Privacy And Policy Page
18 Feb, 2026
PRIVACY POLICY
BackToLife
Effective Date: 09/02/2026 Last Updated: 09/02/2026 Version: 1.0
Summary
BackToLife is built with privacy as a core principle. We believe in giving you control over your data and your digital wellbeing without compromising your privacy or autonomy.
Key points:
• Local-first design: Your settings, filters, and usage statistics stay on your device
• No ads, no trackers: Your activity is not monitored for advertising purposes
• Anonymous analytics only: Optional, anonymized data to improve the app and fix bugs
• Full GDPR compliance: Your rights are protected under EU data protection law
• Transparent processing: Clear legal basis for all data processing activities
• Minimal data collection: We collect only email and name account if you provide it to us, for functionality and app updates
This Privacy Policy applies to the BackToLife mobile application (for iOS and Android ) provided by ASOCIACIÓN JUNIOR EMPRESA SYNKRO, and complies with the EU General Data Protection Regulation (GDPR) and applicable national data protection laws.
For questions about your data, contact us at info@backtolife.site
Owner and Data Controller
ASOCIACIÓN JUNIOR EMPRESA SYNKRO Plaza de San Martín, 1, Madrid, 28013 Madrid, Spain VAT/Registration Number: ESG75285965 Data Controller contact: info@backtolife.site
What Data We Collect
Personal Data We Collect
We collect the following personal data when you create an account:
• Email address: To create your account, send you important app updates, and communicate with you about the service
• Name: To personalize your experience and communicate with you
This data is collected only when you explicitly provide it during account creation. You can use BackToLife without creating an account, in which case we collect no personal identifiable information about you.
Anonymous Analytics Data (Optional)
With your explicit consent, we collect minimal, anonymized usage data without using any data analytics provider:
• App feature usage (which filters are most commonly used)
• App interactions (Inside the app not the webview)
• Technical data: device type, OS version, app version
• Session statistics: session length, frequency
This data is:
• Fully anonymous and aggregated
• Cannot be linked to you personally or your account
• Not connected to your email or name
• Collected only with your consent, which you can withdraw at any time
How we anonymize: Our analytics provider processes data without persistent identifiers. No device IDs, advertising IDs, or user IDs are collected. IP addresses are not collected. Data is aggregated before storage. Re-identification is technically infeasible. This ensures data is truly anonymous under GDPR Recital 26.
Data We Do NOT Collect
We explicitly do not collect and technically cannot collect:
• Your browsing history within Instagram or YouTube
• The content you view or your interactions with these platforms
• Your contacts, photos, or other personal content
• Location data
• Biometric data
• Device identifiers that can personally identify you (beyond anonymous analytics)
• Any special categories of personal data (health, race, religion, politics, sexual orientation, etc.)
No Advertising Trackers
BackToLife contains no advertising and no advertising trackers. Your activity is not monitored for advertising purposes. We do not engage in:
• Targeted advertising
• Profiling for advertising purposes
• Sale or sharing of personal data for advertising
• Cross-context behavioral advertising
Legal Basis for Processing (GDPR Article 6)
We process your personal data based on the following legal grounds under GDPR Article 6:
1. Contract Performance (Article 6(1)(b)GDPR)
Processing your email address and name is necessary to provide you with the BackToLife service, including:
• Creating and maintaining your account
• Providing app functionality that requires an account
• Communicating with you about your account
2. Legitimate Interest (Article 6(1)(f)GDPR)
We process anonymous analytics and crash data based on our legitimate interest in:
• Maintaining a stable, functional product
• Improving app functionality and user experience
• Identifying and fixing bugs
Balancing test: We have assessed that this minimal anonymous processing does not override your rights and freedoms. The data is fully anonymous, aggregated, and cannot be linked to you. You have the right to object to this processing at any time by opting out of analytics.
3. Consent (Article 6(1)(a)GDPR)
Where we send you marketing communications about app updates or new features beyond essential service communications, we will first obtain your explicit consent. You can withdraw this consent at any time.
How Your Data is Stored
Account Data Storage
Your email address and name are stored securely on our servers located in
Europa France. We implement the following security measures:
• Encryption in transit: All data transmitted to/from our servers uses HTTPS encryption
• Encryption at rest: Data is encrypted using AES-256
• Access controls: Strict access controls limit who can access your data. Only our own server owners can access the data.
How We Use Your Data
Account Data
We use your email address and name to:
• Create and maintain your account
• Authenticate you when you log in
• Send you essential service communications (e.g., security alerts, critical updates)
• Send you optional updates about new features, improvements, or app announcements (with your consent)
• Respond to your support requests
• Comply with legal obligations
Anonymous Analytics
Anonymous analytics data is used solely for:
• Understanding how the app is used to improve user experience
• Identifying and fixing bugs and crashes
• Analyzing app performance and stability
• Making product decisions about new features
We do NOT use your data for:
• Advertising or marketing purposes
• Selling or renting to third parties
• Profiling or behavioral analysis that affects you
• Automated decision-making that produces legal or similarly significant effects
• Any purpose unrelated to app improvement
Data Sharing and Third Parties
Third-Party Service Providers (Data Processors)
We use the following third-party services that process data on our behalf as Data Processors under GDPR Article 28. We have Data Processing Agreements (DPAs) with all processors ensuring they:
• Process data only on our instructions
• Maintain appropriate security measures
• Do not use data for their own purposes
• Notify us of any data breaches
• Delete or return data when services end
Privacy Policy:
https://backtolife.site/wp-content/uploads/2026/02/BackToLife_Terminos_y_Condiciones_ES.pdf
Cloud Hosting: Hostinger Purpose: Hosting account data Data processed: Email, name Location: Europe France DPA in place: Yes
WebView Privacy & Third-Party Platforms
BackToLife uses WebView technology to display Instagram and YouTube with content filters applied. Important clarifications:
What we do:
• Use dart to hide Reels/Shorts and other sections
• Create a filtered browsing environment
What we do NOT do:
• Intercept, store, or transmit your login credentials
• See the content you view on these platforms
• Access your interactions with Instagram or YouTube
• Access Instagram/YouTube cookies or authentication tokens
Third-party platform data processing:
• When you access Instagram or YouTube through BackToLife, you interact directly with those platforms
• These platforms may set cookies and process data under their own privacy policies
• Instagram/YouTube cookies remain isolated within the WebView
• We do not control third-party data processing
• You remain subject to Instagram's and YouTube's respective Terms of Service and Privacy Policies
Platform terms compliance: Using BackToLife to modify Instagram/YouTube interfaces may violate their Terms of Service. Users acknowledge and accept this risk. We cannot guarantee that platforms won't detect or restrict modified access.
No Data Sales or Sharing
We do not sell, rent, or trade your personal data to anyone. We do not engage in:
• Sale of personal data (as defined by GDPR, CCPA, and other privacy laws)
• Sharing for cross-context behavioral advertising
• Data brokerage
• Any monetization of your personal information
International Data Transfers
Your account data (email, name) is processed within the EU only
On-Device Data
Stored on your device until you delete it or uninstall the app. We have no access to this data and cannot delete it remotely.
Anonymous Analytics
Retained by our analytics providers according to their policies (typically 14-26 months for aggregate data). Because this data is completely anonymous and aggregated, it cannot be individually deleted and does not constitute personal data under GDPR.
Your Rights Under GDPR
As a user in the EU/EEA (or UK), you have the following rights regarding your personal data:
1. Right of Access (Article 15)
You have the right to obtain confirmation of whether we process your personal data and, if so, access to that data. You can request a copy of your data at any time.
2. Right to Rectification (Article 16)
You have the right to have inaccurate personal data corrected. You can update your email and name in your account settings, or contact us for assistance.
3. Right to Erasure / 'Right to be Forgotten' (Article 17)
You have the right to have your personal data deleted. You can delete your account at any time through SPECIFY METHOD - e.g., Settings > Account > Delete Account. Upon deletion, we will permanently erase your email and name within 30 days.
4. Right to Restriction of Processing (Article 18)
You have the right to request restriction of processing in certain circumstances (e.g., while we verify data accuracy).
5. Right to Data Portability (Article 20)
You have the right to receive your personal data in a structured, commonly used, machine-readable format (JSON/CSV) and transmit it to another controller.
6. Right to Object (Article 21)
You have the right to object to processing based on legitimate interest. For anonymous analytics, you can opt out at any time through OPT-OUT MECHANISM.
7. Right to Withdraw Consent (Article 7(3))
Where processing is based on consent (e.g., marketing emails, analytics), you can withdraw consent at any time. This will not affect the lawfulness of processing before withdrawal.
8. Right to Lodge a Complaint
You have the right to lodge a complaint with your local data protection supervisory authority if you believe your rights have been violated. Find your authority at: https://edpb.europa.eu/about-edpb/board/members_en
To exercise any of these rights, contact us at info@backtolife.site. We will respond within 30 days (1 month as required by GDPR).
Your Rights Under Other Privacy Laws
CCPA/CPRA (California Residents)
California residents have rights under CCPA/CPRA including:
• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell)
• Right to non-discrimination for exercising your rights
• Right to correct inaccurate information
• Right to limit use of sensitive personal information (not applicable - we don't collect sensitive PI)
We do not engage in: (1) Sale of personal information, (2) Sharing for cross-context behavioral advertising, (3) Targeted advertising, or (4) Profiling with legal/significant effects.
UK GDPR (United Kingdom)
UK users have the same rights as EU/EEA users under UK GDPR. UK supervisory authority: Information Commissioner's Office (ICO) - https://ico.org.uk
LGPD (Brazil)
Brazilian users have rights under LGPD similar to GDPR, including access, correction, deletion, and portability. Contact us to exercise these rights.
Other US State Laws
Residents of Virginia, Colorado, Connecticut, Utah, Montana, and other US states with comprehensive privacy laws have similar rights. We do not engage in targeted advertising, profiling, or sale of personal information as defined by these laws.
Data Protection by Design and Default
We implement privacy principles throughout our product development:
Data minimization: We collect only the data necessary (email and name for account functionality).
Purpose limitation: Data is used only for specified, explicit purposes.
Storage limitation: Data is deleted when no longer needed.
Privacy by default: Analytics are opt-in, not opt-out. Most data stays on your device by default.
Security by design: Encryption, access controls, and secure storage are built into our architecture.
Security Measures
We implement appropriate technical and organizational measures to protect your data:
Technical Measures
• HTTPS/TLS encryption for all data in transit
• ENCRYPTION STANDARD encryption for data at rest
• Secure password hashing for Parental Lock PINs
• Secure device storage (Keychain/Keystore) for sensitive local data
• Regular security updates and patches
• SPECIFY: Penetration testing, security audits, vulnerability scanning if applicable
Organizational Measures
• Strict access controls limiting employee access to personal data
• Data Processing Agreements with all processors
• Employee training on data protection and security
• Incident response procedures
• Regular review of security practices
Your Responsibilities
You are responsible for:
• Securing your device with a passcode/biometric lock
• Keeping your device's operating system updated
• Protecting your device from unauthorized access
• Keeping your account credentials confidential
• Not sharing your device with unauthorized users
Data Breach Notification
In the unlikely event of a data breach affecting personal data:
• We will notify the relevant supervisory authority within 72 hours (as required by GDPR Article 33)
• We will notify affected users without undue delay if the breach poses a high risk to their rights and freedoms (GDPR Article 34)
• Notification will include: nature of the breach, categories and number of affected users, likely consequences, and measures taken to address the breach
If our analytics providers suffer a breach of anonymous data, we will assess the risk and comply with applicable notification requirements.
Children's Privacy
Age Requirements
You must meet the minimum age required by the platforms you access through BackToLife:
Instagram: 13+ (or 16+ in certain EU countries)
YouTube: 13+ (or the digital consent age in your jurisdiction)
If you are under 18 or the age of majority in your jurisdiction, you represent that you have obtained parental or guardian consent to use the App.
BackToLife does not permit users who do not meet the age requirements of the underlying platforms. If we discover that a user has created an account without meeting these requirements, we will terminate that account immediately.
We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without proper parental consent, we will delete it promptly.
If you believe a child has provided personal data to us, please contact us at info@backtolife.site immediately.
Special safeguards for children: If we introduce features specifically for children in the future, we will implement age-appropriate consent mechanisms and enhanced protections as required by GDPR and applicable laws.
App Permissions
BackToLife requests the following permissions:
• Internet access: Required to load Instagram and YouTube content within the app
• Local storage: Required to save your preferences and settings
• Notifications
• Screen time
We do NOT request access to:
• Contacts
• Photos/Media (unless specifically needed for an optional feature)
• Microphone
• Location
• Calendar
• SMS
If we add features requiring additional permissions in the future, we will request your explicit permission and explain why the permission is needed.
Cookies and Tracking Technologies
BackToLife itself does not use cookies or tracking technologies for analytics or advertising.
However, when you access Instagram or YouTube through BackToLife:
• Those platforms may set their own cookies according to their privacy policies
• These cookies are isolated within the WebView and managed by the platforms
• We do not control, access, or process these cookies
• You can manage cookie preferences within each platform's settings
Do Not Track & Global Privacy Control
We respect user privacy signals:
• Global Privacy Control (GPC): If your browser/OS sends a GPC signal, we will SPECIFY ACTION - e.g., automatically disable analytics, prompt you to confirm analytics preferences
• Do Not Track (DNT): While DNT is not legally binding in most jurisdictions, we treat it similarly to GPC where technically feasible.
Automated Decision-Making and Profiling
We do not engage in:
• Automated decision-making that produces legal or similarly significant effects (GDPR Article 22)
• Profiling for advertising or behavioral manipulation
• Any processing that would require special safeguards under GDPR
All decisions affecting your account are made by humans or with human oversight.
Business Transfers
If BackToLife is acquired, merged, or sells assets, this Privacy Policy will continue to apply. We will:
• Notify you of any ownership change via email and in-app notification
• Give you the option to delete your data before the transfer
• Ensure the new entity complies with this Privacy Policy
• Obtain your consent if the new entity wants to use data for new purposes
Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices, legal requirements, or new features. Material changes will be communicated:
• Through an in-app notification
• Via email to your registered address
• By updating the 'Last Updated' date at the top of this policy
Material changes include:
• New data collection practices
• New purposes for data use
• New third-party processors
• Changes to international data transfers
• Changes to your rights
For significant changes (such as introducing new data collection practices or materially changing how we use your data), we will request your explicit consent before the changes take effect.
Previous versions of this policy will be archived and available upon request.
Our Business Model
BackToLife is currently offered free of charge. This section is reserved for future paid features. BackToLife reserves the right to modify this condition and convert the application into a paid app, with prior notice to users.
We commit to never monetizing your personal data. If our business model changes in a way that affects data use, we will update this policy and seek your consent.
Legal Disclaimers and Limitations
Disclaimer of Warranties
To the maximum extent permitted by law, we provide this privacy policy and our privacy practices 'as is' without warranty of any kind. we disclaim all warranties, express or implied, including warranties of accuracy, completeness, merchantability, fitness for a particular purpose, and non-infringement.
Limitation of Liability
To the maximum extent permitted by law, we shall not be liable for any damages arising from:
• Your device being lost, stolen, or compromised
• Unauthorized access to your device by third parties
• Third-party platforms' data practices (Instagram, YouTube, etc.)
• Operating system vulnerabilities or device security failures
• Your failure to secure your device or account
• Any data breaches or exposures from any source
• Third-party service provider failures or breaches
This limitation applies to the fullest extent permitted by applicable law, including GDPR and other data protection regulations.
Contact Us & Data Protection Officer
For questions, concerns, or requests regarding this Privacy Policy or your data:
Data Controller:ASOCIACIÓN JUNIOR EMPRESA SYNKRO, Plaza de San Martín, 1, Madrid, 28013 Madrid, Spain General inquiries: info@backtolife.com
We will respond to your inquiries within 30 days (1 month as required by GDPR). For complex requests, we may extend this by an additional 2 months, in which case we will notify you.
Supervisory Authorities
EU/EEA users can lodge complaints with their local supervisory authority:
• Find your authority: https://edpb.europa.eu/about-edpb/board/members_en
UK users can contact:
• Information Commissioner's Office (ICO): https://ico.org.uk
Other jurisdictions: Contact your local data protection authority or privacy regulator.
Definitions
Personal Data / Personal Information: Any information relating to an identified or identifiable natural person (GDPR Article 4(1)).
Data Controller: The entity that determines the purposes and means of processing personal data. For BackToLife, this is LEGAL ENTITY NAME.
Data Processor: An entity that processes personal data on behalf of the controller (e.g., our email service provider).
Data Subject: The individual to whom personal data relates (you, the user).
Processing: Any operation performed on personal data, including collection, storage, use, disclosure, deletion (GDPR Article 4(2)).
Anonymization: The process of rendering data permanently non-identifiable, such that re-identification is no longer possible.
Pseudonymization: Processing data in a way that it can no longer be attributed to a specific person without additional information (which is kept separately and securely).
Consent: Freely given, specific, informed, and unambiguous indication of agreement to data processing (GDPR Article 4(11)).
Local-First: Data stored exclusively on the user's device and not transmitted to external servers.
Service: The BackToLife mobile application and associated services.
―――――――――――――――――――――――――――――――――――――――――
This Privacy Policy was last updated on 09/02/2026.By creating an account and using BackToLife, you acknowledge that you have read, understood, and agree to this Privacy Policy.You may request a copy of this policy in alternative formats by contacting us at info@backtolife.site.
Previous versions: