Privacy Policy
Effective Date: October 26, 2025
Resyn ("Resyn," "we," "us," or "our") is a social platform dedicated to the creation and sharing of digital memories and echoes, which are short, sensory-rich digital moments designed to allow users to relive life's experiences.
This Privacy Policy governs the collection, use, disclosure, and protection of Personal Data when you use our mobile applications, websites, APIs, and related services (collectively, the "Services").
Data Controller: Resyn, based in Rijswijk, The Netherlands.
Contact: [email protected]
Personal Data We Collect and Sources
A. Data Provided Directly by You
- Account Information: Name, email address, username, password (hashed), profile bio, avatar image, banner image, and location
- Content: Memories (photos, videos, audio recordings, text), echoes, sensory tags, captions, descriptions, and comments
- Social Data: Follows, likes, comments, shares, and other social interactions
- Payment Information: Credit card details (processed securely through Stripe)
- Communications: Messages sent through the platform and support requests
B. Data Collected Automatically
- Device Information: Operating system, device type, unique device identifiers, mobile carrier, browser type
- Usage Analytics: Screen views, feature usage, session duration, frequency of use, engagement metrics
- Location Data: IP address, approximate geographic location, GPS coordinates (when enabled)
- Technical Data: App version, installation source, crash logs, performance metrics
- Camera and Microphone: Access for content creation (photos, videos, audio recordings)
C. Data Obtained from Third Parties
- Supabase: User identification data (email, user ID, authentication tokens)
- Stripe & RevenueCat: Transaction and subscription data
- Vexo Analytics: Usage and behavior analytics
- OpenAI: AI-powered content analysis for safety
- DigitalOcean Spaces: Media file metadata
Purposes and Legal Bases for Processing
Service Provision
Legal Basis: Contract performance (GDPR Art. 6(1)(b))
Creating and managing accounts, storing content, facilitating social interactions, processing payments
Content Moderation
Legal Basis: Legitimate interests (Art. 6(1)(f))
Detecting prohibited content, preventing spam and fraud, protecting user safety
Marketing (with consent)
Legal Basis: Consent (Art. 6(1)(a))
Sending promotional emails and marketing messages
Analytics
Legal Basis: Legitimate interests with explicit consent for third-party analytics
Understanding user behavior, identifying issues, measuring feature performance
Advertising (FREE tier only)
Legal Basis: Consent (Art. 6(1)(a))
Displaying personalized advertisements to support FREE tier services
Automated Decision-Making
We use AI-powered automated systems for:
- Content moderation using OpenAI's moderation API
- Personalization and recommendations based on user behavior
- Security and fraud detection
You have the right to object to profiling and request human review of moderation decisions. Contact [email protected] for such requests.
Disclosure and Sharing of Personal Data
A. Sharing with Other Users
Depending on your privacy settings, your profile and content may be visible to the public, followers-only, or private.
B. Service Providers
| Provider | Purpose |
|---|---|
| Supabase | Authentication & account management |
| Stripe | Payment processing |
| RevenueCat | Subscription management |
| Google AdMob | Advertising (FREE tier only) |
| Vexo Analytics | Behavior analytics |
| DigitalOcean | Media storage |
| Neon | Database hosting (EU preferred) |
| OpenAI | AI content moderation |
C. Other Disclosures
- Change of Control: In the event of a merger or acquisition
- Legal Compliance: To comply with laws and protect rights, property, or safety
- With Your Consent: For integrations you authorize
Note: Resyn does not sell your Personal Data. Users can opt out of data "sharing" as defined under CCPA/CPRA via in-app settings or email.
Data Storage, Location, and Security
Data Location
Hosted on DigitalOcean with preference for EU data centers. Database on Neon (PostgreSQL). Media stored in DigitalOcean Spaces.
Security Measures
- Encryption in transit (TLS/SSL)
- Access controls based on least privilege
- Comprehensive logging and monitoring
- Regular security reviews of vendors
Data Breach Notification
We notify supervisory authorities within 72 hours and affected users without undue delay in case of a breach that poses a high risk to rights and freedoms.
Your Privacy Rights and Controls
A. EEA/UK Rights (GDPR)
- Right of Access: Request confirmation and access to your Personal Data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your data ("Right to be Forgotten")
- Right to Object: Object to processing, including profiling
- Right to Data Portability: Receive your data in a machine-readable format
- Right to Withdraw Consent: Withdraw consent at any time
Response within one month. Can lodge a complaint with Autoriteit Persoonsgegevens in the Netherlands.
B. California Rights (CCPA/CPRA)
- Right to Know/Access: Request categories and specific pieces of information collected
- Right to Delete: Request deletion of your Personal Information
- Right to Correct: Request correction of inaccurate information
- Right to Opt-Out: Opt out of "sale" or "sharing" of personal information
- Right to Limit: Limit use of Sensitive Personal Information
Exercise these rights via in-app controls or email [email protected]. We honor Global Privacy Control (GPC) signals.
C. General Controls
- Manage visibility of profile and content
- Control location services permissions
- Manage notification preferences
- Limit ad tracking via device settings
How to Exercise Your Rights:
Use in-app controls where available or email [email protected]
Data Retention
| Data Type | Retention Period |
|---|---|
| Active Account Data | While account is active |
| Deleted Accounts | 30 days from deletion request |
| Backup Data | Up to 90 days |
| Payment Records | 7 years (financial regulations) |
| Content Moderation Logs | 1 year |
| Analytics Data | Personal data: 2 years; Aggregated: indefinite |
Children's Privacy
Our Services are not directed to children under the age of 16 in the EEA/UK and under the age of 13 in other jurisdictions. We do not knowingly permit users below the minimum age to create an account. If we become aware of an ineligible user, we will promptly delete the account and associated data. We do not deliver personalized advertising to minors where prohibited by law.
Third-Party Links and Services
The Services may contain links to third-party websites. Their privacy practices are governed by their own policies. We encourage you to review:
EU Digital Services Act (DSA) Compliance
Point of Contact
[email protected] (English, Dutch)
Content Moderation
Clear reasons for content removal or restriction, notice-and-appeal process maintained
Ad Transparency
Advertisements clearly labeled with targeting parameters where technically feasible
Dispute Settlement
Cooperation with certified out-of-court dispute settlement bodies
Changes to this Policy
We reserve the right to update this Privacy Policy periodically. Material changes will be notified through in-app notice or email, with the "Effective Date" updated. Continued use after changes constitutes acceptance. We maintain an archive of prior versions for at least 24 months.
Contact Information
Legal Notices
Registered office address: To be published once arranged. All correspondence to [email protected] until then.
Right to Complain
EEA/UK residents can lodge a complaint with their supervisory authority (e.g., Autoriteit Persoonsgegevens in the Netherlands).
Last Updated: October 26, 2025