PRIVACY POLICY

By using the FLASH Web Service and/or iOS Application and/or Android Application (hereinafter referred to as the Application), you confirm that you have read and agree to the terms of the FLASH Privacy Policy.

Copyright Holder

The developer and copyright holder of the FLASH Application is LIMITED LIABILITY COMPANY "FLASHCHARGE"

Legal address: 49089, Dnipropetrovsk region, Dnipro, Budivelnykiv str., 25, EDRPOU Code 42376732.
e-mail: o.kosoi@flashcharge.com.ua

Licensee

The licensee of the FLASH Application is Limited Liability Company "FPAY"

Legal address: 49089 Dnipropetrovsk region, Dnipro city, Panikakhy street, building 2-B, office 307, EDRPOU code 45008020.
e-mail: acc@fpay.net.ua

This Privacy Policy defines the procedure for collecting, using, storing, transferring, and protecting personal data that we receive when interacting with you through our websites (https://appflash.top), related services, and mobile applications, as well as through interactions with unaffiliated parties, such as our service providers and/or collaborating partners.

Using the Application to access electric vehicle charging services confirms that you agree to all terms of use and the Privacy Policy, the pricing conditions, the Rules for using charging stations, and the Rules of the FLASH Pixel bonus program.

Please read this Privacy Policy carefully. If you do not agree with its provisions in whole or in part, do not provide your consent to the processing of Personal Data. In this case, the use of our Services is not possible.

The consent of the personal data subject should be understood as the voluntary expression of an individual's will (provided they are informed) to grant permission for the processing of their personal data in accordance with the stated purpose of their processing.

This Privacy Policy does not apply to sites, services, and applications that are not affiliated with us, even if they are linked to our Websites, Services, or applications, including the sites of our Service Providers, official channels or platforms on social networks where we post information, as well as sites or services to which we or our employees provide recommendations or links.

We regularly improve our Services and Applications, so this Privacy Policy may change. The current version is always available on our websites and in the applications. Please note the effective date of this Policy and periodically check for updates. You are responsible for independently tracking such changes.

1. Categories of personal data to be collected

1.1. Concepts and definitions of personal data

Personal data — any information that directly or indirectly relates to an individual and allows them to be identified. Personal data does not include anonymized or aggregated information that does not allow identification.

There is no exhaustive list; the main feature is the possibility of identifying a person.

The Company distinguishes data by the duration of their storage depending on the purpose of processing:

Ephemeral (transit) data: Information processed in real-time to ensure the technical functioning of the service (e.g., data packet transmission, current communication session). Such data is not written to long-term databases and is automatically deleted upon completion of the technical operation.
Stored data: Information recorded on the Company's servers to provide services, maintain transaction history, ensure security, or fulfill legal requirements. Such data is stored for the periods specified by this Policy.

1.2. Categories of personal data

Due to the specific nature of providing services, the Company collects and processes several categories of personal data, including:

Identifiers: first and last name (optional), username*, phone number*
Transaction history*
Device information: device type and manufacturer, its identifier, operating system and platform, screen resolution
Cookies*, IP address*
Browser type, language*, and version
Type of requested service*
Geolocation (with consent)
Support requests*
Survey responses*
Feedback*

The list is not exhaustive. Stored data is marked with an "*" symbol.

2. Sources of personal data collection

We receive your personal information directly through our Services during:

account creation and profile completion in the Application;
use of the Services' functionality (in particular, activation of charging sessions and access to geolocation data);
interaction with a payment partner (receiving transaction statuses and tokenized data without saving full card details);
contacting customer support via messengers or phone;
automatic collection of technical parameters of the electric vehicle and chargers during a session;
participation in promotions, surveys, or marketing events;
leaving reviews, ratings, and comments about infrastructure operations.

We offer two levels of interaction with our Services, allowing you to control the amount of data provided:

Guest access: allows you to use the Services without manually entering data. In this case, the system creates an anonymous profile with a technical identifier that allows viewing the station map and activating charging sessions.
Full registration: to access extended functionality, you need to create an account by providing a phone number and username. This allows you to use the advance payment system (prepayment for services), apply promo codes, leave reviews, and access new platform features as they are introduced.

Optional data: you can voluntarily add technical specifications of your electric vehicle to optimize the calculation of charging parameters and improve the accuracy of service forecasts.

You independently manage your privacy settings and can change or delete the provided information at any time.

We may also receive information from the following external sources:

Payment services: receiving transaction statuses and payment confirmations from banking institutions and payment systems;
Messengers and bots: data transmission when using our Telegram bot or contacting support through external communication channels;
Distribution platforms: aggregated data from the Google Play Store and Apple App Store regarding installations, crashes, and technical performance of the application;
Marketing partners: data on the effectiveness of advertising campaigns and promo codes provided by our official partners.

With your consent, we use your device's geolocation data (via system settings or third-party APIs) to display nearby charging stations and build routes to them.

3. Information collected using automated data processing tools

To ensure the stable operation of the Services, security, and correct interaction with the charging infrastructure, we automatically record a limited set of technical data during each session:

System logs and identifiers: we store data about requests to our server, including IP address, access time, and technical session identifiers. This is necessary to maintain the operation of guest access and authorized profiles.
Device parameters: we receive information about the device type, operating system version, and language settings for the correct display of the application and website interface.
Geolocation: based on the IP address, we determine the approximate or exact location of the user. To find nearby stations and build routes in real-time, we use your device's GPS coordinates exclusively provided you have granted appropriate permission in your OS settings.
Technical diagnostics: we record connection parameters with the charging station and critical error reports (logs) to promptly resolve charging issues and prevent equipment failures.
Opt-out of behavioral tracking: we do not use tools to collect data on your activity on third-party resources and do not perform behavioral analysis beyond the functionality necessary to provide charging services.

To ensure the correct operation of the Services and save your settings, we use local data storage technologies (cookies and Local Storage):

Technical (necessary) files: used to maintain your authorization, session security, and stable operation of basic functions (e.g., stations on the map and the charging process). Without them, the use of the Services is technically impossible.
Functional data: allow the platform to remember your choices (e.g., selected interface language, region, or station filters) so you do not have to re-enter them on every visit.
Local Storage: we use your browser's or device's local storage to save technical identifiers of guest accounts and parameters of the current charging session. This data is stored locally and is not used to identify you on third-party resources.

You can manage the use of these technologies in your browser or device settings. Please note that disabling technical cookies may lead to the inability to authorize and correctly display the status of charging stations.

4. Disclosure of personal information to unaffiliated parties

The Company does not sell or transfer your data to third parties for marketing purposes. Information disclosure is possible exclusively to ensure the technical functioning of the Services or in cases required by current legislation.

4.1. Service Providers (Data Processors)

We engage verified partners to support the Services' infrastructure. They receive access to data exclusively within the scope of performing their functions:

Cloud hosting providers: for hosting servers and databases (in particular, Microsoft Azure);
Payment partners: for processing transactions (in particular, monobank). We transmit only the order identifier and the amount; the payment partner returns the payment status without disclosing your full card details;
Technical support: services for communication (Telegram API) and systemic failure diagnostics.

4.2. Legal requirements and protection of rights

Disclosure of personal data is possible in cases directly stipulated by the legislation of Ukraine:

at the request of law enforcement agencies and/or by a court decision;
to protect the property rights and safety of the Company or our users in case of fraud detection.

4.3. Change of ownership and reorganization

In the event of a sale of the business or assets, your data may be transferred to the successor. We undertake to notify users of such changes by updating this Policy or through the Services' interface.

Important: The Company adheres to the principle of minimization — only the amount of data is transferred to third parties without which the provision of a service (e.g., making a payment or activating a station) is technically impossible.

5. Mandatory disclosure and protection of user rights

We are obliged to maintain the confidentiality of your Personal Information. Except as expressly provided by this Policy, your personal information is not disclosed to any unaffiliated parties without your consent, except in situations where such disclosure is necessary or mandatory by law, court decisions, orders, or other legally binding procedures, including but not limited to government, regulatory, or licensing requests.

Disclosure of Personal Information may occur in the following cases:

Legal and regulatory requirements: To comply with applicable laws, rules, or regulations; comply with court orders, subpoenas, requests from law enforcement agencies, or state regulatory bodies; respond to requests directed to us or our affiliates, subsidiaries, contract suppliers, or partners.
Fulfillment of contractual obligations and terms of use: To enforce our terms of use, user agreements, or service provision agreements; process payments, issue invoices, collect debts, or enforce other financial obligations.
Protection of rights and legitimate interests: To protect the rights, property, or safety of our company, users, partners, or third parties; take measures to prevent legal liability or mitigate risks associated with potential claims or disputes.
Security and investigations: To detect, prevent, and respond to security breaches of Services and applications, fraudulent activities, or unauthorized use of our apps and platforms; conduct internal investigations or audits related to the protection of Personal Information and ensuring user safety.

We implement reasonable technical and organizational measures to minimize risks in the event of such disclosure. However, any disclosure made in accordance with the law, court order, or regulatory request is not subject to prior agreement with you and does not impose additional liability on us for the actions of third parties receiving your information.

6. Data security and protection

We have implemented a comprehensive set of technical and organizational measures to protect your information from unauthorized access, loss, or alteration. Our security architecture is based on data encryption and secure interaction with payment gateways.

Since no method of data transmission over a network is 100% secure, we emphasize shared responsibility for the security of your account:

Passwords: you are responsible for the complexity and confidentiality of your password. We recommend using unique character combinations not repeated across other services.
One-Time Passwords (OTP): codes received during registration or account recovery are confidential. Never share them with third parties, even if they claim to be service employees.
Payment security: we use secure partner services (in particular, monobank) for transaction processing. Your full card details are not stored in plain text on our servers.

Important: we never send requests asking for your password or confirmation code via e-mail or messengers. Any attempt to obtain this data by unauthorized parties is fraud.

7. User rights and data management

As a personal data subject, you have an extensive list of rights under Ukrainian law. We provide technical capability to exercise these rights through Application settings or by contacting customer support:

Access and correction: you have the right to know exactly what data we process and request correction of inaccurate information in your profile.
Data deletion (the right to be "forgotten"): you can request the deletion of your account. Please note that we may retain certain information (e.g., transaction history) if necessary to fulfill lawful financial obligations or resolve debt disputes.
Restriction and objection: you can request the cessation of processing your data or revoke consent for specific types of processing (e.g., optional notifications).
Data portability: you can obtain a copy of your personal data in a structured, commonly used format.
Protection from discrimination: exercising your rights does not affect the cost or quality of charging services.
Right to file a complaint: in case of a violation of your rights, you have the right to contact the Ukrainian Parliament Commissioner for Human Rights or a court.

To exercise any of these rights, please send a request to our email address or contact FLASH support.

8. Contact information