1. Introduction
Manga&Stories4All Sàrl, Avenue du Midi 37, 1700 Fribourg, Switzerland, c/o Fid-Conseil SA, as a data controller, hereby notifies users of the Haven application and derived services of the data processing it carries out, through this privacy policy (hereinafter, « Policy »).
With this Policy, Manga&Stories4All intends to comply with the legal obligations arising from the DPA and the RGPD, insofar as these laws are applicable.
2. Scope of application
This Policy applies in any cases or any means through which you may access our application and website and sets out the conditions under which we collect, use and store information relative to you, your use of our application, preferences, and choices you may dispose of concerning storage, use, collection or disclosure of personal information. This policy also applies to all the services we provide as part of our activities.
You acknowledge that, by creating an account on the Haven application, by accessing our website or contracting with us, you have read, understood and agreed to be subject to the terms of this Policy.
3. Specifications
In the present policy, are implied by the term:
- Personal Data, all information relating to an identified or identifiable natural person.
- Processing, all operations relative to personal data, inclusive of all methods and processes used, specifically collection, storage, conservation, usage, modification, communication, archiving, deletion or destruction of data.
- Data controller, the private individual or governmental entity which, single-handedly or in conjunction with others, determines the purpose and meaning of the processing of personal data.
- Sub-processor, the private or governmental entity that processes personal data on behalf of the data controller.
- Data security breach, any security violation resulting in the accidental or illicit loss, alteration, modification, deletion or destruction, disclosure or unauthorized access to and of personal data.
4. Type of data collected and purpose
4.1. Authentication Data
Authentication data is collected with the intend of identifying and authenticating you. Unless otherwise specified, this data is stored indefinitely, i.e. it is only deleted when and if the user deletes his/her account.
For that purpose, we collect the following data:
| Data Name | Storage Location/Duration | Purpose |
| User UID | Server/Indefinite | Identify the user through the application. |
| Connection Address | Server/Indefinite | Identify, authenticate and contact the user. |
| Provider | Server/Indefinite | Identify the user’s “identity” provider and authenticate the user to its identity. |
| Account Creation Date | Server/Indefinite | Firebase’s internal operations. |
| Last Connection Date | Server/Indefinite | Firebase’s internal operations. |
| Username | Server/Indefinite | Profile personalization and user anonymization. |
| UID Token | Device Memory/1 Hour | Identify the user making requests to the server (Handled by Firebase) |
| Refresh Token | Device Storage/30 Days | Refresh the UID Token (Handled by Firebase) |
4.2. Reading Data
Reading data is collected with the intend of allowing users to personalize their reading experience and save reading preferences in their account. Unless otherwise specified, this data is stored indefinitely, i.e. it is only deleted when and if the user deletes his/her account.
For that purpose, we collect the following data:
| Data Name | Storage Location/Duration | Purpose |
| Reading Orientation | Server/Indefinite | Save reading orientation (horizontal/vertical). |
| Reading Direction | Server/Indefinite | Save reading direction (traditional/inverted) |
| Reading Mode | Server/Indefinite | Save the reading mode. |
| Spacing | Server/Indefinite | Save the chosen spacing between pages. |
| Lighting | Server/Indefinite | Save reading screen lighting parameters. |
4.3. Permissions Data
Permissions data is collected with the intend of maintaining the application and user’s security by restricting authorized access and controls only to specific users. Unless otherwise specified, this data is stored indefinitely, i.e. it is only deleted when and if the user deletes his/her account.
For that purpose, we collect the following data:
| Data Name | Storage Location/Duration | Purpose |
| Permission Identifier | Server/Indefinite | Identify the degree of permissions granted to a user through an identifier. Identifiers correspond to a set authority title (e.g. Administrator). |
| Issue Date | Server/Indefinite | Save the time and date of a permission’s issuing, refuse obsolete permissions. |
| Last Update | Server/Indefinite | Save the time and date of the last update on a permission, refuse obsolete permissions. |
4.4. Readings Data
Readings Data is collected with the intend of saving a user’s data relative to its readings. Such data is kept for each work the user has interacted with. Unless otherwise specified, this data is stored indefinitely, i.e. it is only deleted when and if the user deletes his/her account.
For that purpose, we collect the following data:
| Data Name | Storage Location/Duration | Purpose |
| Notification Activation | Server/Indefinite | Send notifications at the release of a new chapter. |
| Chapter Number | Server/Indefinite | Resume a reading at the chapter you left. |
| Favorite | Server/Indefinite | Add a reading to your favorites. |
| Date of Last Reading | Server/Indefinite | Sorting readings in the user’s history by most recently read. |
| Rating | Server/Indefinite | Calculate the average rating of a reading. |
4.5. Chapter Data
Chapter Data is collected, similarly to the readings data, with the intend of saving a user’s data relative to its readings. Such data is kept for each chapter the user has interacted with. Unless otherwise specified, this data is stored indefinitely, i.e. it is only deleted when and if the user deletes his/her account.
For that purpose, we collect the following data:
| Data Name | Storage Location/Duration | Purpose |
| Has it been read at least once already? | Server/Indefinite | Filter chapters that the user has read at least once before. |
| Has it been read? | Server/Indefinite | Filter chapters that the user has read in the current session. (If the user starts reading a work again from the beginning, this will be reinitialized) |
| Page number | Server/Indefinite | Display chapter progress. |
5. Types of recipients for the collected data
5.1. Subcontractors and external service providers
Most of the data we collect is stored via a Firebase server, a product developed by Google, but under the sole control of our company’s development team, whose access is exclusive.
The remaining data is stored directly on the user’s device.
You hereby consent to the transmission and storage of your personal data on a Firebase server located in the United States.
5.2. Transmission to third parties
Except as provided in point 5.1 and in situations where the law or an authority requires us to do so, we undertake not to pass on the data collected to third parties.
6. Communication to third parties abroad
As stated in point 5.1, your data may be processed in the United States. These communications are governed by the guarantees of Swiss and EU law provided for in art. 16 LPD and art. 28 RGPD thus ensuring the protection of your personal data.
7. Security
We have implemented appropriate security measures (technical and organizational) in accordance with legal requirements and best practices, considering the risks involved, in order to protect your data against accidental or intentional manipulation, loss, destruction, disclosure or unauthorized access. Particularly, access to servers is restricted to the minimal possible number of members and all actions are conducted under strict supervision of executives.
8. Your rights
You can ask us to access, rectify, transmit or delete your personal data. To exercise your rights, please contact us at « support@haven-app.co ».
9. Modification
This Policy may be modified in line with legal, operational and strategic developments. Any updates will be posted on this page. Please check back regularly.