Privacy Policy for Vival

Last Updated: December 20, 2025

Introduction

This Privacy Policy explains how Vival ("we", "our", or "us") collects, uses, discloses, and protects information when you use the Vival mobile application (the "App"). This policy is written to reflect the App's actual behavior and the third-party services it uses. By using the App you agree to the collection and processing described here.

The App is developed and distributed from Algeria. If you have questions or requests about your data, contact us (see Section 12).

1. Data We Collect

We collect data to provide and improve the App, to process orders, and to communicate with users. We only collect data that is necessary for those purposes.

1.1 Personal Data You Provide

• Account information: full name, email address, phone number, password (stored hashed on our backend)
• Delivery contact details: recipient name, delivery address, phone number
• Order details: products/restaurants ordered, quantities, order notes
• User-generated content: reviews, ratings, comments you post in the App

1.2 Automatically Collected Data

• Location data: precise GPS coordinates when you grant permission (used for finding nearby restaurants and for delivery address capture). The App requests location "While in use" and does not collect background location unless you explicitly enable a background feature.
• Device & connection data: device model, OS version, unique device identifiers, IP address, mobile network information
• App usage and diagnostics: screens viewed, features used, crash logs and performance data
• Push notification token: Firebase Cloud Messaging (FCM) token to deliver notifications to your device

1.3 Local Data Stored on Device

• Favorites and bookmarked restaurants/products
• Shopping cart contents
• Cached announcements, promotions and basic order history
• Sensitive session tokens and small secrets stored encrypted using flutter_secure_storage

2. How We Use Data

We use data for the following purposes:

• Provide the App functionality and process orders and reservations
• Route and display restaurants and map data based on your location
• Send transactional notifications (order status, reservation confirmations)
• Send optional promotional notifications (only if you opt-in)
• Improve and analyze the App (analytics, crash reporting)
• Provide customer support and investigate abuse or fraud
• Comply with legal obligations

3. Third-Party Services and Data Sharing

We share data only with trusted third-party providers necessary for App operation. Key providers used by the App include:

• Firebase (Google): Cloud Messaging (FCM) for push notifications; may be used for analytics and crash reporting if enabled.
• Supabase: backend database and authentication (if your deployment uses Supabase)
• Map and geocoding providers: OpenStreetMap and geocoding services for address / map features
• Delivery / restaurant partners: when you place an order we share order details (name, phone, delivery address, items) with the restaurant(s) responsible for fulfillment

We do not sell personal data to third parties or share personal data for third-party advertising purposes.

4. Push Notifications

We use Firebase Cloud Messaging to send push notifications. Types of notifications:

• Transactional: order updates, delivery/reservation confirmations
• Promotional: offers and promotions (sent only if you opt-in)

You can manage notification preferences via the App and your device settings. The FCM token used to deliver notifications is stored on the backend and associated with your account.

5. Location Usage

Location is used for:

• Showing nearby restaurants and services
• Capturing delivery addresses and mapping routes
• Improving search and recommendations

We request precise location only while you use the App. We do not collect continuous background location unless you explicitly enable such a feature. You can revoke location permission at any time in device settings; some features will be limited if location is disabled.

6. Payments

The App does not process card payments in-app unless you enable a payment provider. By default the App supports cash-on-delivery; if you later integrate a payment gateway, that provider's privacy policy and data collection will apply. Currently, we do not store payment card details.

7. Data Retention and Deletion

We retain personal data only for as long as necessary to provide the service and for legitimate business or legal reasons. Examples:

• Account and profile data: retained while your account is active and for a limited period after deletion to comply with legal obligations
• Order history: retained for business and tax records as required by law
• Analytics and log data: retained in aggregated or anonymized form for as long as needed for app improvement

Account deletion: You may request deletion of your account and personal data by contacting us (see Section 12). We will delete or anonymize personal data within 30 days, except where retention is required by law.

8. Security

We apply commercially reasonable technical and organizational measures to protect your data:

• HTTPS/TLS for all network communications
• Encryption for sensitive local data using flutter_secure_storage
• Backend access controls and authentication (e.g., JWT tokens)

However, no system is completely secure; we cannot guarantee absolute security.

9. Children's Privacy

The App is not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, contact us and we will delete that information.

10. International Transfers

Your data may be stored or processed in countries other than your country of residence (for example on cloud infrastructure used by Firebase or Supabase). By using the App you consent to such transfers. We take reasonable steps to ensure appropriate safeguards are in place.

11. Data Safety Mapping (Summary for Google Play)

This is a concise mapping you can use when completing Google Play's Data Safety form — ensure your console answers exactly match this policy and your implementation:

• Location: Collected — precise location; Purpose: App functionality/delivery; Shared: Yes — restaurant partners and map providers; Background collection: No (unless user enables)
• Personal info: Collected — name, email, phone, address; Purpose: Account & order fulfillment; Shared: Yes — restaurant partners and backend providers; Encrypted in transit: Yes
• User content: Collected — reviews/ratings; Shared: Visible to other users if you publish them
• Financial info: Not collected by the App by default (cash on delivery)
• Identifiers: Collected — device identifiers, FCM token; Purpose: notifications and analytics; Shared: Yes — Firebase
• Diagnostics & crash data: Collected; Purpose: app improvement; Shared: Yes — analytics/crash services if enabled

12. Contact & Data Controller

If you have questions about this Privacy Policy or want to exercise your rights (access, correction, deletion), contact us:

• Email: vivaltighzirt@gmail.com
• Phone: +213672208930
• Business / Data Controller: Individual developer — contact via email or phone above

13. Changes to this Policy

We may update this Privacy Policy from time to time. We will notify you of material changes in the App and update the "Last Updated" date. Please check this page periodically.

Last updated: December 20, 2025