This policy describes exactly what personal data Acini collects, why, and how it is protected. We collect only what we need to operate the service. We do not sell, profile, or advertise.
Michiel Berger, Netherlands. Privacy contact: privacy@acini.app
We collect only what is necessary to provide the service. Here is what we currently collect.
Why: Account creation, transactional notifications, account deletion confirmation. Basis: Contract.
Why: Authentication — no password is stored. Basis: Contract.
Why: Core service — sharing within your circles. Basis: Contract.
Why: Core service — context for photos. Basis: Contract.
Why: Private communication between users. Basis: Contract.
Why: Determining who sees what. Basis: Contract.
Why: Access control. Basis: Contract.
Why: Determining post visibility for new members. Basis: Contract.
Why: Determining which features are available to you. Basis: Contract.
Why: Delivering notifications to your device. Basis: Consent.
Why: Allowing account restoration during 72-hour grace period; deleted when used or expired. Basis: Contract.
Why: Security and abuse prevention; deleted after 14 days. Basis: Legitimate interest.
We do not collect device identifiers for tracking, advertising IDs, location data, behavioural analytics, or any data beyond the above.
All personal data is stored and processed within the European Union. We do not use third-party services that process personal data outside Europe.
Specifically:
In-app purchases and push notifications on iOS and Android are processed by Apple Inc. and Google LLC respectively. Purchase transactions are handled entirely within their platforms; we do not receive or store payment details. Push notification delivery requires sending a device token to Apple Push Notification service (APNs) or Google Firebase Cloud Messaging (FCM), which are operated outside the EU. No message content is included in push notifications — only a signal to your device to fetch new data. These transfers are covered by each provider's standard contractual clauses.
We share data with the following processors, solely to operate the service:
Each processor is bound by a data processing agreement and may not use your data for their own purposes.
We retain personal data only for as long as necessary:
When you delete a photo, it is removed from our storage within 24 hours and is no longer accessible to any circle member.
Deletion is permanent and irreversible.
When you close your account from within the app, the following happens automatically:
The email address is the only channel through which account restoration is possible during the pending deletion period. This is by design: because passkey sign-in is blocked, the verified email address serves as the identity proof for restoration.
Under the GDPR, you have the right to:
To exercise any of these rights, contact privacy@acini.app. We will respond within 30 days. You also have the right to lodge a complaint with the Dutch data protection authority (Autoriteit Persoonsgegevens) or the authority in your country of residence.
We use appropriate technical and organisational measures to protect personal data, including encryption in transit (TLS). Because we use passkey authentication, we do not store passwords — a breach of our servers cannot expose your login credentials.
In the event of a personal data breach posing a risk to your rights, we will notify the Autoriteit Persoonsgegevens within 72 hours and affected users without undue delay, as required by GDPR Articles 33 and 34.
Acini is not directed at children. You must be at least 16 years old to use the service. We do not knowingly collect personal data from anyone under 16. If you believe a child under 16 has created an account, please contact us at privacy@acini.app.
If we make material changes to this policy, we will notify you in the app and by email at least 14 days before changes take effect. The current version is always available at acini.app/privacy.