Privacy Policy
Last updated: 17 May 2026 Effective date: 17 May 2026
Table of Contents
- Introduction and scope
- Data controller identity and contact
- Summary of data practices
- Information we collect
- How we use your information
- Legal bases for processing under GDPR
- Third-party service providers
- International data transfers
- Data retention
- Your rights under GDPR (EU/UK)
- Your rights under CCPA/CPRA (California)
- Your rights under LGPD (Brazil)
- Other regional rights
- Children's privacy
- Security measures
- Apple App Privacy Nutrition Label disclosures
- Cookies and similar technologies
- Changes to this policy
- How to contact us and exercise your rights
1. Introduction and scope
This Privacy Policy explains what data is collected when you use Gossipy, why it is collected, and the rights you have. Gossipy is designed to work without an account: no email, no password, no profile.
This Privacy Policy (the "Policy") describes how personal data is handled in connection with the mobile application Gossipy (the "App"), an iOS narrative investigation game published on the Apple App Store with an age rating of 17+. The App is published and operated by Charly Klopfenstein, acting as an individual sole proprietor based in France (the "Developer", "we", "us", or "our").
This Policy applies exclusively to the App and to the limited data flows triggered by your use of the App. It does not apply to the Apple App Store itself, to your iOS device, or to any third-party website or service that is not operated by the Developer, even when accessed from a link inside the App. Apple's processing of your data as the App Store operator is governed by Apple's Privacy Policy.
By downloading, installing, or using the App you acknowledge that you have read and understood this Policy. If you do not agree, please uninstall the App and discontinue use.
2. Data controller identity and contact
The data controller is the individual developer of the App. No company, no SIREN, no VAT number, a single natural person.
The data controller for any personal data processed in connection with the App is:
- Charly Klopfenstein, individual sole proprietor (natural person, France)
- Postal address: 51 avenue des Ternes, 75017 Paris, France
- Contact email: contact@gossipyapp.com
The Developer acts as a natural person and not through any incorporated entity. No company registration number, SIREN, SIRET, or VAT number applies at this stage. Gossipy is not published by, and shall not be confused with, any company.
Throughout this Policy, references to "the Developer", "we", "us", and "our" refer to Charly Klopfenstein in the capacity described above. The Developer has not appointed a Data Protection Officer because the processing carried out does not require one under Article 37 of the General Data Protection Regulation (GDPR).
3. Summary of data practices
At-a-glance: we don't ask you to create an account, we don't run our own server, and we minimise data collection to what is strictly needed to deliver the App and to manage your subscription. The full details are in the sections below, this table is a summary, not a substitute.
| Topic | Position |
|---|---|
| Do we collect your name, email, or password? | No. There is no account system. |
| Do we run our own user database or backend? | No. No backend operated by the Developer. |
| Subscription processing | Handled by Apple and by RevenueCat (data processor). |
| In-game asset delivery | Handled by Cloudflare (delivery network, stores standard access logs). |
| Tracking / advertising identifier (IDFA) | Not collected. The App does not request App Tracking Transparency permission and does not include any advertising or attribution SDK. |
| Local game progress and preferences | Stored only on your device. Not transmitted to the Developer. |
| Account deletion | Not applicable (no account exists). |
| Children | The App is rated 17+ and is not directed at children under 17. |
| Cookies | Not used. The App is a native iOS application. |
| Selling or sharing personal data for cross-context advertising | No sale. No sharing for cross-context behavioural advertising. |
4. Information we collect
4.1 Information you provide
You do not need to give us anything to use the App. There is no signup form, no profile screen, no email box.
The App does not include an account creation flow, a login screen, or any form requesting personal information such as a name, email address, password, date of birth, postal address, phone number, or photo. The Developer therefore does not collect this category of data from you.
If you choose to contact the Developer by email at the address listed in Section 2 or Section 19, the email content you send will be received and read by the Developer and may be retained as needed to respond to your request and to comply with applicable record-keeping obligations.
4.2 Information collected automatically
Some technical data is collected automatically when the App fetches in-game assets from our content delivery network.
The following categories of data may be collected automatically when you use the App:
- Content delivery logs. When the App downloads in-game assets (images, audio, voice clips) from Cloudflare at
cdn.gossipyapp.com, the CDN automatically logs your IP address, user-agent string, the requested URL, the timestamp, and standard HTTP response metadata. These logs are used by Cloudflare, acting as a data processor on behalf of the Developer, for security, abuse prevention, capacity planning, and performance optimisation. The Developer does not maintain a copy of these logs in a separate system. - No advertising identifier. The App does not collect the Identifier for Advertisers (IDFA). The App does not display Apple's App Tracking Transparency prompt and does not integrate any advertising or attribution SDK. No cross-app or cross-website tracking takes place.
- Local-only technical data. Game progress (episode completion, evidence collected, notes you write inside the App, hints used), language choice, sound preferences, and tutorial state are stored locally on your device using iOS's standard storage mechanisms (the equivalent of
UserDefaults). This local data is not transmitted to the Developer. If you have enabled iCloud Backup at the iOS level, your device may include this local data in your encrypted iCloud Backup, which is governed by Apple's terms, the Developer has no access to iCloud Backups.
4.3 Information from third parties
The only third-party data we receive about you is subscription information from Apple via RevenueCat, so we know whether your subscription is active.
When you purchase or restore an in-app subscription, the following information is transmitted to RevenueCat, which acts as a data processor on behalf of the Developer:
- An anonymous app user identifier generated by RevenueCat (a pseudonymous random string, not linked to your real-world identity, your Apple ID, your name, or any account managed by the Developer).
- The Apple in-app purchase receipt provided by the App Store, which RevenueCat validates with Apple.
- The resulting subscription status (active / expired / in grace period / in billing retry / etc.), product identifier, country of purchase, currency, original purchase date, and renewal date.
- Coarse technical metadata: device type, operating system version, App version, and a randomised installation identifier.
The Developer accesses this data through the RevenueCat dashboard and SDK in order to determine whether your subscription is active, to restore previous purchases, and to compute aggregated revenue statistics. RevenueCat's own privacy practices are described at revenuecat.com/privacy.
Apple may also independently collect aggregated, non-identifying analytics about the App through App Store Connect (App Analytics), in accordance with Apple's Privacy Policy. The Developer can view aggregated charts in App Store Connect but does not receive raw personal data from this source.
5. How we use your information
We use the limited data described above only to deliver the App, to honour your subscription, to keep things working, and to comply with our legal obligations.
The Developer processes the data categories listed in Section 4 for the following purposes:
- Delivering App content. Serving game assets to your device via Cloudflare. Without IP-based routing, the CDN cannot send the right asset to your device.
- Managing your subscription. Verifying that your in-app subscription is active, restoring previous purchases on a new device, and resolving billing issues raised by you through Apple. This is performed via RevenueCat.
- Maintaining and securing the App. Detecting and mitigating abuse of the CDN (denial-of-service attempts, scraping, credential-stuffing-style traffic spikes), diagnosing technical issues, and improving performance.
- Aggregate, non-identifying analytics. Reviewing aggregated subscription, retention, and revenue statistics provided by RevenueCat and by Apple's App Analytics. These statistics are not linked to individual users.
- Responding to your requests. Handling questions, complaints, and the exercise of data subject rights described in Sections 10 to 13.
- Complying with the law. Meeting tax, accounting, consumer-protection, and other legal obligations applicable to the Developer, and responding to lawful requests from public authorities.
The Developer does not engage in automated decision-making producing legal or similarly significant effects on you. The Developer does not profile you for behavioural advertising.
6. Legal bases for processing under GDPR
Each processing activity has a defined legal basis under Article 6 of the GDPR. The table below maps purposes to legal bases and to data categories.
| Purpose | Data category | Legal basis (GDPR Art. 6) |
|---|---|---|
| Delivering in-game assets via Cloudflare | IP address, user-agent, request metadata | Art. 6(1)(b), performance of the contract (delivering the App you requested) |
| Securing the CDN against abuse | CDN access logs | Art. 6(1)(f), legitimate interests (network and information security) |
| Managing your subscription via RevenueCat and Apple | Pseudonymous app user ID, Apple receipt, subscription status, country, device/OS metadata | Art. 6(1)(b), performance of the subscription contract |
| Aggregated subscription and usage analytics | Aggregated, non-identifying data from RevenueCat and Apple App Analytics | Art. 6(1)(f), legitimate interests (improving the App and understanding adoption) |
| Responding to support requests and exercising your rights | Email content you send, IP address of correspondence | Art. 6(1)(b) and Art. 6(1)(c), contract performance and compliance with legal obligations |
| Complying with accounting, tax, and consumer-protection rules | Subscription records as required by law | Art. 6(1)(c), compliance with a legal obligation |
Where processing relies on legitimate interests, the Developer has carried out a balancing exercise and considers that the interests pursued (security, App improvement, fraud prevention) do not override your fundamental rights and freedoms, in particular given the low volume and pseudonymous nature of the data involved. You may object to processing based on legitimate interests at any time using the contact details in Section 19.
The Developer does not currently rely on consent as a legal basis for any processing described in this Policy. Should that change in the future, you will be informed in advance and asked to consent; you will then be able to withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
7. Third-party service providers
A small number of third parties process data on our behalf so the App can work. We do not allow them to use your data for their own commercial purposes beyond what is described below.
7.1 RevenueCat
RevenueCat, Inc., a Delaware corporation headquartered in the United States, provides the subscription management infrastructure that validates Apple receipts and exposes your subscription status to the App. RevenueCat acts as a data processor on behalf of the Developer. Categories of data processed are listed in Section 4.3. RevenueCat is contractually bound by its Data Processing Addendum and applies appropriate safeguards for international data transfers, including Standard Contractual Clauses (SCCs) where required. RevenueCat's privacy practices are described at revenuecat.com/privacy.
7.2 Cloudflare
Cloudflare is operated by Cloudflare, Inc., a company headquartered in the United States, with edge servers distributed worldwide. Cloudflare stores the App's static assets in its R2 object storage and delivers them over its content delivery network, processing the standard access logs described in Section 4.2. Cloudflare acts as a data processor on behalf of the Developer. Because of the global edge architecture, your requests are typically served by the geographically closest edge node, which may be located outside the European Union, see Section 8. Cloudflare's privacy practices are described at cloudflare.com/privacypolicy.
7.3 Apple
Apple Inc. and its affiliates (collectively, "Apple") operate the App Store, the in-app-purchase infrastructure, and push notification delivery. Apple acts as an independent data controller with respect to its own processing of your data as an App Store customer. The Developer has no access to your Apple ID, your Apple payment information, or your Apple account. Apple may also collect aggregated App Analytics (anonymous funnel and crash metrics) which the Developer can view in App Store Connect. Apple's practices are governed by Apple's Privacy Policy and the App Store & Privacy notice.
7.4 Advertising and attribution partners
The Developer does not share data with any advertising or attribution partner. No third-party advertising, marketing-attribution, audience-measurement, or behavioural-profiling SDK is integrated in the App.
8. International data transfers
Some of our processors are based outside the EU. We rely on Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework to protect your data.
The Developer is established in the European Union (France). Some processors handle personal data outside the European Economic Area:
- RevenueCat is established in the United States. Personal data processed by RevenueCat on behalf of the Developer is transferred to the United States. Where the EU-US Data Privacy Framework applies, the Developer relies on it. In all cases, RevenueCat is bound by Standard Contractual Clauses (SCCs) as adopted by the European Commission under Article 46(2)(c) GDPR.
- Cloudflare is established in the United States. Personal data processed by Cloudflare on behalf of the Developer (the access logs described in Section 4.2) is transferred to the United States and may be routed to Cloudflare edge nodes worldwide. Where the EU-US Data Privacy Framework applies, the Developer relies on it. In all cases, Cloudflare is bound by Standard Contractual Clauses (SCCs) as adopted by the European Commission under Article 46(2)(c) GDPR.
- Apple transfers data globally pursuant to its own privacy framework.
You may request a copy of the safeguards in place for these transfers by contacting the Developer at the address in Section 19. Note that the Developer is only able to share the safeguards put in place at its own level (data processing agreements with processors); the publicly available safeguards of Apple, RevenueCat, and Cloudflare are available on their respective websites.
9. Data retention
We keep data only as long as needed for the purposes listed above, with the longer periods driven by legal obligations (especially accounting).
| Data category | Retention period |
|---|---|
| RevenueCat subscription records (Apple receipts, subscription status, pseudonymous user ID) | Retained by RevenueCat for the duration of the subscription and for up to seven (7) years after the last interaction, primarily to meet the Developer's accounting and tax obligations under French law (Code de commerce Art. L123-22). |
| Cloudflare access logs | Retained for the period defined in Cloudflare's privacy policy (typically a short rolling window, generally not exceeding a few weeks), unless a longer period is required to investigate a specific security incident. |
| Email correspondence with the Developer | Retained for the duration needed to handle your request and to comply with statute-of-limitations obligations (typically up to five (5) years for consumer-related correspondence). |
| Local game data on your device | Retained until you uninstall the App, reset the App data, or restore your device. The Developer has no copy. |
When retention periods expire, the relevant data is deleted or irreversibly anonymised.
10. Your rights under GDPR (EU/UK)
If you are in the EU, EEA, or the United Kingdom, you have the rights listed below. You can exercise them by emailing us.
If you reside in the European Union, the European Economic Area, or the United Kingdom, you have the following rights under the GDPR (Regulation (EU) 2016/679) and the UK Data Protection Act 2018:
- Right of access (Art. 15), obtain confirmation of whether personal data concerning you is processed, a copy of that data, and information about the processing.
- Right to rectification (Art. 16), request correction of inaccurate or incomplete personal data.
- Right to erasure (Art. 17, "right to be forgotten"), request deletion of personal data in the cases set out by the GDPR.
- Right to restriction of processing (Art. 18).
- Right to data portability (Art. 20), receive a structured, machine-readable copy of data you have provided and have it transmitted to another controller where technically feasible.
- Right to object (Art. 21), object to processing based on legitimate interests, including profiling, at any time.
- Right to withdraw consent (Art. 7(3)), where processing relies on consent, withdraw consent at any time without affecting the lawfulness of past processing. (The Developer does not currently rely on consent for any processing described in this Policy.)
- Right not to be subject to automated decisions producing legal or similarly significant effects (Art. 22), the Developer does not carry out such automated decision-making.
- Right to lodge a complaint with a supervisory authority (Art. 77).
To exercise any of these rights, contact the Developer at contact@gossipyapp.com. The Developer will respond within one month, extendable by two further months for complex requests, in accordance with Art. 12 GDPR. The Developer may request reasonable information to verify your identity before responding, in particular because the App does not maintain an account system that would allow direct identification.
The competent supervisory authority for France is:
Commission Nationale de l'Informatique et des Libertés (CNIL)
3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
cnil.fr
If you reside in another EU or EEA Member State, or in the United Kingdom, you may alternatively lodge a complaint with your local data protection authority. A list of EU supervisory authorities is available on the European Data Protection Board website at edpb.europa.eu. For the United Kingdom, the competent authority is the Information Commissioner's Office (ICO), ico.org.uk.
11. Your rights under CCPA/CPRA (California)
If you are a California resident, you have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act. The Developer does not sell your personal information and does not share it for cross-context behavioural advertising.
This section provides the disclosures required by the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, the "CCPA/CPRA"), codified at California Civil Code §§ 1798.100 et seq.
11.1 Categories of personal information
The categories of personal information ("PI") collected by the Developer in the preceding twelve (12) months, mapped to the statutory categories of Cal. Civ. Code § 1798.140, are:
| Statutory category (§ 1798.140) | Collected? | Examples | Disclosed for a business purpose to |
|---|---|---|---|
| Identifiers | Yes (limited) | IP address (CDN); pseudonymous RevenueCat app user ID | Cloudflare, RevenueCat, Apple |
| Customer records (Cal. Civ. Code § 1798.80(e)) | No | , | , |
| Characteristics of protected classifications | No | , | , |
| Commercial information | Yes (limited) | Subscription product purchased, purchase date, renewal status | RevenueCat, Apple |
| Biometric information | No | , | , |
| Internet or other electronic network activity information | Yes (limited) | CDN request logs (URL, timestamp, user-agent) | Cloudflare |
| Geolocation data | Yes (coarse, country-level only) | Country derived from IP address (CDN) and from Apple receipt (RevenueCat) | Cloudflare, RevenueCat |
| Sensory data (audio, electronic, visual) | No | , | , |
| Professional or employment-related information | No | , | , |
| Education information | No | , | , |
| Inferences drawn from PI | No | , | , |
| Sensitive Personal Information (SPI) under CPRA | No | , | , |
11.2 Sources of personal information
The Developer collects personal information from (a) you directly, in the limited situations where you contact the Developer by email; (b) automatically through your device's interactions with Cloudflare; and (c) from Apple (in-app purchase receipts) and from RevenueCat (subscription status).
11.3 Purposes for collection
The purposes for which personal information is collected are described in Section 5 of this Policy.
11.4 Sale or sharing of personal information
The Developer does not sell personal information as that term is defined in Cal. Civ. Code § 1798.140(ad). The Developer does not share personal information for cross-context behavioural advertising as defined in § 1798.140(ah). The App contains no advertising or attribution SDK and the Developer does not transmit any identifier to advertising networks. The Developer does not have actual knowledge of selling or sharing the personal information of consumers under sixteen (16) years of age.
11.5 Sensitive Personal Information
The Developer does not collect or process Sensitive Personal Information as defined in Cal. Civ. Code § 1798.140(ae). No SPI disclosure or right-to-limit notice is required.
11.6 Your CCPA/CPRA rights
Subject to applicable exceptions, you have the right to:
- Know what personal information is collected, used, disclosed, and (if applicable) sold or shared.
- Access the specific pieces of personal information collected about you.
- Delete personal information collected from you.
- Correct inaccurate personal information.
- Opt out of the sale or sharing of personal information. (Not applicable, no sale or sharing as defined.)
- Limit the use and disclosure of Sensitive Personal Information. (Not applicable, no SPI collected.)
- Non-discrimination for exercising any of these rights.
To exercise these rights, contact the Developer at contact@gossipyapp.com. You may also use an authorised agent to submit a request, in which case the Developer will verify the agent's authorisation. Because the App does not maintain an account system, identity verification may rely on information you provide in your request (such as a RevenueCat app user ID retrievable from the App's diagnostic screens) so the Developer can match your request to its records.
11.7 California "Shine the Light"
California Civil Code § 1798.83 ("Shine the Light") entitles California residents to request, once per calendar year, information regarding the disclosure of personal information to third parties for the third parties' direct marketing purposes. The Developer does not disclose personal information to third parties for their own direct marketing purposes.
12. Your rights under LGPD (Brazil)
If you are in Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD). You can exercise them by emailing us.
If you reside in Brazil, the processing of your personal data is subject to Federal Law No. 13.709 of 14 August 2018, as amended (the "Lei Geral de Proteção de Dados", or "LGPD"). The Developer is the controller (controlador) of your personal data within the meaning of Art. 5(VI) LGPD.
The legal bases relied upon under Art. 7 LGPD mirror those described in Section 6 of this Policy: performance of a contract to which you are a party (Art. 7(V)), compliance with a legal or regulatory obligation (Art. 7(II)), and the legitimate interests of the controller (Art. 7(IX)).
You have the rights set out in Art. 18 LGPD, including:
- Confirmation that your data is being processed and access to it.
- Correction of incomplete, inaccurate, or outdated data.
- Anonymisation, blocking, or deletion of unnecessary or excessive data, or of data processed in non-compliance with the LGPD.
- Portability to another service or product provider, subject to commercial and industrial secrets.
- Deletion of personal data processed on the basis of consent.
- Information about public and private entities with which the controller has shared your data.
- Information about the possibility of not granting consent and the consequences thereof.
- Withdrawal of consent.
To exercise these rights, contact the Developer at contact@gossipyapp.com. You may also lodge a complaint with the Brazilian National Data Protection Authority (Autoridade Nacional de Proteção de Dados, ANPD), gov.br/anpd.
13. Other regional rights
Residents of Canada, South Africa, Japan, Australia, and other jurisdictions retain the privacy rights granted by their local laws. The Developer will honour those rights to the extent applicable.
The Developer respects the privacy rights granted by your local law, including:
- Canada, PIPEDA. The Personal Information Protection and Electronic Documents Act provides rights of access, correction, and complaint. Complaints may be addressed to the Office of the Privacy Commissioner of Canada (priv.gc.ca).
- South Africa, POPIA. The Protection of Personal Information Act 4 of 2013 provides rights of access, correction, deletion, and objection. Complaints may be addressed to the Information Regulator (inforegulator.org.za).
- Japan, APPI. The Act on the Protection of Personal Information (APPI) provides rights of disclosure, correction, and suspension of use. Inquiries may be addressed to the Personal Information Protection Commission (PPC), ppc.go.jp.
- Australia, Privacy Act 1988. The Australian Privacy Principles provide rights of access and correction. Complaints may be addressed to the Office of the Australian Information Commissioner (oaic.gov.au).
- Other jurisdictions. Where local law grants rights equivalent to those above, the Developer will honour them upon receipt of a verified request.
To exercise any of the rights above, contact the Developer at contact@gossipyapp.com.
14. Children's privacy
The App is rated 17+ and is not for children. We do not knowingly collect data from anyone under that age.
The App carries an Apple App Store age rating of 17+ due to mature narrative content (investigations involving infidelity, suggestive themes, simulated communications). The App is not directed at children and is not intended for use by children. The Developer does not knowingly collect personal data from children under 17, and where applicable does not knowingly collect personal data from children under 13 within the meaning of the United States Children's Online Privacy Protection Act ("COPPA", 15 U.S.C. §§ 6501–6506) or from children under 16 within the meaning of Article 8 of the GDPR.
If you are a parent or guardian and believe a child has provided personal data to the Developer through the App, please contact contact@gossipyapp.com. The Developer will promptly investigate and delete the data unless retention is required by law.
15. Security measures
We minimise the data collected, rely on industry-standard processors for everything that leaves the device, and depend on Apple's platform security for the data on your device.
The Developer implements technical and organisational measures appropriate to the nature of the processing, the limited categories of data involved, and the risks they present:
- Data minimisation. The App does not collect direct identifiers (no name, email, password, phone, address) and operates without an account system.
- Transport security. All network communications between the App and its processors use HTTPS / TLS. The Info.plist
NSAllowsArbitraryLoadssetting is disabled. - Processor security. Apple, RevenueCat, and Cloudflare are providers with mature security programmes (ISO 27001 or equivalent for at least RevenueCat and Cloudflare; SOC 2 reports available from RevenueCat). The Developer relies on those providers' security controls for the data they process on its behalf.
- Device-side data. Game progress and preferences are stored in iOS's standard application storage, protected by the device's encryption-at-rest and sandboxing model.
- Access control. Access to the RevenueCat dashboard and the Cloudflare dashboard is restricted to the Developer and protected by strong authentication (where the provider supports it, including two-factor authentication).
No system is perfectly secure. In the event of a personal data breach likely to result in a risk to your rights and freedoms, the Developer will notify the competent supervisory authority and, where required, affected users in accordance with Articles 33 and 34 of the GDPR.
16. Apple App Privacy Nutrition Label disclosures
This section maps the data flows described above to the categories Apple requires on the App Store's "App Privacy" label.
For consistency with Apple's "App Privacy" disclosures on the App Store product page, the Developer's data practices map to Apple's labels as follows:
16.1 Data Used to Track You
None. The App does not track you within the meaning of Apple's App Tracking Transparency framework. No advertising identifier is collected, and no data is shared with advertising or attribution partners.
16.2 Data Linked to You
- None. The Developer does not collect data linked to your real-world identity. The pseudonymous app user identifier generated by RevenueCat is not connected to a name, email address, or any account managed by the Developer.
16.3 Data Not Linked to You
- Purchases, subscription product purchased, renewal status, country of purchase (via RevenueCat and Apple).
- Diagnostics, aggregate crash and performance metrics provided by Apple at the platform level (App Analytics in App Store Connect).
- Usage Data, aggregate funnel metrics provided by Apple App Analytics; aggregate revenue and retention metrics provided by RevenueCat.
- Identifiers, pseudonymous app user ID (RevenueCat); IP address transiently logged by Cloudflare for delivery and security.
The Developer will keep its Apple App Privacy disclosures in sync with this Policy. If you notice an inconsistency, please report it to contact@gossipyapp.com.
17. Cookies and similar technologies
Gossipy is a native iOS app. It does not use cookies.
The App is a native iOS application and does not embed a general-purpose web browser as part of its core experience. The App does not set or read HTTP cookies, web storage (localStorage, sessionStorage, IndexedDB), or browser-style tracking pixels. Local preferences and game progress are stored using iOS's native application storage (the equivalent of UserDefaults), which is sandboxed to the App and is not accessible to third parties or to other apps installed on your device.
Where the App opens an external URL (for example, a link to the Apple support page or to this Policy), iOS opens that URL in your default browser, and the browser's own cookie and storage behaviour applies. The Developer does not operate any of those external websites unless explicitly indicated.
18. Changes to this policy
If we update this Policy, we will change the "Last updated" date at the top and, for material changes, notify you inside the App.
The Developer may update this Policy from time to time to reflect changes in the App, in the data flows, in applicable law, or in the practices of the processors listed in Section 7. The current version always carries a "Last updated" date at the top of this document.
For material changes, such as the introduction of a new processor, a new category of personal data, or a new processing purpose, the Developer will provide a reasonable in-App notice at the next App launch following the update, and where feasible by the date of the change becoming effective.
Continued use of the App after the effective date of an updated Policy constitutes acknowledgment of the updated Policy.
19. How to contact us and exercise your rights
Email the Developer at contact@gossipyapp.com. We will respond within the statutory timeframes.
For any question concerning this Policy or the data practices described in it, and to exercise any of the rights described in Sections 10 to 13, please contact:
- Charly Klopfenstein
- Email: contact@gossipyapp.com
When contacting the Developer to exercise a data subject right, please describe your request as precisely as possible (jurisdiction of residence, nature of the right exercised, time period concerned). Because the App does not maintain an account system, the Developer may ask for information that allows it to locate any record concerning you (such as a RevenueCat app user ID retrievable from the App's diagnostic screens, the approximate date of a subscription purchase, or the country of purchase).
The Developer will acknowledge your request promptly and respond within the timeframes set by applicable law (one month under GDPR, extendable by two months for complex requests; forty-five days under the CCPA/CPRA, extendable by forty-five days; fifteen days under the LGPD, extendable as provided by law).
Gossipy © 2026 · Privacy Policy · Terms of Use