Freeck

Legal & Security

Back to Home

Privacy Policy

Privacy Policy – Freeck

Last updated: 2026-04-10

Freeck is a mobile application developed and operated by Eurekab. This Privacy Policy explains how personal data is processed in accordance with the GDPR (EU Regulation 2016/679).

1. Data Controller

Eurekab
Sole trader – Carlos Kabeya-Waza
Boulevard Hector-Denis 189, 4000 Liège – Belgium
Company / VAT number: BE 1031.610.737
GDPR contact: info@eurekab.com
Website: https://www.eurekab.com

2. User Communications

For communications related to the Freeck application (support, product information), emails may be sent from addresses using the freeck.io domain (e.g. info@freeck.io).

These addresses are operated by Eurekab. Eurekab remains the sole data controller for all personal data.

3. Data Collected

  • Email address
  • Display name (when provided via Google or Apple sign-in)
  • Firebase user identifier (UID)
  • Technical data (logs, crash reports)
  • QR-related data (signed tokens, no personal data in plain text)
  • Transaction metadata for event purchases (event ID, product, amount of Freecks debited/credited, timestamps)
  • Offline cache contents needed for continuity (authorizations, queued orders, device fingerprint)
  • Device information collected for security and fraud prevention:
    • Device model
    • Operating system version
    • App installation identifier (randomly generated UUID, stored locally)
    • Hardware identifier (vendor identifier on iOS, device identifier on Android)

Freecks are event credits issued and redeemable only with participating event organizers for on-site physical goods and services. They are not money, not a digital wallet, not convertible to cash, and cannot be used for digital goods or in-app features.

No real-money payment processing is implemented in the current version of the App.

4. Purposes of Processing

  • Account authentication and management
  • QR code and authorization management
  • Offline operation and synchronization
  • Event credit (Freecks) accounting for on-site purchases
  • User support and product communication
  • Security, debugging, and service improvement

5. Legal Basis

PurposeLegal basis
User accountContract
QR / authorizationsContract
Support & communicationLegitimate interest
Technical logsLegitimate interest
Device identificationLegitimate interest (security & fraud prevention)

6. Processors

ProcessorPurpose
Firebase (Google Ireland Ltd)Authentication, database, crash reporting
Google Sign-In (Google Ireland Ltd)Social authentication
Apple Sign-In (Apple Distribution International Ltd)Social authentication

GDPR-compliant Data Processing Agreements (DPA) are in place with Google. Apple Sign-In operates under Apple's standard terms, which include GDPR compliance commitments.

7. Data Retention

Data is retained only for as long as necessary.

  • User account data: until deletion (7-day grace period applies after a deletion request)
  • QR authorizations: event end + 30 days
  • Offline cache: until next sync (maximum 24 hours)
  • Logs: 90 days
  • Analytics: 14 months

Detailed retention periods are defined in the internal data retention policy.

7bis. Permissions

  • Camera: used solely to scan QR codes after an in-app explanation.
  • Storage/Files: not requested. Offline data is stored in the app sandbox.

8. Your Rights

You have the right to access, rectify, erase, restrict, or object to processing. You may exercise your right to erasure directly in the App via Settings → Delete Account. This initiates an automated deletion process. A 7-day grace period applies before data is permanently and irreversibly removed. Requests can also be sent to: info@eurekab.com

9. Security

  • Encrypted communications (HTTPS/TLS)
  • Strict Firestore security rules
  • Signed QR tokens (RS256)
  • Sensitive secrets (keys, device fingerprint IDs) stored in platform secure storage (Keychain / Android Keystore via flutter_secure_storage)
  • Offline operational data stored in the app sandbox (SQLite) without payment card data; minimized to what is needed for sync
  • Data minimization

10. Children's Privacy

The App is not intended for use by children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected such data, we will take immediate steps to delete it.

11. Contact

Technical support: support@freeck.io Business enquiries: info@freeck.io Legal / GDPR contact: info@eurekab.com