Privacy Policy — Shock Diamonds

Effective date: August 6, 2025 | Last updated: August 6, 2025

1. Scope

This Privacy Policy describes how I handle information in connection with the Shock Diamonds application for iOS and macOS and the support website available at https://elrid.github.io/ (the “Services”).

No in-app collection. The app has no accounts, analytics, advertising SDKs, tracking, or third-party libraries. The website also uses no third-party libraries or trackers.

2. Controller & Contact

Controller: Viacheslav Gilevich (“I”, “me”), established in Cyprus (EU).

Contact: gilevich@qalti.com

I do not appoint a data protection officer. I am established in the EU (Cyprus); therefore an Article 27 representative is not required. If you need a mailing address for rights requests, please email me.

3. Definitions

“Personal Data” means any information relating to an identified or identifiable natural person. “Processing” means any operation performed on Personal Data, such as collection, storage, use, disclosure, or deletion. “Controller” is the person who determines the purposes and means of the processing of Personal Data.

4. Categories of Data

Category	Examples	Collected?
Support communications	Email address, message content, attachments you choose to send	Only if you contact me by email
Diagnostics (Apple)	Crash logs, device model, OS version, app version, timestamps, stack traces	Only if you opt in to share diagnostics with developers in system settings
Files you import	3D models (e.g., USDZ) you select through the system picker	Processed locally on your device; not uploaded to me

5. Purposes & Legal Bases

Purpose	Description	Legal basis (GDPR)
Provide and support the Services	Respond to support requests; troubleshoot issues you report	Legitimate interests (Art. 6(1)(f))
Improve stability and safety	Use opt-in Apple diagnostics to debug crashes and improve performance	Legitimate interests (Art. 6(1)(f))
Legal compliance	Respond to lawful requests and comply with applicable laws	Legal obligation (Art. 6(1)(c))

6. Sources of Data

Directly from you — when you email me for support.
Apple diagnostics — if you have enabled sharing diagnostics with developers in system settings.

7. Recipients & Disclosure

I do not sell or share Personal Data for marketing.

Email provider (processor): Google — used solely to receive and respond to support emails, under data-processing terms.
Website hosting (independent controller): GitHub (GitHub Pages) — hosts the static website; may process server logs.
Platform provider (independent controller for some data): Apple — distributes the app and provides diagnostics you choose to share.
Authorities — where required by law or to protect my rights, users, or the public.

8. International Transfers

As I am established in Cyprus (EU/EEA), any transfers of Personal Data outside the EEA occur only where appropriate safeguards are in place. For example:

Google (email): data may be processed in the EEA, the US, and other countries. Transfers rely on Standard Contractual Clauses and provider safeguards.
GitHub (website hosting): server logs may be processed in the US and other locations. Transfers rely on Standard Contractual Clauses and provider safeguards.
Apple (diagnostics): diagnostics may be processed globally by Apple under their terms as an independent controller.

You may request a summary of the safeguards relevant to you by emailing me.

9. Retention

Support communications: kept for up to 24 months after your last message, then deleted, unless a longer period is required by law or needed to resolve an ongoing issue. You may request earlier deletion at any time.
Diagnostics: retained according to Apple’s diagnostics systems; I generally do not control their retention on Apple’s side. If I keep a copy locally for debugging, I retain it for up to 12 months.

10. Security

I implement reasonable technical and organizational measures appropriate to the risk, including restricting support inbox access and using encryption in transit (TLS) for email. No method of transmission or storage is completely secure.

11. Children

The app does not collect Personal Data and is not directed to children. If a child contacts me by email, a parent or guardian should supervise. If I learn that I have received Personal Data from a child without appropriate consent, I will delete it.

12. Your Rights

EU/EEA & UK

Subject to conditions and exceptions under applicable law, you may have the right to request access, rectification, erasure, portability, restriction, or to object to processing. I respond without undue delay and within one month (extendable where permitted). You may lodge a complaint with your local supervisory authority or, in Cyprus, the Office of the Commissioner for Personal Data Protection.

California (CPRA)

I do not meet the applicability thresholds of the CPRA. If that changes, this section will be updated. I do not “sell” or “share” Personal Information and do not use cross-context behavioral advertising.

Exercising your rights

Email gilevich@qalti.com. I may ask you to verify your request (for example, by replying from the same email address used previously).

13. Cookies, Hosting & Third-Party Code

App: no cookies, trackers, analytics, or third-party libraries.
Website: static site hosted on GitHub Pages; no third-party libraries or analytics are added by me. GitHub may collect standard server logs as an independent controller under its own privacy statement. I do not receive personally identifying browsing data from GitHub.

14. Changes

I may update this Privacy Policy from time to time. I will update the effective date above and, where required, provide additional notice (including in-app).

15. How to Contact Me

Viacheslav Gilevich
Country: Cyprus
Email: gilevich@qalti.com