GOOGLE PLAY PRIVACY POLICY

1. INTRODUCTION

At MB Digital Flow LT (hereinafter - "Developer," "we," "us," or "our"), we are committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use the Moon Study mobile application (hereinafter - "App") and its related services.
The App is developed and maintained by MB Digital Flow LT on behalf of UAB Digital Moon Flow (hereinafter - "Service Provider"), which operates the online educational platform accessible at https://www.margaritamoon.lt and https://school.moon-study.com.
By downloading, installing, or using the App, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the App.

2. DATA CONTROLLER INFORMATION
Developer (App operator):
MB Digital Flow LT
Company code: 306373272
VAT: LT100016591611
Address: Ąžuolų tak. 16, Kumponų vs., LT-97202 Kretingos r., Lithuania
Email: info@digitalflowlt.com
Phone: +370 656 95333
Website: www.digitalflow.lt
Director: Anastasija Kikava

Service Provider (educational platform operator):
UAB Digital Moon Flow
Company code: 307508552
Address: Ąžuolų tak. 16, Kumponų vs., LT-97202 Kretingos r., Lithuania
Email: ana@margaritamoon.lt
Phone: +370 (656) 95 333
Director: Anastasija Kikava
For any questions regarding this Privacy Policy or your personal data, please contact: ana@margaritamoon.lt

3. DATA WE COLLECT
When you use the Moon Study App, we may collect the following categories of personal data:
3.1. Account and Authentication Data
- Email address (used as login identifier)
- Password (encrypted; created by the user)
- First name and last name

How collected: Provided directly by the user during registration on the educational platform (https://school.moon-study.com or https://www.margaritamoon.lt). The App uses existing login credentials from the platform - no separate registration is required within the App.

3.2. Device and Technical Data
- Device type and model (e.g., iPhone 15, Samsung Galaxy S24)
- Operating system and version (e.g., iOS 18.4, Android 15)
- App version
- Language and locale settings
- Unique device identifiers (anonymized)
- Crash logs and performance data

How collected: Automatically collected by the App and the device operating system to ensure proper functionality, compatibility, and to diagnose technical issues.

3.3. Usage Data
- Features accessed within the App
- Course progress and completion status
- Session duration and frequency of use
- Content viewed (lessons, videos, materials)
How collected: Automatically recorded within the App to provide personalized learning experience and track course progress.

3.4. Push Notification Data
Push notifications are not currently used in the App. If enabled in future, this Policy will be updated.
3.5. Data We Do NOT Collect
We want to be transparent about data we do not collect through the App:
- Location data (GPS, Wi-Fi-based, or cell tower-based)
- Contacts or address book data
- Photos, camera, or microphone access
- Health or fitness data
- Financial or payment data (all payments are processed externally through Paysera at https://www.paysera.lt)
- Browsing history outside the App
- Advertising identifiers for ad targeting
- Data from other apps on your device
- Biometric data

4. HOW WE USE YOUR INFORMATION
We use the collected data for the following purposes:
4.1. To Provide and Maintain the App
- Authenticate your identity and provide access to your account
- Display your purchased courses, programs, and educational materials
- Track your learning progress and course completion
- Ensure the App functions correctly on your device

4.2. To Improve Our Services
- Analyze usage patterns to improve App functionality and user experience
- Identify and fix technical issues, bugs, and crashes
- Develop new features based on aggregated usage data

4.3. To Communicate With You
- Send push notifications about course updates, new content, or platform announcements (only with your explicit consent)
- Respond to your support requests and inquiries
- Send important service-related notifications (e.g., terms of service updates, security alerts)

4.4. To Comply With Legal Obligations
- Fulfill our obligations under applicable laws and regulations
- Respond to lawful requests from public authorities
- Protect our legal rights and interests

5. LEGAL BASIS FOR PROCESSING
We process your personal data based on the following legal grounds, in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"):

Legal Basis, Purpose, Example
Performance of a contract: Providing App services, account management, course access. When you log in, we verify your credentials to grant access to purchased courses.
Consent: Push notifications, marketing communications. You can enable or disable push notifications at any time in your device settings.
Legitimate interests: App improvement, security, crash diagnostics. We analyze anonymized usage data to improve App performance.
Legal obligation: Tax reporting, regulatory compliance. We may retain transaction records as required by Lithuanian tax law.

You may withdraw your consent at any time by:
- Disabling push notifications in your device settings
- Contacting us at ana@margaritamoon.lt
- Deleting your account through the educational platform

Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.

6. DATA SHARING AND THIRD PARTIES
We do not sell, rent, or trade your personal data to third parties.
Your personal data may be shared with the following categories of recipients, solely for the purposes described in this Privacy Policy:
6.1. Service Provider
UAB Digital Moon Flow (company code: 307508552) - as the operator of the educational platform, courses, and content delivered through the App.

6.2. Hosting and Infrastructure Providers
The App's backend infrastructure and educational platform are hosted by trusted service providers within the European Union, who process data on our behalf under appropriate data processing agreements.

6.3. Payment Processor
All payments for courses and products are processed externally through:
- Paysera (UAB „Paysera LT", company code: 300060819, address: Pilaitės pr. 16, Vilnius, LT-04352, https://www.paysera.lt)

The App itself does not collect, process, or store any payment or financial data. All payment transactions occur outside the App, on the Service Provider's website.

6.4. Google (Google Play)
Google LLC may collect certain data as described in Google's Privacy Policy (https://policies.google.com/privacy). We do not control Google's data collection practices. Please refer to their respective privacy policies for more information on how they handle your data.

6.5. Legal and Regulatory Authorities
We may disclose your data to competent authorities if required by law, court order, or to protect our legal rights.

7. DATA TRANSFER OUTSIDE THE EU/EEA
Your personal data is primarily stored and processed within the European Union / European Economic Area (EU/EEA).
In the event that any data transfer outside the EU/EEA is necessary (e.g., due to infrastructure providers), we ensure that appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions by the European Commission
- Other legally approved transfer mechanisms

We will not transfer your data to countries that do not provide an adequate level of data protection without implementing appropriate safeguards.

8.DATA RETENTION
We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Data Category and Retention Period
|Account data (name, email, password) : For the duration of your account's existence; deleted within 30 days of account deletion request.
Course progress and usage data: For the duration of your account's existence
Device and technical data: Up to 12 months from collection
Crash logs: Up to 12 months from occurrence
Push notification tokens: Until the user disables notifications or deletes the App
Transaction records (held by payment processor): Up to 10 years as required by Lithuanian tax law

After the applicable retention period expires, your personal data will be securely deleted or anonymized.

9. DATA SECURITY
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:
- Encryption: All data transmitted between the App and our servers is encrypted using TLS/SSL protocols
- Password Security: User passwords are stored in encrypted (hashed) form and are never stored in plain text
- Access Controls: Access to personal data is restricted to authorized personnel only, on a need-to-know basis
- Secure Infrastructure: Our servers are located within the EU and maintained by certified hosting providers
- Regular Security Reviews: We conduct periodic security assessments and updates
- Incident Response: We have procedures in place to detect, report, and respond to data breaches in accordance with GDPR requirements (notification within 72 hours to the supervisory authority where applicable)

While we strive to protect your personal data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining the highest practicable standards.

YOUR RIGHTS (DATA SUBJECT RIGHTS)
Under the GDPR and applicable Lithuanian data protection laws, you have the following rights regarding your personal data:
10.1. Right of Access
You have the right to request confirmation of whether we process your personal data and to obtain a copy of such data.
10.2. Right to Rectification
You have the right to request correction of inaccurate or incomplete personal data. You may update your account information directly through the educational platform.
10.3. Right to Erasure ("Right to Be Forgotten")
You have the right to request deletion of your personal data when:
- The data is no longer necessary for the purpose it was collected
- You withdraw your consent (where consent is the legal basis)
- The data has been unlawfully processed
10.4. Right to Restriction of Processing
You have the right to request that we limit the processing of your data in certain circumstances, such as when you contest the accuracy of the data.
10.5. Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.

10.6. Right to Object
You have the right to object to the processing of your personal data, particularly for direct marketing purposes.
10.7. Right to Withdraw Consent
Where processing is based on your consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing carried out before the withdrawal.
10.8. Right to Lodge a Complaint
If you believe that your data protection rights have been violated, you have the right to lodge a complaint with:
Valstybinė duomenų apsaugos inspekcija (State Data Protection Inspectorate)**
Address: L. Sapiegos g. 17, 10312 Vilnius, Lithuania
Email: ada@ada.lt
Phone: +370 (5) 271 28 04 / +370 (5) 279 14 45
Website: https://vdai.lrv.lt/

How to Exercise Your Rights
To exercise any of the above rights, please contact us at:
- Email: ana@margaritamoon.lt
- Phone: +370 (656) 95 333

We will respond to your request within 30 calendar days. We may request identity verification before processing your request. One request per year is processed free of charge.

11. CHILDREN'S PRIVACY
The Moon Study App provides professional-level educational content in the fields of nutrition, health, and wellness. The educational materials are designed for an adult audience and require a level of knowledge, life experience, and independent decision-making ability that is not typical for persons under the age of 18. The App does not contain any prohibited, harmful, violent, or age-restricted content. However, due to the professional nature of the educational programs, the App is intended for users aged 18 and over. By downloading and using the App, you confirm that you are at least 18 years of age. We do not knowingly collect personal data from anyone under 18. If we become aware that a user under 18 has provided us with personal data, we will promptly delete such data. If you are a parent or guardian and believe your child has accessed the App, please contact us at ana@margaritamoon.lt.
If you are a parent or guardian and believe that your child has provided personal data through the App, please contact us at ana@margaritamoon.lt.

12. COOKIES AND TRACKING TECHNOLOGIES
The Moon Study App uses an embedded web view to display educational content from the platform. In this context, the App may use session cookies solely for the purpose of maintaining your authenticated session (keeping you logged in). These cookies are essential for the App to function properly and do not track your activity, collect personal data beyond authentication, or serve advertising purposes.

Types of cookies used:

Cookie Type, Purpose, Duration, Session / authentication cookie, maintains your logged-in state so you do not need to re-enter credentials each time you open the App, until you log out or the session expires.

The App does not use:

• Third-party analytics cookies (Google Analytics, Firebase Analytics, or similar)
• Advertising or tracking cookies
• Cross-site tracking technologies
• Cookies for behavioral profiling or targeted advertising

You can clear cookies at any time by logging out of the App or clearing the App's data in your device settings. The App does not use any third-party analytics services (such as Google Analytics, Firebase Analytics, or similar).
The App does not use any advertising tracking technologies or advertising identifiers.

13. IN-APP PURCHASES
The Moon Study App does not offer in-app purchases. All purchases of courses, programs, and educational materials are made through the Service Provider's website (https://www.margaritamoon.lt) using the Paysera payment system. The App does not collect, process, or store any payment information. Payment card details are processed by Paysera and not stored in the App.

14. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or App functionality.
When we make significant changes:
- We will update the "Effective Date" and "Last Updated" date at the top of this Policy
- We will notify you through the App (via push notification or in-app message) or via email
- Continued use of the App after the effective date of any changes constitutes your acceptance of the updated Privacy Policy

We encourage you to review this Privacy Policy periodically.

15. CONTACT INFORMATION
If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us:
Developer:
MB Digital Flow LT
Company code: 306373272
VAT: LT100016591611
Address: Ąžuolų tak. 16, Kumponų vs., LT-97202 Kretingos r., Lithuania
Email: info@digitalflowlt.com
Phone: +370 656 95333

Service Provider:
UAB Digital Moon Flow
Company code: 307508552
Email: ana@margaritamoon.lt
Phone: +370 (656) 95 333
Address: Ąžuolų tak. 16, Kumponų vs., LT-97202 Kretingos r., Lithuania

Data Protection Supervisory Authority:
Valstybinė duomenų apsaugos inspekcija
L. Sapiegos g. 17, 10312 Vilnius, Lithuania
Email: ada@ada.lt
Website: https://vdai.lrv.lt/

*This Privacy Policy is available in English and Lithuanian. In case of any discrepancy, the Lithuanian version shall prevail for users located in the Republic of Lithuania.*