Legal

Privacy Policy

Last updated: 20 April 2026

This Privacy Policy explains how PERSiBER("we", "our", or "us") collects, uses, and protects your information when you use the PERSiBER application, available at https://persiber.com and as a mobile application on Google Play and the Apple App Store (collectively, the "Service").

By using the Service you agree to the practices described in this Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Account credentials

When you sign in we receive the username and password you provide. Passwords are never stored in plain text; they are hashed server-side using a strong one-way algorithm before being persisted to the database.

1.2 Session data

After successful authentication we issue a secure, HttpOnly, SameSite session cookie so your browser or the mobile app can maintain your signed-in state. This cookie contains a random session identifier only — no personal data is embedded in it. The session is invalidated on sign-out.

1.3 Device & usage data

Our servers may automatically record standard web server logs including your IP address, browser or app version, operating system, referring URL, and the pages or API endpoints you access. This data is used solely for security monitoring, abuse prevention, and diagnosing technical errors. Logs are retained for a maximum of 30 days and then deleted.

1.4 Camera

The mobile application and web application request access to your device camera only when you use the built-in QR code scanner feature. The camera feed is processed entirely on your device in real time; no images, frames, or video are transmitted to or stored by our servers. Camera access is never used for any purpose other than QR-code decoding.

1.5 Offline queue

If you perform actions while your device is offline, those actions are temporarily stored in your browser's local storage or the mobile app's sandboxed storage so they can be replayed when connectivity is restored. This data never leaves your device until it is sent to the server as a normal API request.

1.6 What we do NOT collect

We do not collect:

  • Location or GPS data
  • Contacts, photos, or files on your device
  • Microphone audio
  • Payment or financial information
  • Biometric data
  • Data from third-party social login providers (we use no OAuth third-party logins)
  • Advertising identifiers or cross-app tracking data

2. How We Use Your Information

  • Authentication & access control — to verify your identity and grant access to the features you are authorised to use.
  • Service operation — to process your requests, sync data, and provide the core functionality of the application.
  • Security & fraud prevention — to detect and investigate suspicious activity, enforce our security policies, and protect users and infrastructure.
  • Service improvement — aggregated, anonymised usage patterns may be analysed internally to improve performance and user experience. No individual-level behavioural profiles are built.
  • Legal compliance — to meet obligations under applicable law.

We do not sell, rent, or trade your personal data to any third party. We do not use your data for targeted advertising.

3. Data Sharing

We do not share your personal data with third parties except in the following limited circumstances:

  • Infrastructure providers — the application is hosted on dedicated servers. The hosting provider has access to server infrastructure but not to application-level data.
  • Legal requirements — we may disclose data if required to do so by law, court order, or other governmental authority.
  • Protection of rights — if we believe disclosure is necessary to protect our rights, property, or safety, or that of our users or the public.

4. Data Retention

Account data is retained for as long as your account is active. Server logs are retained for a maximum of 30 days. If you request deletion of your account, we will delete or anonymise your personal data within 30 days of the request, except where retention is required by law.

5. Security

All communication between your device and our servers is encrypted using TLS. Session tokens are stored in HttpOnly cookies and are not accessible to JavaScript. Passwords are stored as cryptographic hashes. We apply security headers (HSTS, CSP, X-Frame-Options) and regularly review our security practices. However, no system is completely immune to attack and we cannot guarantee absolute security.

6. Cookies & Local Storage

TypePurposeCan be disabled?
Session cookieKeeps you signed in securelyNo — required for the service to function
Local storage (privacy consent)Remembers your consent preferenceCleared on browser data wipe
Offline action queueStores unsent actions while offlineCleared automatically after sync
Analytics / trackingCurrently none in useN/A

7. Mobile Application Permissions

When installed as a native mobile application, PERSiBER requests the following device permissions:

PermissionWhy it is neededData stored?
InternetLoad the application and sync data with the serverNo
Network stateDetect connectivity changes for offline modeNo
CameraQR code scanning feature only. No images captured or transmitted.No

8. Children's Privacy

The Service is not directed at children under the age of 13 (or 16 where applicable under local law). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at the address below and we will delete it promptly.

9. Your Rights

Depending on your country of residence, you may have the following rights regarding your personal data:

  • Access — request a copy of your personal data.
  • Correction — request that inaccurate data be corrected.
  • Deletion — request that your personal data be deleted.
  • Objection — object to certain processing activities.
  • Portability — receive your data in a machine-readable format.

To exercise any of these rights, contact us at kouroshrastineh95@gmail.com. We will respond within 30 days.

10. International Data Transfers

The Service is operated from servers in the European Union. If you access the Service from outside the EU, your data may be transferred to and processed in the EU. We apply appropriate safeguards in compliance with applicable data protection law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of the Service after changes are posted constitutes your acceptance of the revised Policy. For material changes we will provide notice through the application.

12. Contact Us & Data Deletion

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data — including requests to access, correct, or delete your data — please contact us at:

PERSiBER
kouroshrastineh95@gmail.com

How to request data deletion

  1. Send an email to kouroshrastineh95@gmail.com with the subject line "Data Deletion Request — PERSiBER".
  2. Include the username associated with your account so we can locate your data.
  3. We will confirm receipt within 5 business days.
  4. Deletion will be completed within 30 days. You will receive a confirmation email once done.

What is deleted: your account credentials, session records, and any account-associated operational data stored on our servers.

What is retained: anonymised aggregated statistics that cannot be linked back to you, and records required to be kept by law.

← Back to sign-in