Privacy Policy
Chornobyl app
Effective date: 7 October 2023
Applies to: Android version of the “CHRNBL / Chernobyl App” (the “App”).
Who we are

Controller: the CHRNBL team / “European Institute of Chernobyl” within the Chernobyl App project.

Privacy contact for data subject requests: info@chernobyl.app, chernobylapp@gmail.com.

Official website: https://chernobyl.app

2) What the App does and what permissions it needs
The App provides historical materials, maps, VR/AR content, and reference information about the Chernobyl Exclusion Zone, and allows viewing 3D/AR objects. To do this, the App may request:
  • Camerasolely for the AR mode (video is processed locally on your device; we do not upload images to our servers).
  • Network access — to load content (texts, images, 3D assets).
  • Notifications (with your consent) — only for service updates/content (if available in your regional build).
  • Location (optional) — only when you choose to show a route/points on the map; we do not track location in the background.
AR-specific: we use Google Play Services for AR (ARCore) — a Google platform that may process technical device and image data under Google’s Privacy Policy. In-app notice:
“This app runs on Google Play Services for AR (ARCore), provided by Google and governed by the Google Privacy Policy.”


3) Data we do not collect
  • We do not create accounts and do not require registration.
  • We do not collect or sell personal data (name, email, etc.) via the App.
  • We do not show ads and do not perform advertising targeting.
(For reference, the iOS page of the app indicates “Data Not Collected”; the Android version follows the same principles, with the ARCore disclosure noted here.)


4) Data that may be processed technically (minimal and necessary)
4.1 App/Device info and performanceTo ensure stable operation, third-party technology providers (e.g., Google/ARCore; possibly a content hosting service) may process technical diagnostics such as device model, OS/SDK version, crash data. These are used only to provide functionality; we do not build user profiles.
4.2 Camera and imagery (AR)The camera stream is used locally to render AR objects. We do not upload your photos/videos to our servers. If future versions add a “save frame to gallery” feature, access will use the system file picker in line with Google’s photo/video permission policy (without broad access to your entire media library).
4.3 Location (if you explicitly use it)Location may be used only on your request (e.g., “show on map”). We do not track location in the background and do not store movement history.


5) Sources of dataYou (when you email us): email address and message content.
  • Device (automatic): technical data described above.
  • Third-party services: Google ARCore / Play Services for AR (see Section 2).


6) Purposes and legal bases (GDPR)
Providing app features (AR/content/maps) — Art. 6(1)(b) GDPR (contract performance), Art. 6(1)(f) (legitimate interests: security and stability).
  • Responding to inquiries (email) — Art. 6(1)(f) GDPR (legitimate interest: user support).
  • Notifications (with consent) — Art. 6(1)(a) GDPR (your consent in OS/app).
  • Compliance with law/authority requests — Art. 6(1)(c) GDPR.


7) Data sharing and recipients
We do not sell data and do not share it for marketing. To run the App, we use service providers (as processors or independent controllers, such as Google for ARCore). They process technical data only to deliver their service, under their own policies (e.g., Google Privacy Policy).


8) International transfers
Our providers may host servers outside the EEA. In such cases, we rely on Standard Contractual Clauses (SCCs) and other mechanisms they provide to ensure an adequate level of protection.


9) Retention
  • Support emails: up to 12 months after resolution (or longer if required by law).
  • Technical/diagnostic data: retained by service providers per their policies; we do not keep it longer than necessary for the stated purposes.


10) Your rights (GDPR)
You have the right to access, rectification, erasure, restriction, objection, data portability, and to withdraw consent (where processing is based on consent). To exercise rights, email info@chernobyl.app. You also have the right to lodge a complaint with your national data protection authority.


11) Security
Data is transmitted using TLS/HTTPS. Access to any personal data we receive is restricted to authorized team members on a need-to-know basis.


12) Children
The App is not intended for children under 13. We do not knowingly collect children’s data. If you are a parent/guardian and believe a child has provided us data, contact info@chernobyl.app to request deletion.


13) Links to third-party resources
The App may open external sites/services (e.g., media materials, maps). We do not control these resources’ practices and recommend reviewing their policies.


14) Changes to this Policy
We may update this Policy periodically. The current version is always available via a link on our website and in the App. The “last updated” date appears at the top.

_____________________________________________________

Appendix A.
Suggested answers for Google Play Data safety (recommendation)To keep Play Console disclosures aligned with actual behavior and Google requirements, we suggest the following (assuming you do not enable additional analytics, ads, or account backends):
  • Does the app collect data?
Developer does not collect users’ personal data.
Third-party services (ARCore/Google) may process “App info and performance (crash logs/diagnostics)” and “Device or other IDs” for core functionality (not for advertising or profiling by us).

  • Data sharing with third parties: No (on the developer’s behalf); third-party services act as independent controllers for their own processing.
  • Security: Data encrypted in transit; we honor deletion requests for support emails.
  • User control: No profiling/retargeting; no background location.
Also add an in-app ARCore disclosure referencing Google’s Privacy Policy, and ensure the Data safety form accounts for data collected via SDKs even if it doesn’t reach your servers.
Contact
For questions about this Policy or exercising your rights, contact info@chernobyl.app or chernobylapp@gmail.com.