Last Modified: 25 May 2018
Beto Software S.L. ("Beto Software", "we", "us" or "our") operates the Jupital messaging service ("Jupital") for mobile devices that allows users to send and receive messages.
Please also read Jupital’s Terms of Service (“Terms”), which describes the terms under which you use our Services.
In providing our Services we endeavour to preserve your privacy, storing only the absolutely necessary personal data for the shortest possible time, and to protect your security.
Data We Collect
We may collect personal data from you when you interact with us through the Services.
Data You Provide
Your Account Data
You provide a username (except free accounts) which doesn't have to be your real name or express any reference to your identity. This username is stored by our Service in a cryptographic way that allows other users to contact you via Jupital without revealing its real value.
Our Service uses end-to-end encryption to protect against third parties, including us, from reading your messages. All the private keys are created and stored in your device and we do not hold those keys. The messages metadata (ID, sender, recipient, etc.) are protected by an additional encryption layer for transmission between the App and our servers to prevent eavesdropping by third parties. Your messages are deleted from our servers once they are delivered. If a message cannot be delivered immediately (for example, if you are offline), we may keep it on our servers for up to 30 days as we try to deliver it. If a message is still undelivered after 30 days, we delete it.
Automatically Collected Data
Your Account Data
Our Service uses random numbers (UUID) to uniquely identify accounts, profiles, messages, etc. We store the date your account, profile(s) and device(s) were created. We use public key authentication instead of passwords to prevent its theft. We store the month of your last connection to detect inactive accounts.
If you enable notifications, we must store a token to send them. We use push notifications to notify you of new messages.
We collect aggregate, anonymous service-related data, such as number of active users or total messages sent, to help us to improve the Service. If you visit our Site we may gather some personal data automatically and store it in log files. This personal data includes IP address, browser type and language, operating system and timestamp.
If you pay for our Services, we may receive personal data and confirmations, such as payment receipts, including from app stores or other third parties processing your payment.
How We Use Your Data
We use the personal data we collect to operate, provide, improve, support and market our Services.
Data We May Share
We do not share your personal data with third parties except with your consent or when legally required.
We may collect, use, preserve, and share your personal data if we have a good-faith belief that it is reasonably necessary to: (i) comply with any applicable law, regulation, legal process, or governmental request; (ii) enforce our Terms and any other applicable terms and policies, including for investigations of potential violations; (iii) detect, investigate, prevent, and address fraud and other illegal activity, security, or technical issues; or (iv) protect the rights, property, and safety of our users, Beto Software, its employees, and the public.
Data You Share
You share your personal data as you use and communicate through our Services.
Your username and profile name may be available to anyone who uses our Services.
Users with whom you communicate may store or share your personal data with others on and off our Services.
Legal Bases For Processing Data
In accordance to the Regulation (EU) 2016/679 of 27 April 2016 —General Data Protection Regulation (GDPR)—, our legal bases for the processing of the personal data described above, are the following:
- you has given us consent to the processing for one or more specific purposes (GDPR Art. 6(1)(a).);
- the processing is necessary to fulfill our Terms of Service (Id. Art. 6(1)(b).);
- the processing is necessary for compliance with our legal obligations (Id. Art. 6(1)(c).);
- the processing is necessary to protect your vital interests or of others (Id. Art. 6(1)(d).);
- the processing is necessary in the public interest (Id. Art. 6(1)(e).);
- the processing is necessary for our legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms that require protection of personal data (Id. Art. 6(1)(f).).
We store personal data as long as necessary to provide the Services to you, thereafter only if and to the extent that we are obliged to do so by mandatory statutory retention obligations. To dispose of data, we may anonymize it, delete it or take other appropriate steps. Data may persist in backup archives for some additional time.
We take reasonable steps to protect the personal data provided via the Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no security system can prevent all potential security breaches. Therefore we have designed our system to limit the potential implications of such a breach by having the least possible personal data about you, or that is by its nature public (e.g., public keys).
You have the right of access, rectification, erasure and portability of your personal data, and of restriction of or object to processing concerning your personal data.
In cases which you have given us prior consent to the processing of your personal data, you have the right to withdraw such consent at any time.
You have the right to lodge a complaint with the competent supervisory authority.
Our Services may contain links to other web sites and services not operated or controlled by us (the “Third Party Sites”). The policies and procedures we described here do not apply to the Third Party Sites. The links from the Services do not imply that we endorse or have reviewed the Third Party Sites. We suggest contacting those sites directly for information on their privacy policies.
As stated in our Terms of Service you must be at least 16 years old to use our Services. We do not knowingly collect personal data from children under 16. If we learn that a child under 16 has provided us with personal data, we will take steps to delete such data.
Changes to This Policy
The data controller of your personal data is Beto Software S.L.