyical.com
Address: EASYICAL - 71 Avenue de Pessicart, 06100 Nice, France
Article 16 - Contact
For any questions relating to this Policy or the processing of personal data, the User may contact EASYICAL: