Summary
We built Sugenda to minimize data collection. We do not sell or share users’ personal data with third parties for marketing or advertising. Data is processed only to provide the service.
Who we are & contact
Legal entity: Zegenerative (Netherlands).
Privacy contact: sugenda.app@gmail.com
What we collect
Account data: email address and provider ID.
Special category data: none.
Automatically collected: basic technical metadata may be processed by hosting to deliver the service and keep it secure (e.g., request logs).
Why we process data
- Account creation and authentication.
- Syncing and providing core app functionality.
- Service operation and security (fraud/abuse prevention, diagnostics).
- Compliance with legal obligations.
Legal basis (GDPR): Contract (necessary to provide the service).
Cookies & local storage
We use secure local storage to maintain your sign-in session and preferences. No tracking cookies are used.
Sharing & processors
We do not sell users’ personal data. We disclose data only to vetted service providers acting on our instructions and only as needed to operate the service.
- Hosting: Amazon Web Services (AWS) — Europe regions.
International transfers
Data is stored and processed in Europe. If a transfer outside your region becomes necessary, we will implement appropriate safeguards (e.g., Standard Contractual Clauses) where required.
Security measures
- TLS encryption in transit.
- No encryption at rest at this time.
- Admin/developer access protected with MFA and least-privilege controls.
- Regular dependency updates via the Expo toolchain; no active security monitoring currently.
Retention
We retain your account data for as long as your account exists.
Your rights
Depending on your location, you may have rights to access, correct, delete, port, or restrict processing of your personal data. To exercise these rights, contact sugenda.app@gmail.com.
Children
Sugenda is intended for general audiences. We do not knowingly collect personal data from children without appropriate consent where required by law. If you believe a child has provided personal data, contact us and we will address it.
Data deletion
You can delete your data using the in-app Delete Account button. This will remove your account data from our active systems.
Incident response
If a data breach affecting your personal data occurs, we will notify affected users by email within 72 hours of becoming aware, where required.
California (CCPA/CPRA)
We do not sell personal information and are not subject to the CCPA at this time.
Changes
We may update this notice from time to time. We will update the “Effective” date and, where appropriate, provide additional notice.
This page is for general information and does not constitute legal advice.