Privacy Policy
GuideSofia Privacy Policy
Effective Date: January 9, 2025
Last updated: July 14, 2025
GuideSofia, a product of Brandly Collective Ltd. registered in Bulgaria with VAT BG206206347, legal address 7 Boris Arsov str., Sofia, Bulgaria, is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, store, and delete personal data when you use the App and related services.
Data We Collect
We may collect:
- Account data: name, email address, account identifiers, authentication metadata.
- Device and technical data: device model, operating system version, app version, language settings, IP address, user agent, device or installation identifiers.
- Location data: precise or approximate location, where you enable location-based features.
- Usage data: POIs viewed, audio tours played, in-app searches, session activity, feedback, ratings, and similar interaction data.
- Content you submit: feedback, support messages, chat messages, prompts, images, and other content you choose to send to us.
- Profiling and personalization data: preference data, personalization results, quiz or profile results, and related interaction history.
- Transaction data: subscription status, purchase tokens, receipt metadata, and entitlement history.
- Notification data: push notification tokens and notification preferences.
- Diagnostic data: crash reports, performance metrics, timestamps, and error logs.
How We Use Data
We process personal data to:
- provide core App functionality and your requested services;
- personalize content and recommendations;
- secure the service and prevent abuse;
- analyze usage and improve the App;
- send notifications where permitted;
- comply with legal, accounting, tax, and regulatory obligations.
Legal Bases
We process personal data only where we have a valid legal basis, including contract performance, legitimate interests, consent, and legal obligation.
Third-Party Services
We use third-party service providers to help us deliver hosting, analytics, notifications, AI-assisted features, image processing, and text-to-speech functionality.
International Transfers
Some of our service providers may process personal data outside the European Economic Area. Where this occurs, we rely on appropriate safeguards permitted by the GDPR, such as adequacy decisions or Standard Contractual Clauses.
Data Retention
We retain personal data only for as long as necessary for the purpose for which it was collected, unless a longer period is required by law.
- Account data: while your account is active and for a limited period thereafter where required by law.
- Usage data: for a limited period necessary to operate, secure, and improve the App.
- Support and feedback data: for as long as needed to handle the request and a reasonable follow-up period.
- Transaction data: for the period required by law and for audit, accounting, or fraud-prevention purposes.
- Push tokens: until they expire, are revoked, or your account is deleted.
- Profiling data: until you delete or reset the relevant feature, or until your account is deleted, subject to any legal retention obligation.
Data Security
We use technical and organizational measures designed to protect personal data, including transport encryption, access controls, monitoring, and incident response procedures.
Your Rights
Under the GDPR, you have the right to:
- access your personal data;
- rectify inaccurate or incomplete data;
- erase data under certain conditions;
- restrict processing in certain cases;
- receive your data in a portable format where applicable;
- object to processing based on legitimate interests or direct marketing;
- withdraw consent at any time where processing is based on consent.
How to Request Deletion
You can request deletion of your personal data by emailing brandly@brandlycollective.com. Please use the email address associated with your account, or include enough information for us to verify your identity.
Where applicable, you may also delete your account directly from the App. If you delete your account, we will delete or anonymize the personal data associated with that account unless we are required to retain certain records for legal, accounting, fraud-prevention, or security reasons.
Response Time
We aim to respond to requests within one month. If a request is complex, we may extend this period by up to two additional months, and we will let you know.
Supervisory Authority
You have the right to lodge a complaint with the Bulgarian Commission for Personal Data Protection: https://www.cpdp.bg
Children’s Privacy
Our App is not directed to children under 13. We do not knowingly collect personal data from children under 13. If we become aware that such data has been collected, we will delete it where required by law.
Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version in the App or on our website and update the “Last updated” date.