Effective date: November 21, 2023
Last updated: October 20, 2025
Note: If there is any difference between this English text and the original Bulgarian version, the Bulgarian version is considered authoritative.
This Policy explains how “MEDIAONE” EOOD (hereinafter “we”) collects, uses, stores, and shares your information when you use the TETRAOM mobile application and related web resources (the “Services”).
By using the Services, you accept this Policy. If you do not accept it, please do not use the Services.
1) Scope and relation to other documents
This Policy applies to the TETRAOM application, to the sites/portals we control, and to our related communications. It is an integral part of the Terms and Conditions.
2) Categories of data we process
2.1. Data you provide
2.2. Data collected automatically (device/logs)
• IP address, date/time, request/events, OS and version, language and time zone, device type/model, manufacturer, resolution, session identifier, app state/crashes.
2.3. Data from third-party sources
Special categories: we do not require and do not intend to process “sensitive” data under Art. 9 GDPR. The Services are not aimed at deriving such categories.
3) How we use the data – legal bases, retention, and recipients
We use your data to provide and improve the Services, ensure security, and comply with the law.
| Purpose of processing | Categories of data | Legal basis | Recipients/processors | Retention period |
| Account creation and maintenance / sign-in via IdP | Name, email, IdP identifier, session markers | Contract (Art. 6(1)(b) GDPR) | Hosting/infrastructure (AWS – Frankfurt region), support | Until account deletion + up to 24 months for audit trails |
| Personalized analyses and daily guidance in TETRAOM | Date/time/place of birth, profile settings, “Ask Me” requests | Contract (core functionality); legitimate interest for improvements (Art. 6(1)(f)) | Internal teams; (with consent) analytics providers/SDKs | While the account is active; aggregated/anonymous – indefinitely |
| Operational messages (e.g., sign-in/security confirmations), push notifications | Email/phone, push tokens | Contract / legitimate interest for security | Email/SMS provider; Apple/Google push services | Up to 24 months from sending / token deactivation |
| Analytics (web/app) and diagnostics | Identifiers, telemetry, events | Consent (for cookies/SDKs); legitimate interest for server logs without device access | Analytics/crash providers; log management | Cookies/SDKs – up to 14 months; logs – up to 12 months |
| Marketing communications (email, in‑app) | Name, email, preferences | Consent (Art. 6(1)(a)) – you can withdraw at any time | Email platform | Until consent is withdrawn |
| Compliance with legal obligations (accounting/tax, response to authorities) | Identification/financial metadata about purchases | Legal obligation (Art. 6(1)(c)) | Accountants/consultants; competent authorities | Up to 10 years (per applicable law) |
| Security, abuse prevention, and rights protection | Logs, IP, device/access data | Legitimate interest (Art. 6(1)(f)) | Protection/monitoring providers | 12 months (unless an incident – until completion) |
Payments: subscriptions are processed by Apple App Store and/or Google Play. We do not receive or store payment card data.
4) Profiling and automated processing
TETRAOM performs profiling — automated processing to generate personalized interpretations/guidance based on the data you provide (date/time/place of birth, etc.).
5) Cookies, SDKs, and Your Control
We use four categories of technologies:
6) Where we process data and international transfers
Data is stored primarily in the EU – AWS (Frankfurt region). If we transfer data to countries outside the EEA (e.g., to an email/analytics/support provider), we use Standard Contractual Clauses (SCCs) and/or other permitted mechanisms. Where a recipient is certified under the EU–US Data Privacy Framework, we may rely on that mechanism as well. We apply additional measures (encryption, restricted access, minimization).
7) Security
We apply technical and organizational measures: TLS, encryption at rest for sensitive stores, role-based access (least privilege), multi-factor authentication for administrators, logging and monitoring, vulnerability testing, and incident response procedures. Nevertheless, we cannot guarantee absolute security of transmission over the Internet.
8) Retention and backups
We retain personal data only as long as necessary for the purposes in Sec. 3, unless a longer period is required by law. Typical periods:
9) Children
The Services are not intended for persons under 14. We do not knowingly collect personal data from persons under 14. If we learn that we have collected such data, we will delete it without undue delay and may restrict access. Where required by law, for persons 14–18 we may request confirmation/consent from a parent/guardian.
10) Your rights
You have the following rights (subject to the conditions and limitations of the GDPR/ЗЗЛД):
• Right of access to the data;
• Right to rectification of inaccurate/incomplete data;
• Right to erasure;
• Right to lodge a complaint with the KZLD.
11) How to exercise your rights
Email us at privacy@tetraom.com with the subject “GDPR request.” We may ask for additional information to identify you. We will respond within 1 month (extendable by up to 2 more months in case of complexity, of which we will inform you).
You have the right to file a complaint with the CPDP (see the beginning of the document).
12) Your choices and control
• Account deletion: directly in the app (Menu → “Delete Account”).
• Marketing emails: “Unsubscribe” link in every message.
• Push notifications: configured in the app/OS.
13) Recipients and categories of recipients
We share data only when necessary and under contractual safeguards:
We do not sell your personal data.
14) Security breach (incidents)
In the event of a security breach posing a risk to your rights and freedoms, we will notify the CPDP within 72 hours and you — without undue delay when the risk is high — and will describe the measures taken to mitigate the effects.
15) Changes to this Policy
We may update this Policy. We will publish the new version with the “last updated” date and, where appropriate, will notify you in the app/by email. Continuing to use the Services after changes means you accept the updated Policy.
16) Relation to the Terms of Use
This Policy is an integral part of the TETRAOM Terms of Use. In case of a conflict between the two documents regarding personal data processing, this Policy prevails.
17) Contacts
Administrator: “MEDIAONE” EOOD (Mediaone EOOD), UIC: 131123072
Address: Bulgaria, Sofia 1000, 19 Lavele str, fl. 4, office 5
Email: privacy@tetraom.com
Supervisory Authority: CPDP – 1592 Sofia, 2 “Prof. Tsvetan Lazarov” Blvd., kzld@cpdp.bg, www.cpdp.bg
Reminder: If there is any discrepancy between this English translation and the original Bulgarian text, the Bulgarian version shall take precedence.
END