Privacy Policy

1. Who we are

The data controller for personal data collected through MINOMO is AVi Kairos Srl, a company incorporated under Romanian law with its registered office at Strada Lungă 188, Corp C2, Ap. 2, Brașov 500051, România (CUI 52477194 · J08/68/2025 · EUID ROONRC.J2025068492002).

For any request relating to the protection of personal data — exercising GDPR rights, reporting an incident, or questions about this Policy — the dedicated point of contact is [email protected] or the form at minomo.io/en/legal/data-request/.

AVi Kairos Srl does not fall within the cases of mandatory appointment of a Data Protection Officer under Art. 37 of Regulation (EU) 2016/679 (GDPR). We have nonetheless designated an internal privacy contact reachable at the address above. Should our activities grow to the point where they meet the thresholds set out in Art. 37 GDPR, we will proceed with the formal appointment and update this Policy accordingly.

2. What MINOMO does (in brief)

MINOMO is a proximity digital infrastructure that connects citizens, merchants, municipalities, and local curators (City Agents) through a direct channel — free from algorithmic intermediaries and advertising. The product comprises:

• a consumer application (PWA at app.minomo.io, native iOS/Android app forthcoming) through which you can follow merchants, events, and places in your city;
• public Bio Pages for merchants, indexable by search engines and AI assistants;
• end-to-end encrypted push notifications from merchants to their followers and, in broadcasting mode, to an entire city;
• MINA, a conversational assistant powered by generative artificial intelligence for local discovery and itinerary planning;
• digital loyalty cards (multi-merchant digital wallet) with points, rewards, and redemption codes;
• events with RSVP and automated push reminders;
• MINOMO Atlas, an editorial directory of local European life, publicly accessible;
• MINOMO Identity Shield (at id.minomo.io): a privacy-first federated identity service that masks your real email from partners and propagates data erasure to them with a single click;
• tools for municipalities and for City Agents — the local consultants who editorially curate MINOMO's presence in a given city.

This Policy covers the processing of personal data by AVi Kairos Srl across all the services listed above, accessible through the domains minomo.io, app.minomo.io, cdn.minomo.io, admin.minomo.io, id.minomo.io, and the native applications distributed via the App Store and Google Play.

3. Who this Policy applies to

The rules described below apply to everyone who comes into contact with MINOMO. In particular:

• Consumer citizens: adults who register to follow merchants, events, and places in their city;
• Followers: users who have chosen to follow one or more merchants, City Agents, or MINOMO pages;
• Merchants: businesses, professionals, or sole traders who have a page on MINOMO. For merchants, we collect identification data required by Art. 30 of Regulation (EU) 2022/2065 (Digital Services Act, DSA), as described in section 4;
• City Agents, Subagents, and Country Managers: local consultants who editorially curate the MINOMO network in a given area;
• Representatives of municipalities and public bodies who use MINOMO for civic communications;
• Visitors to the MINOMO marketing site minomo.io, public merchant pages (/m/{slug}), City Agent pages (/a/{slug}), events, and MINOMO Atlas.

This Policy does not cover the processing of personal data carried out independently by third parties (for example: a merchant who chooses to contact a follower outside of MINOMO, or a municipality using its own external platform). In those cases, the third party's own privacy policy applies.

4. Categories of data we collect

We collect only the data strictly necessary to run the services you have chosen to use. The categories differ depending on your role.

4.1 All registered users (consumers, merchants, City Agents)

• Account data: email address, hashed password (never the password in plain text), preferred language, time zone.
• Technical identifiers: device ID, authentication token, identifiers of active sessions (required to enable access from multiple devices and for remote sign-out).
• Access logs: IP address, user-agent, login timestamp, failed login attempts (for security and anti-fraud purposes).
• Service communications: transactional emails (account verification, forgotten password, receipts, OTPs).

4.2 Consumer users (citizens, followers)

• Account and contact: your email address. It is the only contact detail we ask of you and is used to sign in, recover your profile and find it again when you connect from another device. We do not ask for your phone number.
• Profile: display name, language, reference city declared at registration (your server-side "civic anchor", distinct from real-time GPS location).
• Avatar: profile picture (if uploaded).
• Geolocation:
  • City anchor: the city you declared as yours is stored server-side and used to personalise your home feed, notifications, and editorial content. It is a static piece of data, not a precise point.
  • Precise location (GPS): used only when you turn on location-based features — for example "Near me" in Explore, MINA's guided tours and proximity guides. These features need a precise position to show what is actually around you, guide you along routes, and trigger a place's content when you are nearby. We read it only while you are actively using these features (not in the background) and process it for as long as the feature needs; you can deny or revoke the permission at any time from your device settings.
• Follow graph: the list of merchants, City Agents, and pages you have chosen to follow.
• Push subscriptions: your device token for notification delivery (FCM on Android, APNs on iOS, Web Push on PWA) and your opt-in/opt-out preferences by category.
• Interaction history: push notification opens (technical opt-in tracking, never content-based — see section 7), offer clicks, event RSVPs, loyalty card activations.
• Loyalty cards: for each loyalty programme you have activated, the points balance and transaction history (credit, redemption) with that merchant.
• Conversations with MINA: the prompts you send to the AI assistant and the responses you receive, retained as explained in section 8.
• Identity Shield alias: if you access a third-party service via our identity provider (see section 9), we store the mapping between your MINOMO identity and the alias generated for that partner.

4.3 Merchants (Bio Page, add-ons, payments)

For merchants we collect, in addition to account data, the information required by Art. 30 of the DSA Regulation to ensure traceability of professionals towards consumers:

• Legal name of the business or sole trader;
• Address of the registered office and of the commercial premises;
• Tax identification number / VAT number (CUI in Romania, P.IVA in Italy), validated in real time via public registry services (ANAF for Romania, VIES for intra-Community verification);
• Support contact (email and telephone);
• Self-declaration of compliance of the products or services offered with applicable EU rules.

Some of this data — legal name, business address, public contact — is publicly disclosed on the merchant's Bio Page (/m/{slug}), as required by the DSA. Strictly fiscal data (full tax identification number, billing details) is not public and remains accessible only to AVi Kairos Srl and the merchant themselves.

For payments and use of the prepaid wallet we also collect: top-up history, consumption history (notifications sent, add-ons activated), remaining balance, and the transaction identifier from the payment provider (see section 11).

4.4 City Agents, Subagents, Country Managers

For local consultants we collect account data, identification and contact data required for the contractual relationship, the assigned territory, the history of commissions earned and payments made, and internal operational notes. City Agents do not have access to the personal data of followers in the territory they manage: they see only aggregated statistics and public data about merchants in their area.

4.5 Unregistered visitors

When you browse MINOMO's public pages without being registered (marketing site, Atlas, a merchant's Bio Page, public events) we collect only: IP address, user-agent, referring page, and timestamp. These data remain in server logs for 12 months and are used exclusively for security purposes, abuse prevention, and anonymous aggregate statistics.

On MINOMO's public pages there is no Google Analytics, Meta Pixel, LinkedIn Insight Tag, TikTok Pixel, or any other third-party tracking tool.

5. Purposes of processing and legal bases

We process your personal data only for specific, legitimate purposes, each of which rests on a legal basis under the GDPR.

We do not use your data for behavioural marketing, advertising profiling, or sale or transfer to third parties. If in the future we introduce processing that requires your consent, we will ask for an explicit, informed action, and you will be able to withdraw that consent at any time without affecting your use of the core service.

6. What we DON'T do (the MINOMO manifesto)

The most important part of this Policy is the part that describes what does not happen on our systems. This is the pact on which the entire project is built:

• No advertising. We do not sell advertising space, we do not receive payments from advertisers, we do not sponsor third-party content.
• No behavioural targeting. We do not build advertising profiles based on your activity, your inferred interests, or your social connections.
• No sale or transfer of your personal data to third parties. Ever. For any purpose. We do not rent it, swap it, or share it with data brokers.
• No third-party trackers on public pages or in the app: no Google Analytics, no Meta Pixel, no LinkedIn Insight Tag, no TikTok Pixel, no Hotjar, no Mixpanel. The usage statistics we produce remain on our own servers and are aggregated.
• No reading of push notification content on our part: the payload is end-to-end encrypted (see section 7).
• No exposure of your personal data to merchants who you follow. When you follow a merchant, they can send you notifications and they know their total follower count, but they cannot see your name, email, phone number, precise location, or any other personal data.
• No third-party profiling cookies: the few technical cookies we use are described in the Cookie Policy.

These limitations are not mere statements of intent: they are technical architecture decisions. Most of them could not be removed without rewriting the system. That is a by-design guarantee.

7. End-to-end encrypted push notifications

The push notifications you receive on MINOMO travel end-to-end encrypted between the merchant's device (or a City Agent's editorial system) and your device. This means:

• the message content — text, title, image, link — is encrypted with a key derived from your device;
• our servers cannot read the payload in plain text: we see only operational metadata (who is sending, to how many recipients, at what time, with what priority);
• the third-party gateways responsible for physically transporting notifications (Google FCM for Android, Apple APNs for iOS, standard Web Push for the PWA) receive the payload already encrypted and cannot read it;
• only your device, upon receipt, decrypts the content and displays it to you.

The metadata that remains on our servers (who → how many, when, what notification category) is used for reliable delivery, anti-abuse purposes, and merchant wallet billing. It is retained for the minimum time necessary for those purposes (see section 13).

If you choose to enable open-tracking for a specific category of notifications (for example, to receive fewer of a certain type if you never open them), that tracking occurs only after your explicit activation and can be disabled at any time from the app settings.

8. MINA — the AI conversational assistant

MINA is a conversational assistant powered by generative artificial intelligence, currently available within the PWA at app.minomo.io. Pursuant to Art. 50 of Regulation (EU) 2024/1689 (AI Act) on Artificial Intelligence, we explicitly inform you that when you interact with MINA you are interacting with an artificial intelligence system, not a human operator.

How MINA works, in practice

When you send a question to MINA, the following happens:

1. your prompt is sent from our servers to a third-party artificial intelligence service provider with whom we have a data processing agreement (the up-to-date list of our providers, including their countries and transfer safeguards, is available at /en/legal/subprocessors/);
2. the third-party provider processes the prompt, generates a response, and returns it to our servers;
3. we optionally enrich the response with public MINOMO data (POIs, events, merchants in your city) before presenting it to you.

What we retain

• Prompts and responses are retained for the time necessary to provide you with a conversational experience (recent history) and to improve service quality on aggregated data. See the details in section 13.
• We may retain anonymised quality indicators (average length, error rates, thematic categories) in order to improve the model and our prompt engineering.
• We do not use your conversations to train third-party artificial intelligence models. Our agreements with AI providers explicitly exclude the use of MINOMO prompts for training.

Transparency about limitations

MINA may produce inaccurate, incomplete, or out-of-date responses. These do not constitute professional, legal, medical, financial, or other advice. When you rely on a response for important decisions, always verify with official sources.

Opt-out

You can use all other MINOMO services without ever interacting with MINA. There is no "mandatory" feature that requires use of the AI assistant: it is an optional tool, activated only by your explicit input.

9. MINOMO Identity Shield

Identity Shield is our privacy-first federated identity service, accessible at id.minomo.io. It is designed to allow you to access third-party partner services — websites, applications, commercial venues — without sharing your real email address, with the ability to end the relationship at any time, with a single click, propagating the erasure of your data to the partner.

How it works

• When a partner integrates Identity Shield and you choose to access their services via our identity provider, we generate a unique email alias for that partner (something like [email protected]) and provide it to the partner as "your" email for that relationship.
• Emails the partner sends to that alias are forwarded to your real email by our servers, transparently.
• The partner never sees your real email, and you know with certainty which partner is writing to you because each one uses a different alias.

Propagated erasure (Art. 17 GDPR as a service)

If you decide to end your relationship with a partner, you can do so from a single page in your Identity Shield account. When you do:

1. we immediately deactivate the forwarding of emails from the alias to your real inbox;
2. we send the partner, acting as your appointed representative, a formal erasure request under Art. 17 GDPR;
3. we monitor the response: the partner has 30 days to confirm actual erasure or to justify any retention (e.g. fiscal obligations);
4. we display the outcome in your Identity Shield dashboard and contribute to the partner's public Privacy Score, which reflects how promptly and correctly they honour erasure requests.

Legal roles

In relation to the data it handles, AVi Kairos Srl acts as:

• Data controller of the mapping between your MINOMO identity and the aliases generated: data relating to this mapping is processed under our direct responsibility and in accordance with this Policy.
• Intermediary appointed by the data subject (you) to transmit GDPR rights requests to partners, in particular Art. 17 requests.

The partner, for their part, remains the independent data controller of the personal data they collect via their own service (even where the contact key is a MINOMO alias). The details for each partner — what data they request, for what purposes, and for how long they retain it — are declared in the partner's own privacy policy, which is shown to you on your first access via Identity Shield.

10. City Agents, Subagents, Country Managers, Municipalities

City Agents (and their Subagents) are local consultants who curate the MINOMO network in a specific city or area, in exchange for territorial commissions and with access to dedicated tools. Their B2B contractual relationship, where a Country Manager exists for their country, is established with the Country Manager — who in turn is contractually bound to AVi Kairos Srl; where there is no Country Manager, the relationship is directly with AVi Kairos Srl. As a matter of principle:

• City Agents and Subagents do not see the individual personal data of followers and citizens in the territory they manage — they see only aggregated metrics and public data about merchants;
• City Agents do not act as legal agents of AVi Kairos Srl vis-à-vis merchants: they facilitate onboarding, but the contractual relationship for the use of MINOMO is established directly between the merchant and AVi Kairos Srl, through our Terms of Service which the merchant accepts independently.

The Country Manager, where present, coordinates at national level the City Agents operating in a given country and manages its commercial network. To carry out this role they access, through the MINOMO platform and without any direct access to the database, the master records of merchants, City Agents and Subagents in their national network (for example: company name, contact person, contact details, tax data, licence status). The Country Manager too does not access the individual data of consumers/followers: of these they see only aggregated and statistical data (number of followers, service consumption, territory trends).

With respect to these network records, AVi Kairos Srl and the Country Manager act as joint controllers within the meaning of Article 26 GDPR, limited to the purposes of managing, coordinating and developing the national commercial network. Their respective roles are set out in a joint-controllership arrangement: in short, AVi Kairos Srl provides the platform, defines the security measures and holds the database, while the Country Manager processes the data for the operational management of their country's network. Regardless of this allocation, you may exercise your rights by contacting either of the joint controllers; our point of contact remains [email protected] (see section 14).

Representatives of municipalities and public bodies who use MINOMO for civic communications access a dedicated view containing administrative data (public events, notices, institutional POIs). We process their data exclusively for the purposes of the institutional relationship.

Anonymous civic consultations (Civic Polling)

Some municipalities use MINOMO to run civic consultations: you are presented with an issue and can express a preference with a single tap (for example In favour · Against · Abstain) within a time window. The consultation is non-binding and is designed from the ground up to be anonymous. Here is exactly how we handle the data.

• We separate "who took part" from "what was voted". We record in a participation list only the fact that your account voted in a given consultation — solely to prevent double voting and to sync the state across your devices — and that list does not contain your choice. Your choice is tallied separately as a plain aggregate counter, with no reference to your account; the time of the vote is rounded and obfuscated to prevent temporal correlation.
• At closing we delete the link. When the consultation closes, the participation list is permanently deleted and only the aggregate figure remains. From that moment your preference can no longer be traced back to you not even by us.
• Results hidden until closing. Outcomes are not visible during voting, so as not to influence choices and to strengthen anonymity.
• Civic notification without tracking. The notification inviting you to take part does not link your device or identity to your vote: we apply no tracking pixels and no device-to-user maps to civic consultations.
• Publicly verifiable register. At closing we publish a cryptographically signed certificate of the aggregate results only (with a timestamp and storage on a decentralised network), so that anyone can verify the tally has not been altered. The certificate never contains individual ballots.
• You are in control. You receive invitations to take part only if the related preference ("Communications from my Municipality") is enabled in your account settings; you can turn it off at any time. Eligibility is anchored to the city you set in your profile.

For these consultations the promoting Municipality is the controller of the content and purpose of the question (MINOMO conveys, it does not draft), while AVi Kairos Srl provides the tool and guarantees the technical anonymity described above. The full methodology, with the anonymity guarantees and independent verification instructions, is described at admin.minomo.io/civic/methodology.

11. Recipients and suppliers (subprocessors)

To run MINOMO we rely on a small number of specialist suppliers. Each of them is bound by a written agreement that obliges them to process your data exclusively for the purposes we have entrusted to them and with appropriate security measures.

Suppliers fall within the following general categories:

• Infrastructure: application servers and databases, image and file hosting, content delivery network (CDN), perimeter security services.
• Communications: transactional email delivery (SMTP provider), native push notification gateways (Android and iOS).
• Artificial intelligence: the third-party provider that powers MINA.
• Payments: the Merchant of Record that processes wallet top-ups and associated transactions.
• Social authentication: OAuth providers (Google, Apple) activated if you choose to sign in via one of these services.
• Native app builds: the continuous integration platform that compiles the iOS and Android apps.

The complete, up-to-date, and versioned list of our suppliers — with processing category, country of establishment, applicable transfer safeguards, and date of last update — is available on the dedicated page: minomo.io/en/legal/subprocessors/. That page forms an integral part of this Policy.

When we add, remove, or replace a supplier, we update the page and record the change in the relevant changelog. If the change is material (it alters the country of processing or the nature of the supplier), we will notify you proactively.

In addition to suppliers, we may disclose your data to competent authorities (law enforcement, judicial authorities, data protection supervisory authorities, DSA supervisory bodies) to the extent and in the manner required by law.

12. Transfers of data outside the European Economic Area

Some of our suppliers are based in the United States or in other countries outside the European Economic Area (EEA). Transfers of personal data to those countries are subject to specific legal safeguards:

• United States: where the supplier adheres to the EU-U.S. Data Privacy Framework approved by the European Commission's adequacy decision of 10 July 2023, the transfer is covered by that decision. In addition, and regardless of the DPF, we apply the Standard Contractual Clauses 2021/914/EU approved by the European Commission, supplemented by a Transfer Impact Assessment (TIA) and additional technical and organisational measures.
• United Kingdom: the transfer is covered by the European Commission's adequacy decision of 28 June 2021.
• Other non-EEA countries: we apply the Standard Contractual Clauses 2021/914/EU and, where relevant, specific agreements with the supplier.

We constantly monitor developments in European Union case law on international transfers (in particular the Court of Justice decisions known as "Schrems") and adjust our safeguards as necessary.

You may request a copy of the Standard Contractual Clauses and the Transfer Impact Assessment we apply to a specific supplier by writing to [email protected].

13. Retention periods

We retain your personal data for the minimum time necessary for the purposes for which it was collected and in accordance with applicable legal obligations. The principal periods are:

At the end of each period, data is deleted or irreversibly anonymised. When you exercise the right to erasure (see section 14), we act within the statutory timeframes, subject to the minimum periods imposed by regulatory obligations (in particular, the 10-year fiscal retention requirement).

14. Your rights

The GDPR grants you a series of rights that you may exercise at any time, free of charge, without having to give reasons for your request. They are:

• Right of access (Art. 15 GDPR): obtain confirmation of processing and a copy of your data.
• Right to rectification (Art. 16): correct inaccurate or incomplete data.
• Right to erasure (Art. 17, "right to be forgotten"): obtain the erasure of your data, within the limits provided by law.
• Right to restriction of processing (Art. 18): request a temporary suspension of processing in specific cases.
• Right to data portability (Art. 20): receive your data in a structured, commonly used, and machine-readable format, and transmit it to another data controller.
• Right to object (Art. 21): object to processing based on legitimate interest, unless there are compelling legitimate grounds for the processing to continue.
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before the withdrawal.
• Right not to be subject to automated decision-making with legal or significant effects (Art. 22): MINOMO does not make decisions about you that are entirely automated. MINA produces responses but you always decide how to use them; you are never denied a service on the basis of an algorithmic assessment.

How to exercise them

You can exercise each of these rights in two ways:

• by completing the form at minomo.io/en/legal/data-request/;
• by writing to [email protected].

Account deletion. If you want to delete your entire account and the associated data, you can do so directly from the app (Account → Delete account) or via a web request. The full procedure — what is deleted, what we are required to retain and for how long — is described step by step on the dedicated page: minomo.io/en/legal/delete-account/.

We will respond within 30 days of receiving your request, except in cases of particular complexity that may require an extension of up to a further 60 days (of which we will notify you with reasons). Before processing the request we will verify your identity to prevent disclosure to unauthorised parties: verification is normally carried out by confirming the request from the email address associated with your account.

Complaint to the supervisory authority

If you believe that the processing of your personal data infringes the GDPR, you may lodge a complaint with the competent supervisory authority. The authorities with whom we interact most frequently are:

• ANSPDCP (Romanian Data Protection Authority) — Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336 București · dataprotection.ro
• Garante per la protezione dei dati personali (Italian Data Protection Authority): Piazza Venezia 11, 00187 Roma · garanteprivacy.it
• the supervisory authority in your country of habitual residence, if different from the above. The list of EEA authorities is available at edpb.europa.eu.

15. Minors

MINOMO is intended for persons who have reached the age of 18. This is a policy choice by the data controller: it allows us to operate with a uniform framework regarding minor consumers across different EU countries and to keep the contractual relationship (including the prepaid wallet) within the full legal capacity of the data subject.

If we become aware of an account registered in the name of a minor, we suspend it and proceed with erasure of the data collected, unless a parent or guardian formally intervenes to regularise the position. If you are a parent or guardian and believe that a minor in your care has created a MINOMO account, please write to [email protected].

16. Security and incident management

We have implemented appropriate technical and organisational measures to protect your data from unauthorised access, loss, alteration, or disclosure. These include:

• encryption in transit (HTTPS/TLS 1.2 or higher on all public endpoints);
• encryption at rest for databases and file storage (keys managed by the hosting provider);
• end-to-end encryption for push notification content;
• two-factor authentication available for high-exposure accounts (admin, City Agents, merchants);
• data access limited to authorised personnel on a need-to-know basis, with logging of administrative activity;
• security monitoring, automated anomaly detection, and incident response procedures.

No security measure is absolute. If, despite our measures, a personal data breach occurs that poses a risk to your rights and freedoms, we will:

1. notify the competent supervisory authority within 72 hours of becoming aware of the incident, pursuant to Art. 33 GDPR;
2. communicate the incident directly to you, in clear language, where the breach entails a high risk (Art. 34 GDPR).

17. Changes to this Policy

We may update this Policy over time — for example in response to new features, new suppliers, regulatory developments, or relevant court decisions. When we do:

• we update the version number and date shown at the top of the document;
• if the change is material — meaning it affects your rights, the purposes, the suppliers, or the countries of processing — we will notify you proactively with at least 30 days' notice, by email and via an in-app notice;
• we retain previous versions of the Policy in the change log below, so that you can compare what has changed.

Change log

18. Contact

For any question, request, or report relating to the protection of your personal data:

• Privacy email: [email protected]
• GDPR request form: minomo.io/en/legal/data-request/
• Postal address: AVi Kairos Srl — Strada Lungă 188, Corp C2, Ap. 2, Brașov 500051, România
• General contact: [email protected]
• DSA point of contact (for requests relating to content moderation and the obligations of digital service providers): [email protected]

We treat your questions with care and with the utmost seriousness. If our response does not satisfy you, remember that you can contact the supervisory authority in your country (see section 14).