DATA COLLECTION POLICY OF

"NOX – THE SOCIAL ALARM CLOCK"

Last updated : April 14, 2025

Version : 1.0

PREAMBLE

This document constitutes the "Data Collection Policy" of the mobile Application "NOX – The Social Alarm Clock" (hereinafter "NOX"), edited and published by the company LAPSUS. It is part of the contractual documents governing access to and use of the Application, in particular the Legal Notices, the General Terms and Conditions of Use, the General Terms and Conditions of Sale, the Privacy Policy, the Data Collection Policy, the Illicit Content Reporting and Removal Policy, the Child Safety Policy, the Copyright and Intellectual Property Policy, the Advertising and Sponsored Content Policy, the Moderation Policy, the Code of Conduct, and the Legal Provisions for the Attention of the Authorities

The purpose of this "Data Collection Policy" is to set out, in complete transparency, the technical and practical methods by which personal data may be collected in the context of the use of the "NOX – The Social Alarm Clock" mobile application.

It describes the various collection mechanisms activated within the Application, in particular the embedded trackers, technical identifiers, software development kits (SDKs) and other technologies integrated into the application environment, as well as the purposes associated with each of them.

This "Data Collection Policy" also specifies the User's rights in terms of consent, settings and withdrawal, in compliance with the applicable legal requirements, in particular those provided for by the General Data Protection Regulation (GDPR) and the ePrivacy Directive, as they apply to tracking technologies other than cookies.

It complements the "Privacy Policy", to which it is inextricably linked, and is part of a process of transparency, loyalty and control of the information collected, as defined by the General Data Protection Regulation (GDPR).

The User is invited to regularly consult this "Data Collection Policy", available at any time from the "Legal Information" sub-menu of the "Settings" menu of the Application or via the website dedicated to NOX's legal information: https://www.nox.app/legal.

USERS ARE STRONGLY ADVISED TO READ THIS "DATA COLLECTION POLICY" CAREFULLY BEFORE USING "NOX".

INTRODUCTION

"NOX – The Social Alarm CLock" is an innovative social network based on the new concept of the personalized alarm clock. The Application allows its Users to create, send, receive and watch short videos – called "nox" – intended to wake up in a fun and interactive way. The principle of "NOX" is to create a new global and intergenerational space for creation and expression that transforms the moment of awakening into a social and entertaining experience.

"NOX" exists solely in the form of a mobile application designed, created, developed and published by the French company LAPSUS, a simplified joint-stock company with a capital of €12,000, whose registered office is located at 10 rue Louis Amiot, 01000 Bourg-en-Bresse, registered with the Bourg-en-Bresse Trade and Companies Register under number 879 161 818, and represented by Mr. Luc NOUGUIER, President of LAPSUS (hereinafter "the Publisher").

The NOX app is available for download worldwide since Monday, April 14, 2025 on the following platforms:

Apple "App Store"
Google"s "Play Store"
Amazon "Amazon Appstore"
Samsung"s "Galaxy Store"
Huawei Technologies "Huawei AppGallery"
Xiaomi "Xiaomi Get Apps"
Oppo "App Market"
Vivo "V-Appstore"
Tencent "Appstore"
Xiaomi"s "Mi Store App"
"Aptoide" by Aptoide S.A
"APKPure"

As part of its operation, the "NOX – The Social Alarm Clock" mobile application may be required to collect certain personal data in an automated manner, by means of embedded technologies specific to mobile application environments. This collection may take place as soon as the Application is installed, during its use, or in connection with certain technical, social or advertising features.

This "Data Collection Policy" aims to inform the User about:

the precise terms of this collection (active or passive);
the technical technologies involved (application trackers, SDKs, advertising identifiers, etc.);
the exact purposes of each collection device;
the rights and choices left to the User regarding the activation, deactivation or configuration of these tools.

This document is intended for all Users of the App, regardless of their country of residence, registration status, or privacy preferences. It applies regardless of the operating systems used (iOS, Android) and associated third-party services.

1. DEFINITIONS

For the purposes of this "Data Collection Policy", the following terms shall have the meaning set out below, whether used in the singular or plural:

Contractual Terms: refers to all legal documents applicable to the use of the Application, including the Legal Notices, Terms of Use, General Sales Conditions, Privacy Policy, Data Collection Policy, Illicit Content Reporting and Removal Policy, the Child Safety Policy, the Copyright and Intellectual Property Policy, the Advertising and Sponsored Content Policy, theModeration Policy,List of Prohibited Content, Code of Conduct, and Legal Provisions for the Attention of the Authorities.

Application: refers to the mobile application "NOX – The Social Alarm Clock," created, developed, and published by the Publisher. The Application is intended to be downloaded and installed on a compatible Device (smartphone or tablet), and allows the use of features offered by the Publisher, such as the creation and reading of "noxs." Subject to compliance with the "Terms of Use" and Legal Notices and any technical requirements, the Application is available on the following download platforms: Apple’s "App Store," Google’s "Play Store," Amazon’s "Amazon Appstore," Samsung’s "Galaxy Store," Huawei Technologies" "Huawei AppGallery," Xiaomi"s "Xiaomi Get Apps," Oppo’s "Oppo App Market," AppGallery," Xiaomi"s "Xiaomi Get Apps," Oppo’s "Oppo App Market," Vivo"s "V-Appstore," Tencent’s "Tencent Appstore," Xiaomi’s "Mi Store App," Aptoide S.A’s "Aptoide," "APKPure." Access to and updates of the Application, as well as any geographical or technical restrictions, may vary depending on the app stores and the applicable policies.

Publisher: refers to the French company LAPSUS, a simplified joint-stock company (SAS) registered with the Bourg-en-Bresse Trade and Companies Register under number 879 161 818, with its registered office located at 10 rue Louis Amiot, Bourg-en-Bresse. The Publisher is legally responsible for the brand and the "NOX – The Social Alarm Clock" Application. The Publisher is responsible for the design, development, publishing, and Publisher is responsible for the design, development, publishing, and availability of the Application, as well as all associated Services. It is also responsible for publishing and maintaining the technical aspects of the Application, including any updates or new features offered to Users.

User: refers to any individual who accesses and uses the Application for private or professional purposes. The User may be a non-professional individual, a consumer as defined by the Consumer Code, or any other person using the Publisher"s services. The User may therefore enter into an agreement with the Publisher to acquire content or use features available on the Application, under the conditions defined by the "Terms of Use" of the Application.

Minor: refers to any person under the age of 15. This age corresponds to the minimum required to register on the Application, as set by the Publisher in accordance with applicable legislation, particularly concerning the protection of minors and digital consent, as well as the "Child Safety Policy".

Child: refers to any minor within the scope of the "Child Safety Policy", including those who have accessed the Application in violation of the registration conditions. The rules stated here aim to ensure the safety of children under all circumstances, including in cases of unauthorized or fraudulent access.

Parties: refers collectively to the Publisher of the Application and the User, bound by the acceptance of the applicable contractual documents, including the "Terms of Use", "General Sales Conditions", and "Legal Notices". The Parties acknowledge their mutual commitments, respective responsibilities, and the legal rules governing their relationship in the context of using the Services offered through the Application.

Device: refers to any hardware used by the User to access the Application, download, install, and use its features. This includes, but is not limited to, smartphones, tablets, laptops or desktop computers, and compatible connected objects. The Device must meet the minimum technical requirements set by the Publisher, including operating system, available memory, performance, and connectivity. The User is solely responsible for installing the Application on their own Device, ensuring its compatibility, proper functioning, and security of their digital environment, including regular system updates, the use of antivirus digital environment, including regular system updates, the use of antivirus software, and protection against malware.

Download Platform or Store: refers to any third-party service that allows downloading or updating the Application, such as Apple’s "App Store," Google’s "Play Store," Amazon’s "Amazon Appstore," Samsung’s "Galaxy Store," Huawei Technologies" "Huawei AppGallery," Xiaomi"s "Xiaomi Get Apps," Oppo’s "Oppo App Market," Vivo"s "V-Appstore," Tencent’s "Tencent Appstore," Xiaomi’s "Mi Store App," Aptoide S.A’s "Aptoide," "APKPure." Appstore," Xiaomi’s "Mi Store App," Aptoide S.A’s "Aptoide," "APKPure." Access to these platforms is subject to the general terms and conditions of each provider, over which the Publisher has no control.

Service: refers to all the features and services offered by the Publisher via the Application, including but not limited to:

Creation, publishing, sending, and reading of "noxs";
Programming and triggering alarms to automatically play one or more "nox(s)";
Creation, publishing, sending, and reading of "dreams";
Management of a personal profile;
Visiting other Users" personal profiles;
Textual, visual, and voice communication with Users via messaging;
Access to subscription plans such as "NOX Premium", which provides additional features or benefits;
Any other service or content that the Publisher decides to make available to the User, subject to compliance with the "Terms of Use", "Legal Notices", and applicable laws.

The Service is subject to change or enhancement over time, including through updates, fixes, interface modifications, or the addition of new offers, whether free or paid, without creating any obligation for the Publisher beyond what is specified herein or in specific conditions.

Host: refers to the technical service provider responsible for ensuring the storage, accessibility, and operational maintenance of the Application and its digital content. The Host acts as a technical intermediary in accordance with applicable legislation (notably the LCEN and DSA), without intervening in the hosted content. The Host’s contact information is provided in the "Legal Notices", "Terms of Use", and "Privacy Policy", in accordance with the identification requirements imposed on the Publisher.

User Account: refers to the personal space of each User, accessible after a registration or login process via an identifier (email address, phone number, etc.) and a strictly confidential password. From this space, the User can, among other things:

Add or modify their profile picture;
Add or modify up to ten cover photos;
Add or modify their profile description;
Add content to their profile ("noxs," "renoxs," dream collection);
Modify the thumbnails of their created "noxs";
Pin created "noxs";
Pin "renoxs";
Delete content from their profile ("noxs," "renoxs," dream collection);
Access their list of received notifications;
Manage their subscription list;
Access their list of followers;
Manage their list of friends;
Modify their name;
Modify their username;
Modify the email address for accessing their account;
Modify the phone number for accessing their account;
Modify the password for accessing their account;
Send a request for personal data transmission;
Subscribe to or unsubscribe from the paid service "NOX Premium";
Send a request for account certification;
Manage privacy settings;
Access their liked "noxs";
Access their viewed "noxs";
Access the archives of created "dreams";
Access the archives of created "noxs";
Modify the application language;
Modify the application appearance;
Manage blocked Users;
Manage sensitive content settings;
Access the Application"s user guide;
Access the legal information of the Application;
Access the social media of the Application and the Publisher;
Delete their account.

The User Account is personal, non-transferable, and protected by confidential identifiers whose security is the sole responsibility of the User. The User commits to immediately inform the Publisher of any suspicion of fraudulent access or compromise of their account and to comply with the applicable "Terms of Use".

Evolving Features: refers to any new feature, tool, or service added later to the Application, whether experimental, promotional, or permanent, subject to the "Terms of Use" and applicable rights.

Social Features: refers to the tools for interaction between Users within the Application, such as messaging, comments, subscriptions, "likes," shares, and any communication, visibility, or community relationship feature integrated by the Publisher.

Inappropriate Behavior: refers to any behavior or interaction, direct or indirect, contrary to the spirit of the "Code of Conduct", which may harm the well-being of other Users or compromise the overall atmosphere of the Application.

Content: refers to any type of digital content accessible, published, or distributed via the Application, including texts, images, videos, sounds, data, or any other element. Content includes, but is not limited to:

The "noxs" created by Users, intended for other Users or for their own use, which are videos of a maximum duration of two minutes, intended to wake Users of the Application;
The thumbnails of "noxs," which are images serving as covers for a "nox." They represent the content of the "nox" and are designed to capture attention at first glance in the Application;
The "dreams" created by Users, which are photos or videos of a maximum duration of two minutes, intended to stay online in the Application for only 24 hours. "Dreams" allow the User to communicate daily with the community of Users who follow them in the Application;
Collections of "dreams," which are groups of "dreams" organized into folders, directly accessible from the Users" profiles. Each collection is visually represented by a cover image, designed to evocatively illustrate the theme or common universe of the "dreams" it contains;
Profile photos;
Cover photos;
Profile text descriptions;
Comments posted in the comment section of a "nox";
Text messages exchanged in messaging conversations;
Photos exchanged in messaging conversations;
Videos exchanged in messaging conversations;
Voice messages exchanged in messaging conversations;
GIFs exchanged in messaging conversations;
Any file or information made available by the Publisher or third parties on the Application, provided it complies with copyright, the "Terms of Use", and applicable legislation.

The User declares and guarantees that they hold all the necessary rights for the publication, distribution, or availability of any Content via the Application, including copyright, image rights, or any other intellectual property rights. They agree to hold harmless and indemnify the Publisher against any claim, action, or damage resulting from a violation of applicable law or third-party rights.

Public Content: refers to any content visible to other Users beyond the creator, including public "noxs," public "dreams," comments, dream collections, or profile elements.

Private Content: refers to any content accessible only to one or more designated Users, such as private "noxs," private "dreams," or private messages.

Classic Content: refers to any content published on the Application that is neither sponsored, sensitive, nor prohibited. It may be public or private, depending on the settings chosen by the User at the time of publication, and remains subject to the present "Terms of Use" and the "Code of Conduct". Classic Content is the standard, unmarked form of content on the Application and carries no special labeling at the time of distribution.

Organic Content: refers to any content spontaneously published by a User or, where applicable, by the Publisher, without financial compensation, promotional intent, or any link to an advertising campaign, communication effort, or commercial partnership. Organic Content does not carry any commercial or promotional tag and is not subject to specific monetization-related processing. It may be public or private depending on the chosen publication settings and remains subject to the "Terms of Use" and the "Code of Conduct".

Sponsored Content: refers to any "nox" or "dream" published by a User on the Application with the "Sponsored Content" tag, activated at the time of publication to indicate that the content is shared for promotional or advertising purposes.This tag is mandatory whenever the content is published in exchange for financial gain, material benefit, or a visibility agreement with a third party, including the Publisher. It ensures transparency toward other Users and automatically displays the visible mention “Sponsored Content” when the content is played or opened.
The use of this tag, as well as the obligations associated with it, are defined in the "Advertising and Sponsored Content Policy", which all Users are contractually bound to.
Sponsored Content is distinct from commercial advertisements shown within the Application and content published as part of a Paid Partnership managed by the Publisher.

Prohibited Content: refers to any content, regardless of format or medium, that violates the "List of Prohibited Content", contravenes the contractual rules applicable to the Application (such as the "Terms of Use", the "Code of Conduct", or the "Moderation Policy"), or breaches applicable laws and regulations, particularly those concerning the protection of minors, public safety, fundamental rights, and intellectual property.
"Prohibited Content" triggers immediate moderation measures, contractual sanctions, or reports to the competent authorities, without the need for prior warning.

Sensitive Content: refers to any content published on the Application with the "Sensitive Content" tag, activated by the User at the time of publication due to its potentially shocking, disturbing, violent, sexual, or emotionally difficult nature. This tag is mandatory for such content to be tolerated on the Application. It is intended to restrict access, warn viewers, and protect Users—especially minors. Content that may offend sensitivities but is tolerated under certain conditions is defined in the "List of Prohibited Content". If published without the "Sensitive Content" tag, such content will be considered non-compliant and may be subject to moderation measures, including permanent and irreversible removal.

Sensitive Content Management Setting: refers to the system integrated into the Application that allows for the display or blocking of sensitive content based on the User’s age and declared preferences. This setting is automatic and non-editable for minors and customizable for adult Users.

Nox: refers to a video with a maximum duration of two minutes, primarily designed to wake a User of the Application in a fun and interactive way.

Renox: refers to a "nox" — a video of no more than two minutes designed to wake a User in a fun and interactive way — that has been republished by a User on their own profile.

Dream: refers to a photo or video that disappears after 24 hours, used to communicate with one’s community of Users.

Alarm: refers to the feature of the Application that allows the User to schedule or receive a "nox" at a specific time, for a personalized, social, and interactive wake-up experience.

Messaging: refers to the communication system integrated into the Application, allowing Users to exchange text messages, voice messages, photos, GIFs, and other files, either in private or group conversations.

Notification: refers to any message or alert sent to the User via the Application or through an external channel (push notification, email, etc.), for the purpose of providing information, reminders, security alerts, or promotional content, in accordance with the User’s communication preferences.

Subscription: refers to a contract concluded between the User and the Publisher, involving the payment of a fee in exchange for prolonged access to certain features, services, or exclusive content on the Application, for a fixed or renewable period.

NOX Premium: refers to the paid monthly subscription plan offered by the Publisher, providing the User with an enhanced experience of the Application, including the removal of unsolicited ads, advanced features, customization options, and exclusive benefits. Sponsored content and paid partnerships remain visible. The details and terms of the offer are defined in the "Terms of Use" and the "General Sales Conditions".

Personal Data or Personal Information: as defined by the General Data Protection Regulation (GDPR – EU 2016/679) and any equivalent or complementary national legislation, refers to any information relating to an identified or identifiable natural person. An “identifiable natural person” is one who can be recognized, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more specific elements related to their physical, physiological, genetic, psychological, economic, cultural, or social identity.

The processing of such Personal Data, carried out as part of the use of the Application and associated Services, is governed by the “Publisher"s Privacy Policy”, available at https://www.nox.app/legal/privacy-policy.
The Publisher undertakes to comply with all applicable regulations concerning the protection of personal data, privacy, and the rights of data subjects.

Consent: refers to the free, informed, specific, and unambiguous expression by which the User agrees, through a clear affirmative action or declaration, to the processing of their personal data for one or more specific purposes.When data is collected through trackers, consent must be obtained before any placement or activation of non-essential trackers, in accordance with applicable regulations and the "Data Collection Policy". Consent can be withdrawn at any time via the Application"s settings, without retroactive effect.

Privacy Settings: refers to all options available within the Application that allow the User to personalize how their personal data is managed, how visible their content is, or how exposed they are to certain types of sensitive content.

Data Collection:Data Collection: refers to any operation carried out by the Publisher, its third-party partners, or subcontractors involving the collection of personal or non-personal data related to Users of NOX. This may occur actively (e.g., through user input) or passively (e.g., through trackers or Application features), to ensure the proper functioning, continuous improvement, security, and personalization of the provided services. Data collected may include registration data, published or viewed content, user-defined preferences, technical data related to browsing or Application usage.

Browsing Data: refers to information automatically collected during the use of the Application, related to how the User accesses, uses, and interacts with features or content. This data may include, but is not limited to, the type and model of the Device used, operating system, interface language, session durations pages or content viewed, actions performed, errors encountered, technical performance or log data.
Browsing Data may be used for technical, statistical, analytical, or personalization purposes, in accordance with the "Data Collection Policy".

Advertising Network: refers to any entity, internal or external to the Publisher, responsible for the delivery, management, optimization, or performance measurement of advertising content distributed within the Application. Advertising Networks may use technologies such as trackers, SDKs, or advertising identifiers to adapt, target, or analyze ads. They may act on behalf of the Publisher or third parties, under the terms defined by the "Data Collection Policy" and the "Advertising and Sponsored Content Policy".

Third-Party Partner: refers to any external service provider, technology vendor, or collaborator with whom the Publisher works for the functioning, analysis, optimization, or monetization of the Application, and who may, in that capacity, collect, receive, process, or access User-related data.This includes, in particular partners involved in the deployment or activation of trackers (e.g., Google Ads, Firebase Analytics), those responsible for hosting, audience measurement, performance management, ad distribution, security, or data analysis. The terms governing the relationship between the Publisher and each Third-Party Partner are outlined in the "Data Collection Policy".

Processing: refers to any operation or set of operations performed on Personal Data, such as collection, recording, organization, structuring, storage, adaptation, modification, retrieval, consultation, use, disclosure, restriction, deletion, or destruction.

Tracker: refers to any technological device that enables the reading, writing, or collection of information on the User’s Device, either directly or indirectly, from the Application. This includes, but is not limited to cookies, SDKs, web beacons, tags, advertising identifiers (e.g., IDFA, GAID), or any similar mechanism.Trackers may be used for technical, functional, statistical, audience measurement, or advertising purposes, and may require prior User consent depending on their nature, in accordance with the "Data Collection Policy" and applicable regulations.

Essential Functional Trackers: refers to tracking technologies strictly necessary for the technical functioning of the Application or the provision of a service expressly requested by the User. These trackers do not require prior User consent, as they help ensure service security, session management, content synchronization, alarm triggering, proper functioning of essential Application settings.Their use is governed by the "Data Collection Policy" and complies with applicable legal requirements regarding privacy.

Consent-Based Trackers: refers to trackers or similar technologies used for non-essential purposes, including advertising, statistics, personalization, audience measurement, or profiling, which require the User’s free, informed, specific, and unambiguous consent. Consent must be obtained before any data is stored or read on the Device, either during Application installation or via Privacy Settings. The User may withdraw consent at any time, without retroactive effect, in accordance with the "Data Collection Policy".

SDK (Software Development Kit): refers to a third-party software module integrated into the Application, enabling the addition of technical features, interfacing with external services, or collecting behavioral data about Users. SDKs may be used for audience analysis, performance measurement, marketing attribution ad management security, authentication. Some SDKs may include consent-based trackers, especially when they access advertising identifiers or perform profiling. Their use is governed by the "Data Collection Policy".

Tag: refers to a piece of code embedded in the Application, used to trigger a tracking event or record a user interaction, typically for measurement, targeting, or marketing performance purposes. A tag may be used, for example, to track an impression or click, trigger a conversion in an ad campaign, transmit data to an analytics tool or advertising network.

Tracking Pixel or Spy Pixel: refers to a snippet of code or invisible image (usually 1x1 pixel in size) embedded in the Application interface, enabling the tracking of content display, loading, or interaction by the User for analytics, audience measurement, or advertising performance purposes. These pixels may transmit information to third-party tools or advertising networks, particularly for retargeting or conversion campaigns, and are subject to the User"s prior consent when involving the processing of personal data.

Advertising Identifier: refers to a unique, resettable identifier assigned by the operating system of the Device (e.g., IDFA on iOS or GAID on Android), allowing the tracking of the User’s advertising preferences and the delivery of personalized or targeted ads. This identifier may be used by the Publisher or third-party partners for performance measurement, retargeting, or behavioral analysis. Its use is subject to the User’s prior consent, in accordance with the "Data Collection Policy" and applicable privacy regulations.

Advertisement: refers to any content displayed within the Application for promotional or commercial purposes, intended to promote a product, service, brand, or entity. Advertising may be delivered by the Publisher, third-party advertising networks, or Users in the context of sponsored content, and may take various forms (banners, interstitials, videos, tagged organic posts, etc.). It is distinct from editorial or personal content by its commercial purpose.

External Advertising: refers to any form of advertising inserted into the Application via a third-party advertising network, such as Google Ads. It may be automatically displayed in the interface (banners, interstitials, videos, etc.), based on distribution settings defined by the network and the User’s preferences. The display of External Advertising is subject to the User’s consent, especially when it involves trackers or advertising identifiers (IDFA, GAID).

Internal Advertising: refers to any advertisement displayed within the Application by the Publisher, either directly or via its own advertising system. It may promote the Publisher’s services, content, or offers, or those of selected partners within the context of promotional agreements. Internal Advertising may appear as visuals, videos, suggestions, notifications, or dedicated placements within the interface. It may be contextual or targeted, depending on the User’s settings and consent when personal data processing is required.

Targeted Advertising: refers to any form of advertisement personalized based on the User’s data, such as browsing behavior, profile, interactions, or preferences. It may be delivered by a third-party network (as part of External Advertising) or by the Publisher (as part of Internal Advertising), subject to the User’s prior consent in accordance with applicable regulations. Activating Targeted Advertising involves the use of advertising identifiers or trackers for profiling purposes.

Paid Partnership: refers to any agreement between the Publisher and a third-party entity resulting in the display of promotional or advertising content within the Application. These contents are published directly by the Publisher in an organic format and are clearly labeled as “Paid Partnership.”This type of content is the sole responsibility of the Publisher and is distinct from Sponsored Content (published by Users) and advertisements delivered by internal or external ad networks. The terms applicable to Paid Partnerships are defined in the "Advertising and Sponsored Content Policy".

Creator: refers to a User who publishes original or creative content on the Application, for which they are either the author or the holder of the necessary distribution rights. The Creator is responsible for ensuring compliance with applicable intellectual property rights and agrees to only publish content that complies with the contractual rules of the Application.

Protected Work: refers to any original intellectual creation expressed in a perceptible form and meeting the conditions for protection under the French Intellectual Property Code. This includes, but is not limited to, literary, artistic, musical, audiovisual, graphic, visual, photographic, software, digital, or multimedia creations.

Intellectual Property: refers to all exclusive rights granted by law to individuals or legal entities over their intellectual, artistic, technical, or commercial creations. This includes copyright and related rights of performers, producers, and publishers; rights over databases; and industrial property rights such as trademarks, designs, models, and patents. These rights give their holders control over the use, reproduction, performance, or distribution of their works, creations, or distinctive signs, in accordance with the provisions of the Intellectual Property Code and applicable international agreements.

License of Use: refers to the authorization granted by a rights holder, allowing the Publisher or a User to use a protected work or content within the limits defined by the agreed conditions. The license may cover various rights (reproduction, representation, adaptation, etc.) and specify the duration, geographic scope, authorized uses, and any applicable restrictions. It does not transfer intellectual property but provides a legal framework for lawful exploitation under applicable provisions.

Licensed Content: refers to music, works, or protected elements made available by the Publisher within the Application, for which a valid license has been obtained. This license allows, under the conditions defined by the Publisher, Users to incorporate such content into their own creations published on the Application. The use of Licensed Content remains subject to compliance with associated rights, any limitations set out in the license, and applicable contractual rules.

Infringement: refers to any use, reproduction, performance, distribution, modification, or adaptation of a protected work without the prior authorization of the rights holder, constituting a violation of their intellectual property rights. Infringement may apply to literary, artistic, musical, audiovisual, software, or any other protected content and may result in civil and criminal liability in accordance with the Intellectual Property Code and applicable laws.

Third Party: refers to any individual or legal entity not party to the contractual relationship between the Publisher and the User, and who is neither acting as the Publisher nor as a User of the Application. A Third Party may, for instance, be a rights holder of published content or be affected by a creation, publication, data processing, or use within the Application without directly participating in it.

Moderation: refers to all actions carried out by the Publisher’s dedicated human moderation team to monitor, assess, classify, process, restrict, or remove content or behavior reported or identified as contrary to the Application’s contractual rules, the law, or the ethical standards defined by the Publisher. Moderation may be reactive (following a report) or proactive (based on internal checks), and aims to ensure a compliant, safe, and respectful environment for all Users.

Report: refers to the feature available to Users that allows them to notify the Publisher, via the Application, of any content, behavior, or profile potentially violating the present contractual policies, applicable laws, or the rights or safety of an individual— particularly a child. A report may trigger a priority review by the human moderation team, in accordance with procedures outlined in the "Moderation Policy" and the "Child Safety Policy".

Report Category: refers to the descriptive category selected by the User when submitting a report, used to classify the presumed nature of the violation (e.g., hate speech, harassment, identity theft, inappropriate content, child endangerment, etc.). The Report Category guides how the moderation team processes the report and may, in some cases, automatically trigger the display of specific forms adapted to the severity or nature of the content in question.

Content Author: refers to the User who originally published, shared, or made content available on the Application, including content that becomes the subject of a report. The Content Author is legally responsible for complying with contractual rules, applicable rights, and legal obligations related to that content.

Complainant: refers to the User who initiated a report by notifying the Publisher of content, behavior, or a profile they believe violates the contractual rules or violates the contractual rules or applicable law. The identity of the Complainant remains strictly confidential and is never disclosed to the Content Author, unless required by law or judicial order.

Sanction: refers to any action taken by the Publisher against content, behavior, or a User that violates the contractual rules, current legislation, or the standards defined by the Publisher. Sanctions may include, but are not limited to: reclassification or removal of content; temporary or permanent restriction of functionalities, suspension or deletion of the user’s account, reporting to competent authorities in the case of serious misconduct or suspected criminal offense. The application of sanctions is at the sole discretion of the Publisher, in accordance with its "Moderation Policy".

Competent Authorities: refers to all judicial, administrative, law enforcement, or institutional authorities legally empowered to receive, process, or request information, reports, or evidence related to the protection of minors, the prevention of criminal acts, the fight against illicit content, and the suppression of dangerous behavior. This includes, but is not limited to, police or gendarmerie services, judicial authorities, independent authorities (such as regulatory agencies), any entity legally designated for this purpose under applicable law.

Legal Notices: refers to the document prepared in accordance with current French and European legislation intended to inform the User of key aspects related to the use of the service. It outlines the identification details of the Publisher, hosting information, intellectual property rights, data processing terms, and legal responsibilities of both the User and the Publisher, particularly under the French Law for Confidence in the Digital Economy (LCEN), the General Data Protection Regulation (GDPR), and the Digital Services Act (DSA). This document is available at the following address: https://www.nox.app/legal/legal-notice.

Terms of Use (CGU): refers to the contractual document governing the conditions of access, use, and operation of the Application, as well as the respective rights and obligations of the Publisher and the User. This document specifically defines the rules of User behavior, the conditions for content publication, the liability limits of each Party, the moderation procedures implemented, and the applicable sanctions in the event of a breach. The "Terms of Use" constitute a legally binding contract that must be accepted in order to access the services offered through the Application. This document is available at the following address: https://www.nox.app/legal/terms-of-use

General Sales Conditions (CGV): refers to the contractual document governing commercial relations between the Publisher and the User in the context of paid offers proposed on the Application. The "General Sales Conditions" detail subscription conditions, payment terms, commitment periods, cancellation procedures, as well as applicable rights regarding withdrawal or refund. They are legally binding for any individual subscribing to a paid service on the Application. This document is available at the following address: https://www.nox.app/legal/terms-of-sale

Privacy Policy: refers to the document outlining the Publisher’s commitments regarding the protection of personal data processed in the context of using the Application. It defines the purposes of data processing, legal bases, recipients, retention periods, Users’ rights (access, rectification, deletion, objection, portability, restriction), as well as the contact methods for exercising those rights.
It is directly linked to the "Data Collection Policy", which constitutes a complementary technical component detailing how information is actually collected via the Application. This document is available at the following address: https://www.nox.app/legal/privacy-policy

Data Collection Policy: refers to the document that details the technical modalities for data collection within the Application, whether data is voluntarily entered by the User or collected automatically (identifiers, logs, trackers, SDKs, etc.). It distinguishes the types of data collected, their sources, the tools used, and the contexts of collection.
It serves as the technical extension of the "Privacy Policy", supplementing it by informing Users precisely about how data processing is carried out, in accordance with the GDPR. This document is available at the following address: https://www.nox.app/legal/data-collection-policy

Illicit Content Reporting and Removal Policy: refers to the document that defines the procedure through which Users or any third party can report content that is illegal or contrary to current laws, as well as the methods for handling, removing, notifying, and contesting such reports. This policy is established in compliance with the obligations set out in the LCEN, the Digital Services Act (DSA), and the DMCA. This document is available at the following address: https://www.nox.app/legal/reporting-policy

Child Safety Policy: refers to the document that outlines the specific measures implemented by the Publisher to ensure the protection of minors on the Application. It defines age restrictions, parental control mechanisms, enhanced moderation rules, and the Publisher"s commitments to preventing risks related to sensitive content or inappropriate interactions. This document is available at the following address: https://www.nox.app/legal/child-safety-standards-policy

Copyright and Intellectual Property Policy: refers to the document that defines the rules applicable to the use, publication, and protection of content protected by copyright or other intellectual property rights within the Application. It details the Publisher’s rights, the obligations of Users, procedures for reporting infringement, and the conditions for content removal or sanction in the event of a violation. This document is available at the following address: https://www.nox.app/legal/copyright-policy

Advertising and Sponsored Content Policy: refers to the document governing the distribution of advertising, promotional, or sponsored content on the Application. It outlines transparency obligations, rules for identifying sponsored content, legal compliance requirements, applicable restrictions, and the Publisher’s commitments to commercial ethics and User protection. This document is available at the following address: https://www.nox.app/legal/advertising-policy

Moderation Policy: refers to the document describing the principles, criteria, and moderation procedures applied within the Application. It governs the monitoring of published content, removal, suspension or alert actions, and the recourse available to Users. It aims to ensure a respectful, safe, and legally compliant environment. This document is available at the following address: https://www.nox.app/legal/moderation-policy

List of Prohibited Content: refers to the document that provides a non-exhaustive list of content types that are either tolerated or prohibited on the Application, such as violent, hateful, discriminatory, sexual, illegal, or misleading content. This list serves to inform Users of the boundaries not to be crossed and is used as a reference for moderation and sanction actions. This document is available at the following address: https://www.nox.app/legal/prohibited-content

Code of Conduct: refers to the document establishing the behavioral expectations for Users within the Application. It promotes kindness, respect, civility, inclusion, and responsible use of social features. It serves as an ethical guide that complements the legal and contractual obligations outlined in the other policy documents.This document is available at the following address: https://www.nox.app/legal/code-of-conduct

Legal Provisions for the Attention of the Authorities: refers to the reference document established by the Publisher, intended exclusively for administrative, judicial, law enforcement, or regulatory authorities. Its purpose is to structure, formalize, and facilitate legal and technical cooperation with such authorities. This document defines the procedures for communication, reporting, requisition, information sharing, or content removal, in compliance with the applicable legal framework, including the provisions of the LCEN, the GDPR, the Digital Services Act, and the Code of Criminal Procedure. It is available at the following address: https://www.nox.app/legal/provisions-for-authorities

2. PURPOSE AND SCOPE OF THE POLICY

The purpose of this "Data Collection Policy" is to define the principles governing the automated collection of personal data within the "NOX – The Social Alarm Clock" mobile application, via integrated technologies specific to the application environment.

In particular, it specifies:

The types of collection technologies used in the Application (technical trackers, advertising identifiers, SDKs, application tags, etc.);
The circumstances under which these technologies may be activated (depending on the functionalities used, the User's preferences, the settings of the device);
The precise purposes pursued by each collection mechanism (audience measurement, personalization, security, advertising, social interactions);
The methods of expressing, managing and withdrawing consent, when required;
The User's rights and the legal guarantees provided in terms of control and confidentiality.

This "Data Collection Policy" applies to all Users of the Application, regardless of country of residence, connection status, or age, in compliance with the legislation in force, in particular Regulation (EU) 2016/679 (GDPR) and the ePrivacy Directive.

It covers all data collected passively or semi-automatically, excluding data actively provided by the User via forms or shared content, which are governed by the "Privacy Policy".

3. ACCEPTANCE AND ENFORCEABILITY

By accessing the Application, each User is deemed to have read this "Data Collection Policy" and to have accepted it without reservation. He acknowledges that he has been informed of their mandatory nature and agrees to be bound by all the legal and regulatory provisions they contain.

The acceptance of this "Data Collection Policy" constitutes an implicit contractual commitment between the User and the Publisher of the Application (hereinafter referred to together as "the Parties"). It applies in full and entirely to any browsing, interaction, account creation or use of the services offered by the Application.

A. EXPRESS AND IMPLIED VALIDATION

The User acknowledges that it is his responsibility to read all the information contained in this "Data Collection Policy", that he has the legal capacity required to access the Application, and that he undertakes to strictly comply with its terms throughout its use. Any browsing or interaction within the Application constitutes full and complete acceptance of this "Data Collection Policy".

B. BINDING AND ENFORCEABILITY

This "Data Collection Policy" is enforceable against all Users of the Application, as soon as they access, consult or interact with content published on NOX.

By accessing the Application, the User acknowledges that he has read this "Data Collection Policy" and undertakes to comply with its terms. Its acceptance is implied but legally binding. It also applies to anyone who makes a report, including if they do not have a NOX account.

The fact that the User accesses the Application implies irrevocable adherence to the obligations set out herein, as well as to the applicable legal framework, both at the national (French law, LCEN) and European (GDPR, DSA) levels. The User acknowledges that failure to comply with these provisions may result in access restrictions, or even engage civil, contractual or criminal liability.

C. REFUSAL OF ACCEPTANCE

If the User does not accept or objects to this "Data Collection Policy", he must immediately stop using the Application. The Publisher reserves the right to refuse, suspend or withdraw access to any person who does not comply with these provisions.

D. ACCESSIBILITY AND CONSERVATION

This Data Collection Policy can be accessed at any time from the "Legal Information" sub-menu of the "Settings" menu of the Application and from the https://www.nox.app/legal/data-collection-policy website.
The User may keep a copy of it or request access to it at any time via the dedicated contact service: legal@nox.app.

E. MODIFICATIONS AND EVOLUTIONS

The Publisher reserves the right to modify this "Data Collection Policy" in order to take into account:

the applicable legislative or regulatory developments (LCEN, GDPR, DSA, etc.);
the evolution of the features or content formats offered on NOX;
feedback from the user community or the competent authorities.

In the event of a substantial change, Users will be informed by any appropriate means. The version in force is the one published at the following address: https://www.nox.app/legal/data-collection-policy.

Any substantial modification of this "Data Collection Policy" will be subject to prior notification to the User, by any means deemed appropriate ( notification, email, in-app message, etc.). "Substantial modification" means any modification that has a significant impact on the User's rights or obligations. In this case, the User must expressly accept the new version of the the new version of the "Data Collection Policy" via a formal validation (e.g. checkbox, electronic signature, in-app confirmation). Failure to do so will result in the suspension of access to the Application until the new terms and conditions have been expressly validated.

Non-substantial changes may simply be notified and will enter into force without mandatory validation, subject to information accessible to the User.

4. SCOPE OF APPLICATION

This "Data Collection Policy" applies to all automated or semi-automated data collection mechanisms implemented in the context of the use of the "NOX – The Social Alarm Clock" mobile application, published by the company LAPSUS.

It covers in particular:

The use of technical trackers integrated into the Application, regardless of the operating system (Android, iOS, etc.);
Interactions with software development kits (SDKs), app tags, or mobile advertising IDs;
Technologies embedded by third-party services used by the Application (e.g. analytical tools, advertising networks, crash reporting services);
Measurement, tracking, diagnostics, or personalization devices that are integrated into the App or enabled as part of a specific feature.

This "Data Collection Policy" applies :

to all Users of the Application, whether registered or not, regardless of their country of residence or subscription status;
all versions of the Application, whether they are in production, in testing, or in pre-release distributed on an official download platform (App Store, Play Store).

It does not apply to:

content or services accessible outside of the Mobile Application, such as the official NOX website: https://nox.app ;
to data actively collected by the User through forms or explicit interactions, which are processed within the framework of the "Privacy Policy".

5. COLLECTION MECHANISMS

The "NOX – The Social Alarm Clock" Application may collect personal data actively or passively, depending on the User's interactions with the platform and the technologies embedded in the application environment.

These collection mechanisms are strictly regulated, both technically and legally, and are only activated when they are necessary for the proper functioning of the Application, or authorized by the User as part of their consent or settings.

The purpose of this section is to clearly distinguish:

Actively collected data, i.e. data provided directly by the User;
Data collected passively, i.e. data recorded automatically when using the Application;
The specific technologies used to enable this collection (SDKs, application trackers, advertising identifiers, tags, etc.).

A. ACTIVELY COLLECTED DATA

Although this "Data Collection Policy" focuses on the technical mechanisms of passive or automated collection, it should be recalled, by way of introduction, that part of the personal data processed in the context of the "NOX – The Social Alarm Clock" Application comes from active collections, i.e. directly and voluntarily provided by the User.

This data is entered or transmitted consciously by the User, in particular when:

their registration with the Application;
account settings or preferences;
the use of social, interactive or messaging features;
the publication or management of personal content;
sending reports, creating tickets with "Support", or requests related to one's rights.

These active collections allow the User to interact with the Application according to the features he activates and the content he chooses to share. They are fully described in the "Privacy Policy", to which reference should be made for details, purposes, legal basis and retention periods.

This data is not the focus of this document, as it is not automated or passive collection via embedded technologies. However, they are mentioned as a supplement, insofar as their processing may depend on the same consent preferences as those applied to passive collection mechanisms, in particular with regard to usage analysis, personalization or sharing with external partners.

B. PASSIVELY COLLECTED DATA

Some personal data may be collected passively, without explicit action by the User, during the use of the "NOX – The Social Alarm Clock" Application. This collection is based on the use of technologies integrated into the mobile environment, intended to ensure the proper functioning of the platform, to improve the user experience, or to secure the infrastructure.

This data is recorded automatically by the system or by on-board technical services, without the User having to fill in a form or directly transmit any information.

Data collected passively may include, but is not limited to:

Technical data :
- model of the device used;
- brand and manufacturer of the device;
- device type
- OS version;
- version of the App installed;
- type of network used.
- mobile operator;
- device language;
- device time system;
- device time zone;
- device time;
- device resolution;
- orientation of the device screen;
- available/used storage capacity;
- device power status;
- device battery level;
Log Data :
- IP address used on each connection;
- session ID assigned by the server;
- anonymized technical identifiers (UUID, Firebase token, push notification ID);
- crash or application error data (error type, affected module, exception message);
- accurate timestamps (date and time of each system action or event)
- logs;
- logs of changes to sensitive settings (password, email address, privacy preferences);
- history of consents or withdrawals of consent;
- technical traces of API interactions (successful or failed);
Usage Data :
- total duration of each usage session;
- frequency of connections;
- number of pages or screens viewed per session.
- navigation path between screens or menus;
- actions taken in the app.
- how often each feature is used.
- completion rate of actions or forms;
- content viewed;
- data relating to interaction with notifications;
- anonymised or pseudonymised usage statistics for analysis purposes;
Advertising ID Data :
- Apple Identifier for Advertisers (IDFA);
- Android Advertising ID (GAID);
- data associated with these identifiers (interest categories, marketing segments);
- membership in anonymized advertising cohorts (via third-party tools such as Google Ads, Facebook Ads);
- technical information transmitted to advertising networks: device model, language, approximate geography;
- advertising campaign performance data (impressions, clicks, conversions, uninstalls);
- non-consent data, if the User has disabled advertising tracking on their device;
Approximate location data :
- IP address partially scanned (without full retention);
- country or region of estimated origin (e.g., France, Quebec, California);
- time zone detected via IP or system;
- the default language associated with the country.
- used only for:
  - adjust the display language.
  - adapt content to local legislation (sensitive content, moderation).

This data is collected and processed in accordance with the principles of minimisation, proportionality and transparency, and is associated with specific purposes. No data passively collected is subject to processing that is incompatible with the User's reasonable rights and expectations.

C. PASSIVE COLLECTION TECHNOLOGIES USED

The "NOX – The Social Alarm Clock" Application uses various technologies embedded in the mobile application environment to enable passive or semi-automated data collection. These technologies are used in a controlled, transparent manner that is proportionate to the purposes pursued.

The main technologies used are:

Internal application trackers: These are devices integrated into the code of the Application, allowing certain technical or functional events to be monitored (e.g., opening a screen, activating a parameter, crashing a function). These trackers do not allow the direct identification of the User and are used to improve the quality of service.
SDK (Software Development Kits): The Application integrates software libraries provided by third parties (e.g., analysis tools, notification systems, advertising management). These SDKs may trigger the collection of technical, performance or interaction data, depending on the parameters chosen by the User. All SDKs are subject to contractual agreements with the Publisher, in compliance with the GDPR.
Mobile Advertising IDs: Where the User has consented, operating system-specific advertising IDs may be used to display targeted advertisements or measure campaign performance. These include:
- IDFA (Identifier for Advertisers) on iOS;
- GAID (Google Advertising ID) on Android.
  - These identifiers can be reset or deactivated by the User in the settings of his device.
Application tags and tracking pixels: Some modules may contain technical tags (e.g., loading pixels, confirmation events) that can be used to trigger a statistical or advertising event when using a specific feature. These tags alone do not allow a User to be identified but may be cross-referenced with other data if the User has consented to this.
System logs and server logs: The Application automatically generates internal logs for each usage session. These logs contain timestamps, error reports, system information, or traces of interaction. They are used for diagnostic, security or operational maintenance purposes.

These technologies are activated either by technical necessity or on the basis of the User's explicit consent when required by the regulations. They are governed by security measures, contractual controls with service providers, and configuration mechanisms accessible to the User.

6. PURPOSES OF COLLECTION BY TECHNOLOGY

The passive collection technologies embedded in the "NOX – The Social Alarm Clock" Application are associated with specific, determined and legitimate purposes. Each automated collection mechanism is activated either for essential technical reasons, or with the User's prior consent when required by the regulations.

The main technologies used, and their respective purposes are as follows:

Internal application trackers: Used to track navigation between screens, measure user journeys, and record technical events. They contribute to the improvement of the overall experience and functional analysis of the Application. These trackers are based on the legitimate interest of the Publisher;
System logs and server logs: These logs are automatically generated at each session and are used to diagnose errors, stabilize the Application, and secure the infrastructure. Their processing is also based on legitimate interest;
Analytics SDKs: Employees to obtain aggregated statistics on the use of the Application, the frequency of connections or the performance of modules. When these SDKs involve personalization or behavioral profiling, their activation requires the User's consent. In the absence of personalization, legitimate interest may be invoked;
Mobile Advertising Identifiers (IDFA / GAID): Activated only with the explicit consent of the User, they allow the display of personalized advertisements, the membership of advertising segments, and the measurement of the performance of advertising campaigns (impressions, clicks, conversions, uninstalls);
Application tags and tracking pixels :D triggered during certain specific actions (video viewing, clicking on sponsored content), these elements make it possible to evaluate the effectiveness of advertising campaigns or promoted content. Their use is based on the prior consent of the User;
Approximate geolocation technologies: Used to adapt the display language, filter certain content according to local legislation, or produce regional usage statistics. This data is based on the legitimate interest of the Publisher, as it does not allow precise identification;
Push Notification SDKs allow :P to send targeted notifications based on the preferences expressed in the Application. Their activation is conditioned by the device settings and can be adjusted directly in the settings of the App. The processing is based on the User's consent or on legitimate interest depending on the context.

Those purposes shall be defined in accordance with the principle of proportionality. Each processing is within the framework of the objectives specified in the "Privacy Policy", to which reference should be made for an overview of the legal bases and the processing carried out by the Publisher.

7. CONSENT MANAGEMENT

The automated collection of certain data in the "NOX – The Social Alarm Clock" Application is based, when required by regulation, on the explicit, free, informed and specific consent of the User, whether the collection is passive or active. This consent is collected, applied and can be modified at any time, in accordance with the requirements of the General Data Protection Regulation (GDPR) and the ePrivacy Directive.

A. INITIAL COLLECTION OF CONSENT

At the end of the creation of their account, the User accesses a dedicated screen entitled "Use of your data" composed of four purposes for collecting and processing data requiring their consent. From this screen, the User can:

consult the "Data Collection Policy";
individually tick the preferences to which they wish to consent;
use the "I accept all" or "I refuse all" buttons.

No checkboxes are pre-selected by default. The User's choice is stored locally and on the server side, in compliance with the requirements of the GDPR.

B. PREFERENCE BEHAVIOR

Each preference offered to the User during the "Use of your data" screen activates or deactivates specific data processing, having concrete technical consequences on the operation of the Application, the use of embedded technologies, or the display of advertising content.

The four options presented are independent but can interact with each other, especially when certain compatibility conditions are required between several processing operations.
The effects associated with a consent or refusal are exhaustively detailed below, for each preference, specifying the technologies concerned, the functionalities activated or deactivated, as well as the limitations imposed in the event of an objection:

Preference n°1: "Analysis of the use of the Application":
Refers to the collection of browsing, interaction and user journey data for the purposes of continuous improvement (ergonomics, performance, stability):
- In case of agreement:
  - Authorization to perform pseudonymized or identified internal analysis;
  - Permission to use analytics SDKs (Google Analytics, Firebase Analytics, etc.) with pseudonymized identifiers (user_id, device_id, session_id);
- In case of refusal:
  - Prohibition of associating any technical identifier with browsing data;
  - Collection limited to fully anonymised data, for raw statistical purposes;
  - No personalization possible on the basis of usage behavior;
Preference n°2: "Use of optional trackers":
Refers to the use of optional technologies embedded in the Application (third-party SDKs), which are not essential for basic operation:
- In case of agreement:
  - Enable optional SDKs like Google Ads, Firebase Analytics, Google Analytics;
  - Ability to use performance, conversion or attribution trackers;
  - Reading and storing authorized mobile advertising identifiers (IDFA, GAID, AAID);
- In case of refusal:
  - Preference 4 is automatically unchecked;
  - Disabling all optional SDKs that use trackers;
  - Prohibition of reading or storing any advertising identifier;
  - Systematic dissociation of user_id, device_id and session_id in Google tools;
Preference n°3: "Personalized advertising":
Refers to the display of internal or external advertising adapted to the User's profile or preferences:
- In case of agreement:
  - Display of personalized advertisements;
  - Display targeted rewarded videos via Google Ads;
  - Permission to use mobile advertising identifiers (IDFA, GAID, AAID);
- In case of refusal:
  - Preference 4 is automatically unchecked;
  - Ads remain active, but are rendered non-targeted;
  - Prohibition of the use of advertising identifiers;
  - Technical impossibility to offer first-party personalized advertising in the future;
Preference 4: "Sharing data with advertising partners (Google Ads)":
Refers to the sending of technical or behavioral data to third-party partner services, exclusively Google Ads:
- In case of agreement:
  - Permission to transmit technical, statistical or advertising events to Google Ads;
  - Activation of the personalization of advertising campaigns via rewarded videos;
  - Possibility of belonging to anonymized marketing targeting segments;
- In case of refusal:
  - The rewarded video remains accessible, but without ad targeting;
  - No transfer of data to advertising networks is permitted;
  - Future syncs with Google Ads are blocked unless consent is renewed.

C. CHANGING CONSENT PREFERENCES

The User can change their consent choices at any time directly from the Application, by accessing the "Personal Data" sub-menu of the "Settings" menu.

Each preference can be activated or deactivated independently of the others, according to the User's wishes. It is not necessary to delete your account or reinstall the Application to reset your choices.

Preferences are scalable in a granular way, which means that the User can, for example, accept usage analysis while refusing personalized advertising or data sharing.

Any change in preference is immediately reflected by the technical systems and applied without delay, including:

the deactivation of associated technologies (trackers, SDKs, advertising identifiers);
the purging or anonymisation of data collected under consent, when there is no retention obligation to prevent it;
Server-side consent status update.

The User may also choose at any time to refuse all preferences via a single command present in the interface, or to reset his choices if necessary.

D. PROOF AND TRACEABILITY OF CONSENT

In accordance with the requirements of the General Data Protection Regulation (GDPR), the Publisher keeps proof of obtaining consent as well as any withdrawal or modification of preference.

Each action relating to consent is the subject of a time-stamped recording, associated with the User's technical identifier (without a direct link to his or her civil identity). These logs are stored in a secure environment and are only accessible to authorized persons within the Publisher.

Consent logs are retained:

as long as the User's account is active,
or as long as proof of compliance is required with regard to the processing carried out.

No data resulting from a refused treatment may be reused at a later date without further explicit consent. The opt-out is also stored to prevent unauthorized triggering of technologies or credentials.

This system guarantees complete traceability, continuous compliance and respect for the User's rights at all times of the use of the Application.

8. LIFESPAN OF TRACERS

The technologies used in the "NOX – The Social Alarm Clock" Application may generate technical identifiers or automated recordings (trackers) at different stages of use. The lifespan of these trackers varies according to their nature, their purpose and the consent expressed by the User.

The Publisher applies a minimum and proportionate retention policy, in accordance with the principle of data minimization. No tracker is activated or stored beyond what is strictly necessary for the purpose pursued.

A. SESSION PLOTTERS

The so-called "session" trackers are generated temporarily, exclusively for the duration of active use of the Application. They are used to:

allow the authentication of the User during his session;
ensure stability and functional consistency between the different screens;
Facilitate internal navigation, without constantly re-entering information.

These trackers include, for example:

A temporary session ID generated by the server.
A private messaging access token.
technical information related to the current secure connection.

Lifetime: These items are automatically deleted when:

the User closes the Application;
or a session expires due to prolonged inactivity.

They are never retained beyond an active session and do not result in any lasting recordings.

B. PERSISTENT TRACERS

Some trackers have a longer lifespan, as they allow the App to:

Remember personalized preferences (language, display, notifications, sensitive content, consent)
to monitor the evolution of user journeys for improvement purposes;
Analyze the overall usage of features (if consent has been given);
Measure advertising performance (if consent is extended to partners).

These trackers are created via third-party or internal SDKs and can include:

pseudonymized identifiers (user_id, device_id, session_id);
anonymized marketing segments;
persistent statistical tags.

Lifespan: these trackers are kept:

for a period defined by each technology, varying between 1 and 13 months maximum;
and are automatically deactivated or reset in the event of withdrawal of consent.

The User can also manually reset their lifespan by:

logging out of their account;
resetting their advertising ID on their device;
or deleting their account.

C. ADVERTISING IDENTIFIERS (IDFA / GAID)

The Application may, if the User explicitly consents, access the mobile advertising identifiers provided by the operating system:

IDFA (Identifier for Advertisers) for iOS devices;
Google Advertising ID (GAID) or AAID for Android devices.

These identifiers make it possible to:

the display of targeted advertisements (rewarded videos, Google Ads);
Campaign performance measurement (clicks, conversions, uninstalls)
Membership in anonymous advertising segments.

Lifespan:

These credentials remain available until they are reset or disabled in the device's system settings.
the Application does not read or store them if the User has refused personalized advertising or optional trackers.

In the event of withdrawal of consent or system opt-out, any processing of these identifiers is blocked.

D. API TECHNICAL LOGS AND EVENTS

When using the Application, technical logs are automatically generated by the system to:

ensure the proper functioning of the company;
detect errors or failures;
analyse the security of data exchanges;
evaluate response times and quality of service.

These logs may include:

Accurate timestamps
Exception messages
Error-triggering modules.
traces of API interactions (successes, failures, technical parameters).

Lifespan:

These logs are kept for a maximum period of 6 months, unless there is an exception justified by a need for security or auditing.
They are pseudonymized, with no direct association with an identifiable user identity.
They are never used for advertising or profiling purposes.

E. REVERSIBILITY AND DELETION

The User has full control over the trackers activated or stored on their device or in their data space. He or she may at any time:

change their consent preferences from the App settings;
reset their advertising IDs from their device's system settings (Android / iOS);
empty all the trackers associated with their account by requesting the deletion of their personal data;
request the deletion of their account, which results in the permanent deletion of all data not legally retained.

The trackers associated with a withdrawn processing or a deleted account are:

be abolished entirely;
or irreversibly anonymised, for statistical or archival purposes only.

9. THIRD-PARTY TOOLS AND PARTNERS

The "NOX – The Social Alarm Clock" Application integrates certain services provided by third parties technologies (e.g. SDKs, APIs, analytical or advertising solutions) in order to ensure its operation, improve the user experience or offer additional services. These tools may be required to collect, receive or process certain technical or pseudonymised data, subject to the consent expressed by the User.

The Publisher undertakes to strictly regulate the use of these third-party tools via:

GDPR-compliant subcontracting or partnership agreements,
a regular technical check of their behaviour,
and an automatic deactivation in the event of refusal of associated consent.

A. LIST OF EMBEDDED THIRD-PARTY TOOLS

As part of the operation of the "NOX – The Social Alarm Clock" application, certain third-party services are used to provide authentication, infrastructure, security, personalization and data management. Some of them may process personally identifiable information (PII) or technical data.

AWS Cognito:
Provides user authentication, authorization, and management. This service allows for secure connection and session management, among other things. It can access personally identifiable information (PII);
AWS Lambda :
P the execution of backend functions in a serverless environment. The data is processed temporarily and reset with each infrastructure update. This service can process PII;
AWS Elastic Container Service (ECS):
Manages the execution of the application's backend containers. The data is loaded into memory and erased with each redeployment. It may temporarily contain personal information;
AWS S3 (Simple Storage Service):
Provides storage for static files and certain user data, such as conversations, notifications, thumbnails, and verification (KYC) documents. This service may contain PII;
AWS Route 53:
Manages the application's DNS routing, including through IP address geolocation mechanisms (GeoIP routing). This service can access users' IP addresses;
AWS Virtual Private Cloud (VPC):
Provides the private network environment used to run the various backend services. All traffic passes through this network, which temporarily makes the data accessible inside the VPC. This service can therefore process PII;
AWS Elastic Load Balancing (ELB):
Distributes the load across backend servers, taking into account users' IP addresses to route requests;
AWS CloudWatch:
Collects metrics and logs from AWS services in use. The information collected may include diagnostic items containing PII;
AWS Simple Notification Service (SNS):
Ensures the transmission of events and messages between the different backend services. Some messages may include user data or PII;
AWS EventBridge:
Manages event streams between application services. It works like SNS, with a finer orchestration of events;
AWS RDS / Aurora:
Provides a relational database that stores user data and application data. This service processes personally identifiable information;
AWS Personalize:
Manages user preferences (likes, watch time, etc.) for content recommendation purposes. The data is stored pseudonymously without direct identification;
Datadog:
Provides a monitoring and observability platform for the application. Logs and metrics can include technical data or PII depending on the events captured;
AWS Amplify:
A development and deployment tool for connecting AWS services to the mobile app. Can transit PII as part of frontend-to-backend synchronization;
Bugsnag:
Ensures the reporting of application errors and the follow-up of crashes to improve the stability of the application. The information collected may include technical details related to errors encountered by users;
Firebase:
Used for some secondary app features (authentication, analytics, performance monitoring), including Firebase Cloud Messaging for sending push notifications. Can process PII depending on configuration;
Firebase Cloud Messaging:
Send push notifications to users. This service uses technical identifiers linked to the device;
Google Ads:
The display of ads within the app, based on the user's expressed preferences. May collect data for advertising purposes, only with the user's consent for personalized ads;
RevenueCat:
Manages subscriptions and in-app purchases made on the App Store and Play Store. The information processed may include pseudonymized identifiers and aggregated billing data.

B. CONTRACTUAL COMMITMENTS AND SUPERVISION

Each of these third-party services is linked to the Publisher by:

a data processing contract in accordance with Article 28 of the GDPR,
a commitment not to use the data for any purpose other than those strictly defined,
guarantees of conservation, security and purpose limitation,
the use of secure processing centers, the locations of which are specified in the "Hosting and Data Transfer" section of the Privacy Policy.

In the event of refusal of consent by the User, the SDKs and associated services are automatically deactivated or desynchronized.

C. DATA TRANSFERS ASSOCIATED WITH THIRD-PARTY TOOLS

Some of the services mentioned may involve data transfers outside the European Union, in particular to the United States. When this is the case:

these transfers are governed by standard contractual clauses (SCCs) approved by the European Commission,
or are based on a system recognized as equivalent by European regulations (e.g. Data Privacy Framework).

No data transfer may be carried out without the prior consent of the User, when this processing is not strictly necessary for the operation of the service.

10. COMING INTO FORCE AND ACCESSIBILITY OF THE POLICY

This section specifies the date of entry into force of this "Data Collection Policy", the conditions for its enforceability against Users, as well as the terms and conditions for consulting it at any time. It aims to ensure transparency and permanent accessibility of the behavioural commitments expected on NOX.

A. DATE OF ENTRY INTO FORCE

This "Data Collection Policy" comes into force on April 14, 2025, the date of official launch of the "NOX – The Social Alarm Clock" Application. It applies from the first use of the Application, whether the User is a registered user or a simple visitor.

B. ENFORCEABILITY

The "Data Collection Policyapplies to all Users, regardless of status, location or duration of registration. It constitutes a contractual document complementary to the "Terms of Use" and the "Privacy Policy", of which it specifies certain behavioural commitments.

Any person who accesses the Application or uses its features is deemed to have read the "Data Collection Policy", to have understood and accepted it in its entirety.

C. OFFICIAL LANGUAGE

The French version of the "Data Collection Policy" is authentic between the Parties. In the case of translation, only the French language version is legally binding.

11. POLICY EVOLUTION AND UPDATES

This "Data Collection Policy" is an evolving document, subject to modification to adapt to changes in the Application, the community, security standards and the applicable legal framework.

A. UPDATED BY THE PUBLISHER

The Publisher reserves the right to modify, supplement or update the "Data Collection Policy" at any time, in particular in the event of:

changes in French, European or international legislation;
substantial changes to the functionality of the Application;
changes in moderation or security priorities;
feedback from the NOX community.

B. USER INFORMATION

Users are informed of any substantial updates to the "Data Collection Policy":

by an in-app notification or in-app message;
by posting a notice on the official NOX website: https://nox.app.

In some cases, the Publisher may request express validation of the new version of the "Data Collection Policy" before the User can continue to use the services.

C. ONGOING CONSULTATION

The current version of the "Data Collection Policy" can be accessed at any time from:

the "Legal information" sub-menu of the "Settings" menu of the Application;
NOX"s legal website: https://www.nox.app/legal.

It can be freely consulted, downloaded or archived by the User. Users are invited to regularly consult the "Data Collection Policy" to ensure that they comply with the latest provisions.

12. APPLICABLE LAW AND JURISDICTION

This "Data Collection Policy" is governed, interpreted and applied in accordance with French law, subject to the application of the mandatory rules provided for by European Union law or by any other more protective local law applicable to the User in his country of residence.

In the event of a dispute relating to the interpretation, validity, execution or termination of these Terms and Conditions, or to the use of the Application, the competent courts shall be those within the jurisdiction of the Publisher"s registered office, unless otherwise required by mandatory legal provision, in particular with regard to consumer protection.

The User is informed that, in accordance with Articles L.611-1 et seq. of the Consumer Code, he or she has the possibility of having recourse free of charge to a consumer mediator, with a view to the amicable resolution of any dispute that may arise between him or her and the Publisher.

The consumer mediator proposed by the Publisher is MEDICYS, whose website is accessible at the address: MEDICYS, 73 boulevard de Clichy, 75009 Paris, 01 49 70 15 93; E-mail: contact@medicys.fr; Web: https://www.cc-mediateurconso-bfc.fr.

Nothing herein shall limit the mandatory legal rights of the User under the applicable legislation in his country of residence.