Privacy Policy

1. General Provisions

This privacy policy describes how Apgavo (hereinafter "we", "our", or "the Platform"), operating the website apgavo.lt, collects, uses, stores, and processes your personal data. We operate in accordance with the European Union General Data Protection Regulation (GDPR) and the Law on Legal Protection of Personal Data of the Republic of Lithuania. By using our Platform, you agree to this privacy policy.

2. What Data We Collect

2.1. Identity Data

We use Dokobit Smart-ID and Mobile-ID services for authentication. Through these services, we receive your first name, last name, and personal identification number. This data is required to verify your identity and ensure that reports are submitted by real persons.

2.2. Report and Evidence Data

When you submit a report about a scammer, we collect: the scam description, category, date, loss amount and currency, scammer identifiers (name, company name, phone number, email address, bank account number, etc.), as well as documents and evidence you upload (screenshots, correspondence, financial documents).

2.3. Technical Data

We use a session cookie to maintain your login state, a device identifier (device_id cookie in UUID format) for managing active sessions and security, and a theme preference (light/dark mode) stored in your browser's localStorage. We do not collect IP addresses and do not use third-party analytics or tracking cookies.

3. How We Use Your Data

We use your data for the following purposes: verifying your identity and managing your account; processing and grouping scam reports; matching similar reports and evaluating group lawsuit viability; communicating with you about the status of your reports; providing data to our partner law firm when a group lawsuit becomes viable; improving the Platform and ensuring its security.

4. Data Sharing

We do not sell your personal data to third parties. We may share your data only in the following cases: with our partner law firm — when enough reports are gathered about the same scammer and the total damages justify a group lawsuit, your report data is shared for case evaluation (you will be notified in advance); with Dokobit — for authentication purposes; with law enforcement authorities — if required by the laws of the Republic of Lithuania or EU regulations.

5. Data Retention

We retain your personal data for as long as you have an active account on our Platform. Report data is retained for as long as it is necessary for legal purposes. Upon account deletion, your personal identity data is deleted within 30 days. Anonymized statistical data may be retained indefinitely.

6. Your Rights (GDPR)

Under GDPR, you have the following rights: right of access — you can review your data or export it (Settings > Export Data); right to rectification — you can edit your reports; right to erasure — you can delete reports or your account (Settings > Delete Account); right to restrict processing; right to data portability; right to object. To exercise these rights, use the Platform features or contact us at privacy@apgavo.lt.

7. Cookies

Our Platform uses only essential cookies: a session cookie to maintain your login state (valid until browser close or logout); a device cookie (device_id) — a UUID identifier for managing sessions (valid for 1 year). We also use browser localStorage to store your theme preference. We do not use third-party cookies or tracking.

8. Security Measures

We apply the following security measures: authentication only through qualified electronic identification providers (Smart-ID, Mobile-ID); encrypted communication (HTTPS/TLS); role-based access control; session management with the ability to revoke sessions from any device; automatic token refresh with protection against unauthorized access.

9. Contact Information

If you have questions about this privacy policy or wish to exercise your rights, contact us at privacy@apgavo.lt. You also have the right to file a complaint with the State Data Protection Inspectorate (vdai.lrv.lt).