Privacy Policy

Last Updated: December 23, 2024

Introduction

Welcome to Perikles. We are committed to protecting your privacy and ensuring you have a positive experience on our app and services. This Privacy Policy explains how we collect, use, share, and protect your personal information in compliance with applicable privacy laws, including GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act).

Key Points:

We collect only the data necessary to provide our services
You have full control over your data and can delete your account at any time
We do not sell your personal information to third parties
All payment processing is handled securely through Stripe and Apple Pay

Information We Collect

1. Account Information

When you create an account, we collect:

Email address: Used for account identification and communication
Password: Securely hashed and stored (we never store plain text passwords)
Username: Your chosen display name
Profile information: Optional profile picture and bio

2. OAuth Provider Information

If you sign in using third-party providers (Apple, LinkedIn, Amazon, Microsoft, Google), we receive:

Basic profile information: Name, email address, and profile picture (if available)
Provider ID: A unique identifier from the OAuth provider
Access tokens: Stored securely to maintain your connection (never shared)

Note: We only request the minimum permissions necessary. You can disconnect OAuth providers at any time.

3. Location Information (Optional)

We request access to your location to provide enhanced features:

Purpose: Show nearby events, local content, and personalized recommendations
Type: Approximate location (latitude/longitude coordinates)
Optional: The app functions without location access; default values (0.0, 0.0) are used if not provided
Control: You can revoke location permissions at any time in iOS Settings

Important: Location data is never sold or shared with advertisers.

4. Image and Media Data

When you upload images:

Image files: Stored securely on our servers (maximum 5MB per image)
Metadata: Upload date, image dimensions, file format
Format conversion: HEIC images are automatically converted to WebP for compatibility
Privacy: Images are associated with your account and visible based on your privacy settings

5. Camera Access

Camera access is requested for:

Scanning QR codes for event check-in
Taking photos for uploads and profile pictures
Camera data is processed locally and only uploaded when you explicitly choose to upload an image

6. Payment Information

Payment processing is handled by trusted third-party providers:

Stripe: Processes credit/debit card payments
Apple Pay: Processes Apple Pay transactions for iOS users
Data we store: Transaction IDs, payment status, purchase history
Data we DON'T store: Full credit card numbers, CVV codes, or Apple Pay tokens
Security: All payment data is encrypted and PCI-DSS compliant

7. Usage and Analytics Data

We collect anonymous usage data to improve our services:

App features used and frequency
Device type, operating system version
App version and crash reports
Performance metrics and error logs

Note: This data is aggregated and anonymized; it cannot be used to identify individual users.

8. Auction and Bidding Data

For users participating in auctions:

Bid history and amounts
Auction participation timestamps
Won items and transaction records

How We Use Your Information

We use collected information for the following purposes:

Purpose	Data Used
Account Management	Email, password, username, profile information
Authentication	Email, OAuth tokens, session data
Payment Processing	Transaction data via Stripe/Apple Pay
Location-based Features	GPS coordinates (optional)
Communication	Email address for notifications, updates, support
Service Improvement	Anonymous usage analytics
Security and Fraud Prevention	Login history, device information, IP addresses
Auction Functionality	Bid data, user preferences, auction history

Apple Pay Compliance

Apple Pay Data Handling:

Apple Pay transactions are processed through Stripe's Apple Pay integration
We never receive or store your full payment card information
Apple Pay uses device-specific account numbers and unique transaction codes
Your actual card numbers are not stored on your device or our servers
Payment data is encrypted end-to-end during transmission
Transactions are authenticated using Face ID, Touch ID, or your device passcode

For more information about Apple Pay security, visit: Apple Pay Security and Privacy Overview

Data Sharing and Disclosure

Third-Party Service Providers

We share data with trusted third parties only when necessary to provide our services:

Stripe: Payment processing (PCI-DSS compliant)
Apple: Apple Pay merchant validation and processing
OAuth Providers: Apple, LinkedIn, Amazon, Microsoft, Google (only for authentication)
AWS (Amazon Web Services): Cloud hosting and email services (SESv2)
Redis Cloud: Session management and caching

Legal Requirements

We may disclose your information if required by law or in response to:

Valid legal processes (court orders, subpoenas)
Government or regulatory requests
Protection of our rights, property, or safety
Prevention of fraud or illegal activities

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

We Never Sell Your Data: We do not sell, rent, or trade your personal information to third parties for marketing purposes.

Data Security

We implement industry-standard security measures to protect your data:

Encryption: All data transmitted over the internet is encrypted using TLS/SSL
Password Security: Passwords are hashed using bcrypt before storage
Secure Storage: Data is stored on secure servers with access controls
OAuth Security: OAuth tokens are encrypted and stored securely
Payment Security: PCI-DSS compliant payment processing via Stripe
Regular Audits: Security assessments and vulnerability testing
Access Controls: Strict internal access policies and authentication requirements

Note: While we implement robust security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

Your Rights and Choices

Access and Control

You have the following rights regarding your personal data:

Access: Request a copy of your personal data
Correction: Update or correct inaccurate information
Deletion: Request deletion of your account and associated data
Data Portability: Receive your data in a structured, machine-readable format
Opt-out: Unsubscribe from marketing communications
Revoke Permissions: Disable location access, camera access, or OAuth connections

Account Deletion

You can delete your account at any time:

Open the Perikles app
Go to Settings → Account Settings
Select "Delete Account"
Confirm your decision

Important: Account deletion is permanent and irreversible. All your data will be permanently deleted, including:

Profile information and images
Bid history and auction data
Payment history (transaction records may be retained for legal/accounting purposes)
OAuth connections and associated data

California Residents (CCPA)

If you are a California resident, you have additional rights under CCPA:

Right to know what personal information is collected
Right to know if personal information is sold or disclosed
Right to say no to the sale of personal information
Right to access your personal information
Right to equal service and price

European Residents (GDPR)

If you are in the European Economic Area (EEA), you have rights under GDPR:

Right to access, rectify, or erase your personal data
Right to restrict or object to processing
Right to data portability
Right to withdraw consent at any time
Right to lodge a complaint with a supervisory authority

Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

Active accounts: Data retained while your account is active
Deleted accounts: Data permanently deleted within 30 days of account deletion request
Transaction records: Retained for 7 years for legal and accounting purposes
Analytics data: Anonymized data may be retained indefinitely for service improvement
Legal holds: Data may be retained longer if required by law or legal proceedings

Children's Privacy

Perikles is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected data from a child under 13, please contact us immediately at support@ikzur.com, and we will take steps to delete the information.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using our services, you consent to such transfers.

We ensure appropriate safeguards are in place for international transfers, including:

Standard contractual clauses approved by the European Commission
Privacy Shield framework compliance (where applicable)
Adequate security measures and encryption

Cookies and Tracking Technologies

We use cookies and similar technologies to:

Maintain your session and keep you logged in
Remember your preferences and settings
Analyze usage patterns and improve our services
Prevent fraud and enhance security

You can control cookie settings through your browser, but disabling cookies may affect app functionality.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes:

We will update the "Last Updated" date at the top of this policy
We will notify you via email or in-app notification
Continued use of our services after changes constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: support@ikzur.com

Subject Line: Privacy Policy Inquiry

Response Time: Within 30 days

For support-related questions, visit our Support Page.

Additional Resources

For more information about our services and policies:

Support Terms of Use