Istina

Privacy Policy

Last updated: April 23, 2026

1. Data Controller

Istina is operated by:

Altiora Labs LLC

N41 Zakaria Paliashvili Street

Vake District

Tbilisi

Georgia

Altiora Labs LLC acts as the data controller within the meaning of the General Data Protection Regulation (GDPR).

For any questions regarding this Privacy Policy or to exercise your data protection rights, you may contact us at:

privacy@istina.co

Response time: within 30 days

Attachments are not accepted for security reasons, please include your request in the email body. If supporting documents are necessary, we may request them separately.

2. Scope of This Privacy Policy

This Privacy Policy explains how we collect, use, store, and protect personal data when you access or use the Istina application and related services.

It applies to all users, including those located in the European Union.

3. Information We Collect

We collect only the data necessary to operate, secure, and improve Istina.

3.1 Information You Provide Directly

  • Email address
  • Birthdate (used solely to verify that you are at least 18 years old)
  • Profile information you choose to provide (such as username, profile picture, interests)
  • Content you upload (photos, videos, voice messages, comments)
  • Event, contest, or quest information you create or participate in

Providing optional profile information is voluntary.

3.2 Authentication Data

Istina uses passwordless authentication.

Access to your account is granted through one-time verification codes sent to your email address.

3.3 Location Data

We process location data solely to enable core location‑based features such as discovering nearby users, events, contests, and quests, and to serve location‑relevant content (e.g., contests targeted to your area).

Precise location (GPS): When location permissions are granted and GPS is active, we collect precise device coordinates. For general location features, we use your most recent coordinates to compute your approximate neighborhood, suburb, village, or equivalent area (coarse geographic zone) for map display and related features, and these current coordinates are overwritten as new GPS data is received. If you choose to share your live precise location at a selected place (e.g., by activating the "I'm here" feature), we process the coordinates of that place so your exact location can be displayed to other users for a limited duration (30 minutes, 1 hour, or 2 hours).

Approximate location: Derived from IP address (city / country level) for initial content targeting and fallback discovery.

Location history: Outside of situations where you choose to share your live precise location at a selected place, we do not maintain a continuous precise GPS history. We may retain city and country level location history and records of selected places where you shared live precise location, which can include precise place coordinates.

Default map display: By default, user locations are shown at neighborhood/area level only on the map. Exact locations are shown only if you choose to share your live precise location at a selected place, and only for the selected duration.

User controls: You can disable your default map visibility (invisible mode), set custom visibility preferences, and decide separately for each selected place whether to share your live precise location on the map for 30 minutes, 1 hour, or 2 hours. Disabling default map visibility restricts discovery and nearby features.

Retention: Current GPS coordinates used for general location features are retained only as long as actively needed and are overwritten on update. City / country history is retained for service operation and deleted upon account deletion. If you choose to share your live precise location at a selected place, we retain the related place record, including its coordinates, any optional caption, and any exact-visibility expiry timestamp, for service operation and until account deletion, unless a longer retention period is required by law. IP-derived location follows similar minimal retention.

Content targeting: IP‑derived approximate location and Precise location (GPS) may be used to recommend nearby contests, events, or quests.

Legal basis: Location data is processed under legitimate interests and contractual necessity to provide requested service features, and under consent where device permissions or optional exact location sharing are involved.

3.4 Communications and Social Interactions

We process data related to:

  • Private and group chat messages
  • Voice messages and shared media
  • Social interactions (followers, following, greetings, blocks)
  • Tips or transfers of digital assets between users

Private communications are intended to be private.

3.5 Technical and Usage Data

We may collect limited technical data, including:

  • Device and browser information
  • App usage logs
  • Security and fraud-prevention signals

We use privacy-focused analytics tools that do not rely on tracking cookies or cross-site profiling.

3.6 Wallet and Blockchain-Related Data

If you choose to enable a wallet, we may process:

  • Your wallet public address
  • Blockchain transaction records related to your Istina activity
  • Wallet balance information for display and functional purposes

Certain wallet and transaction data may be processed in connection with on-chain smart contracts used for events, contests, or quests, including prize pool management and settlement.

Istina supports digital asset operations across multiple blockchain networks. Deposits may originate from supported blockchains and be bridged to enable in-app use or external transfers.

Non-custodial nature of the wallet:

Istina does not hold private keys, does not control user funds, and cannot sign or reverse transactions. We do not have access to your private keys or the ability to recover funds.

Blockchain transactions are public and immutable by design.

4. How We Use Your Information

We process personal data to:

  • Provide and operate Istina’s services
  • Authenticate users and secure accounts
  • Enable location-based discovery and social features
  • Facilitate content sharing, events, contests, quests, and rewards
  • Enable wallet-related functionality
  • Deliver notifications according to your preferences
  • Prevent fraud, abuse, and unauthorized access
  • Comply with legal and regulatory obligations
  • Enable Places features, including optional time-limited sharing of your live precise location on the map

5. Legal Bases for Processing (GDPR)

We process personal data under the following legal bases:

  • Contractual necessity – to provide Istina’s services
  • Legitimate interests – security, fraud prevention, service improvement
  • Consent – optional push notifications
  • Legal obligations – compliance with applicable laws

You may withdraw consent at any time without affecting the lawfulness of prior processing.

6. Information Sharing

We do not sell personal data.

We share personal data only when strictly necessary or when you direct us to do so through product features:

  • With service providers acting as data processors on our behalf
  • To comply with legal obligations
  • To protect the rights, safety, and integrity of Istina and its users
  • With your explicit consent

If you explicitly choose to share your live precise location at a selected place, the exact location of that place and any optional caption you attach to that live share are disclosed to other users for the duration you choose. All processors are contractually bound to confidentiality and data protection obligations consistent with GDPR.

7. Third-Party Services

Istina relies on trusted third-party service providers for:

  • Wallet infrastructure (non-custodial technology)
  • Media hosting and delivery
  • Email delivery
  • Cloud infrastructure and security
  • Analytics and performance monitoring using Cloudflare Web Analytics

Only the minimum data required for each service is shared.

8. Data Security

We implement appropriate technical and organizational security measures, including:

  • Encrypted communications
  • Access controls and authentication safeguards
  • Token-based protection for private media
  • Secure infrastructure and monitoring

No system is entirely risk-free, but we continuously improve our safeguards.

9. Data Retention

We retain personal data only for as long as necessary:

  • Account data: for the duration of your account
  • Content and communications: until deleted by you or upon account deletion
  • Wallet and transaction-related data: as required for service operation and legal compliance
  • Security logs: for a limited and proportionate period

We may retain certain records longer where necessary to comply with legal obligations or establish, exercise, or defend legal claims.

10. Account Deletion

You may request deletion of your account at any time.

Account deletion is subject to a 7-day cooling-off period, during which:

  • The deletion request may be canceled
  • Processing of your data is restricted to essential security and legal purposes
  • After this period, your account and associated personal data are permanently deleted, except where retention is required by law or due to the immutable nature of blockchain records.

If you delete a conversation in the app, the messages in that conversation are deleted. If you delete your account, one-to-one conversations tied only to your account may be deleted in full, while in shared group or event chats we may delete your messages and retain other participants' messages where needed to preserve the shared conversation, subject in each case to legal retention requirements and the immutable nature of blockchain records.

11. Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Correct inaccurate or incomplete data
  • Request deletion of your data
  • Restrict or object to certain processing
  • Withdraw consent at any time
  • Request data portability

Data access or portability requests will be fulfilled within the legally required timeframe.

Requests can be made by contacting: privacy@istina.co

Response time: within 30 days

Attachments are not accepted for security reasons, please include your request in the email body. If supporting documents are necessary, we may request them separately.

12. Blockchain-Specific Transparency

Due to the nature of blockchain technology:

  • Blockchain records cannot be altered or erased
  • Wallet addresses and transaction data may remain publicly visible
  • Istina cannot reverse transactions or recover lost wallet access
  • You are responsible for securely backing up your wallet using the methods made available within the application

Loss of backup credentials may result in permanent loss of access to funds.

13. Notifications and Communications

We may send:

  • Mandatory security and authentication emails
  • Optional push notifications, configurable in your account settings
  • Service-related communications

You can manage notification preferences at any time.

14. Age Restriction

Istina is intended for users 18 years of age or older.

We do not knowingly process personal data of minors.

15. International Data Transfers

Your data may be processed outside your country of residence. When this occurs, appropriate safeguards are implemented in accordance with GDPR requirements. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses.

16. Availability and Jurisdictional Restrictions

Certain features (including events, contests, quests, and rewards) may not be available in all jurisdictions due to legal or regulatory constraints.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

Material changes will be communicated through the application or by email.

18. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority.

© 2026 Istina