Privacy Policy

1. INTRODUCTION

The application Sortical is provided by the sole trader under the distinctive title ERTIOS, registered under the laws of Greece [Tax ID (VAT) number (EL) 161181641], with its registered address at 58 Amerikanon Kyriοn Street, Nikaia Piraeus, 18450 Greece (member of Chamber of Crafts οf Piraeus), [email protected], who acts as the supplier (Τrader) of the services provided through the app.

The Trader has taken the appropriate technical and organisational measures which ensure that processing of your personal data complies with the General Data Protection Regulation (EU) 2016/679 (GDPR). Especially, Sortical adopts internal policies and implements measures which meet the principles of data protection by design and data protection by default.

This Privacy Policy applies to the Users. Therefore, the words “you”, “your” and generally the use of the second plural form refers to any User. Throughout the Privacy Policy, the use of first plural form (terms “we”, “us”, “our” etc.), refer to the Trader. Users should comply with the Privacy Policy, while using the Application. By using this Application, you agree to be bound by this Privacy Policy. In case you disagree with the Privacy Policy, you must refrain from any action, interaction, access and use of the Application.

2. SCOPE AND AIM

While using the Application, we may ask you to disclose some personal data in order to provide you with our Services. This Privacy Policy (hereafter Privacy Policy) describes the type of your personal data which are subject to the processing, the way and the context in which your personal data are collected, the purposes and means of the processing of your personal data, the lawfulness of processing, the entities to which your personal data may be disclosed, the purpose limitations, the storage period, the measures we take to ensure lawful and fair processing and the principles relating to processing of your personal data. It also includes information about your rights and data protection. The Privacy Policy applies only to processing of personal data by the Trader for purposes of the Application’s Services and operation.

3. DEFINITIONS

Personal data or Data: Any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Data controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the Controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller;

Consent of the data subject: Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Recipient: A natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

Third party: A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

Supervisory authority An independent public authority which is established by a Member State pursuant to Article 51 G.D.P.R.

For any other term please read the Terms of use.

4. HOW WE COLLECT YOUR DATA

We collect your personal data either directly from you, or through other sources. We may collect your data through the Services and/ or in other ways such as e-mails, contact forms, social media, cookies, analytics tools, etc.

5. OUR PRINCIPLES RELATING TO PROCESSING OF YOUR PERSONAL DATA

  • On this Application we process your personal data lawfully, fairly and in a transparent manner (‘lawfulness, fairness and transparency’).
  • We collect your personal data for specified, explicit and legitimate purposes.
  • Your data are not further processed in a manner that is incompatible with those purposes (‘purpose limitation’).
  • Furthermore, your personal data that we process are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’).
  • Your personal data are accurate and, where necessary, kept up to date. We take every reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’).
  • Your personal data are kept in a form which permits identification of you for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’).
  • Your personal data are processed in a manner that ensures appropriate security of them, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

6. DATA CONTROLLER

For any processing of personal data carried out by the Trader solely for the purposes described below, the sole trader operating under the business name ERTIOS shall act as the Data Controller within the meaning of Article 4(7) of the GDPR**. The Data Controller determines the purposes and means of the processing of your personal data.**

7. DATA PROCESSING

In this section you can retrieve information about the categories of your Personal Data we process, the Processing of such data in relation to the purpose we pursue on a case-by-case basis, the legal basis for each processing activity and the storage period.

User Account Creation & Management

  • Data: email, first name, family name, display name, profile picture
  • Purpose: Create/manage account; provide secure app access; send account & subscription updates; allow access to all applications/services through a unified Ertios account
  • Legal Basis: Performance of a contract
  • Retention: For as long as the account remains active

Use of Application Services

  • Data: Project titles/descriptions, pending tasks, task status, deadlines, associated users, access permissions, other project information, time zone
  • Purpose: Provide application services; allow users to create, edit, track and manage projects; enable collaboration and controlled project sharing
  • Legal Basis: Performance of a contract
  • Retention: Until the user permanently deletes the project or account. Shared projects remain unless sharing is revoked.

Subscription Transactions & Refunds

  • Data: Purchase token, product ID (SKU), order ID, purchase status, purchase/expiry dates, country/currency code, Play Account ID, refund/cancellation information
  • Purpose: Verify in-app purchases; manage subscriptions, cancellations and refunds
  • Legal Basis: (1) Performance of a contract; (2) Compliance with legal obligations
  • Retention: For as long as necessary to perform the contract and thereafter as required by law

Questions, Requests & Complaints

  • Data: Name, e-mail, phone number, messages, requests
  • Purpose: Respond to questions/requests; provide support and information; solve problems; handle complaints
  • Legal Basis: (1) Performance of a contract; (2) Legitimate interests; (3) Steps prior to entering into a contract
  • Retention: One year from the last contact

Social Media Accounts

  • Data: Profile name, comments, reviews, contact details, messages, reactions, likes, shares and related activity on social media pages/accounts
  • Purpose: Respond to messages/reviews; communicate with users; provide support and updates; review comments; advertise/promote the application
  • Legal Basis: (1) Consent; (2) Legitimate interests
  • Retention: For as long as the user remains connected to the pages/accounts or activity remains visible

Contests

  • Data: Social media interaction data; winners’ full name, phone number and e-mail address
  • Purpose: Conduct contests; communicate with winners; award prizes
  • Legal Basis: Consent
  • Retention: Until contest completion and prize delivery

Location-Based Features & Geofencing

  • Data: Exact GPS location, nearby Bluetooth devices, nearby Wi-Fi networks, geofence entry/exit events
  • Purpose: Enable location-based reminders, project check-ins and geographic notifications
  • Legal Basis: Consent
  • Retention: For as long as location permissions remain enabled. No location data are collected once access is disabled.

Google Analytics & Firebase Crashlytics

  • Data: Technical/statistical/performance data including OS version, app version, IP address, language, country, city, device information, performance metrics, crash logs and anonymised usage statistics
  • Purpose: Statistical analysis, crash reporting, performance monitoring, issue detection and service improvement
  • Legal Basis: Legitimate interests in maintaining and improving service functionality and security
  • Retention: Depends on the type of cookie used (temporary or persistent)

Newsletter Subscription

  • Data: Email address
  • Purpose: Send advertising content, promotions, events, discounts, offers, contests, news and updates
  • Legal Basis: Consent
  • Retention: Until unsubscribe. If another legal basis applies, the e-mail may be retained in an unsubscribe list.

We collect and process your personal data only for legitimate purposes, as the above-mentioned. We may process your personal data for purposes other than those for which your personal data were initially collected, only where the processing is compatible with the purposes for which your personal data were initially collected. We may also process your personal data, if processing is necessary for compliance with a legal obligation to which the Trader is subject.

  • The time that your Personal Data may be retained by the Trader is also determined by our legal obligations in the applicable Legislation. If there is a dispute, pursuant to our contract, we may keep your personal data for as long as the law stipulates.

Permanent Deletion of Data: Deleted items are retained in a Recycle Bin. They are permanently deleted only when the User empties the Recycle Bin. Requests to empty the Recycle Bin may be made offline, in which case deletion is executed upon the next server synchronization, or online, with immediate execution and progress feedback.

8. ROLES OF TRADER & APP STORE PROVIDER IN PROCESSING DATA FOR IN-APP PURCHASES

When Users purchase a Subscription Plan through the relevant app store, the transaction is processed by the App Store Provider, which acts as the marketplace service provider (authorized reseller) and payment agent of the Trader. In this context, the App Store Provider is the data controller for the processing of personal data related to the payment transaction - including the collection and verification of payment details, billing information, invoicing, and refund processing. These processing operations are carried out under the App Store Provider privacy policy.

The Trader acts as the Data Controller for the processing of technical and transactional information received from relevant App Store Provider following a successful purchase. These data are processed solely for the purpose of verifying purchases, activating or deactivating Subscription Plans, managing user access to Premium Services, and fulfilling the contractual relationship with the User. The Trader does not receive or have access to the User’s payment card details, billing address, or other financial information. All payment data are processed exclusively by the relevant App Store Provider.

Accordingly, both the App Store Provider and the Trader act as independent Data Controllers, each responsible for their respective processing operations under the GDPR.

9. SPECIAL CATEGORIES OF PERSONAL DATA

The Trader does not intentionally collect or process special categories of Personal Data. Users are strongly advised not to enter or upload such data into the Application. However, if Users voluntarily include special categories of data within their own content (for example, within project descriptions, notes, or shared materials), such data are stored only for the purpose of providing the storage and project-management functionalities of the Application, and are not actively processed, analyzed, or shared by the Trader. The Trader bears no responsibility for the inclusion of such data by Users in their content or for any consequences arising therefrom. By voluntarily entering such data, the User acknowledges and expressly consents to their storage for the sole purpose of providing the Application’s services, under their own responsibility.

10. PROCESSING OF CHILDREN’S DATA

Only adults shall use the Services. Therefore, we do not collect or process children’s Personal Data. The Trader shall not be liable for all damages arising from any use of the Application by a child.

We may request your consent for certain types of personal data processing. This consent may be provided by actively ticking a box or performing another clear affirmative action while using the Application. Such action constitutes a freely given, specific, informed, and unambiguous indication of your agreement to the processing of your personal data for the above-mentioned purposes, where the processing of your data is based on your consent. You may withdraw your consent at any time, without affecting the lawfulness of processing based on your consent before its withdrawal. Where processing is based on your consent, we will provide you with all necessary information to enable you to make an informed decision. This information is made available in this Privacy Polic.

12. DATA & ACCESS PROVISION

If you refuse to disclose your Personal Data to the Trader or to the relevant App Store Provider, we may not be able to provide you with some of our Services.

When using the App, you may be asked to grant access to basic functions of your device, such as access to information stored on your device, to your device’s Wi-Fi, Bluetooth or Data Usage, and to the location of your device. For more information, please consult the App’s webpage on the relevant app store.

13. PROCESSORS & RECIPIENTS

The Trader cooperates with suppliers and service providers who process personal data on our behalf. We disclose to our partners your personal data, solely for the purposes referred to in this Privacy Policy. We may also need to disclose your Personal Data to authorized recipients/ processors for (i) the maintenance / repair of our equipment (PCs, servers, hardware) that support the operation of the Application, (ii) the development of the Application and iii) for other purposes (marketing/ hosting/ Subscription/ payments management etc.).

Where processing is to be carried out on behalf of the Trader, we use only processors providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of the GDPR and ensure the protection of your rights. We may also disclose your information where required to comply with a legal obligation, such as to competent authorities in the context of an investigation, or where necessary to protect our legal rights.

List of our basic recipients and/or processors:

  1. MailerLite Limited

Mailer Lite Privacy Policy: https://www.mailerlite.com/legal/privacy-policy

  1. Contabo GmbH

Contabo Privacy Policy: https://contabo.com/en/legal/privacy/.

  1. RevenueCat, Inc.

RevenueCat Privacy Policy: https://www.revenuecat.com/privacy/.

Data Processing Addendum: https://www.revenuecat.com/dpa/.

  1. Stripe Technology Europe, Limited

Stripe Privacy Policy: https://stripe.com/en-gr/privacy.

Stripe Privacy Center: https://stripe.com/en-gr/legal/privacy-center.

Stripe, Inc. is an active participant in EU-U.S. Data Privacy Framework.

  1. Google Ireland Limited

Google Privacy Policy: https://policies.google.com/privacy?hl=en.

The Trader and Google LLC. are Joint Controllers for some of the processing activities, while for other processing activities Google and the Trader are sole Controllers. Google determines some of the purposes and means of the processing of personal data collected through its technology. For each processing activity for purposes and means determined by Google, Google is the sole Controller. Google may use your personal data for its own purposes, such as profiling and combination with other data from user accounts in other services. Google LLC is an active participant in EU-U.S. Data Privacy Framework.

14. DATA SHARING AND THIRD-PARTY USE

The Application allows Users to share their projects, tasks, or other content with third parties by granting them access rights. Such sharing is performed at the sole discretion and under the exclusive responsibility of the User who initiates the sharing.

The Trader acts only as a technical intermediary enabling the sharing functionality and has no control over, and bears no responsibility for any access, use, disclosure, modification, or further processing of the shared data by the recipients. Users are solely responsible for ensuring that they share their data only with trusted recipients and that they understand the implications of granting access to their projects or other personal data. The Trader shall not be held liable for any damage, loss, or unauthorized processing arising from or related to the actions of other Users or third parties with whom data have been shared.

15. TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY

A transfer of your personal data to a third country (outside E.E.A.) may take place where the Commission has decided that the third country ensures an adequate level of protection. In the absence of a decision, we may transfer personal data to a third country only if the processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available. Otherwise, we will transfer your data to a third country only under GDPR conditions (data subject’ s consent, contract, vital interests etc.).

16. YOUR RIGHTS

The Trader protects your personal data and respects your rights and freedoms. As Data Subject you can exercise:

  1. the right to be informed on the processing of your personal data,

  2. the right of access to your personal data and to information relevant to processing. You have the right to obtain from the Trader confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and relevant information,

  3. the right of rectification of your personal data. You have the right to obtain from the Trader without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement,

  4. the right to erasure of your personal data. You have the right to obtain from the Trader the erasure of personal data concerning you without undue delay and the Trader will have the obligation to erase personal data without undue delay where one of the following grounds applies: (a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) you withdraw consent on which the processing is based, and where there is no other legal ground for the processing, (c) you object to the processing and there are no overriding legitimate grounds for the processing; (d) the personal data have been unlawfully processed; (e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Trader is subject; (f) the personal data have been collected in relation to the offer of information society services,

  5. the right to restriction of processing. You have the right to obtain from the Trader restriction of processing where one of the following applies: (a) the accuracy of the personal data is contested by you, for a period enabling the Trader to verify the accuracy of the personal data; (b) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; (c) the Trader no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; (d) you have objected to processing, pending the verification whether the legitimate grounds of the Trader override those of you,

  6. the right to data portability. You have the right to receive the personal data concerning you, which you have provided to the Trader, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Trader to which the personal data have been provided, where: (a) the processing is based on consent or on a contract and (b) the processing is carried out by automated means,

  7. the right to object to the processing of your personal data, the right not to be subject to a decision based solely on automated processing, including profiling and the right to withdraw your consent at any time,

  8. the right to withdraw your consent at any time, without affecting the lawfulness of processing based on your consent before withdrawal, where the processing is based on consent.

To be informed about or exercise the above rights, you need to apply to the Trader via e-mail at [email protected]. To exercise your rights, you may also use the options available in the Application for the online management of your personal data through your User Account page (e.g. access, rectification).

We are ready to handle your request with respect to your rights and privacy. Otherwise, if the Data Controller does not take action on your request, you could lodge a complaint to a supervisory authority.

We make all efforts to facilitate the exercise of your rights. We will not refuse to act on any request of yours for exercising your rights, which are described above, unless we are not in a position to identify the Data Subject.

We will respond in writing to any request from you without undue delay and, in any event, within one month of receiving your request. In this case we will provide you with information on action taken on behalf of your request. This period may be extended by two further months if necessary, taking into account the complexity and number of requests. We will notify you of any such extension within one month of receipt of the request, along with the reasons for the delay.

We will communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. Otherwise, if we do not intend to act on your request, we will inform you without undue delay and at the latest within one month of receipt of the request, of the reasons for not taking action.

Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the Trader may either: (a) charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or (b) refuse to act on the request.

17. STORAGE & SECURITY OF PERSONAL DATA

Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the Trader implements appropriate technical and organisational measures to ensure that processing is performed in accordance with the GDPR. The Trader reviews and updates those measures, where necessary.

We store your data within the European Economic Area (Contabo Cloud Hosting, Trader’s local server). We will transfer your data to a third country (e.g. USA) only under the GDPR conditions. Sortical uses SSL certificate for secure encryption and transmission of your information

The Trader is not responsible for risks that threaten the protection of your Personal Data which are outside its control, as well as for risks due to acts or omissions of a third party, force majeure, or fortuitous events.

The Trader shall not be liable for any damage caused by risks appearing on websites and apps of other entities (collaborating companies such as the relevant App Store Provider, Stripe Inc., etc.) even if users are referred to said websites/ apps by hyperlinks, banners etc. placed on the Application. Liability for the content, information, visitors’ safety and protection of their personal data, as well as the quality of services provided, lies with owners and administrators of said websites/ apps, which users visit at their own risk. The security of your payments and the protection of your personal data when using the payment gateways of third-party providers to pay for your Subscription are ensured and managed exclusively by the above-mentioned payment service providers.

The Trader assumes that the individual entering personal data into the Application is the person to whom such data relates. The Trader cannot and is not obliged to verify the identity of the person entering the data and therefore bears no responsibility for the unintentional or intentional submission of third parties data by the User. The Trader shall not be held liable for any unauthorized disclosure of personal data of third parties made by Users without the required consent or other legal basis.

18. DISPUTE RESOLUTION

Any dispute between the Trader, Users and third parties will be resolved through friendly negotiations between them. If any dispute cannot be resolved through friendly negotiations within a maximum of two (2) months, the Trader and the Users also agree to participate in any other arbitration, mediation, or other alternative dispute resolution proceedings available for such disputes. If any dispute cannot be resolved by these procedures within a maximum of two (2) months, any lawsuit, action, or proceeding arising out of [or related to] the processing of personal data for the above - mentioned purposes, shall be heard exclusively in the courts of Athens, Greece, and you irrevocably submit to the jurisdiction of such courts in any such lawsuit, action, or proceeding.

19. UPDATES

The Trader reserves the right to amend this Privacy policy. Any changes will be posted on this web page. You should periodically check whether changes have been made by the Trader. The last update of the Privacy Policy took place on 10/11/2025