Last Updated: January 30, 2026
GEOBUYER LIMITED LIABILITY COMPANY (Cyprus, reg. No. HE 464159), located at Arch. Makariou III 1–7, 3rd Floor, Flat 310, 1065 Nicosia, Cyprus (referred to as “Geobuyer”, “we”, “us” or “our”), owns and operates the Geobuyer® brand and provides the Geobuyer website and mobile application (the “Application”). NLS group, trgovina in inovacije, d.o.o. acts as the Licensee and official representative within the Republic of Slovenia and other European Union countries, as agreed with the Licensor. This Privacy Policy explains how we collect, use, share, and protect personal data of users of our Application and Website in accordance with European Union law, including the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), and relevant U.S. regulations (including the California Consumer Privacy Act — CCPA), where applicable.
We may collect and process the following categories of personal data: Contact Information: Name, email address, phone number, and mailing address. Financial Data: We do not currently process payment information directly within the Application. If payment or checkout features are introduced in the future, we may process limited payment and transaction data strictly for payment processing and fraud prevention purposes, in accordance with applicable laws. Location Data: Geolocation information (upon user consent). Technical Data: IP address, device type, operating system, browser type, and version. Usage Data: Application interaction data, viewed offers, saved promotions, interaction history, records of products purchased or marked by users (excluding payment and financial data), preferences, and browsing activity. Purchase history related to in-app transactions will be processed only if and when in-app purchasing features become available. Cookies and Tracking Data: Data on user interactions with the Application through cookies and similar technologies. Analytics Data (Firebase Analytics): Information about user interaction with the Application (e.g., session duration, navigation flows, clicks, app launches), device identifiers (Advertising ID, Instance ID), and marketing attribution data. Diagnostics Data (Firebase Crashlytics): Technical information about the Application and the device at the moment of a crash or serious error (such as operating system version, device model, app version, timestamp of the crash, device and memory state, technical logs), as well as an installation identifier generated by Crashlytics (Crashlytics Install ID). These data include crash details (error type and stack trace) and are used solely to detect, analyze, and fix errors, and to improve the stability and performance of the Application. We do not use Crashlytics data to directly identify individual users or to build marketing profiles. Session Replay & Behavioral Analytics Data (Amplitude): Information about user interactions with the Application (e.g., navigation flows, clicks, scrolling, session duration and timestamps), session metadata, device identifiers and technical information. Session replay may capture on-screen interactions and limited visual interaction data from your device screen, including the visual reconstruction of the user interface as experienced during a session (similar to a screen recording). This may include pages viewed, products searched, features used, and navigation patterns within the Application. We implement technical safeguards designed to prevent the capture of sensitive personal data. Text inputs and sensitive fields are masked or excluded from recordings.
Collected data may be used for the following purposes: Providing and improving the Application's functionality and performance. Customizing user experiences. Processing and fulfilling user requests (such as account-related requests, support inquiries, and other service-related requests), and, where applicable, facilitating order-related communications or requests. Analyzing user behavior to enhance our services. Analytics and Statistics: Measuring Application usage, identifying bugs, evaluating feature effectiveness, and optimizing product features and service performance using Firebase Analytics. Crash diagnostics and app stability: Using Firebase Crashlytics to identify, analyze and fix crashes, bugs and performance issues of the Application in order to ensure its proper functioning and improve stability. Behavioral Analytics & Session Replay (Amplitude): Understanding how users interact with the Application, improving usability, detecting technical issues, and enhancing security, preventing fraudulent or abusive activity. Session replay is disabled by default and is activated only after freely given, explicit opt-in consent, and can be disabled at any time via privacy settings. Marketing communications (upon user consent). Legal compliance and safeguarding our rights and interests.
Consent (Article 6(1)(a) GDPR): For marketing communications (where enabled), location access (where requested), and session replay / behavioral analytics (Amplitude), where we request your explicit opt-in consent. Contract Performance (Article 6(1)(b) GDPR): For fulfilling service agreements with users. Legal Obligation (Article 6(1)(c) GDPR): Compliance with applicable laws. Vital Interests (Article 6(1)(d) GDPR): Protecting user or third-party safety. Legitimate Interests (Article 6(1)(f) GDPR): Maintaining and improving the security and stability of the Application (excluding session replay, which is processed only based on consent), preventing fraud or misuse, and conducting limited service analytics. Sharing of Data with Third Parties With user consent. To comply with legal obligations. With partners and service providers who assist us in delivering our services. With law enforcement or government authorities as required by law. With Google LLC (Firebase Analytics and Firebase Crashlytics), which process Application usage, analytics and diagnostics data on our behalf in order to provide analytics, reporting and crash diagnostics services. For more details, please see Google Privacy Policy (https://policies.google.com/privacy) and Firebase privacy documentation (https://firebase.google.com/support/privacy). With Amplitude Inc. (behavioral analytics and session replay): Amplitude Inc., acting as our data processor, processes certain usage and session replay data on our behalf to provide analytics and session replay services. For more details, see Amplitude Privacy Policy: https://amplitude.com/privacy
If personal data is transferred outside the European Economic Area (EEA), we ensure adequate protection through European Commission-approved standard contractual clauses or other legally compliant mechanisms. As Firebase services (including Firebase Analytics and Firebase Crashlytics) are operated by Google LLC, data may be transferred to and processed in the United States or other jurisdictions. These transfers are safeguarded by standard contractual clauses (SCC) approved by the European Commission or other appropriate safeguards, where applicable. As Amplitude Inc. may process data in the United States or other jurisdictions, any such transfers are protected by appropriate safeguards, such as the European Commission-approved Standard Contractual Clauses (SCC) or other legally compliant mechanisms, where applicable.
Data is retained for no longer than necessary for the purposes outlined or as required by law: Contact Data: Retained until account deletion or consent withdrawal. Location Data: Retained only for the duration required to provide related services. Technical Data: Retained for security and performance purposes for a reasonable period. Usage Data: Retained for service improvement and analytics purposes until the user requests deletion or the data is no longer necessary. Firebase Analytics Data: Retained according to default retention settings of Firebase (currently up to 2 months), unless the user requests earlier deletion. Firebase Crashlytics Data: Crash reports and related technical diagnostics data are typically retained by Google for up to 90 days, unless we are required by law to retain them longer. We do not retain Firebase Crashlytics data on our own systems longer than necessary to analyze and resolve stability issues. Amplitude Session Replay Data: Session replay recordings are retained for no longer than 90 days, after which they are deleted or anonymized. Retention period may be shorter if you withdraw consent and request deletion, where technically feasible.
We use cookies to enhance user experience. Cookies may be functional, analytical, or essential. Consent is required for non-essential cookies. Essential Cookies: Required for basic Application functionality. Analytical Cookies: Gather data on user interactions to improve our Application. Mobile SDK Tracking: In addition to cookies, we use third-party SDKs (such as Firebase Analytics, Firebase Crashlytics, and Amplitude) to collect technical, analytical, and behavioral data in the mobile Application. Amplitude Session Replay is disabled by default and is activated only after freely given, explicit opt-in consent, and can be disabled at any time via privacy settings. Firebase Crashlytics: We use Firebase Crashlytics, a service provided by Google LLC, to monitor the stability of the Application and diagnose errors. Crashlytics automatically collects certain technical data when the Application encounters a crash or serious error, including: • App version and build; • Operating system version and device model; • Timestamp of the crash and device state (e.g., memory usage); • Technical logs and crash details (error type and stack trace); • A randomly generated installation identifier (Crashlytics Install ID). This data is used exclusively for detecting, analyzing and fixing crashes and improving the performance and reliability of the Application. We do not use Crashlytics data for marketing or advertising purposes, and we do not attempt to directly identify individual users based on this data.
Right to Access: Request a copy of personal data and processing information. Right to Rectification: Request corrections to inaccurate or incomplete data. Right to Erasure: Request deletion of personal data under specific circumstances. Right to Restrict Processing: Limit data processing in certain cases. Right to Data Portability: Obtain data in a structured, machine-readable format. Right to Object: Object to processing based on legitimate interests or marketing. Right to Withdraw Consent: Withdraw consent at any time. Right to Opt-Out of Analytics: Users may disable Firebase Analytics collection through Application settings (if available) or by adjusting advertising and privacy settings on their device (such as limiting ad tracking on iOS or Android). Right to Opt-Out of Session Replay: Users may disable Amplitude Session Replay at any time via the Application privacy settings. Withdrawal of consent does not affect access to core Application features. Opt-out applies prospectively and stops any further session replay recording. The rights listed in this section apply to all personal data we process, including analytics and diagnostics data collected through Firebase Analytics and Firebase Crashlytics. While diagnostics collection via Firebase Crashlytics is necessary to ensure the security and stability of the Application and cannot always be fully disabled through in-app settings, you may contact us at any time to request access to, deletion of, or restriction of processing of diagnostics data associated with your device where technically feasible. To exercise these rights, contact us at [email protected] or through your account settings.
We employ industry-standard security measures, including encryption (TLS in transit, AES-256 at rest), access control (role-based access), and regular security audits to protect user data against unauthorized access, alteration, or loss. We apply data minimization principles and configure session replay tools to avoid capturing unnecessary data.
In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay, as required by GDPR.
Our Application may contain links to external websites or services. We are not responsible for the privacy practices of these third-party sites.
User consent is required for marketing communications. Consent can be provided through opt-in forms and may be revoked at any time.
The Application is not intended for children under 16 (or the applicable age of digital consent in the user’s country, but not lower than 13). We do not knowingly collect personal data from children without parental or guardian consent.
We obtain user consent through registration forms, pop-up notifications, and permission requests. Users can withdraw consent at any time via their account settings or by contacting us. Amplitude Session Replay Consent Prompt. Before any session replay recording is activated, we display an in-app consent prompt. Session replay remains disabled unless you tap “Allow”. You can refuse by tapping “Not now” and continue using core Application features. You can withdraw your consent at any time in Profile → Privacy & Data Settings, which stops further recordings. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal.
If you have concerns about our data processing practices, you may file a complaint with your local data protection authority or contact us directly at [email protected].
We may update this Privacy Policy periodically. Changes will be posted with an updated date. When new third-party services (such as analytics or advertising tools) are integrated, we will update this Privacy Policy accordingly.
For questions, comments, or requests regarding this Privacy Policy, please contact us at: GEOBUYER LIMITED LIABILITY COMPANY
This Privacy Policy may be provided in multiple languages for convenience. In the event of any inconsistency or discrepancy between language versions, the English version shall prevail, to the extent permitted by applicable law.
