Last updated: 11.01.2026

This Privacy Policy describes how Work Radar Prosta Spółka Akcyjna (“Decode”, “we”, “us”, “our”) processes personal data in connection with the use of the Decode mobile application (the “App”).

This Privacy Policy applies to all users worldwide. Where applicable, Decode applies the principles and safeguards of Regulation (EU) 2016/679 (the General Data Protection Regulation – “GDPR”), regardless of the user’s place of residence.

This Privacy Policy is provided for information purposes in accordance with Article 13 GDPR and does not constitute a contract.

Where consent is required, it is obtained through separate, explicit, and granular mechanisms within the App.

1. DATA CONTROLLER

The data controller within the meaning of the GDPR is:

Work Radar Prosta Spółka Akcyjna

KRS: 0001067033

NIP: 1231543445

REGON: 526825408

Registered address: ul. Przyleszczki 23/1, 05-500 Józefosław, Mazowieckie, Poland

For all matters related to personal data protection, you may contact us at:

gdpr@decode-app.com

2. ELIGIBILITY AND AGE RESTRICTION

The App is intended exclusively for individuals who are at least 18 years of age.

Decode does not knowingly collect or process personal data of minors.

If personal data of a person under 18 years of age is identified, such data will be deleted without undue delay.

3. USER ACCOUNTS AND PAIRING FUNCTIONALITY

Each user creates and maintains an individual account within the App.

The App enables users to voluntarily connect their accounts with another user through a pairing functionality. Pairing:

• is initiated solely by the users;
• requires an explicit affirmative action within the App;
• may result in certain user-generated data becoming accessible to the paired user.

Users may discontinue pairing at any time, where such functionality is available.

Decode does not initiate, enforce, supervise, or monitor user pairing and does not influence how users interact with each other within the paired environment.

4. CATEGORIES OF PERSONAL DATA PROCESSED

4.1 Account and Identification Data

• email address
• chosen name or identifier
• unique user ID
• authentication credentials (stored in encrypted or hashed form)

Purpose: account creation, authentication, provision of the App

Legal basis: performance of a contract (Article 6(1)(b) GDPR)

4.2 Account Settings and Preferences

• language and interface preferences
• notification settings
• pairing status

Purpose: personalization, technical functionality

Legal basis: performance of a contract (Article 6(1)(b) GDPR)

4.3 User-Generated Content and App Activity

• responses to questions
• interactions with App features
• in-app activity history

Purpose: provision of core App functionality, improvement of user experience

Legal basis:

• performance of a contract (Article 6(1)(b) GDPR);
• legitimate interests (Article 6(1)(f) GDPR);
• where user-generated content includes special categories of personal data, processing is based on explicit consent in accordance with Article 9(2)(a) GDPR.

4.4 Shared Data Between Paired Users

Where users choose to pair their accounts, certain user-generated data may be shared exclusively between the paired users.

Such sharing:

• results solely from the users’ voluntary actions;
• occurs only within the App environment;
• may be discontinued at any time by unpairing.

Legal basis: explicit consent (Article 6(1)(a) GDPR).

Consent may be withdrawn at any time without detriment and without affecting the lawfulness of processing carried out prior to withdrawal.

4.5 Special Categories of Personal Data

Due to the nature of the App’s functionality, users may voluntarily provide information that may constitute special categories of personal data within the meaning of Article 9 GDPR, including data concerning intimate life or personal preferences.

Such data:

• is processed solely to provide the core functionality of the App;
• is not used for profiling, advertising, or automated decision-making;
• is protected by enhanced technical and organizational security measures.

Legal basis: explicit consent (Article 9(2)(a) GDPR), obtained through a clear, separate, and granular consent mechanism.

Withdrawal of consent does not require account deletion.

4.6 Payment and Subscription Information

Decode does not store full payment card details.

Payments and subscriptions are processed by third-party payment providers and platform operators (such as Apple and Google). Decode may receive limited transactional data (e.g. subscription status or transaction identifiers) solely for accounting, access management, and compliance purposes.

Legal basis:

• performance of a contract (Article 6(1)(b) GDPR);
• compliance with legal obligations (Article 6(1)(c) GDPR)

4.7 Communications

• service-related emails and notifications
• in-app messages
• marketing communications (where permitted by law and subject to consent)

Users may manage communication preferences or withdraw consent at any time.

Legal basis:

• performance of a contract (Article 6(1)(b) GDPR);
• consent (Article 6(1)(a) GDPR), where required

4.8 Technical and Device Data

• IP address (processed in anonymized or truncated form where feasible)
• device type, operating system, app version
• diagnostic, log, and crash data

Purpose: security, stability, fraud prevention, analytics

Legal basis: legitimate interests (Article 6(1)(f) GDPR)

5. ANALYTICS, ADVERTISING, AND TRACKING

Decode uses analytics and attribution tools provided by third parties, including:

• Google Analytics / Firebase
• Google Ads
• Meta Platforms (Facebook, Instagram)

Such technologies are activated only after obtaining user consent through appropriate in-app consent mechanisms.

Users may withdraw consent at any time without loss of access to the core functionality of the App.

6. INTERNATIONAL DATA TRANSFERS

Where personal data is transferred outside the European Economic Area (EEA), Decode ensures appropriate safeguards in accordance with Chapter V GDPR, including the use of Standard Contractual Clauses approved by the European Commission.

Users may request information about applicable safeguards by contacting:

gdpr@decode-app.com

7. DATA SHARING AND PROCESSORS

Decode may share personal data with trusted third-party service providers acting as data processors, including providers of:

• hosting and infrastructure services;
• analytics services;
• communication and notification services;
• payment processing services.

Personal data is not sold.

8. DATA RETENTION

Personal data is retained only for as long as necessary to:

• provide the App and its functionalities;
• comply with legal obligations;
• resolve disputes and enforce agreements.

Account data is deleted or irreversibly anonymized upon user request unless further retention is required by law.

Backup data is deleted in accordance with standard backup retention cycles.

9. DATA SUBJECT RIGHTS

Users have the rights provided by applicable data protection laws, including the right to:

• access personal data;
• rectify inaccurate data;
• request erasure;
• restrict or object to processing;
• withdraw consent at any time;
• lodge a complaint with a competent supervisory authority.

Requests may be submitted to:

gdpr@decode-app.com

10. SECURITY MEASURES

Decode applies appropriate technical and organizational measures to protect personal data, including encryption, access controls, data minimization, and regular security reviews.

11. LIMITATION OF PLATFORM RESPONSIBILITY

Decode provides a technical platform enabling user interaction.

Decode is not responsible for content generated by users or for interactions between users resulting from voluntary use of the App’s functionalities.

This provision does not limit or exclude Decode’s obligations under applicable data protection laws.

12. CHANGES TO THIS POLICY

Decode may update this Privacy Policy from time to time.

The current version will always be available within the App.

Material changes will be communicated where required by law.

13. CONTACT

For all privacy and data protection matters:

gdpr@decode-app.com