top of page

HeadsApp Privacy & Cookie Policy

HeadsApp Privacy Policy applies solely to the processing of your personal data as a user of the app and the website www.headsapp.com. By no means does this policy govern the terms and conditions with regard to the use of HeadsApp or the data sent by you through HeadsApp to other users.

​

At HeadsApp Security is at the core of everything we do. We do everything we technically can to prevent unauthorised access to users' data on our servers. End-to-end encryption makes data accessible only by the devices of the sender and the receiver, no other parties including HeadsApp are able to access it. Lastly, we will never sell or provide your personal data to third parties without your consent, other than required by law.

​

​

Who controls the processing of your personal data ?
​
Tech Angela LLC, located at Bureau 24, 7 Rue Hooker Doolitlle le Belvedere 1002 Tunis, Tunisia, is the creator of the HeadsApp product and the controller responsible of your personal data.
​
Want to reach out ?
​
You can contact Tech Angela LLC on all matters regarding HeadsApp:
​
​
HeadsApp is effectively a product built and owned by Tech Angela. For this reason, in the following, both names can sometimes be used interchangeably especially when referring to one or the other as a responsible/liable entity.
​
​
Providing your personal data is not mandatory
​
Providing personal data is never mandatory. It is always possible to decide wether or not to provide personal data. However, in order to be able to make use of a number of our services the provision of personal data is required. If we ask for the input of personal data, we will indicate which data are necessary to make use of the service and therefore must be provided, and which data can be provided at the discretion of the user.
​
​
Which personal data do we process?
​
When we provide our products and services we may process your personal data. This could include the following:
​
  • your name

​

  • your work address(es), phone number(s) and email address(es)

​

  • your profession, medical registration number and other information you provide in your profile (the other information is optional)

​

  • pictures (including your profile picture) uploaded by you (optional)

​

  • data about your interests and preferences as a user of our website, app, products and services (optional)

​

  • financial data relating to orders and payments to us and to you

​

  • data regarding your visit to our website and app, including URL, IP-address, browser type, language, date, time and duration of your visit

​

  • data on the status and identity of your mobile device

​

  • Phone numbers from your address book on your phone (optional)

​

​

Contact List Data

​

​

Only with your permission, we will collect the phone numbers of your contact list. No other contact information that correspond to the phone numbers or email addresses will be collected or used. This allows us to match HeadsApp users and place them in appropriate user groups which in turn allows you to connect with other users of HeadsApp and allows them to communicated directly with you and each other. In order to do this best, we will periodically check for updates in your contact list. Contact list data (if the user allows) will only be transmitted to the server in hashed form and additionally protected using industry standard transport layer security. Only contact list data that has been matched will be stored (in hashed form). Contact list data of non-users will not be stored. No elements of users' contact lists will be given to third parties or used for advertising purposes.

​

​

Message Data

​

Messages are end-to-end encrypted. HeadsApp has no way to decrypt messages of users because it does not know their private keys. Private keys of users are not stored on our servers. The encrypted messages and media are not kept any longer than necessary for correct functioning of HeadsApp. To avoid intrusion by third parties (e.g. in open wireless LANs), all data flux between our servers and the devices of our users is encrypted by the use of https (TLS 1.2). Furthermore, text in messages are end-to-end encrypted with the so called ​‘crypto_​box’ of NACl (https://​nacl​.cr​.yp​.to/) and the server has not access to the required private keys.

​

Although messages are safely sent and received through the Service, it is still the user’s responsibility to determine receivers ​are authorised to receive any possibly privacy sensitive data (e.g medical information that is reducible to a specific patient). Users are thus responsible and liable for data they send to other users. HeadsApp cannot be held responsible or liable for any privacy sensitive data sent through the Service by users without the required authorisation.

​

​

What do we process your personal data for ?

​

Your personal data may be processed for the following purposes:

​

  • to provide you with access to our website and app, whether or not based on your registration as a user

​

  • for showing whom of your connections from your address book or contact list also use HeadsApp

​

  • for the entering into and implementation of an agreement concluded with you

​

  • to provide you with, and adapt to your preferences regarding, the agreed services, products and/​or information

​

  • to send you a newsletter, user information or a service message

​

  • to enable you to view and share with others, including your organisation, user data in the app or on the website

​

  • to enable interaction with other users, and to invite others to make use of HeadsApp

​

  • to enable you to provide and exchange information on the website or in the app

​

  • to improve the quality, safety and usability of our website and app and to combat fraud

​

  • to comply with the rules and regulations imposed on us and for dealing with disputes

​

To the extent that the processing listed above requires your permission, we will request such permission in advance. You can always revoke such permission.

​

Your personal information will not be used for other reasons than those listed above.

​

​

Lawful basis for processing

​

If we have a legitimate interest in doing so, we may process personal data, as long as it does not interfere with your privacy. Also, we may also process personal data as part of abiding by a contract we have with you or to comply with legal obligations. Even in those cases we will need your active consent to process that personal data, and we will cease all processing activities if you withdraw your consent.

​

​

Data processing in Europe and abroad

​

Your personal data will only be stored where your countries laws and regulations allow it (e.g GDPR in Europe)

​

​

Third Party Processors

​

When we engage the serviced of a third party for any of the purposes mentioned above, and this third party has access to your personal data, we take the necessary measures to make sure that your data will be processed for no other purposes than those described here.

​

​

Cookies

​

Like many other websites, we use cookies on this site to enable our systems to recognise your browser or device and to provide you with the Services (a small removable data file stored by the web browser on your computer that identifies your computer and browser when you visit our Site or use our Services). We do not use cookies to collect Personal Information, but to improve the quality of the Services. Most web browsers are initially set up to accept cookies. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. Please note, however, that some features of the Site may not work if you delete or disable cookies. You can manage cookies through your browser settings, which may, for example, provide you with a 'Do Not Track' option, which allows you to notify operators of websites and web applications and services (including behavioural advertising services) that you do not want these operators to track some of your online activities. In addition, the Help section of most browsers will tell you how to refuse cookies, how to have a message notify you when you receive a cookie, how to disable cookies, and when to expire.

​

​

Security and Retention

​

Information about you is kept for a limited period of time to achieve the purpose for which it was collected and as long as you do not exercise your rights as defined below. Your Personal Information, Usage Data and Messaging Data is retained for as long as is necessary to permit your use of the Services and interaction with you, but no longer than one year after the last activity detected on your account.

We may, however, retain some of your personal data for a longer period of time, for the sole purpose of complying with any legal obligation, or responding to any questions or complaints addressed to us after you cease using the Services.

​

​

Inspection, correction and deletion

​

In accordance with current legislation, you have the right to access, rectify and delete your personal data, as well as the right to limit the processing and portability of your data.

You also have the right to object on legitimate grounds to the processing of your data by HeadsApp, as well as the right to lodge a complaint with the CNIL or any other protection authority, if you consider that the processing of your data is not carried out in accordance with the applicable provisions.

These rights can be exercised with HeadsApp by sending an e-mail to this address contact@headsapp.com

In order for HeadsApp to be able to satisfy this request, you must send it the elements necessary for your identification: surname, first name, e-mail and possibly postal address.

After deletion of your Personal Information, HeadsApp will not be able to restore it. In addition, HeadsApp cannot ensure that such deletion will result in the complete removal of any content or Personal Information that you may have otherwise made public or shared with others using the Services.

​

​

​

Amendment and version

​

We may amend this privacy and cookie policy. We recommend that you check regularly for changes. This privacy and cookie policy was last amended on 22 May 2021.

bottom of page