Mileapps logo

Privacy Policy

Introduction

This Privacy Policy explains how TZION MEDIA SLU ("we", "us", or "our") collects, uses, discloses, and protects your personal data when you use Mileapps (the "Website"). We are committed to respecting and protecting your privacy rights.

Data Controller: TZION MEDIA SLU is the organization responsible for the processing of your personal data (the "data controller"). We are established in Andorra, with our business address at Carretera dels Cortals, Edifici Cirerer-Griu, Atic 3, AD200, AD. You can contact us by phone at +376 62 60 15 for privacy-related inquiries.

We process personal data in accordance with Andorra’s data protection law, namely the Qualified Personal Data Protection Law 29/2021 (LQPD), which aligns closely with the principles of the EU General Data Protection Regulation (GDPR). Where applicable (for example, if we handle personal data of individuals in the EU), we also adhere to the requirements of the EU GDPR.

By using our Website, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this policy, please do not use the Website. We may update this Privacy Policy from time to time (see the "Changes to This Privacy Policy" section below). We will notify you of significant changes, and the latest version will always be available on this page.

Information We Collect

We collect two types of information from and about users of our Website: (1) information you provide to us directly, and (2) information collected automatically as you interact with our Website.

Information You Provide to Us

While using the Website, you generally are not required to provide personal data. We do not offer user registration or accounts for general browsing. However, you may choose to contact us or interact with certain features, in which cases you may provide personal information, such as:

  • Contact Information: If you contact us (for example, via a contact form, email correspondence, or through a DMCA notice submission), you may provide personal data like your name, email address, phone number, or mailing address. We will use this information solely for the purpose of communicating with you and addressing your inquiry or request.

  • Feedback or Survey Responses: If we solicit feedback or run surveys and you voluntarily participate, you might provide your opinions, experiences, or other details which could include personal data. (Participation in such activities is optional and typically you can choose to be anonymous.)

  • Other Voluntarily Provided Data: Any personal data you voluntarily provide us in the content of a message or form submission. For instance, if you request support or exercise your data rights, you might give us additional information to help verify your identity or fulfill your request.

Please do not submit sensitive personal data (such as information about racial or ethnic origin, political opinions, religious beliefs, health, or similar sensitive categories) unless it is necessary for a specific communication and you consent to our processing of that information.

Information Collected Automatically

When you visit or interact with the Website, we (and our third-party partners) automatically collect certain technical and usage information. This information may be considered personal data under applicable laws (especially when associated with other identifiers). It includes:

  • Device and Browser Information: We collect details about the device and browser you use to access our Website. This may include your device’s IP address (Internet Protocol address), browser type and version, operating system, language preference, device identifiers, and device model. The IP address may be used to infer your approximate geographic location (e.g., country or city level). We use IP anonymization measures where feasible, especially for analytics purposes, to truncate the IP and reduce identifiability.

  • Usage Data: We gather information about your activity on the Website, such as the pages or screens you view, the date and time of your visit, the time spent on each page, click-stream data (e.g., what links or buttons you click), and the website or search query that referred you to our Website. For example, our server logs may record that a user with a certain IP address visited the home page and then clicked on an app review page at a specific time.

  • Cookies and Similar Technologies: We use cookies, pixels, and similar tracking technologies to collect information about your interactions with the site. Cookies are small files stored on your browser or device that help us recognize you and remember your preferences. These technologies may collect unique identifiers (like cookie IDs or advertising IDs), and information such as your cookie consent status, and whether you have seen a particular message or advertisement. For instance, when you first visit, we will set a cookie to remember your cookie consent choices so that the consent banner is not shown on every page load thereafter (unless you reset it). Details on the specific cookies and their purposes can be found in our Cookie Policy ($business.cookiepolicy).

  • Analytics Data: We employ third-party analytics services (like Google Analytics and Microsoft Clarity) that use cookies and scripts to collect usage data (as described above). These services provide us aggregated statistical information. Google Analytics, for example, might record how many users visited a certain page and from which countries. Microsoft Clarity might record anonymized click heatmaps or session replays to help us understand user behavior on the site (with sensitive data automatically masked). This data is generally pseudonymous, meaning we cannot directly identify you by name, but it could be linked to a unique code or cookie. We treat this information as personal data when required by law.

  • Advertising and Conversion Data: Our Website receives traffic from advertising campaigns we run on platforms like Microsoft Ads, Google Ads, and Yahoo Japan Ads. If you clicked one of our ads on those platforms to reach our site, tracking technologies (such as cookies or URL parameters like GCLID for Google Click Identifier) might be used to tell us which ad campaign led you to us. Similarly, if we set up conversion tracking, we will know that a user performed a certain action (e.g., clicked a download link) after arriving via advertisement. This helps us measure the effectiveness of our ads. We generally receive this data in aggregate form (e.g., X number of users from Campaign A visited the site and Y of them clicked a specific link). Some ad networks may set a cookie on your device when you visit our site to help track these conversions. For example, Microsoft’s UET (Universal Event Tracking) may set cookies like uetvid or uetsid with unique identifiers for advertising analytics.

  • Security and Log Data: To ensure the integrity and security of the Website, our systems (and security partners like Cloudflare) may automatically collect and log information such as your IP address, browser characteristics, and information about any actions that could be interpreted as malicious (e.g., repeated failed access attempts or unusual request patterns). Cloudflare, which provides security and caching for our site, may place a security cookie (__cf_bm) to distinguish legitimate human traffic from bots. This cookie contains encrypted data about your session’s trust score and expires after 30 minutes. Such security measures help us detect and mitigate bots or fraudulent activity in real-time.

We combine the information collected automatically with information you may provide directly only where necessary (for example, to troubleshoot an issue you asked us to resolve, we might review relevant logs).

Legal Basis Notice: For users in Andorra and, where applicable, the EU, we ensure that there is a legal basis for the processing of each category of data described above (see "Legal Bases for Processing" below for more details on this).

Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our Website to enhance functionality, analyze usage, and manage advertising (as described above). When you first visit our site, you will be presented with a cookie consent banner that allows you to accept or customize your cookie preferences. We will not set certain cookies (especially analytics and advertising cookies) without your consent, in compliance with applicable law and APDA guidelines.

Key points about our use of cookies:

  • Consent Management: Our cookie consent manager (CMP) is "Managed by Google" and compliant with the IAB Transparency and Consent Framework (CMP ID: 300). This means that your choices (accept or reject certain cookie categories) are captured and stored (e.g., in a cookie like FCCDCF) and respected. You can change your preferences at any time by accessing the consent management tool (look for a "Privacy Settings" or similar link on our site, typically in the footer or via the Cookie Policy page).

  • Types of Cookies: We generally classify cookies on our site as Essential, Analytics, or Advertising. Essential cookies (including certain Cloudflare security cookies and the consent preference cookies) are necessary for the site’s operation and cannot be turned off (they do not store personally identifiable info aside from technical data). Analytics cookies help us understand site traffic and usage (and are only set if you consent). Advertising cookies (from third-party ad networks) help in delivering personalized ads and tracking ad performance (again, only set with consent).

  • Duration: Cookies have varying lifespans. Some are session cookies that expire when you close your browser. Others are persistent cookies that remain on your device for a defined period or until deleted. For example, an analytics cookie _ga can last for up to 2 years unless cleared, whereas a Cloudflare session cookie lasts 30 minutes or until you end your session. We provide a list of specific cookies, their purposes, providers, and expiration times in our Cookie Policy for complete transparency.

For a detailed list of all cookies and tracking technologies used on the Website (including names, purposes, providers, and lifespans), please refer to our Cookie Policy ($business.cookiepolicy). That list also includes the cookies set by our advertising and analytics partners, such as Google’s DoubleClick cookies, Microsoft’s UET and Clarity cookies, and Yahoo Japan’s tracking cookie (e.g., yjsuyjad, used for conversion tracking, which lasts ~1 year).

By adjusting your browser settings, you can refuse or delete cookies. However, please note that if you disable all non-essential cookies, some features of the site (like remembering your preferences or performing analytics) may not function optimally. Essential cookies (like those used for security or storing your consent choice) will remain in use to ensure the site operates correctly and honors your decisions.

How We Use Your Information

We use personal data collected from you or about you for the following purposes:

  1. To Provide and Maintain the Website: We use data to deliver our services to you and ensure the Website functions correctly. This includes using information to load pages in your browser, to personalize or optimize the display (for example, showing content in your preferred language), and to monitor the Website’s performance. We also use data for troubleshooting, support, and maintenance. If you report a technical issue, we may use log data or device information to diagnose and fix the problem.

  2. To Respond to Your Inquiries or Requests: If you contact us with a question, feedback, or a DMCA/copyright notice, we will use your provided contact information to communicate with you and address your inquiry. For example, if you submit a DMCA takedown request, we will process the information in the request to verify its validity and respond appropriately (which might include emailing you a confirmation or follow-up questions). If you exercise a privacy right (such as requesting access to your data), we will use the data you provide to verify your identity (as needed) and to fulfill your request.

  3. To Provide Content and Improve User Experience: We analyze usage data and feedback to understand how users interact with our Website. This helps us improve our content and features. For instance, we might notice through analytics that a particular category of apps is very popular, so we may decide to expand content in that category. Or if many users are visiting from mobile devices and struggling with page layout, we might optimize our mobile design. We also use Microsoft Clarity’s session recordings and heatmaps in an aggregated manner to identify UI/UX issues (for example, if certain buttons are rarely clicked or if users seem to get stuck on a certain page element). This analysis is typically done on pseudonymous data, focusing on trends rather than individual behavior.

  4. To Serve Advertising and Measure Ad Performance: Advertising partners like Google and Yahoo Japan process certain data to decide which ads to show you on our site. With your consent, we allow these partners to use cookies and identifiers to show you more relevant ads (for example, you might see ads related to tech or gaming if you frequently visit those categories on our site). We might also use demographic or regional information (in aggregate) to tailor the type of ads displayed (e.g., showing ads in the appropriate language or relevant to a user’s locale). Additionally, we track ad performance through conversion data: if an ad campaign led you to our site and you performed an action (like clicking a download link), we record and analyze that information (usually in aggregate, such as “Campaign X resulted in Y downloads”) to evaluate the effectiveness of our marketing.

  5. To Protect the Website, Our Users, and Our Business: We use data for security and anti-fraud purposes. For example, the Cloudflare __cf_bm cookie and related security data are used to identify and mitigate potentially malicious visits (such as bots or DDoS attacks). We may block IP addresses that appear suspicious or that trigger Cloudflare’s bot management defenses. The data (including log files of IP addresses, user agents, and usage patterns) is also used to investigate any breaches or attempted breaches of our systems. Our use of security-related data is under the legal basis of legitimate interests (keeping our Website and users safe) or legal obligation (compliance with laws requiring safeguarding of data).

  6. To Comply with Legal Obligations: We may process and retain personal data as necessary to comply with legal requirements. This includes obligations under Andorran law or EU law (if applicable) to retain certain information, to respond to lawful requests by public authorities (e.g., court orders or subpoenas), or to meet regulatory compliance (such as demonstrating consent records for GDPR, if needed). If you exercise privacy rights, we will keep records of our correspondence to comply with accountability obligations. If there are legal disputes or investigations, we might process relevant personal data as needed for evidence or cooperation with authorities.

  7. To Enforce Our Terms and Defend Our Rights: We may use personal data to enforce our Terms and Conditions and other policies. For instance, if we detect actions that violate our Terms (like scraping content or attempting security breaches), we may use that data to investigate and take action (such as blocking access or contacting relevant authorities). Additionally, should the need arise to defend ourselves in legal proceedings, we will use relevant data (which may include server logs, communications, etc.) to establish facts and defend our legal rights.

We will not use your personal data for purposes that are incompatible with the above, unless we obtain your consent or are required/permitted by law to do so. We do not engage in selling personal data to third parties for their own marketing purposes.

Legal Bases for Processing

We process personal data only when we have a valid legal basis to do so under applicable law. Under Andorran law (LQPD) and the EU GDPR (where applicable), the main legal bases we rely on are:

  • Consent: We rely on your consent for certain types of processing. For example, we seek your consent before setting non-essential cookies (analytics and advertising cookies) on your device. Consent is also the basis for processing any information you voluntarily submit that is not strictly necessary for the functioning of the site (for instance, if you participate in a survey or allow us to use your email for a newsletter – although currently we have no newsletter). You have the right to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing conducted prior to the withdrawal, but it will prevent us from continuing the specific processing that was based on consent (for example, if you withdraw consent for analytics cookies, we will stop collecting analytics data from your visits going forward).

  • Legitimate Interests: We process certain data as necessary for our legitimate interests, provided those are not overridden by your data protection rights. We have a legitimate interest in ensuring the proper functioning, security, and improvement of our Website and services. For instance, collecting security logs and using Cloudflare’s bot management is in our legitimate interest to protect the site and our users from malicious activity. Similarly, analyzing usage data to improve our content and user experience (in a privacy-conscious way) can be considered a legitimate interest. When we rely on this basis, we carefully consider and balance any potential impact on your rights. We do not rely on legitimate interests as a basis for processing personal data that is highly invasive or where your rights override our interests (for example, we would not use legitimate interest to justify excessive profiling or sharing of data in unexpected ways).

  • Legal Obligation: In some cases, we must process personal data to comply with a legal or regulatory obligation. For example, Andorran law might require us to retain certain business correspondence for a defined period, or to cooperate with law enforcement requests. If you exercise a right under data protection law, we may need to process your personal data to fulfill that legal obligation (e.g., retaining a record of an opt-out to demonstrate compliance). When processing based on legal obligation, we will only do what the law strictly requires.

  • Performance of a Contract: This basis is generally not applicable in our context, since using our Website does not typically involve a direct contract between you and us (other than the Terms of Service which govern usage). We are not providing individualized services that you pay for; thus, “performance of a contract” is rarely relevant. If, however, you were to enter into a specific agreement with us (for instance, if you were a business partner or if we ran a promotional contest with terms), we would process necessary personal data under this basis. Currently, for regular users of the site, this is not applicable.

  • Public Interest: This is not applicable to our activities. We are not carrying out tasks in the public interest or exercising official authority.

Examples illustrating our legal bases in practice:

  • Setting a Cloudflare security cookie and processing IP logs: Our basis is legitimate interests (keeping the site secure and available). We’ve assessed that this is necessary and has minimal impact on user privacy (such cookies don’t collect personal info beyond what’s needed for bot detection and are short-lived).

  • Using Google Analytics for users who consent: Our basis is consent. We do not activate Google Analytics for users who decline cookies. For those who consent, data is processed according to Google’s terms (with measures like IP anonymization to reduce privacy impact).

  • Responding to a DMCA takedown notice: If someone provides personal data in such a notice, our processing (e.g., reading and potentially forwarding it to the alleged infringer, if applicable) is based on legal obligation (complying with copyright laws and safe harbor processes) and our legitimate interest in resolving legal claims.

  • Retaining consent records or communications: This could be both legal obligation (to demonstrate compliance with data protection laws) and legitimate interest (keeping business records and defending against potential disputes).

If we intend to process personal data for a new purpose that is not covered by this Privacy Policy, we will provide you with information about that purpose and obtain your consent if required by law.

Sharing and Disclosure of Information

We value your privacy and aim to share personal data only when necessary. We do not sell your personal data to third parties for their own marketing or other independent use. However, we may share or disclose information (including personal data) in the following circumstances:

  • Service Providers and Partners: We may share information with third-party vendors, contractors, and service providers who perform services on our behalf and need access to such information to carry out their work. These include:

  • Analytics and Technology Providers: For example, Google Analytics (by Google LLC) and Microsoft Clarity (by Microsoft Corporation) process data on our behalf to provide insights into site usage. They act as our processors for analytics data. Similarly, if we use a tool for site search or performance monitoring, those providers process data to deliver their services to us. We have agreements or terms in place with such providers that restrict their use of the data to the services requested, and that require them to protect the data.

  • Advertising Partners: We integrate certain code from advertising networks (like Google AdSense, Microsoft Advertising, Yahoo Japan Ads). These partners are technically receiving your data through their code on our site, and they use it for their own purposes of selecting and serving ads (thus, they might be considered separate data controllers for that data). We ensure that such partners only operate on our site with your consent (for example, personalized ad targeting cookies are only active if you opt in). We share data like ad impressions or click reports with these partners to get analytics about ad performance. In some cases, for transparency: when you consent to advertising cookies, we “share” certain identifiers (like cookie IDs or mobile Ad IDs) with these networks so that they can serve personalized ads. This sharing is disclosed and managed via the consent mechanism (in compliance with the IAB TCF where applicable).

  • Cloudflare: Cloudflare, Inc. provides content delivery and security services for our Website. In providing these services, Cloudflare will process certain technical data (like IP addresses, device info, and behavioral data to evaluate threats). Cloudflare acts as a service provider helping to protect our site, and is contractually bound to only use the data for security-related purposes and to comply with applicable data protection requirements.

Our service providers are given only the data necessary to perform their functions, and they are contractually obligated to keep your information confidential and secure, and to use it only for the purposes for which we disclose it to them. We strive to choose providers who have strong data protection practices. Some of our key providers (like Google, Microsoft, Cloudflare) are large companies that comply with frameworks like GDPR and have robust security measures in place.

  • Affiliated Entities: If TZION MEDIA SLU is part of a group of companies (e.g., subsidiaries, parent company), we may share personal data within that group for internal administrative purposes. (At present, if TZION MEDIA SLU operates as a single entity, this may not apply.) In any case, affiliated entities will either follow this Privacy Policy or provide at least an equivalent level of protection for your data.

  • Legal Requirements and Protection of Rights: We may disclose personal data if required to do so by law or in the good-faith belief that such action is necessary to (a) comply with a legal obligation, process, or request (for example, to respond to a subpoena, court order, or other legal demand); (b) enforce our Terms and other agreements, or investigate potential violations thereof; (c) detect, prevent, or address fraud, security, or technical issues; or (d) protect the rights, property, or safety of TZION MEDIA SLU, our users, or the public. For instance, if we receive a legitimate legal notice claiming that a user’s activity on our site is unlawful, we might be obligated to share that user’s IP address or other logs with law enforcement. Similarly, if an individual threatens our company with legal action, relevant communications and data could be shared with our legal counsel and used in proceedings.

  • Business Transfers: In the event that TZION MEDIA SLU is involved in a merger, acquisition, sale of assets, insolvency, or reorganization, personal data held by the company may be transferred to the successor or purchaser as part of the transaction. We would ensure that any such successor is bound by terms that are at least as protective of your privacy as those in this Privacy Policy. For example, if another company acquires our business or Website, your information would likely be one of the transferred assets so that the service can continue. The new owner would have access to your data but would be obligated to handle it in accordance with this Privacy Policy (unless and until you’re notified of changes).

  • Third-Party Advertising and Analytics (as data recipients): As described earlier, when you consent to advertising cookies, third-party advertising networks receive certain data from your browser (like cookie identifiers, IP address, and info about your visit) to serve ads and measure their effectiveness. Similarly, when analytics are active, Google and Microsoft receive data about your interactions (they use this on our behalf to give us reports, but note Google may use analytics data for its own purposes in accordance with its privacy policy, though in GDPR-regulated regions Google Analytics generally acts as a processor). We consider these disclosures as part of using these third-party tools; we manage them carefully via consent and contractual arrangements (e.g., we enabled the data processing addendum with Google for Analytics, which limits Google’s use of that data).

  • Aggregate or De-Identified Information: We may share aggregated, anonymized, or otherwise de-identified data with third parties for various purposes (such as number of users who visited a page, general usage trends, etc.). This data will not identify any individual and thus is not considered personal data. For example, we might publish a report or infographics highlighting popular app categories based on collective user activity, but without any personal identifiers.

We make sure that whenever personal data is shared, appropriate safeguards are in place. If any service provider or partner is located outside of Andorra or the European Economic Area (EEA), we will address cross-border transfer requirements as detailed in the next section.

Aside from the scenarios listed above, we will not disclose your personal data to third parties without your consent. If in the future we ever need to share data in a new way, we will update this Privacy Policy and, if required, obtain your consent.

International Data Transfers

TZION MEDIA SLU is based in Andorra. Andorra is recognized by the European Commission as providing an adequate level of data protection, essentially equivalent to that provided in the EU. This means that personal data can flow between the EU/EEA and Andorra without additional safeguards, as if it were an intra-EU transfer.

However, some of the third parties we work with (and some data we collect) may be stored or processed in other countries, including countries outside of Andorra and the European Union/European Economic Area. In particular:

  • Hosting and Storage: If our Website or databases are hosted on servers located outside Andorra (for example, in the EU or the United States), then personal data you provide or that we collect automatically will reside on those servers. We will choose hosting in jurisdictions with strong data protection standards when possible.

  • Service Providers: Many of our service providers are international companies. For instance, Google and Microsoft have data centers around the world. When you consent to use of Google Analytics, the data (including possibly a truncated IP address and activity data) may be processed on Google’s servers in the United States or other countries. Similarly, Microsoft Clarity data might be transmitted to Microsoft servers outside Andorra (Microsoft has significant operations in the EU and US). Cloudflare may route your data through servers globally as part of its content delivery network and security services.

  • Advertising Partners: Google (AdSense) and other ad partners may transfer data cross-border as needed to deliver ads and perform analysis. For example, if you are in the EU, Google might still process the advertising data on servers in the US. Yahoo Japan Ads data likely will be processed in Japan.

Whenever we transfer personal data out of Andorra or the EU/EEA to countries that are not deemed to have adequate data protection by the EU, we will ensure that appropriate safeguards are in place as required by law. These may include:

  • Standard Contractual Clauses (SCCs): For service providers under our control (like those who act as data processors), we can incorporate EU-approved Standard Contractual Clauses into our contracts with them to require that they protect the data according to EU (and similar Andorran) standards. For example, we have agreed to data processing terms with Google that include SCCs for any European personal data transferred to the US.

  • Adequacy Decisions: Some countries where data might be processed have been deemed adequate by the European Commission (aside from Andorra which already is). For example, if we use any UK-based service, the UK is covered by an adequacy decision post-Brexit; or if data goes to Switzerland, it’s also considered adequate by the EU.

  • Privacy Frameworks: Where applicable, we may rely on recognized frameworks such as the EU-US Data Privacy Framework (for transfers to certified US entities) or similar, once fully in effect, provided our partners are certified under such programs. (We will monitor our partners, like Google or Microsoft, to see if they participate in any framework that covers their transfers.)

  • Andorran Requirements: We will also ensure compliance with Andorra’s data export requirements. Andorra, while adequate for EU transfers, likely requires similar safeguards for sending data to third countries. We would obtain authorization from the Andorran Data Protection Agency (APDA) if required or ensure SCCs or other measures align with Andorran law.

By using our Website or providing us information, you understand that your personal data might be transferred to and processed in countries other than your own. However, this Privacy Policy, our internal practices, and our agreements with third parties are designed to ensure a consistent and high level of protection for your personal data globally.

If you would like more information about the specific safeguards in place for transfer of your data, you can contact us (see the "Contact Us" section below). For instance, if we rely on Standard Contractual Clauses, we can provide a copy of those clauses upon request.

Please note that while data transferred to jurisdictions like the US may be subject to foreign government access under certain circumstances (e.g., intelligence agencies), we have taken measures to minimize data shared (e.g., using pseudonymized IDs where possible) and we rely on updated legal mechanisms that aim to address these issues (for example, the new EU-US Data Privacy Framework, if applicable to our partners, or SCCs that include supplemental measures).

We will not transfer your personal data to a third country or international organization if the transfer is not permissible under applicable data protection laws without obtaining your consent or otherwise complying with said laws.

Data Retention

We retain personal data only for as long as is necessary to fulfill the purposes for which it was collected, as described in this Privacy Policy, and to comply with legal and contractual requirements. The exact retention periods vary depending on the type of data and the purpose of processing. Below are some general guidelines we follow:

  • Usage Data & Analytics: We keep analytics data for a period that allows us to identify usage trends and patterns over time, but not longer than necessary. For Google Analytics, we have configured the data retention setting to the shortest practical period (for example, 14 months) or as per Google’s minimum limits, and we have enabled controls that ensure older data is deleted automatically. Microsoft Clarity data (session recordings, etc.) is retained according to Microsoft’s standard retention period (which is typically a few months unless we actively extend it). Aggregated reports (which do not contain personal data) may be kept longer for historical reference.

  • Cookies: Cookies stored on your device have their own expiration, as detailed in our Cookie Policy. For instance, some cookies expire after the session, others in 30 minutes, 6 months, 1 year, etc., if you don’t delete them manually. On our side, any server logs associated with cookie IDs are typically rotated and deleted periodically (often within a few months). If you withdraw consent for certain cookies (e.g., via our CMP), we stop processing new data from those cookies immediately, and we may either delete or anonymize previously collected data from that point if required by law or if technically feasible.

  • Server Logs and Security Data: Our web server logs, which include IP addresses and visit timestamps, are generally kept for a short duration — typically 90 days — unless a particular log is needed longer for security analysis. Cloudflare logs/security event data might be kept around 24 hours to a few weeks on their systems, unless flagged as part of a security incident, in which case relevant portions might be retained longer to investigate and mitigate threats.

  • Contact and Inquiry Data: If you contact us, we retain the correspondence and any provided personal data for as long as necessary to address your inquiry and as required for our records. For example, if you email us a question, we might keep that email for future reference once your issue is resolved, typically for up to 1-2 years, in case you follow up or to refer back to it. If you submit a DMCA notice or other legal notice, we will retain that data as part of our legal records – usually for a minimum of 3 years or more, given the legal significance, to demonstrate our compliance and for potential disputes.

  • DMCA and Legal Records: DMCA notices/counter-notices and related communications are kept as long as necessary to comply with legal obligations and to exercise or defend legal claims. Considering statute of limitations and the possibility of repeat issues, we may keep such records for at least 3-5 years, and possibly longer (for example, if an issue recurs or if it’s advisable to maintain a record for ongoing protection).

  • Consent Records: We maintain records of when and how users gave consent for cookie usage (via our CMP). These records (which may include a consent ID, a timestamp, and consent preferences) are stored for at least 13 months (per many regulatory guidelines in the EU for consent data) and possibly longer (to prove compliance). Typically, we align the retention with the lifespan of the consent cookie (which is 13 months for FCCDCF and similar cookies) and may refresh with each new consent.

  • Aggregated/Anonymized Data: If data is fully anonymized (no longer personally identifiable), we may retain it indefinitely for statistical purposes without further notice, since it ceases to be personal data.

Once the retention period expires or the purpose of processing has been fulfilled, we will either securely delete or anonymize the personal data, or if deletion/anonymization is not immediately feasible (for example, the data is stored in backups), we will securely isolate it and protect it from any further use until deletion is possible.

Backup and Archival: It’s important to note that personal data might reside in our routine backups. We have measures such that if we restore from backup, we apply deletion commands to any data that had been deleted since that backup. Backup data is protected and not readily accessible for processing; it is only accessed if needed for disaster recovery. Backup retention is typically cyclical (e.g., weekly or monthly backups overwritten after a certain number of cycles, often within a year at most).

Legal Hold: In circumstances such as an ongoing legal dispute or investigation, we may retain specific data for longer than the periods stated here, if required. We’ll do so strictly for the involved data and restrict access to only those who need it for the legal process.

If you request deletion of your personal data (see "Your Rights" below), we will honor that request as required by law. Note, however, that certain data we cannot immediately delete due to legal obligations or technical constraints will be removed as soon as those obligations or constraints no longer apply.

Your Rights

Under Andorran law (LQPD) and, where applicable, the EU General Data Protection Regulation (GDPR), you have several rights regarding your personal data. We are committed to upholding these rights. Your rights include:

  • Right of Access: You have the right to request confirmation as to whether we are processing personal data about you, and if so, to request access to that personal data. This enables you to receive a copy of the personal data we hold about you and certain information about how we process it. (This is sometimes called a "Data Subject Access Request".)

  • Right to Rectification: You have the right to request that we correct any inaccuracies in your personal data. You can also ask us to complete data that you believe is incomplete. We want to make sure your information is accurate and up to date, so please do reach out if any of the data we have is incorrect.

  • Right to Erasure ("Right to be Forgotten"): You have the right to request the deletion of your personal data in certain circumstances. You can ask us to erase your personal data, for example, if it is no longer necessary for the purposes for which it was collected, or if you have withdrawn your consent and no other legal basis for processing exists. We will also erase data if we have processed it unlawfully or if erasure is required to comply with a legal obligation. Note that this right is not absolute – sometimes we may have legal grounds to retain data (e.g., to comply with a legal obligation or for the establishment, exercise, or defense of legal claims). We will inform you if that's the case.

  • Right to Restrict Processing: You have the right to request that we limit the processing of your personal data under certain conditions. This means we would store your data but not actively process it (beyond storing it) until the restriction is lifted. You can ask for restriction if you contest the accuracy of the data (for a period allowing us to verify it), or if the processing is unlawful but you do not want it erased, or if we no longer need the data but you need us to keep it for the establishment, exercise, or defense of legal claims, or if you have objected to processing (see below) and are awaiting verification of our compelling grounds.

  • Right to Data Portability: To the extent that we process your personal data based on your consent or on a contract, and the processing is carried out by automated means, you have the right to request a copy of the personal data you provided to us in a structured, commonly used, machine-readable format. You also have the right to request that we transmit this data directly to another controller where technically feasible. Essentially, this allows you to take your data to another service. In practice, this right may have limited scope on our Website since we typically do not collect structured personal data like profiles or preferences tied uniquely to you (apart from email communications). But if applicable, we will comply.

  • Right to Object: You have the right to object to certain types of processing of your personal data:

  • Direct Marketing: You can object at any time to processing of your personal data for direct marketing purposes. (Note: We currently do not use personal data for direct marketing to individuals, such as email newsletters, without consent. If we ever did, you could opt out easily.)

  • Legitimate Interests: Where we are processing your data based on our legitimate interests (or those of a third party), you have the right to object to that processing on grounds relating to your particular situation. We will then reevaluate the balance of interests. If your rights and interests outweigh ours, we will stop (unless we have compelling legitimate grounds or need to continue for legal reasons). For example, you can object to our analytics data collection; and if you do, we will respect that choice (via opt-out mechanisms or otherwise).

  • Right to Withdraw Consent: If we rely on your consent for processing any personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing done before you withdrew consent, but it will mean we stop processing the data going forward. For instance, you can adjust your cookie consent preferences via our CMP to withdraw consent from analytics or advertising cookies and we will cease those activities for your device/browser moving forward.

  • Right not to be subject to Automated Decision-Making: We do not make any decisions about you that are based solely on automated processing, including profiling, which produce legal effects or similarly significant effects. If that ever changes, you would have the right to not be subject to such decisions without human intervention. (This is often not applicable in our context, since we primarily use data for analytics and advertising which doesn't produce decisions with legal or major personal impact on you.)

These rights can be exercised free of charge. However, if requests are manifestly unfounded or excessive (for example, repetitive), we may charge a reasonable fee or refuse to act on the request (in line with GDPR/Andorran law allowances). We will inform you of our reasoning in such cases.

Please note: When you exercise these rights, we may need to request specific information from you to confirm your identity and ensure your right to access the information (or to exercise other rights). This is a security measure to ensure that personal data is not disclosed to someone who does not have the right to receive it. For example, if you email us requesting data deletion, we might ask you to provide information that matches data we have on record to ensure you are the rightful owner of that data.

We will respond to your request as soon as possible, and in any event within one month of receipt of the request. If your request is complex or if we have received a large volume of requests, this deadline may be extended by an additional two months. If an extension is necessary, we will inform you of the extension and the reasons for it within the initial one-month period.

In some cases, your rights may be limited. For example, if fulfilling your request would adversely affect the rights and freedoms of others, or if we are legally prevented from disclosing such information. We will always strive to honor your rights to the fullest extent possible.

Exercising Your Rights and Contacting Us

To exercise any of your data protection rights or if you have any questions or concerns about how we handle your personal data, you may reach out to us using the following contact details:

TZION MEDIA SLU – Privacy Team
Address: Carretera dels Cortals, Edifici Cirerer-Griu, Atic 3, AD200, AD
Telephone: +376 62 60 15
Email: [email protected]

(Please include "Privacy Request" in the subject line or communication, and specify which right you wish to exercise, along with any relevant details. For example: "Access Request - please provide me with the data you have about me in your server logs associated with IP 123.456.789.0 during April 2025.")

For security and verification purposes, we might ask for additional information to confirm your identity, especially for sensitive requests like access or deletion. Any information gathered for verification will only be used for that purpose.

We will acknowledge your request and respond as quickly as we can, generally within 30 days. If we anticipate that it will take longer (due to complexity or number of requests), we will let you know within 30 days and explain the reason for the delay.

If you believe that our processing of your personal data infringes applicable data protection laws, you have the right to lodge a complaint with a supervisory authority. In Andorra, the supervisory authority is the Andorran Data Protection Agency (Agència Andorrana de Protecció de Dades - APDA).

Contact details for APDA:
Website: https://www.apda.ad (with information available in Catalan/Andorran).
Address: C/ Prat de la Creu 59-65, Edifici Prat del Rull, Planta 2, AD500 Andorra la Vella, Principality of Andorra.
Telephone: +376 886 003
Email: [there may be an official email, which you can find on APDA’s site]

We would, however, appreciate the chance to address your concerns directly before you approach the APDA or another authority. So please feel free to contact us first, and we will do our best to resolve any issue.

Data Security

We take the security of your personal data seriously and implement appropriate technical and organizational measures to safeguard it from unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: Our Website is served over HTTPS, which means that data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security). This helps protect against eavesdropping on the network. You can verify this by looking for the padlock icon in your browser’s address bar when visiting our site.

  • Access Controls: We restrict access to personal data to authorized personnel and contractors who need to know that information for the purposes described in this policy. All such individuals are subject to strict confidentiality obligations. We use authentication mechanisms (passwords, two-factor authentication where feasible) to prevent unauthorized access to administrative areas or databases where data might be stored.

  • Firewalls and Network Security: Our servers and network are protected by firewalls and monitoring tools to detect and block unauthorized attempts to access data. We also utilize Cloudflare’s security services to filter out malicious traffic (like bots or attackers), as previously mentioned. Cloudflare’s Bot Management and DDoS protection services automatically identify potential threats and mitigate attacks in real-time.

  • Data Minimization: We collect and retain only the personal data that is necessary for our purposes. Where possible, we anonymize or pseudonymize data. For example, IP addresses in analytics are anonymized (truncated) so that they cannot be easily linked back to you. Session recordings in Clarity automatically mask keystrokes or any element that might contain personal data.

  • Routine Maintenance and Updates: We keep our systems and software up to date with the latest security patches and follow best practices for server maintenance. Outdated software can be vulnerable to exploits, so we ensure timely updates to reduce this risk.

  • Regular Security Assessments: We periodically review our security procedures and may conduct vulnerability scans or penetration tests (directly or through third-party specialists) to uncover and fix potential weaknesses. If we engage any third-party to test our security, they are under strict obligations to maintain confidentiality and not to disrupt our services.

  • Backup and Recovery: We maintain regular backups of site data in secure locations. In case of any data loss incident, we have the ability to restore data from backups. Access to backups is secure and limited to authorized personnel.

  • Employee and Contractor Training: We train those who work for us (employees, if any, or contractors) about the importance of privacy and security. They are instructed on how to handle data properly and are required to sign confidentiality agreements. If we become aware of any employee/contractor violating our data protection rules, we take appropriate disciplinary action.

Despite all these measures, it's important to note that no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security. Cyber threats evolve rapidly, and there is always some residual risk of unforeseen data breaches.

In the unfortunate event of a security breach that poses a significant risk to your rights and freedoms, we will promptly inform both you and the relevant authorities (such as the APDA) as required by law. We have a breach response plan in place which involves identifying the issue, containing it, assessing the impact, and notifying affected parties.

You also play a role in data security. We encourage you to use strong, unique passwords for your accounts (for example, your email, if you use it to communicate with us) and to be cautious about phishing attempts or suspicious links. TZION MEDIA SLU will never ask you for sensitive personal data like passwords via email. If you ever suspect that your interaction with us or our site is not secure, please notify us immediately.

Children's Privacy

Our Website is not directed at children (individuals under the age of 16) and we do not knowingly collect personal data from children without appropriate parental consent. The content of Mileapps (app descriptions, reviews, etc.) is generally intended for a general audience interested in mobile apps, and not specifically aimed at children.

If you are under 16 (or the equivalent minimum age in your jurisdiction), please do not use the Website or send us any personal data (such as your name, address, or email). If we learn that we have inadvertently collected personal data from a child without proper consent, we will take steps to delete that information promptly.

Parents or guardians: If you become aware that your child has provided personal data to us without your consent, please contact us and we will work to remove that data and (if applicable) terminate the child’s ability to use our services. We are committed to complying with applicable laws regarding the protection of children’s information (such as the US COPPA and EU GDPR's provisions on child consent, albeit Andorra has its own equivalent that aligns with GDPR principles).

Changes to This Privacy Policy

We may update or modify this Privacy Policy from time to time in response to changing legal, technical, or business developments. The "Last updated" date at the bottom of this policy indicates when it was last revised. Any changes will become effective when we post the revised Privacy Policy on the Website.

If we make material changes to this Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes. For example, we may display a prominent notice on the Website (such as a banner or pop-up) or if we have your email contact, we might send you an email notification.

Material changes could include, for example, any significant changes in the purposes of processing, new categories of personal data being collected, or changes in your rights. Minor changes (like clarifications, grammatical corrections, or organizational changes) will likely not require direct notification, but will be reflected in the updated policy on this page.

We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting the personal data we collect. Your continued use of the Website after any changes to this Privacy Policy constitutes acceptance of those changes (to the extent permitted by law).

If you do not agree with any updates or changes, you should stop using the Website and may request us (via the contact information below) to remove your personal data if applicable.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please feel free to contact us:

TZION MEDIA SLU – Privacy Inquiry
Mailing Address: Carretera dels Cortals, Edifici Cirerer-Griu, Atic 3, AD200, AD
Phone: +376 62 60 15
Email: [email protected]

We will do our best to address your inquiry promptly and thoroughly. Your privacy is important to us, and we welcome feedback on any aspects of our Privacy Policy or how we implement it.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can lodge a complaint with the Andorran Data Protection Agency (APDA) or your local supervisory authority (as noted in "Your Rights" above).

Last updated: 11/18/2025