Privacy Policy

01Introduction and Parties

This Privacy Policy ("Policy") applies to the FenixUz mobile application ("Application", "FenixUz") and the services delivered through the related website https://fenixuz.uz ("Website") (collectively, the "Services"). The Services are provided and operated by VipAds LLC ("We", "Our", "Company"). As a user ("You", "Your"), by downloading, installing, or using the Application, you hereby consent to this Policy.

Company details:

• Legal name: "VipAds LLC" Limited Liability Company
• Country: Republic of Uzbekistan
• Address: Tashkent City
• Primary domain: fenixuz.uz
• Corporate website: vipads.uz
• Email (general): admin@fenixuz.uz
• Email (privacy): privacy@fenixuz.uz

FenixUz is not in an official partnership with Telegram FZ-LLC. It is an unofficial client based on the publicly released source code of Telegram (licensed under GPL-2.0+).

02Definitions

• Personal Data — any information relating to an identified or identifiable natural person.
• Processing — collecting, recording, storing, modifying, disclosing, deleting, and any other operation.
• Controller — the entity that determines the purposes and means of data processing. For the purposes of this Policy — VipAds LLC.
• Processor — an entity that processes data on behalf of the Controller (e.g., Google LLC, Apple Inc.).
• Data Subject — the natural person whose personal data is being processed (i.e., you).
• End-to-end Encryption (E2E) — a method whereby a message is decrypted only on the sender's and the recipient's devices.
• MTProto — the transport protocol developed by Telegram.

03Data We Do Not Collect

For the sake of clarity — VipAds LLC never collects or stores the following types of data on its servers:

• Your messages, files, or media content;
• Your phone number or contact list;
• Your IP address (visible only at the moment of transit);
• Your geolocation or GPS coordinates;
• Recordings of audio or video calls;
• Device activity outside of the Application;
• Your internet browsing history;
• Payment information (as the Application is free of charge);
• Biometric data (Face ID and Touch ID keys remain on your device only);
• Health or fitness data.

To make this absolutely clear — when we say "we do not collect," we mean "we do not see, store, process, sell, share, or monetize."

04Data We Do Collect

VipAds LLC processes the following limited amount of anonymous data through processor partnerships:

4.1. Push Notification Identifier

The Firebase Cloud Messaging (FCM) push token on Android and the Apple Push Notification Service (APNs) push token on iOS are anonymous, randomly generated identifiers used to deliver notifications to your device. The token is not associated with your identity and does not enable us to know the contents of your messages.

4.2. Anonymous Diagnostic Data

The following are automatically transmitted via Firebase Analytics and Firebase Crashlytics:

• Device model (e.g., "iPhone 15 Pro");
• Operating system version (e.g., "Android 14");
• Application version (e.g., "FenixUz 3.4.2");
• Language and region settings (e.g., "uz-UZ");
• Crash stacks and error codes;
• Names of in-app screen views (e.g., "ChatScreen", but not message contents).

This data is not used to identify you and is processed in accordance with Google's privacy policy.

05Role of Telegram FZ-LLC

FenixUz is not an official Telegram client; it is an independent application that uses Telegram's open API. All core data associated with your account (phone number, name, profile picture, chats, contacts) is stored on Telegram's servers.

This means:

• Processing of your data is governed by the privacy policy of Telegram FZ-LLC: telegram.org/privacy;
• VipAds LLC has no access to such data;
• To delete your account, export your data, or exercise other rights, you may contact Telegram directly: my.telegram.org.

06Firebase and Google Services

We use Firebase Cloud Messaging, Firebase Analytics, and Firebase Crashlytics. These are products of Google LLC, and data may be processed via servers located in the European Union, the United States, and other regions.

• Firebase Cloud Messaging: Used to deliver push notifications. The token and a random message ID are sent, but not the message text.
• Firebase Analytics: Anonymous usage statistics (screen views, application launch counts). User ID, advertising ID, and other personal parameters are disabled on our side.
• Firebase Crashlytics: Crash stacks and technical diagnostics. User-entered text is never transmitted.

Google's privacy policy: policies.google.com/privacy. Firebase Data Processing Terms: firebase.google.com/terms/data-processing-terms.

07Push Notifications

We use push notifications to inform you of new messages and calls. The content is delivered as follows:

1. The Telegram server creates an encrypted "envelope" for the message.
2. This envelope is sent to your device via FCM (Android) or APNs (iOS).
3. Only the FenixUz application on your device decrypts the envelope and renders the notification text.

Google and Apple cannot see the contents of the message. VipAds LLC sees only the push token, which is not linked to any identifiable individual.

08Crash and Analytics Reports

Crash reports help us keep the Application stable. Reports may include the following:

• Stack trace (the location in the code where an exception occurred);
• Device RAM/CPU/disk status;
• Network type (Wi-Fi/4G/5G);
• The names of the last 100 system events preceding the crash (e.g., "screen_view: ChatScreen").

Personal data is removed from these reports (PII redaction). Reports are automatically deleted after 90 days.

09Application Permissions

FenixUz may request the following device permissions. A detailed explanation of each is available on the Permissions page.

Permission	Reason	Optional
Internet	Connecting with Telegram servers	No
Microphone	Voice messages and calls	Yes
Camera	Taking photos and video calls	Yes
Storage / Gallery	Selecting and saving photos/videos	Yes
Contacts	Discovering friends on Telegram	Yes
Location	Location sharing and geo-stickers	Yes
Notifications	Alerting you about new messages	Yes
Bluetooth	Calling via BT headset	Yes
Biometrics	Face ID/Touch ID for app login	Yes
Foreground Service	Continuing calls in the background	—

10Purposes and Legal Bases

In accordance with Article 6 of the GDPR and similar local legislation, we process data on the following lawful bases:

Purpose	Legal Basis
Providing application services	Performance of a contract (Art. 6(1)(b))
Sending push notifications	Performance of a contract and legitimate interests (Art. 6(1)(b)(f))
Diagnostics and bug fixing	Legitimate interests (Art. 6(1)(f))
Security and fraud prevention	Legitimate interests (Art. 6(1)(f))
Compliance with legal obligations	Legal obligation (Art. 6(1)(c))
Collection of analytical data	Consent (Art. 6(1)(a)) — may be opted out within the Application

11Data Retention Period

Type of Data	Storage Location	Retention Period
Push token	Firebase / APNs	Until app uninstall + 30 days
Crash reports	Firebase Crashlytics	90 days
Anonymous analytics	Firebase Analytics	14 months
Email correspondence (admin@fenixuz.uz)	Our email server	3 years or until deletion request
GDPR/COPPA request records	Encrypted log	5 years (legal requirement)
Messages and contacts	Not stored by us	—

12International Data Transfers

The limited data we collect (push token, anonymous analytics) is stored on servers operated by Google LLC. These servers may be located in the United States, the European Union, and other regions.

For European Union users, data is processed in accordance with the Standard Contractual Clauses (SCC) approved by the European Commission and Article 46 of the GDPR. Google's EU-US Data Privacy Framework certification: dataprivacyframework.gov.

13Data Security

We protect your data through the following technical and organizational measures:

• Transport encryption via TLS 1.3 with certificate pinning;
• Communication with Telegram via the MTProto 2.0 protocol;
• Diffie-Hellman 2048-bit key exchange for secret chats;
• Local data stored in Android EncryptedSharedPreferences or iOS Keychain;
• Encryption of the local database via SQLCipher;
• Server-side encryption on Firebase (AES-256);
• Independent security audit (Cure53, March 2024);
• Compliance with OWASP MASVS L2.

No system is 100% secure. If you discover a security vulnerability, please report it to security@fenixuz.uz.

14User Rights

Regardless of your country of residence, you are guaranteed the following rights:

1. Right of Access — to request the data we hold about you.
2. Right to Rectification — to correct inaccurate data.
3. Right to Erasure — to request deletion of your data.
4. Right to Restriction — to restrict processing of data.
5. Right to Data Portability — to receive your data in a machine-readable format.
6. Right to Object — to object to processing.
7. Right to Withdraw Consent — at any time.
8. Right to Lodge a Complaint — with a supervisory authority.

Please direct your requests to privacy@fenixuz.uz. We will respond within 30 days.

15GDPR-Specific Provisions

For users in the European Union/EEA:

• Data Controller: VipAds LLC (Tashkent, Uzbekistan).
• EU Representative: Atik & Partners GmbH, Muenchener Str. 14, 80336 Munich, Germany. Email: gdpr@atik-eu.com.
• Supervisory Authority: The data protection authority of the EU country in which you reside.
• Automated Profiling: Not performed.

For more details, see the GDPR page.

16CCPA (California) Specific Provisions

For California users (California Consumer Privacy Act / CPRA):

• We have not sold any personal information in the past 12 months.
• We do not process "Sensitive Personal Information."
• Your rights: Right to Know, Right to Delete, Right to Correct, and the right to be free from discrimination.
• You may submit requests through an authorized agent (with proper authorization).
• "Do Not Sell or Share My Personal Information" link: privacy@fenixuz.uz.

17Children's Privacy (COPPA)

FenixUz is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If you become aware that a child has used the Application without your authorization, please contact privacy@fenixuz.uz — we will promptly delete that account. For more details, see the Children's Privacy page.

18Cookies and Similar Technologies

The mobile application does not use browser cookies. However, a limited number of local storage mechanisms are used (Android SharedPreferences, iOS UserDefaults) to retain your settings. The website (fenixuz.uz) uses only strictly necessary functional cookies. For more details, see the Cookies page.

19Third-Party Links

The Application and the Website may contain third-party links (e.g., links contained in messages received through Telegram). Such third-party sites are not operated by VipAds LLC and we are not responsible for their privacy practices. Please review the privacy policy of each site.

20Marketing and Communications

We send you system messages relating to the operation of the Application (push notifications). We will never spam you for marketing purposes. If you have sent an email to admin@fenixuz.uz, we will only respond within the scope of that correspondence.

21Automated Decision-Making

FenixUz does not make automated decisions producing significant legal effects on you. The Application does not engage in profiling. Spam-detection algorithms are operated by Telegram.

22Account Deletion

To delete your account:

1. Within FenixUz: Settings → Privacy → Delete Account.
2. Or directly: my.telegram.org/auth?to=delete.

Once your account is deleted:

• All messages and contacts on Telegram's servers are removed;
• Your push token stored by our Firebase will be revoked within 30 days;
• Anonymous analytics data is not separately deleted, since it is not associated with any individual.

23Government Requests

We comply with the established procedures of law; however, we cannot disclose data we do not store. We accept government requests subject to the following statutory requirements:

• A formal written document (email is insufficient);
• The signature of an authorized court or prosecutor;
• A statement of the legal grounds for the request;
• Specific identification of the user or incident concerned.

Annual reports are published on the Transparency page.

24Policy Changes

We may update this Policy from time to time. Material changes will be communicated as follows:

• An in-app banner (at least 30 days in advance);
• An announcement on the fenixuz.uz website;
• By email (if you have previously contacted us).

If you do not agree with the updated policy, you may discontinue use of the Application.

25Contact and Complaints

For any questions or complaints related to this Policy:

• Data Protection Officer (DPO): privacy@fenixuz.uz
• General inquiries: admin@fenixuz.uz
• Legal: legal@fenixuz.uz
• Postal address: VipAds LLC, Tashkent City, Republic of Uzbekistan

European Union users may lodge complaints with the data protection authority in their country. Users in Uzbekistan may contact the Personal Data Protection Agency (personal.uz).