This Privacy Policy explains how SunTan ("SunTan", "we", "us") collects, uses and protects information when you use the SunTan mobile application and related services (the "App"). We designed SunTan to be useful with as little personal data as possible. If anything below is unclear, email us at tomazovsenjak7@gmail.com.
Contents
1. Who we are
SunTan is operated by Tomaz Ovsenjak sp. ("we"), based in Ljubljana, Slovenia. For privacy questions you can contact us at tomazovsenjak7@gmail.com.
2. Data we collect
We try to collect as little personal data as possible. Categories of data and where they live:
| Category | Examples | Where it lives |
|---|---|---|
| Profile | Skin type, shade goal, optional name, age range | On your device & your private iCloud |
| Location | Approximate location to fetch the right UV index and weather | Sent to weather provider; not stored on our servers |
| Health-adjacent | Tanning sessions, exposure time, vitamin-D estimates | On your device; optionally written to Apple Health with your permission |
| Device & usage | App version, crash logs, anonymous feature usage | Apple analytics & our error monitoring (aggregated) |
| Subscription | Purchase status, transaction ID | Apple in-app purchase & RevenueCat (our processor) |
| Support | Email address, message content if you contact us | Our email provider |
We do not collect contacts, photos, microphone, calendar, browsing history, or precise advertising identifiers. We do not use your data to build advertising profiles.
3. How we use data
- Run the App. Calculate safe-exposure windows, build routines, send local notifications, show the UV forecast for your area.
- Improve quality. Diagnose crashes and understand which features are useful (in aggregate, never identifying you personally).
- Manage subscriptions. Verify and restore purchases through Apple.
- Customer support. Reply to your email and resolve problems.
- Legal compliance. Comply with applicable laws and respond to lawful requests.
4. Legal basis (GDPR)
If you are in the European Economic Area, the United Kingdom or Switzerland, our legal basis for processing depends on the purpose:
- Contract — to provide the App you asked us to provide.
- Legitimate interest — to keep the App secure, understand aggregate usage and prevent abuse.
- Consent — for optional integrations like Apple Health, location and push notifications. You can withdraw consent any time in iOS Settings.
- Legal obligation — when we must keep certain records (e.g. tax, payments).
5. Sharing & processors
We do not sell personal data. We share limited data with vetted service providers who process it only on our instructions:
- Apple — App Store, in-app purchases, push notifications, App Analytics, iCloud (when you opt in).
- RevenueCat — subscription management.
- Sentry — crash and error monitoring (no personal content; stack traces only).
- OpenWeather / national meteorological services — to fetch UV and weather for your approximate location.
- Email provider — to receive and reply to your support emails.
We may also disclose information when required by law, to protect our rights, or in connection with a corporate transaction (with notice where feasible).
6. Retention
- On-device data stays as long as the app is installed; you can delete it any time from Settings → Reset.
- Crash and aggregate analytics are kept up to 13 months in pseudonymous form.
- Subscription records are retained as long as required by tax and accounting law.
- Support emails are kept for up to 24 months after the last reply.
7. Your rights
Depending on where you live, you may have rights to access, correct, delete or export your data, to object to or restrict certain processing, and to lodge a complaint with a data-protection authority. To exercise these rights, email tomazovsenjak7@gmail.com. Most data lives on your device — you can delete it instantly from Settings → Reset, or by removing the App.
California residents have additional rights under the CCPA/CPRA, including the right to know and the right to delete. We do not "sell" or "share" personal information as those terms are defined under California law.
8. Security
We use TLS in transit, hardened cloud infrastructure, and the principle of least privilege. No system is perfectly secure, but we work hard to protect your data and will notify you of any incident that legally requires notification.
9. Children
SunTan is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will delete it.
10. International transfers
Some of our processors are based outside the EEA/UK. Where required, we rely on the European Commission's Standard Contractual Clauses (or equivalent) to safeguard transfers.
11. Changes to this policy
We may update this Privacy Policy from time to time. We will update the "Last updated" date above and, where the change is material, notify you in-app or by email before it takes effect.
12. Contact
Tomaz Ovsenjak sp.
Ljubljana, Slovenia
tomazovsenjak7@gmail.com