All ZADIO appsVireks+ › Privacy policy

Privacy Policy

Last updated: 2026-07-11 · Effective: 2026-07-11 · Version: 1.0

This Privacy Policy describes how ZADIO EOOD ("Company," "we," "us," or "our") handles information when you use the Vireks+ mobile application ("App") and the Vireks+ website at https://zadio.bg/vireksplus/ ("Site"). We are committed to compliance with the GDPR, the ePrivacy framework, the Bulgarian LPDP, the California Consumer Privacy Act / California Privacy Rights Act ("CCPA/CPRA"), the Children's Online Privacy Protection Act ("COPPA"), the UK Data Protection Act 2018, and the U.S. Digital Millennium Copyright Act ("DMCA") for takedown procedures (handled in the Terms of Service).

Data Protection Officer (DPO): Not appointed. Based on the nature, scope, context, and purposes of our processing, we are not required to designate a DPO under Article 37 GDPR. Privacy inquiries may be directed to app@zadio.bg.

1. Overview

Vireks+ is a private screen and camera recorder for Android. It captures the device screen or the front/back cameras and writes the result as a standard MP4 file to DCIM/vireks+/ on the device. There is no cloud service, no server, and no account. Vireks+ is designed to stay out of the way while capturing what is on the screen or in front of the camera, and to leave nothing behind on any server.

We do NOT:

The single third-party library included in the release build is Google Play Billing, which is used exclusively to process the one-time ~15 EUR unlock. The network call to settle that purchase happens inside the Google Play Store app on your device (a system component maintained by Google), not inside Vireks+.

2. Information we collect (and what we do not)

2.1 Personal data collected by the Vireks+ mobile app

None. The App does not collect or transmit any personal data. Its Android manifest does not request the INTERNET permission, so it is structurally incapable of sending any data to any server operated by us or by any third party. This is verifiable: run aapt dump permissions on the published APK / AAB and confirm the absence of android.permission.INTERNET.

2.2 On-device values Vireks+ reads (but does not transmit)

Some values are read locally on your device to make the free-quota counter work and to save your files. Because there is no network access, none of these values ever leaves your device.

2.3 Content you create with Vireks+

Your recordings (MP4 videos, derived time-lapse clips, and stills) are written directly to the standard Android media folder DCIM/vireks+/ on your device. Photos, Files, Gallery, and other media apps pick them up automatically. Vireks+ never uploads, transmits, or backs up recordings. Files leave your device only if you explicitly share them through the Android share sheet with another app of your choosing (in which case the receiving app is the data controller for what happens next).

2.4 Purchase records

The one-time ~15 EUR unlock is a non-consumable Google Play in-app product. The purchase itself is processed by Google Play Billing inside the Google Play Store app on your device. Google receives and processes the payment; Vireks+ does not see, store, or transmit your payment instrument, name, email, or billing address. Vireks+ receives from Google Play only a boolean-shaped entitlement token that says "this Google account has purchased vireks_plus_unlock_lifetime", which Vireks+ caches locally so the unlock persists across app restarts. The purchase is restored on any device signed into the same Google account.

2.5 Information collected by the Vireks+ website (this Site)

The Site at zadio.bg/vireksplus/ is a static HTML site. When you load a page, our EU-based hosting provider records a standard web-server access log (IP address, timestamp, requested path, user-agent, referrer) on the legitimate-interests basis (Art. 6(1)(f) GDPR) for security and abuse investigation. Logs are retained for up to 14 days and then rotated / deleted. No cookies are set by the Site. The Site uses Plausible Analytics, a privacy-friendly, cookieless service that hashes visitor IPs with a daily-rotated salt and discards them; only aggregate metrics are stored. See § 5.3.

2.6 Information we do NOT collect

3. Purposes and legal bases (GDPR Article 6)

Because the App does not process any personal data on our side, the vast majority of Article 6 does not apply to us as controller. The table below covers the very short list of processing operations we are involved in.

DataPurposeLegal basisRetention
Google Play purchase record (unlock entitlement)Deliver the paid unlock; restore the purchase across your devices without you paying againArt. 6(1)(b) contract with the userHeld and controlled by Google Play. Vireks+ caches only a boolean entitlement locally.
Invoice / VAT-collection record generated by Google PlayBookkeeping & taxArt. 6(1)(c) legal obligation (BG Accounting Act, Art. 12; EU VAT OSS/IOSS rules)10 years (Bulgarian statutory retention)
Site access logs (IP, timestamp, path, user-agent, referrer)Security, abuse prevention, error diagnosis for the static websiteArt. 6(1)(f) legitimate interest (Recital 47)Up to 14 days at the hosting provider
Aggregated Site analytics (page views, referrers) via PlausibleUnderstand website traffic without profiling visitorsArt. 6(1)(f) legitimate interest (aggregated, cookieless, no personal data)Retained by Plausible in aggregated form; no individual profiles

Legitimate-interests balancing test (LIA). We have conducted an LIA for the two legitimate-interest bases above and concluded they are necessary, proportionate, and do not override your rights because (i) data is aggregated, pseudonymised, or short-lived; (ii) no profiling is performed; (iii) the App is entirely offline; and (iv) you are transparently informed here. A summary is available on request at app@zadio.bg.

4. Data storage, security & hosting

4.1 Local (on-device) storage

Vireks+ stores your preferences, the free-quota counter, and the cached unlock entitlement in app-private storage. That storage is accessible only to the Vireks+ app and is removed when you uninstall. Recordings are written to the shared DCIM/vireks+/ gallery folder so other media apps can find them; that folder persists after uninstall in accordance with Android's Media Store semantics (you can delete individual files at any time through Files, Photos, or the Vireks+ recordings drawer).

4.2 Cloud storage and hosting region

Vireks+ has no cloud backend. There is no Firebase project, no S3 bucket, no CDN, no analytics server, and no crash-reporting server behind the App. The only network traffic that ever concerns Vireks+ is the Google Play Billing purchase call, which is issued by the Google Play Store app on your device and is subject to Google's own privacy practices.

The marketing Site is hosted at Spatiul.com (cPanel / LiteSpeed) in the EU (Bucharest, Romania). Server access logs may briefly retain IP address, timestamp, path, and user-agent for security and anti-abuse on a legitimate-interest basis (Art. 6(1)(f) GDPR). Logs are typically retained for 14 days.

4.3 Security measures (GDPR Art. 32)

4.4 Personal data breach notification

In the unlikely event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the Bulgarian Commission for Personal Data Protection (CPDP) without undue delay and, where feasible, within 72 hours (GDPR Art. 33). High-risk breaches will also be communicated to affected data subjects without undue delay (GDPR Art. 34). Because the App has no network I/O and no server-side database, the realistic scope of a breach is limited to Site access logs at the hosting provider.

5. Third-party services & sub-processors

5.1 Google Play - distribution and billing

The App is distributed exclusively through the Google Play Store. The ~15 EUR one-time unlock is processed by Google Play Billing (a system component running inside the Google Play Store app on your device). Google Ireland Limited / Google LLC is the merchant of record for EU/EEA end-user purchases. Google's privacy practices: policies.google.com/privacy. Google Play's own data handling for purchases: play.google.com/about/play-terms/.

5.2 Hosting provider (Spatiul.com)

The static Site is served by Spatiul.com (cPanel / LiteSpeed) from EU data centres (Bucharest, Romania). Spatiul.com processes only web-server access logs on our behalf as a Data Processor under Article 28 GDPR.

5.3 Plausible Analytics (Site only - aggregated, cookieless)

The Site uses Plausible Analytics, an EU-hosted, privacy-friendly analytics service. Plausible sets no cookies, uses no cross-site tracking, and stores no personal data. IP addresses are hashed with a daily-rotated salt and discarded; only aggregate metrics remain. See plausible.io/data-policy. Plausible is not integrated into the mobile App.

5.4 Other sub-processors

We do not integrate any additional third-party sub-processors beyond Google Play Billing (for the one-time unlock) and the hosting provider that serves this static website. There is no analytics SDK, no crash reporter, no ad network, no Firebase, no Sentry, and no CDN in the mobile app.

5.5 Data Processing Agreements

Where applicable, we have entered into a Data Processing Addendum with each processor under Article 28 GDPR (Google Cloud DPA covering Play; Spatiul.com's DPA covering hosting). We maintain a current sub-processor list and notify users of material changes through this Privacy Policy.

6. International data transfers (GDPR Chapter V)

The App does not itself transfer any data anywhere - because it has no network I/O. The only outbound flows that touch third countries are:

You may request a copy of the safeguards applied by emailing app@zadio.bg.

7. Your choices, permissions & controls

7.1 Opting out of analytics

The App has no analytics. There is nothing to opt out of. For the Site, Plausible respects privacy signals (DNT, GPC) and, being cookieless, requires no consent banner under Article 5(3) of the ePrivacy Directive.

7.2 Push notifications

The App does not send push notifications. Android may show a foreground-service notification while a recording is in progress; that notification is mandatory under Android's foreground-service policy and is generated locally by the OS. You can dismiss it (Android may re-show it while the service is alive) or stop the recording to remove it.

7.3 Uninstall

Uninstalling the App stops all local data collection and removes all app-private data from your device. Existing recordings in DCIM/vireks+/ are preserved because they are your files; delete them yourself through Files, Photos, or Gallery if you wish. Google Play retains its record of your purchase (so you can restore it if you ever reinstall).

7.4 Device permissions Vireks+ requests

7.5 Permissions explicitly not requested

The following permissions are explicitly absent from the merged manifest: INTERNET, ACCESS_NETWORK_STATE, ACCESS_FINE_LOCATION, ACCESS_COARSE_LOCATION, READ_CONTACTS, READ_SMS, READ_PHONE_STATE, READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, READ_MEDIA_VIDEO, READ_MEDIA_IMAGES, READ_MEDIA_AUDIO, and com.google.android.gms.permission.AD_ID. The Google Play Billing library's transitive INTERNET declaration is explicitly stripped by the Android manifest merger via a tools:node="remove" rule; CameraX's transitive ACCESS_NETWORK_STATE is stripped the same way.

8. Data retention and deletion

8.1 Retention periods

Concrete retention periods are in the table in § 3. Because the App does not process personal data, retention is trivial: nothing exists to retain beyond your locally-stored preferences, and those disappear on uninstall.

8.2 Local data

All locally stored preferences, the free-quota counter, and the cached unlock entitlement are deleted when you uninstall the App. Recordings in DCIM/vireks+/ are user files; delete them through Files / Photos / Gallery.

8.3 Google Play purchase record

Google retains its record of your purchase indefinitely so that you can restore the unlock at any time. That record is controlled by Google, not by us; see Google's privacy practices for how to have it deleted.

8.4 Deletion requests

Email app@zadio.bg. Because we hold no personal data about you, a deletion request is nearly always resolved by pointing you to the correct sub-controller (Google for purchase data, Spatiul.com for Site logs) and confirming that we hold nothing else. We respond within 30 days (extendable by two months under Art. 12(3) GDPR).

9. Children's privacy

The App is not directed at children. Per Article 8 GDPR and Bulgarian LPDP Art. 25v, the minimum age for consent to information-society services in Bulgaria is 14 years. In other EU/EEA Member States the minimum age is between 13 and 16 as set by national law. In the United States we comply with COPPA (15 U.S.C. §§ 6501-6506); we do not knowingly collect data from children under 13 - in fact, we do not collect data from users of any age. Users under 18 must have permission from a parent or legal guardian to make in-app purchases. If you believe a child has provided us with personal data, contact app@zadio.bg and we will investigate promptly.

10. Your rights

10.1 EEA, UK, and Switzerland (GDPR / UK GDPR / FADP)

Exercise your rights: app@zadio.bg. We respond within 30 days, extendable per Art. 12(3) GDPR.

10.2 Supervisory authority - Bulgaria

You may also lodge a complaint with the supervisory authority of your habitual residence, place of work, or the place of the alleged infringement.

10.3 California (CCPA / CPRA)

California residents have the right to know, delete, opt out of the sale or sharing of personal information (we do not sell or share), limit use of sensitive personal information (we collect none), and a non-discrimination right. Because the App collects no personal information, the "Do Not Sell or Share My Personal Information" link required by CPRA § 1798.135 is not applicable. Contact app@zadio.bg with any CCPA / CPRA request.

10.4 Brazil (LGPD), Quebec (Law 25), and other jurisdictions

Residents of Brazil, Quebec, and other jurisdictions with comparable data-protection laws have similar rights to access, correct, delete, anonymise, and port their data. Because the App is currently distributed within the EU/EEA only, requests from other jurisdictions will typically confirm that we hold no data about you. Contact app@zadio.bg.

11. Cookies, trackers & similar technologies

This section is the cookie / tracker disclosure for both the Site and the App, issued pursuant to Article 5(3) of Directive 2002/58/EC (ePrivacy Directive), Article 4b of the Bulgarian Electronic Communications Act, and Articles 13-14 GDPR.

11.1 Categories of trackers and legal bases

CategoryPurposeConsent required?Used by us?
Strictly necessaryTechnical delivery of a service the user explicitly requestedNoMinimal (Site TLS session, HTTP request handling)
Functional / preferencesRemember language, region, display preferencesYes, unless strictly necessaryNo
AnalyticsMeasure audience and app usageYes (opt-in)Site only: Plausible - cookieless, aggregated, no personal data. App: none.
Advertising / marketingTargeted advertising, frequency capping, profilingYesNo - ever
Social media / third-party embedsWidgets, pixels, external servicesYesNo

11.2 Trackers used on the Site

11.3 Trackers used in the App

There are no other SDKs. There is no Firebase. There is no analytics library. There is no crash reporter.

11.4 Managing your preferences

Site: use your browser's settings to block or delete cookies. Because we set no cookies on this Site, most users will have nothing to delete from our domain. We honour privacy-enhancing browser signals (DNT, GPC) where technically feasible.

App: nothing to disable. Delete all local storage by uninstalling. Purchase records are controlled by Google Play.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date and version number, and where appropriate notifying you through the App or the Site. Continued use after changes constitutes acceptance. Prior versions are available on request at app@zadio.bg.

13. Contact

ZADIO EOOD · EIK 201209745 · VAT BG201209745 · DUNS 503679175
Registered seat: sq. Han Kubrat 1, fl. 2, apt. 1, 7000 Ruse, Bulgaria
Email: app@zadio.bg · Phone: +359 879 655 188
Hours: Monday-Friday, 09:00-18:00 EET/EEST (Sofia time), excluding Bulgarian public holidays
Website: https://zadio.bg/vireksplus/
EU Online Dispute Resolution platform: ec.europa.eu/consumers/odr