Privacy Policy

1. Scope

This Privacy Policy explains how Albora (“Albora”, “we”, “us”) collects, uses, stores, and protects personal information when you use our mobile application and website (the “Service”).

This Policy applies to visitors and users of the Service. If you do not agree with this Policy, please do not use the Service.

2. Definitions

For clarity:

• Personal data: information that identifies or can reasonably be linked to an individual.
• Processing: any operation performed on personal data (collection, storage, use, disclosure, deletion).
• Controller: the entity that determines the purposes and means of processing (typically Albora for Service data).
• Processor: a service provider processing data on behalf of the Controller (e.g., hosting, notifications).
• Account: your Albora profile and login session.
• User Content: content you submit through the Service (event titles, images, announcements, etc.).

3. Data we collect

3.1 TikTok login data (OAuth)

When you sign in with TikTok, TikTok provides limited account data through TikTok Login Kit. This may include:

• TikTok user identifier (for example, union_id or similar identifier)
• TikTok username
• Display name (when available)
• Profile avatar URL

We do not receive your TikTok password. Authentication is handled by TikTok via OAuth.

3.2 Data you provide in Albora

Depending on how you use the Service, you may provide:

• Profile details you choose to display (e.g., preferred name or public info)
• Event content you create (titles, descriptions, images, schedules, rules)
• Participation activity (RSVPs, invitations sent/received, tournament participation)
• Privacy preferences and settings (e.g., invitations, optional poster feature)
• Support communications (messages you send to support)

3.3 Technical, usage & security data

We may collect limited technical data necessary to operate, secure, and improve the Service, such as:

• Device and app information (OS version, app version, language)
• Log data (timestamps, basic diagnostics, crash reports, security events)
• Approximate location derived from IP (country/region) for security and compliance (where applicable)
• Event integrity signals (e.g., suspicious activity indicators, anti-abuse signals)

3.4 What we do not intentionally collect

We do not intentionally collect sensitive categories of data (such as health information or precise geolocation), unless you choose to provide it in user-generated content. Please avoid posting sensitive personal data publicly.

4. Sources of data

We collect data from:

• You (when you create events, update settings, contact support)
• TikTok (when you authenticate using TikTok OAuth)
• Your device (technical logs and diagnostics, as described above)
• Service providers (limited operational events such as delivery errors for notifications)

5. How we use data

We use personal data to:

• Provide, operate, and maintain the Service (account creation, authentication, profiles)
• Enable events/tournaments, invitations, participation, and community features
• Send service-related communications (in-app and push notifications)
• Detect, prevent, and investigate fraud, abuse, and security incidents
• Improve reliability and user experience (performance, diagnostics, troubleshooting)
• Comply with legal obligations and enforce our Terms

We do not use your personal data for targeted advertising profiles in a way that would conflict with applicable law. If we introduce advertising features in the future, we will update this Policy and provide required choices.

6. Legal bases (GDPR where applicable)

When GDPR applies, we process personal data under one or more legal bases, including:

• Contract: to provide the Service you request (accounts, events, participation)
• Legitimate interests: to keep the Service secure, prevent fraud, and improve reliability
• Consent: for optional features (e.g., AI poster generation) and certain settings
• Legal obligation: to comply with applicable laws and respond to lawful requests

Where processing is based on consent, you can withdraw consent at any time. Withdrawal does not affect prior lawful processing.

7. AI & poster generation (optional)

Albora may offer an optional feature that generates a personalized event poster using your TikTok profile picture, only with your consent.

7.1 What happens technically

When enabled:

• Your profile picture may be processed to generate a visual description (e.g., “person smiling outdoors”).
• That description may be used to generate a themed poster image for your event.
• Processing may be performed by trusted third-party AI providers under contractual safeguards.

7.2 What we store

Depending on product settings, we may store:

• The generated poster image (so you can reuse it)
• Your preference (enabled/disabled)
• Operational logs needed for debugging, abuse prevention, and security

We do not store biometric templates or perform face identification.

7.3 Your control / opt-out

You can disable this feature at any time in the app: Profile → Settings → Privacy → Disable profile picture analysis.

8. Event invitations & privacy controls

You can control whether other users can invite you to events. Invitations may be enabled by default, but you can disable them in:

Profile → Settings → Privacy → Allow event invitations

When disabled, invitations targeting your account may be blocked and the sender may see a warning in the app. We may still allow invitations in limited cases if required for safety, security, or legal reasons (for example, abuse investigations).

9. Sharing, processors & third parties

We do not sell your personal data.

9.1 Service providers (processors)

We may share data with service providers (“processors”) strictly to operate the Service, such as:

• Hosting and databases
• Notification delivery providers (push notifications)
• Analytics/monitoring (for reliability and security)
• Optional AI processing providers for poster generation (only if you enable the feature)

These providers are authorized to process data only as needed to provide services to Albora, under contractual obligations such as confidentiality and security commitments.

9.2 Legal and safety disclosures

We may disclose personal data when we believe in good faith that disclosure is necessary to:

• comply with a legal obligation or lawful request,
• protect the rights, safety, and security of users, Albora, or the public,
• prevent fraud, abuse, or security incidents.

9.3 Business transfers

If Albora is involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will provide notice when required by law.

10. Cookies & analytics

The website may use cookies or similar technologies. Some cookies are essential for the site to function. Others (analytics) may help us understand usage and improve performance.

• Essential cookies: required for core functionality and security.
• Analytics cookies (optional): used to understand how the website is used (where enabled).

If required by law, we will provide a cookie banner/consent mechanism for non-essential cookies. You can also control cookies through your browser settings.

11. Data retention

We retain personal data only as long as necessary for the purposes described in this Policy.

• Account data: kept while your account is active.
• Inactive accounts: may be deleted or anonymized after 12 months of inactivity, unless retention is required by law.
• Logs and security data: retained for a limited period for security, troubleshooting, and fraud prevention.
• User Content: retained until you delete it or delete your account, subject to limited legal/security retention needs.

You can request deletion at any time (see “Your rights”). Some information may be retained where required by law or for legitimate security and dispute-resolution purposes.

12. Security

We implement technical and organizational measures designed to protect personal data, such as:

• Encrypted connections (HTTPS/TLS)
• Access controls and least-privilege permissions
• Role-based database policies and restricted admin access
• Monitoring for suspicious activity and abuse prevention mechanisms

However, no method of transmission or storage is completely secure. You are responsible for protecting your device, keeping it updated, and securing your login methods.

13. International transfers

Your data may be processed in countries other than your country of residence (including the EU or the US) where our providers operate. Where required, we use safeguards designed to protect your data, such as contractual protections and transfer mechanisms recognized by law.

14. Your rights

Depending on your location, you may have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your data
• Withdraw consent (where processing is based on consent)
• Object to or restrict processing (where applicable)
• Request portability of certain data
• Lodge a complaint with a supervisory authority

To exercise these rights, contact us at support@albora-mobile.com. We may request verification to protect your account and prevent unauthorized requests.

15. Children’s privacy

Albora is not intended for children under 13 years of age. We do not knowingly collect personal data from minors without appropriate consent. If you believe a child has provided data to us, contact us and we will take appropriate steps.

16. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date. When changes are material, we may notify you via the app or website where required.

17. Contact

If you have questions or concerns about this Privacy Policy, contact us:

support@albora-mobile.com

---

Note: Albora is not affiliated with, endorsed by, or sponsored by TikTok. TikTok is a trademark of its respective owner.