Back to home

Privacy Policy

Last updated: April 2025

Data controller

Kozip Apparel OÜ
Registry code: 17342785
Republic of Estonia
Email: info@freetohang.com

1. Introduction

Kozip Apparel OÜ ("we", "our", or "us") operates the Free to Hang mobile application and website at freetohang.com (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Estonian law.

By using the Service, you acknowledge you have read and understood this Privacy Policy. If you have any questions, contact us at info@freetohang.com.

2. Age requirement

The Service is intended for users aged 13 years or older. We do not knowingly collect personal data from children under 13. If you are under 13, please do not use the Service. If we become aware that a child under 13 has provided us with personal data, we will delete it immediately. Contact us at info@freetohang.com if you believe a child under 13 has created an account.

3. Personal data we collect

Data you provide directly

  • Name and display name
  • Email address (used for authentication)
  • Username
  • Profile photo (optional)
  • Messages sent through in-app plan chats

Data collected automatically

  • Device type and operating system version
  • App usage data and feature interactions
  • Push notification tokens
  • IP address and approximate location (country/region level)
  • Crash reports and performance diagnostics

Social data

  • Friends list (only users you explicitly connect with in-app)
  • Availability status (visible only to accepted friends)
  • Plans, hang requests, and related chat messages

4. Legal bases for processing (GDPR Art. 6)

Contract performance (Art. 6(1)(b)) — processing necessary to provide the Service: account creation, friend connections, availability status, plan management, in-app chat.

Legitimate interests (Art. 6(1)(f)) — security monitoring, fraud prevention, service improvement, crash diagnostics.

Consent (Art. 6(1)(a)) — analytics cookies and push notifications. You may withdraw consent at any time without affecting the lawfulness of prior processing.

Legal obligation (Art. 6(1)(c)) — where required by applicable law.

5. How we use your data

  • To provide, maintain, and improve the Service
  • To show your availability status to your accepted friends
  • To send push notifications (with your permission)
  • To analyse usage patterns and improve performance (only with analytics consent)
  • To respond to support requests submitted via the contact form
  • To detect and prevent fraud, abuse, and security incidents
  • To comply with legal obligations

We do not sell your personal data. We do not use your data for advertising targeting or profiling for commercial purposes.

6. Third-party processors

We use the following sub-processors. Each has a Data Processing Agreement (DPA) in place where required:

Supabase Inc.Database, authentication, real-time data (EU (Frankfurt))

Expo (Expo Go, EAS)Mobile app build and update platform (USA (SCCs applied))

Apple APNs / Google FCMPush notification delivery (USA (SCCs applied))

Vercel Inc.Website hosting (USA (SCCs applied))

Vercel AnalyticsAnonymised web analytics (consent-gated) (USA (SCCs applied))

Zoho CorporationTransactional email (contact form) (EU (Zoho EU))

"SCCs applied" means we rely on EU Standard Contractual Clauses for transfers to countries outside the EEA, in accordance with GDPR Chapter V.

7. Data retention

  • Account data — retained while your account is active. Deleted immediately upon account deletion.
  • Chat messages and plan data — deleted with your account.
  • Contact form submissions — retained for up to 12 months then deleted.
  • Anonymised analytics data — may be retained indefinitely as it cannot identify individuals.
  • Legal/compliance records — retained as required by Estonian law (generally up to 7 years).

8. Your rights under GDPR

As an EU/EEA resident you have the following rights. To exercise any of them, contact us at info@freetohang.com. We will respond within 30 days.

Right of access (Art. 15)Request a copy of the personal data we hold about you.

Right to rectification (Art. 16)Ask us to correct inaccurate or incomplete data.

Right to erasure (Art. 17)Delete your account via Profile → Settings → Delete account. All data is removed immediately.

Right to data portability (Art. 20)Request your data in a machine-readable format. Email us at info@freetohang.com.

Right to restrict processing (Art. 18)Ask us to limit how we process your data in certain circumstances.

Right to object (Art. 21)Object to processing based on legitimate interests.

Right to withdraw consentWithdraw analytics consent at any time via cookie settings. Withdraw push notification consent in your device settings.

9. Right to lodge a complaint

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon):

Andmekaitse Inspektsioon (AKI)

Tatari 39, 10134 Tallinn, Estonia

Website: www.aki.ee

Email: info@aki.ee

10. Security

We implement industry-standard security measures including TLS encryption in transit, row-level security (RLS) policies on our database, and access controls limiting who can view personal data. However, no system is 100% secure — if you discover a security issue, please report it to info@freetohang.com.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the app or by email at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact

For any privacy-related questions or to exercise your rights:

Kozip Apparel OÜ

Registry code: 17342785

Email: info@freetohang.com