Mobile App Privacy Policy

Version: 1.0

Effective date: 2026-05-11

1. Scope

This Privacy Policy applies to InstalTrack mobile applications published on Google Play and Apple App Store.

To the extent functionally linked to a user account, this policy also covers data processed through the InstalTrack website and web portal (e.g. registration, sign-in, contact form, and service communications).

2. Data Controller and Contact

InstalTrack is the controller for account-level user data. For business customer data entered into the app, the business customer remains the controller and InstalTrack acts as a processor unless applicable law states otherwise.

Contact: [email protected]. Address: Radzikowskiego 61d/5, 31-315 Krakow, Poland.

3. Categories of Data We May Collect

  • Account data: first name, last name, email address, phone number, user role, account identifiers.
  • Authentication and security data: login identifiers, session tokens, password reset information, security logs.
  • Device and app technical data: device type, operating system, app version, technical identifiers, diagnostics and crash logs.
  • Operational data: projects, stages, documents, photos/attachments, customer and team data entered by users or organizations.
  • Communication data: push tokens, notification preferences, and system communication history.
  • Web form data: information submitted via registration and contact forms (including email, phone number, and message content).

The exact set of data depends on features used in the app, account configuration, and enabled technical integrations.

4. Purposes of Processing

  • Providing services and maintaining user accounts.
  • Authentication, authorization, and fraud/abuse prevention.
  • Supporting project, document, and workflow functionality in the app.
  • Sending notifications and service-related communications.
  • Contacting users by email or phone for account, support, and request-handling purposes.
  • Maintaining, diagnosing, and improving app quality.
  • Complying with legal obligations and asserting legal claims.

5. Legal Bases

Legal bases include: performance of a contract (service delivery), legitimate interests (security, diagnostics, service improvement), legal obligations, and consent where required by law.

6. Data Sharing and Processors

Data may be shared with trusted technical service providers strictly as needed to operate the app (e.g. hosting, authentication, email delivery, push notifications, error monitoring).

We do not sell users' personal data.

We use Google Firebase, including Firebase Authentication and Firebase Cloud Messaging (FCM), to support sign-in, account security, and push notifications. As a result, selected technical data and identifiers (e.g. account identifiers, device/push tokens, and technical metadata) may be processed by these services under their terms and privacy policy.

More information: Firebase Privacy and Security.

7. Data Retention

We retain data for as long as needed to provide the service, perform contractual obligations, ensure security, comply with legal obligations, and resolve disputes. After required periods, data is deleted or anonymized.

8. User Rights and Account Deletion

  • You may request access, correction, deletion, restriction, and portability of your data, subject to applicable law.
  • You can submit requests at [email protected].
  • Account-related requests are handled without undue delay, usually within 30 days, unless law requires otherwise.
  • You can delete your account in account settings or request deletion by email.

9. Children and Minors

The app is not directed to children. We do not knowingly collect personal data from children. If we learn that child data was provided, we will take steps to delete it.

10. International Data Transfers

If data is transferred outside the European Economic Area, we apply appropriate legal safeguards such as standard contractual clauses or other mechanisms required by law.

11. Data Security

We use appropriate technical and organizational measures to protect data against unauthorized access, loss, misuse, or disclosure.

12. Policy Changes

We may update this policy. Changes are published on this page together with the updated version and effective date.

13. Governing Law and Jurisdiction

This Privacy Policy and all matters related to the service are governed by the laws of Poland.

Any disputes arising from this Privacy Policy or use of the service shall be resolved exclusively by the competent courts in Poland.

14. Contact

[email protected]