Privacy Policy - (SanSaYo App)

Effective date: 24 January 2026
Last updated: 24 January 2026

This Privacy Policy explains how the SanSaYo mobile application and related services (the “Service”) collect, use, share, and protect personal data.

SanSaYo is currently published by an individual developer (no registered company at this time). This Policy applies to all users of the Service, including when the app is distributed privately (e.g., internal testing).

1) Data Controller (EEA/UK)

For users in the European Economic Area (“EEA”) and the United Kingdom, the data controller is:

Mantas Bieliauskas (individual developer, publishing as “SanSaYo”)
Email: contact us

Location: Vilnius, Lithuania

If the controller details change (for example, a company is established), this Policy will be updated.

2) Minimum Age (16+)

SanSaYo is intended only for users 16 years of age or older. If you are under 16, do not use the Service. We may remove accounts that we reasonably believe belong to users under 16.

3) What data we collect

Depending on how you use SanSaYo, we may collect:

A. Account and profile data

  • Email address
  • Account credentials (password handled securely; we do not store plaintext passwords)
  • Username/display name, profile photo (if you add one), bio, settings/preferences

B. Content you create and share

  • Videos and photos you record or upload
  • Captions, comments, likes, follows, shares, and other interactions
  • Reports you submit (e.g., content reports)

C. Direct Messages (DM)

  • Message content and metadata (sender, recipient, timestamps)
  • Attachments sent via DM (if enabled)

End-to-end encryption: We plan to introduce end-to-end encrypted DMs in a later version. Until that is released and enabled, DMs may be stored and processed in a way that allows the Service to operate (e.g., deliver messages, prevent abuse, comply with legal obligations). Once end-to-end encryption is implemented, this Policy will be updated to reflect the exact design and limitations.

D. Camera, microphone, and media library permissions

If you grant permissions, the app may access:

  • Camera to record videos/take photos inside the app
  • Microphone to record audio with videos
  • Media library / photos to upload existing content from your device

We access camera and microphone only when you actively use relevant features. The Service does not access the camera in the background.

E. Device, usage, and diagnostics data

  • Device model, OS version, app version, language
  • IP address and approximate location derived from it (e.g., city/country level)
  • Crash logs, performance data, and diagnostic information
  • App usage signals (e.g., screens visited, feature usage, interactions)

4) Firebase / Google services we use

SanSaYo uses Firebase services provided by Google, including:

  • Firebase Authentication (email/password login)
  • Firebase Analytics (usage measurement and improvement)
  • Firebase Crashlytics (crash reporting)
  • Firebase Performance Monitoring (performance and stability)
  • Firebase Cloud Messaging (FCM) (service notifications, if enabled)
  • Firestore / Realtime Database (data storage such as profiles, posts, comments, moderation records, and DMs)
  • Firebase Storage (media upload/storage)
  • Cloud Functions (backend processing, automation, security workflows)

Firebase and our backend systems may process identifiers such as an app instance ID and related technical identifiers for analytics, security, and service operation.

5) No advertising; no Advertising ID

SanSaYo does not display third-party ads and does not use the Android Advertising ID for advertising or ad measurement. We do not sell personal data.

6) How we use personal data (purposes)

We use personal data to:

  • Create and manage accounts, authenticate users, and provide core features
  • Enable content creation and uploads (camera/microphone/media access)
  • Deliver social features (feeds, interactions, DMs)
  • Moderate content and enforce rules (including reviewing reported videos, groups, and projects)
  • Prevent fraud, spam, and abuse; secure the Service
  • Measure and improve the Service using analytics, crash diagnostics, and performance monitoring
  • Provide support and communicate service-related information
  • Comply with legal obligations and respond to lawful requests

7) Legal bases (GDPR)

For users in the EEA, we rely on the following legal bases:

  • Contract (Art. 6(1)(b)) — to provide the Service you request (account, posting, feed, DMs)
  • Legitimate interests (Art. 6(1)(f)) — to secure the Service, prevent abuse, and improve performance and features (balanced against your rights)
  • Consent (Art. 6(1)(a)) — where required (for example, certain optional permissions or settings)
  • Legal obligation (Art. 6(1)(c)) — when we must comply with law

8) Content visibility and privacy controls

SanSaYo is a social video platform:

  • By default, videos you publish may be public and visible to other users.
  • You may have the option to set your video as private (depending on app settings).

Please avoid sharing sensitive personal information publicly. Even if you delete content, copies may remain temporarily in backups or if others have re-shared it outside the Service.

9) Sharing of personal data

We may share personal data:

A. With other users

Your profile and content are shared with other users according to your settings (e.g., public vs. private content).

B. With service providers (processors)

We use providers that process data on our behalf to operate the Service (including Google/Firebase). These providers are bound by contractual and security obligations consistent with this Policy.

C. For legal and safety reasons

We may disclose data if required by law, or to protect users, enforce our policies, investigate abuse, or respond to lawful requests.

We do not share your data with advertisers for ad targeting.

10) International transfers

Our service providers (including Google/Firebase) may process data outside Lithuania and outside the EEA. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) and additional measures where necessary.

11) Data retention

We retain personal data only as long as needed for the purposes described above:

  • Crash logs & diagnostics: retained for 90 days, unless required longer for security or legal reasons.
  • Backups: deleted data may persist in backups for up to 30 days.
  • Account data and content: kept while your account is active; deleted or anonymized after account deletion, subject to the backup period and legal obligations.
  • Moderation and safety records: may be retained longer where necessary to prevent abuse, enforce rules, and comply with legal obligations.

12) Account deletion

You can request account deletion:

  • In the app: Settings → Delete account → “Delete account”
  • By email: contact us

We aim to process deletion requests within 30 days. Some data may be retained longer when required by law, for security, or to resolve disputes; and deleted data may remain in backups for up to 30 days as described above.

13) Your rights (EEA)

If you are in the EEA, you have rights under the GDPR, including:

  • Access, correction, deletion
  • Restriction and objection (including to processing based on legitimate interests)
  • Data portability
  • Withdrawal of consent (where processing is based on consent)
  • The right to lodge a complaint with your local data protection authority

To exercise your rights, contact contact us. We may need to verify your identity.

14) Security

We use reasonable technical and organizational measures to protect personal data, such as access controls and encryption in transit. No system is perfectly secure; please keep your account credentials confidential and protect your device.

15) Google Play Data Safety (summary)

We provide information in Google Play’s Data safety section about categories of data collected and used by the app. Based on SanSaYo’s functionality, this may include:

  • Email address (account)
  • User-generated content (photos/videos), comments, interactions
  • Direct messages (DM content and metadata)
  • App activity and analytics
  • Device/diagnostics data (crash and performance)

This summary is informational; details are described in this Privacy Policy and the Play Console disclosures.

16) Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated version at: https://sansayo.com/privacy_policy.php and update the “Last updated” date. If changes are material, we will provide additional notice where appropriate.

17) Contact

For privacy questions, requests, or complaints:

Mantas Bieliauskas (SanSaYo)
Email: contact us
Vilnius, Lithuania

PRIVACY POLICY (SanSaYo.com Website)

Effective Date: 24 January 2026
Last Updated: 24 January 2026

1. Introduction

Welcome to SanSaYo (“we”, “us”, “our”).
We operate the website https://sansayo.com and the SanSaYo mobile application (collectively, the “Service”).
This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our website or app.

We are committed to protecting your privacy and handling your personal data in compliance with:

The EU General Data Protection Regulation (GDPR),
The UK Data Protection Act 2018,
The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA),
and other relevant data protection laws in the United States and abroad.

By using our website or app, you agree to this Privacy Policy.

2. Data Controller

SanSaYo
Email: contact us

Registered in: Lithuania (EU)
Website: https://sansayo.com

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us via email.

3. What Personal Data We Collect

a) Information you provide directly
Registration and profile data (e.g., name, email, username, password).
Waitlist and donation forms (e.g., name, email, payment information, reason for joining).
Investor or volunteer forms (e.g., name, contact details, professional background).
Messages and communications you send to us.

b) Information collected automatically
Device and usage data: IP address, browser type, device model, operating system, pages visited, referral source, and interaction data.
Cookies and analytics: See the Cookie Policy below.

c) Information from third parties
We may receive limited data from payment processors (e.g., Stripe, PayPal), social media accounts (if you sign up via them), or analytics providers.

4. Purpose of Data Processing

We use your data for the following purposes:

To provide and improve our website and app.
To manage waitlist registrations, donations, and investor requests.
To communicate with you (emails, updates, and responses).
To personalize content and features.
To comply with legal obligations.
To prevent fraud and ensure security.

5. Legal Bases (under GDPR)

We process your personal data based on:

Consent (e.g., for marketing emails, cookies);
Performance of a contract (e.g., providing waitlist access or app services);
Legitimate interests (e.g., improving our services, preventing fraud);
Legal obligations (e.g., accounting or tax purposes).

6. Cookies and Similar Technologies

We use cookies and similar technologies to:

Analyze website traffic and user behavior,
Store user preferences,
Improve performance and security.

You can manage your cookie preferences via your browser or our cookie consent banner.

7. Data Sharing and Disclosure

We may share personal data only when necessary:

With service providers (hosting, analytics, payment processing, email delivery);
With legal authorities, if required by law or to protect our rights;
In business transfers, if we merge or sell the company (you’ll be notified in advance).

We never sell your personal data.

8. International Data Transfers

Your information may be stored and processed within the European Union, the United States, or other countries where our partners operate.
When transferring data outside the EEA, we ensure compliance using Standard Contractual Clauses (SCCs) or other approved safeguards.

9. Data Retention

We keep your data only as long as necessary for the purposes listed above or as required by law.
When data is no longer needed, it is securely deleted or anonymized.

10. Your Rights (GDPR and CCPA)

Depending on your location, you have the right to:

Access your data;
Request correction or deletion;
Restrict or object to processing;
Data portability (receive your data in a machine-readable format);
Withdraw consent at any time;
File a complaint with a data protection authority.

If you are a California resident, you also have the right to:

Request details about categories of personal information collected;
Request deletion;
Opt out of data sale or sharing (we do not sell data).

To exercise these rights, contact us at contact us.

11. Children’s Privacy (COPPA Compliance)

Our Service is not intended for children under 13 (or under 16 in the EU).
We do not knowingly collect personal data from minors.
If we learn we have done so, we will delete it immediately.

12. Data Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, disclosure, or loss.
However, no internet transmission is 100% secure, and we cannot guarantee absolute security.

13. Third-Party Links

Our website may contain links to third-party sites.
We are not responsible for their content or privacy practices.
Please read their privacy policies before sharing any data.

14. Updates to This Policy

We may update this Privacy Policy from time to time.
All changes will be posted on this page with an updated “Effective Date.”
Significant updates will be communicated via email or in-app notification.

15. Contact Us

For any privacy-related questions, please contact us at:

📧 contact us
🌍 https://sansayo.com