Privacy Policy

Last updated: January 2025

1. Data Controller

2. Overview

Reax is a messaging app that allows users to communicate exclusively through GIFs. This privacy policy informs you about what personal data we collect, how we use it, and what rights you have.

3. Data We Collect

3.1 Registration Data (required)

When registering via Google or Apple, we receive:

• Email address - to identify your account
• Name - for display in the app
• Profile picture - from your Google or Apple account (optional)
• Unique user ID - for technical identification

Legal basis: Art. 6(1)(b) GDPR (contract performance)

3.2 Profile Data

You can add the following data in the app:

• Username - publicly visible so others can find you
• Avatar GIF - a GIF as your profile picture

Legal basis: Art. 6(1)(b) GDPR (contract performance)

3.3 Chat Data

To provide the messaging service, we store:

• Sent GIF messages - URLs of the GIFs you send
• Chat rooms - information about your conversations
• Chat requests - status of contact requests
• Blocked users - list of people you have blocked
• Read receipts - when messages were read
• Online status - your current availability

Legal basis: Art. 6(1)(b) GDPR (contract performance)

3.4 Contact Data (optional)

With your explicit consent, you can sync your contacts to find friends who are already using Reax:

• Email addresses of your contacts - matched against registered users

Contact data is only used for matching and is not permanently stored on our servers.

Legal basis: Art. 6(1)(a) GDPR (consent)

3.5 Technical Data

To ensure operation and troubleshoot issues, we collect:

• Device information - device type, operating system, app version
• Crash reports - for diagnosing and fixing app errors
• Push notification tokens - to deliver notifications

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in providing a functioning service)

3.6 Usage Statistics

We use Firebase Analytics to collect anonymized usage statistics:

• App launches and usage frequency
• Features used
• General usage patterns

This data is aggregated and cannot be traced back to individual users.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in improving the app)

4. Third-Party Services

4.1 Google Firebase

We use various Firebase services from Google LLC:

• Firebase Authentication - for secure sign-in
• Cloud Firestore - for storing chat and user data
• Firebase Analytics - for anonymized usage statistics
• Firebase Crashlytics - for error detection and fixing
• Firebase Cloud Messaging - for push notifications

Data processing takes place in data centers in the EU and USA. Google is certified under the EU-US Data Privacy Framework.

More information: Firebase Privacy

4.2 KLIPY

For GIF search and display, we use the KLIPY API from Klipy Inc.:

• Search queries are transmitted to KLIPY
• GIFs are loaded directly from KLIPY servers

More information: KLIPY Privacy Policy

4.3 Apple (Sign in with Apple)

When signing in with Apple, your data is transmitted by Apple Inc. You can choose at Apple whether to use your real email address or a private relay address.

More information: Apple Privacy

4.4 Google (Google Sign-In)

When signing in with Google, your data is transmitted by Google LLC.

More information: Google Privacy Policy

5. Data Retention

• Account data: until you delete your account
• Chat messages: until deleted by user or account deletion
• Crash reports: 90 days
• Analytics data: 14 months (anonymized)

6. Your Rights

Under GDPR, you have the following rights:

• Right of access (Art. 15 GDPR) - request information about your stored data
• Right to rectification (Art. 16 GDPR) - correct inaccurate data
• Right to erasure (Art. 17 GDPR) - delete your account and all data
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent (Art. 7(3) GDPR) - at any time

You also have the right to lodge a complaint with a data protection supervisory authority.

7. Account Deletion

You can delete your account at any time in the app under Profile → Delete account. All your data will be permanently deleted:

• Profile data
• Chat messages
• Chat requests
• Block lists

8. Data Security

We implement technical and organizational measures to protect your data:

• Encrypted data transmission (HTTPS/TLS)
• Secure authentication via Google/Apple
• Access control and Firestore Security Rules

9. Children

Reax is intended for users aged 13 and older. We do not knowingly collect data from children under 13. If you learn that a child under 13 is using our app, please contact us.

10. Changes to this Privacy Policy

We may update this privacy policy as needed. We will inform you of significant changes in the app. The current version is always available on this page.

11. Contact

For privacy-related questions, contact us at: