Istina

1. Data Controller

Istina is operated by:

Altiora Labs LLC

N41 Zakaria Paliashvili Street

Vake District

Tbilisi

Georgia

Altiora Labs LLC acts as the data controller within the meaning of the General Data Protection Regulation (GDPR).

For any questions regarding this Privacy Policy or to exercise your data protection rights, you may contact us at:

privacy@istina.co

Response time: within 30 days

Attachments are not accepted for security reasons, please include your request in the email body. If supporting documents are necessary, we may request them separately.

2. Scope of This Privacy Policy

This Privacy Policy explains how we collect, use, store, and protect personal data when you access or use the Istina application and related services.

It applies to all users, including those located in the European Union.

3. Information We Collect

We collect only the data necessary to operate, secure, and improve Istina.

3.1 Information You Provide Directly

Email address
Birthdate (used solely to verify that you are at least 18 years old)
Profile information you choose to provide (such as username, profile picture, interests)
Content you upload (photos, videos, voice messages, comments)
Event, contest, or quest information you create or participate in

Providing optional profile information is voluntary.

3.2 Authentication Data

Istina uses passwordless authentication.

Access to your account is granted through one-time verification codes sent to your email address.

3.3 Location Data

We process location data solely to enable core location‑based features such as discovering nearby users, events, contests, and quests, and to serve location‑relevant content (e.g., contests targeted to your area).

Precise location (GPS): When location permissions are granted and GPS is active, we collect precise device coordinates and store only your most recent / current coordinates - overwritten each time new GPS data is received; no historical tracking. These current coordinates are used instantly to compute your approximate neighborhood, suburb, village, or equivalent area (coarse geographic zone) for map display and features. Exact GPS coordinates are never displayed to other users or retained beyond computing the coarse zone.

Approximate location: Derived from IP address (city / country level) for initial content targeting and fallback discovery.

Location history: Limited strictly to city and country level only (no precise GPS history stored).

No exact display: User locations are always shown at neighborhood/area level only on the map.

User controls: You can disable location sharing entirely (invisible mode), or set custom visibility preferences. Disabling location restricts discovery and nearby features.

Retention: Current GPS coordinates retained only as long as actively needed for real‑time features and overwritten on update (no history). City / country history retained for service operation and deleted upon account deletion. IP‑derived location follows similar minimal retention.

Content targeting: IP‑derived approximate location and Precise location (GPS) may be used to recommend nearby contests, events, or quests.

Legal basis: Location data is processed under legitimate interests (service provision) and consent (where permissions are required).

3.4 Communications and Social Interactions

We process data related to:

Private and group chat messages
Voice messages and shared media
Social interactions (followers, following, greetings, blocks)
Tips or transfers of digital assets between users

Private communications are intended to be private.

3.5 Technical and Usage Data

We may collect limited technical data, including:

Device and browser information
App usage logs
Security and fraud-prevention signals

We use privacy-focused analytics tools that do not rely on tracking cookies or cross-site profiling.

3.6 Wallet and Blockchain-Related Data

If you choose to enable a wallet, we may process:

Your wallet public address
Blockchain transaction records related to your Istina activity
Wallet balance information for display and functional purposes

Certain wallet and transaction data may be processed in connection with on-chain smart contracts used for events, contests, or quests, including prize pool management and settlement.

Istina supports digital asset operations across multiple blockchain networks. Deposits may originate from supported blockchains and be bridged to enable in-app use or external transfers.

Non-custodial nature of the wallet:

Istina does not hold private keys, does not control user funds, and cannot sign or reverse transactions. We do not have access to your private keys or the ability to recover funds.

Blockchain transactions are public and immutable by design.

4. How We Use Your Information

We process personal data to:

Provide and operate Istina’s services
Authenticate users and secure accounts
Enable location-based discovery and social features
Facilitate content sharing, events, contests, quests, and rewards
Enable wallet-related functionality
Deliver notifications according to your preferences
Prevent fraud, abuse, and unauthorized access
Comply with legal and regulatory obligations

5. Legal Bases for Processing (GDPR)

We process personal data under the following legal bases:

Contractual necessity – to provide Istina’s services
Legitimate interests – security, fraud prevention, service improvement
Consent – optional push notifications
Legal obligations – compliance with applicable laws

You may withdraw consent at any time without affecting the lawfulness of prior processing.

6. Information Sharing

We do not sell personal data.

We share personal data only when strictly necessary:

With service providers acting as data processors on our behalf
To comply with legal obligations
To protect the rights, safety, and integrity of Istina and its users
With your explicit consent

All processors are contractually bound to confidentiality and data protection obligations consistent with GDPR.

7. Third-Party Services

Istina relies on trusted third-party service providers for:

Wallet infrastructure (non-custodial technology)
Media hosting and delivery
Email delivery
Cloud infrastructure and security
Analytics and performance monitoring using Cloudflare Web Analytics

Only the minimum data required for each service is shared.

8. Data Security

We implement appropriate technical and organizational security measures, including:

Encrypted communications
Access controls and authentication safeguards
Token-based protection for private media
Secure infrastructure and monitoring

No system is entirely risk-free, but we continuously improve our safeguards.

9. Data Retention

We retain personal data only for as long as necessary:

Account data: for the duration of your account
Content and communications: until deleted by you or upon account deletion
Wallet and transaction-related data: as required for service operation and legal compliance
Security logs: for a limited and proportionate period

We may retain certain records longer where necessary to comply with legal obligations or establish, exercise, or defend legal claims.

10. Account Deletion

You may request deletion of your account at any time.

Account deletion is subject to a 7-day cooling-off period, during which:

The deletion request may be canceled
Processing of your data is restricted to essential security and legal purposes
After this period, your account and associated personal data are permanently deleted, except where retention is required by law or due to the immutable nature of blockchain records.

Some information may be retained where required by law or to establish, exercise, or defend legal claims.

11. Your Rights Under GDPR

You have the right to:

Access your personal data
Correct inaccurate or incomplete data
Request deletion of your data
Restrict or object to certain processing
Withdraw consent at any time
Request data portability

Data access or portability requests will be fulfilled within the legally required timeframe.

Requests can be made by contacting: privacy@istina.co

Response time: within 30 days

Attachments are not accepted for security reasons, please include your request in the email body. If supporting documents are necessary, we may request them separately.

12. Blockchain-Specific Transparency

Due to the nature of blockchain technology:

Blockchain records cannot be altered or erased
Wallet addresses and transaction data may remain publicly visible
Istina cannot reverse transactions or recover lost wallet access
You are responsible for securely backing up your wallet using the methods made available within the application

Loss of backup credentials may result in permanent loss of access to funds.

13. Notifications and Communications

We may send:

Mandatory security and authentication emails
Optional push notifications, configurable in your account settings
Service-related communications

You can manage notification preferences at any time.

14. Age Restriction

Istina is intended for users 18 years of age or older.

We do not knowingly process personal data of minors.

15. International Data Transfers

Your data may be processed outside your country of residence. When this occurs, appropriate safeguards are implemented in accordance with GDPR requirements. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses.

16. Availability and Jurisdictional Restrictions

Certain features (including events, contests, quests, and rewards) may not be available in all jurisdictions due to legal or regulatory constraints.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

Material changes will be communicated through the application or by email.

18. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority.