Privacy Policy

Last updated: 12.12.2025

1. General Provisions

1.1. This Privacy Policy (the “Policy”) explains how Oleg Gordiushenkov s.p. (the “Operator”, the “Controller”, “we”, “us”, “our”) collects, uses, stores and protects personal data when you use the AROA mobile application (the “Application”), the website www.aroa-patterns.com (the “Website”), and other communication channels (email, messengers and similar).

1.2. We act as a “data controller” under applicable data protection laws, including: the General Data Protection Regulation (EU) 2016/679 (“GDPR”) for users in the European Economic Area (EEA); the UK GDPR and the Data Protection Act 2018 for users in the United Kingdom; Federal Law No. 152-FZ “On Personal Data” for users in the Russian Federation; and other applicable data protection laws in the country, region or state where you are located, to the extent they apply, including the California Consumer Privacy Act (“CCPA”), as amended by the CPRA, for residents of California, USA.

1.3. This Policy applies to the processing of personal data in connection with the Application and the Website. The Application and the Website may contain links to third-party websites, services or integrations. We are not responsible for the privacy practices of such third parties. We encourage you to review their privacy policies.

1.4. By using the Application and/or the Website, installing the Application on your device, creating an account, or otherwise providing us with your personal data, you confirm that you have read and understood this Policy. If you do not agree with this Policy, you must stop using the Application and the Website and delete the Application from your device.

2. Key Terms

2.1. “Personal data” / “personal information” means any information relating to an identified or identifiable natural person.

2.2. “Processing” means any operation performed on personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination, restriction, erasure or destruction.

2.3. “Controller” / “Operator” means the person who determines the purposes and means of the processing of personal data.

2.4. “User” (“you”) means any individual using the Application and/or the Website.

2.5. “Anonymised / de-identified data” means information that does not identify a specific individual and cannot reasonably be used to identify a specific individual without additional information. This may include aggregated statistics and technical identifiers that do not directly identify you.

3. Categories of Personal Data We Process

We may process the following categories of personal data about you:

3.1. Identification and contact data. First name, last name, patronymic (where applicable); email address; phone number; country of residence and/or interface language (if you provide or select them).

3.2. Account data. Username / display name (if different from your real name); password hash (we do not store plain text passwords); internal user identifier in the Application (User ID).

3.3. Device and technical data. Device model; operating system and its version; system language and time zone; IP address (including approximate geolocation derived from it, where applicable); App version, settings and preferences.

3.4. Usage data. Date and time of actions in the Application and on the Website; logs of key events (e.g. registration, log-in, consent given or withdrawn); statistics on the use of features and screens; crash and performance information.

3.5. Communication data. Information contained in your requests to our support (email, in-app forms, messengers); your feedback, comments or other messages you send to us.

3.6. Payment and subscription data (if paid features exist). We do not store your full payment card details. Payments are processed by app stores (App Store, Google Play, etc.) or by external payment service providers. We may receive limited information, such as: transaction ID; date and time of payment; type of subscription or purchase; payment status (successful / failed / refunded), and entitlement status (active / expired), where provided by the platform.

3.7. Cookies and similar technologies (Website). On the Website we may use cookies and similar technologies and collect de-identified usage data (including cookie identifiers) for analytics and statistics purposes (e.g. using Yandex Metrica, Google Analytics and similar services), subject to your consent for non-essential cookies where required by law.

3.8. Special categories / sensitive data. We do not intentionally collect or process special categories of personal data (such as data concerning health, racial or ethnic origin, political opinions, religious or philosophical beliefs, sex life, etc.), unless you explicitly provide such data and (where required by law) you give us your separate, explicit consent.

4. Purposes of Processing Personal Data

We process your personal data for the following purposes:

4.1. Provision and operation of the Application and the Website. To create and manage your user account; to provide access to content and features of the Application and the Website; to ensure technical functioning, security and integrity of our services.

4.2. Communication with you. To respond to your requests, questions and feedback; to send important service messages (for example, about changes to this Policy, security notices, or service interruptions).

4.3. Analytics and improvement. To understand how the Application and the Website are used; to improve content, design, usability and performance; to fix errors and prevent abuse.

4.4. Marketing communications (where permitted). To send you information about new features, updates, special offers or other news about the AROA App, where you have provided consent where required by law, or where we are otherwise permitted to do so. You may opt out of marketing emails at any time by using the “unsubscribe” link in our emails or by contacting us at info@aroa-patterns.com. Opting out of marketing does not affect the processing of your personal data for service-related purposes.

4.5. Compliance and protection. To comply with legal obligations (e.g. accounting, tax, consumer protection, personal data protection laws); to protect our legitimate interests, such as preventing fraud and misuse of our services, ensuring security, enforcing our Terms of Use, and defending our legal rights.

5. Legal Bases for Processing

Where GDPR, the UK GDPR or similar laws apply, we rely on one or more of the following legal bases: Performance of a contract — when processing is necessary to provide the Application and related services to you (e.g. account creation, access to features); Consent — for example, when you agree to receive marketing communications, when we set non-essential cookies on the Website (where required), or when we process special categories of data (if applicable); Legitimate interests — for example, to improve our services, prevent fraud and abuse, ensure security, and protect our legal rights, provided that such interests are not overridden by your rights and freedoms; Compliance with a legal obligation — when processing is required by applicable law (e.g. retention obligations under tax or accounting rules).

For users in Russia, we also process personal data based on your consent and other grounds provided by Federal Law No. 152-FZ “On Personal Data”.

6. How We Collect Personal Data

We may collect personal data in the following ways:

6.1. Data you provide directly. When you register an account or fill out forms in the Application or on the Website; when you contact us via email or other channels; when you voluntarily provide additional information in your profile or messages.

6.2. Data collected automatically. When you use the Application or the Website, we automatically collect certain technical and usage data (see sections 3.3 and 3.4) using logs, analytics tools and cookies.

6.3. Data from third-party services. Payment status and subscription information from app stores or payment providers; analytics and crash-reporting data from third-party services (e.g. Google Analytics, Firebase Analytics, Yandex Metrica or similar), subject to your settings and applicable law.

7. Data Sharing and Third Parties

We may share your personal data with third parties in the following cases:

7.1. Service providers (processors). We may engage trusted third-party service providers who process personal data on our behalf and under our instructions, for example: cloud hosting providers; analytics and crash-reporting services; email and communication tools; payment and subscription management services. We enter into agreements with such providers that require them to implement appropriate safeguards, to process personal data only on our instructions, and to use personal data only for the purposes specified by us.

7.2. Legal obligations and protection of rights. We may disclose your personal data if required by law or if we reasonably believe that such disclosure is necessary to: comply with a legal obligation, lawful request or court order; protect our rights, property or safety, or the rights, property or safety of our users or others; prevent fraud, abuse or other unlawful activities.

7.3. Business transfers. If we are involved in a merger, acquisition, sale of assets or similar transaction, your personal data may be transferred as part of that transaction, subject to appropriate confidentiality and security measures and applicable laws.

7.4. With your consent. We may share your data with third parties when you have given us your explicit consent to do so.

We do not sell your personal data in exchange for money. For California residents, see section 14 below for more details.

8. Data Retention

8.1. We store personal data for as long as necessary to achieve the purposes described in this Policy, unless a longer or shorter retention period is required or permitted by law.

8.2. The retention period depends on factors such as: how long you maintain an active account in the Application; legal retention requirements (for example, accounting or tax laws); the existence of disputes, claims or investigations.

8.3. When personal data are no longer needed for the purposes for which they were collected, or when you request deletion and we are not obliged to keep them, we will delete or anonymise them in accordance with applicable law.

9. Cookies and Similar Technologies (Website)

9.1. On the Website, we use cookies and similar technologies (such as local storage or pixels) to: ensure the correct operation and security of the Website; remember your preferences (such as language); analyse traffic and usage patterns; improve the performance and content of the Website.

9.2. Types of cookies. Strictly necessary cookies — required for the basic functioning and security of the Website. Analytics / performance cookies — help us understand how visitors use the Website (e.g. Yandex Metrica, Google Analytics or similar). Functional cookies — remember your preferences and settings.

9.3. Cookie choices and consent. Where required by law (e.g. in the EEA or UK), we will request your consent before placing non-essential cookies (such as analytics cookies). You can manage your cookie preferences via our cookie banner/consent tool (where available) and via your browser settings. Please note that disabling certain cookies may affect the functionality of the Website.

10. International Transfers of Personal Data

10.1. We may transfer and store your personal data in countries other than the country where you are located. These countries may have different data protection laws.

10.2. Where required by applicable law (e.g. for users in the EEA, UK or Switzerland), we ensure that appropriate safeguards are in place for such transfers, such as: a decision by the European Commission or the UK government that the receiving country ensures an adequate level of protection; and/or standard contractual clauses approved by the European Commission and/or the UK Information Commissioner’s Office, as applicable.

10.3. For users in the Russian Federation. Where Russian data protection law applies, we take into account requirements related to cross-border transfers of personal data, and we will respond to legally valid requests from competent authorities as required by applicable law.

11. Security Measures

11.1. We implement legal, organisational and technical measures designed to protect personal data against unauthorised or unlawful access, destruction, alteration, disclosure, loss or other forms of misuse.

11.2. These measures include, among other things: access controls and authentication; encryption in transit (e.g. HTTPS); regular software updates and security patches; logging and monitoring of key events.

11.3. While we strive to protect your personal data, no method of transmission over the Internet or method of electronic storage is completely secure. Therefore, we cannot guarantee absolute security of your data.

12. Your Rights under Russian Law

If you are located in the Russian Federation, you have the rights granted by Federal Law No. 152-FZ “On Personal Data”, including the right to: receive information about the processing of your personal data; request clarification, blocking or deletion of your personal data if they are incomplete, outdated, inaccurate, unlawfully obtained or not necessary for the stated purposes of processing; withdraw your consent to the processing of personal data at any time, unless processing is required by law; appeal against the actions or inaction of the Operator to the authorised body for the protection of the rights of personal data subjects or to a court.

You may exercise these rights by contacting us at info@aroa-patterns.com.

13. Additional Information for Users in the EEA, the UK and Switzerland

If you are located in the EEA, the UK or Switzerland, the following additional information applies to you.

13.1. Your rights. Subject to the conditions and limitations set out in applicable law, you have the right to: Access — obtain confirmation as to whether we process your personal data and receive a copy of the data we hold about you; Rectification — have inaccurate personal data corrected and incomplete data completed; Erasure (“right to be forgotten”) — request deletion of your personal data in certain circumstances; Restriction of processing — request that we restrict processing in certain circumstances; Data portability — receive personal data you have provided to us in a structured, commonly used and machine-readable format and transmit those data to another controller where technically feasible; Object to processing — object, on grounds relating to your particular situation, to processing based on our legitimate interests; and object at any time to processing for direct marketing purposes; Withdraw consent — where processing is based on your consent, withdraw that consent at any time (without affecting the lawfulness of processing before withdrawal).

13.2. How to exercise your rights. You can exercise your rights by contacting us at info@aroa-patterns.com. We may request information to verify your identity before responding. We will respond within the time limits established by applicable law.

13.3. Complaints to supervisory authorities. You also have the right to lodge a complaint with your local data protection authority in the EEA or Switzerland, or with the UK Information Commissioner’s Office (ICO), if you believe that our processing of your personal data infringes applicable data protection laws.

14. Additional Information for Residents of California, USA (CCPA/CPRA)

If you are a California resident, the following additional information applies to you under the California Consumer Privacy Act (“CCPA”), as amended by the CPRA.

14.1. Categories, sources, and purposes. The categories of personal information we collect, the sources from which we collect it, and the purposes for which we use it are described in sections 3, 6 and 4 of this Policy, respectively.

14.2. Sale and sharing. We do not sell your personal information for money. We also do not “share” your personal information for cross-context behavioural advertising, as these terms are defined in the CCPA.

14.3. Sensitive personal information. We do not use or disclose “sensitive personal information” (as defined in the CCPA) for purposes other than those permitted by the CCPA, and we do not use it to infer characteristics about you.

14.4. Your CCPA rights. Subject to certain limitations, California residents have the right to: request to know what personal information we collect about them and how we use and disclose it; request deletion of their personal information; request correction of inaccurate personal information; and not be discriminated against for exercising their CCPA rights.

14.5. How to exercise your CCPA rights. To exercise your rights under the CCPA, you may contact us at info@aroa-patterns.com and indicate that your request relates to your CCPA rights. We will take reasonable steps to verify your identity before responding.

14.6. Authorized agents and opt-out preference signals. Where applicable, you may use an authorized agent to submit requests on your behalf. We may require proof that the agent is authorized. If we implement support for recognized opt-out preference signals (such as the Global Privacy Control), we will process such signals in accordance with applicable law.

15. Children’s Privacy

15.1. Our services are intended for a general audience and may be used by teenagers and older children. We do not knowingly collect personal data from children under the minimum age at which they can lawfully provide consent to data processing in their country without appropriate parental or guardian consent.

15.2. If you are a parent or legal guardian and believe that your child has provided us with personal data without your consent where such consent is required by law, please contact us at info@aroa-patterns.com. We will take steps to review the situation and delete such data or obtain appropriate consent where required.

16. Changes to this Policy

16.1. We may update this Policy from time to time. The most current version will always be available on the Website at www.aroa-patterns.com/privacy (or another URL that we may specify).

16.2. If we make material changes, we will notify you by updating the “Last updated” date at the top of this Policy and, where appropriate, by additional notice in the Application or by email.

16.3. By continuing to use the Application and/or the Website after the updated Policy becomes effective, you agree to be bound by the revised Policy. If you do not agree with the changes, you must stop using the Application and the Website and delete the Application from your device.

17. Contact Us

If you have any questions, comments or requests regarding this Policy or the processing of your personal data, you can contact us at:

Email: info@aroa-patterns.com

Website: www.aroa-patterns.com