Privacy Policy — Sorra

Effective date: March 2026
Last updated: March 2026

This policy describes how Sorra (the “App”) processes your personal data when you use it on Apple devices (iPhone / iPad).

Data controller: Vegza Club L.L.C.
Address / place of business: Tirane, Albania
Privacy contact email: [email protected]

1. Summary

Sorra lets you send and receive messages through a chat service hosted by a third party (QuickBlox). We do not sell your personal data. Processing is carried out to provide the App’s features, maintain security, and comply with legal obligations where applicable.

2. Data we collect

2.1 Account and identification

Guest mode: a unique login identifier and password are created automatically, stored locally on the device (e.g. via the operating system’s storage / UserDefaults), and sent to QuickBlox to create the account and sign you in.
Sign in with Apple / Google (if you use it): we receive information made available by the sign-in provider (according to its settings) and use it to link or update your QuickBlox account. Apple and Google have their own privacy policies for that process.

2.2 Public profile in the service

Display name (full name in QuickBlox) that you set in your profile.
Profile photo (if you upload one), stored as content associated with your QuickBlox account.

2.3 Messages and chats

Text of messages you send and receive, related metadata (e.g. dialog identifier, read status where applicable), and content needed for the inbox, as operated by QuickBlox Chat.

2.4 Push notifications

Your APNs device token is registered and used via QuickBlox to notify you about messages when the App is not active, according to the permissions you grant on iOS.

2.5 In-app purchases (IAP)

Payments for message packs are processed by Apple (StoreKit). We do not receive your full payment card number. We may receive limited transaction information (e.g. that a purchase completed, or local quota for added messages) to operate message quotas.

2.6 Technical data and diagnostics

May include IP address, device or session identifiers, and limited logs for security and error handling, depending on the QuickBlox SDK and your App configuration (e.g. logging level in development vs production — review before release).

2.7 Abuse reports

If you contact us about abuse, we may process your email, a description of the incident, and technical identifiers you provide to investigate and to cooperate with authorities when required by law.

3. Legal bases (for users in the EU/UK, where applicable)

Performance of a contract: providing the Sorra service (messages, profile, notifications where enabled).
Legitimate interests: security, abuse prevention, and service improvement (where permitted by law).
Consent: where the law requires separate consent (e.g. some marketing communications — if added later).
Legal obligation: where we must respond to lawful requests from authorities.

4. Who we share data with

QuickBlox Inc. (or the relevant entity): hosting for chat, users, messages, and push registration. See: QuickBlox Privacy Policy (URL may change — verify).
Apple Inc.: App Store, Sign in with Apple (if used), IAP, APNs.
Google LLC: Google Sign-In (if used), under Google’s policies.
Public authorities: only when required by law under a valid order.

We do not sell user lists to third parties for advertising.

5. International transfers

Data may be processed on servers outside your country of residence (e.g. US/EU), depending on QuickBlox’s infrastructure and your setup. Where required, we rely on permitted mechanisms (e.g. EU Standard Contractual Clauses, adequacy decisions, or other grounds under applicable law).

6. Retention

Messages and account data remain on the server according to QuickBlox’s policies and operational needs, unless you delete them or delete your account.
After account deletion from the App (where offered), data on QuickBlox should be handled according to the actions the App performs — verify in practice and update this policy to match real system behaviour.

7. Security

We use reasonable safeguards (HTTPS, sound iOS practices, access limitations). No system is 100% secure; please do not send highly sensitive information through Sorra.

8. Your rights (depending on your country)

Where the law applies (e.g. GDPR in the EU), you may have rights to:

access your data;
rectification;
erasure (“right to be forgotten”, subject to limitations);
restriction of processing;
data portability;
object to certain processing;
lodge a complaint with a data protection supervisory authority.

Requests: [email protected].

9. Children

Sorra is not directed at children below the minimum age you set in your terms of service (e.g. 16 or 17). If you believe we have collected data from a child without a lawful basis, contact us so we can delete it as soon as reasonably possible.

10. Changes to this policy

We may update this policy from time to time. The “effective date” / “last updated” will change with the latest version. Continued use after changes may imply acceptance where permitted by law.

11. Contact

[email protected]
www.vegza.com