Privacy Policy for TalabaDZ
Last Updated: April 24, 2026
Welcome to TalabaDZ! We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our mobile application and web platform (collectively, the "Platform").
By accessing or using TalabaDZ, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the application.
1. Information We Collect
We collect information that you voluntarily provide to us when you register, as well as information automatically collected by your device permissions.
A. Personal Information Provided by You
- Account Registration Data: Full name, username, email address, passwords, and profile avatars.
- Authentication Data: If you choose to link your account using third-party providers (e.g., Google), we collect basic profile information provided by the third party.
- User-Generated Content (UGC): Course contributions, files, chat messages, forum posts, comments, academic plans, and feedback.
B. Device Permissions and Access
To provide core features, the TalabaDZ app requests the following device permissions:
- Location Access (Coarse & Fine): Requested solely to calculate the Haversine distance for the "Nearby Transport Routes" feature. We do not permanently store or track your continuous location history on our servers.
- Storage & Media Access (Photos/Files/Media): Required to allow you to download course PDFs, upload academic contributions, and change your profile avatar.
- Notifications & Alarms: Requested to send you real-time Firebase Cloud Messaging (FCM) push notifications for chat messages, course updates, and exact-time transport departure reminders.
- Background Services: Used for reliable data syncing and alarm scheduling (e.g., ensuring you receive a bus reminder even if the app is closed).
C. Automatically Collected Information
- Device Data: Information about your mobile device, including device ID, model, and operating system.
- Usage Data: Diagnostic data, crash logs, and performance data.
- Push Tokens: Device tokens required to route notifications specifically to your device.
2. Legal Basis for Processing (Law 18-07 & GDPR)
Depending on your location, we process your personal data under the following legal bases, in accordance with the Algerian Law No. 18-07 relating to the protection of individuals in the processing of personal data, and, where applicable, the General Data Protection Regulation (GDPR):
- Consent: You have given us clear consent to process your personal data for a specific purpose (e.g., account creation, opting into push notifications).
- Performance of a Contract: The processing is necessary for the provision of our core services (e.g., maintaining your academic planner, delivering chat messages).
- Legitimate Interests: Processing is necessary for our legitimate business interests, such as improving platform security, preventing fraud, and enforcing community guidelines.
3. How We Use Your Information
We use the collected information for various purposes, including:
- Service Delivery: Facilitating account creation, managing your academic planner, and calculating yearly grades.
- Real-Time Chat & Communications: Storing your chat messages in our secure databases to synchronize your conversation history across multiple devices.
- Content Moderation: If a chat message or community post is reported by another user, a snapshot of that specific message is captured and stored for administrative review to enforce our community guidelines.
- System Improvements: Monitoring usage patterns and crash logs to improve app stability and user experience.
4. Automated Decision-Making & Profiling
TalabaDZ incorporates a gamification and scoring system based on user contributions and interactions. However, we do not engage in automated decision-making or profiling that produces legal effects or similarly significant effects concerning you. All account bans or severe disciplinary actions on the platform are reviewed and executed manually by human administrators.
5. Information Sharing
We do not sell your personal information. We only share information in the following specific situations:
- Public/Community Areas: When you post comments, upload files, or send messages in public community groups, that information is visible to other registered users.
- Administrative Verification: App administrators and moderators have access to user-generated content (such as pending course files and reported chat messages) to maintain platform safety.
- Service Providers: We share necessary encrypted data with third-party vendors (such as Cloudflare R2 for secure file storage and Firebase for push notification delivery) strictly to perform services on our behalf.
- Legal Obligations: We may disclose your information where legally required to comply with applicable law, governmental requests, or judicial proceedings.
6. Cookie & Local Storage Policy
While the mobile application relies on native device storage, our web platform and app utilize cookies and local storage mechanisms (such as Flutter's shared_preferences and secure storage) to:
- Keep you securely logged in across sessions (e.g., storing your JWT auth token).
- Remember your local settings and UI preferences (like Dark Mode).
- Cache recently opened files to improve performance and reduce data usage.
These are "strictly necessary" technical cookies/storage elements required for the app to function. We do not use third-party tracking cookies for targeted advertising. You can clear your local app data at any time via your device's application settings.
7. International Data Transfer
TalabaDZ operates primarily for students in Algeria. However, the data we collect may be processed and stored in servers located outside of Algeria (e.g., European or US data centers utilized by our infrastructure providers like Cloudflare or Firebase). By using the Platform, you consent to the transfer of your information to these facilities. We ensure that our third-party providers adhere to strict data protection standards (such as SCCs or GDPR compliance) to safeguard your data during international transfers.
8. Data Retention, Security, and Breach Disclaimer
- Data Security: We use administrative, technical, and physical security measures to protect your personal information. User passwords are securely hashed.
- Security Limitation: While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee its absolute security.
- Data Breach Notification: In the event of a security breach that compromises your personal data, we will notify affected users and the relevant supervisory authorities within 72 hours of becoming aware of the breach, outlining the nature of the breach and the steps taken to mitigate it.
- Soft Deletion: When you delete a chat message, it is marked as "deleted" (
is_deleted) in our database and hidden from users. We retain these soft-deleted records for a limited period for security and moderation purposes before permanent removal. - Account Deletion: If you request permanent account deletion, we perform a hard delete of your personal data, removing your tasks, contributions, and stripping your identity from the system.
9. Your Privacy Rights & Opt-Out Procedures
- Access and Update: You can review or change the information in your account by logging into your account settings.
- Account Deletion: You can request the permanent deletion of your account and all associated data directly through the app settings.
- Opt-Out of Permissions: You can revoke Location, Storage, or Notification permissions at any time through your device's native operating system settings.
- Marketing & Email Opt-Out: You can unsubscribe from our marketing, promotional, or newsletter emails at any time by clicking the "Unsubscribe" link found at the bottom of the emails or by updating your preferences in the app settings. Note that you will still receive essential transactional emails (e.g., password resets, security alerts).
10. External Third-Party Links Disclaimer
The Platform may contain links to third-party websites, applications, or services (for example, links shared by users in chat rooms or community posts). We are not responsible for the privacy practices, content, or security of any third-party sites. Once you leave TalabaDZ, any information you provide is governed by the privacy policy of the operator of the site you are visiting. We encourage you to read the privacy policies of those third-party services.
11. Policy for Minors
TalabaDZ is designed for university students. We do not knowingly solicit data from or market to children under 13 years of age. By using the Platform, you represent that you are at least 13 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Platform.
12. Governing Law & Jurisdiction
This Privacy Policy and our practices are governed by and construed in accordance with the laws of the People's Democratic Republic of Algeria. Any disputes arising under or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the competent courts of Algeria.
13. Contact Us & Data Protection Officer
If you have questions or comments about this policy, or if you wish to exercise your data rights, please contact our Data Protection Officer (DPO) and support team at:
TalabaDZ Support Team & DPO
Email: support@talabadz.com
14. Version History
| Version | Date | Description of Changes |
|---|---|---|
| 1.0.0 | April 24, 2026 | Initial release of the full Privacy Policy (added device permissions, chat storage logic, Law 18-07 compliance, and external links disclaimer). |