This privacy policy was originally written in German. In case of discrepancies between the German original and this translation, the German version shall prevail.
1. Controller
Controller within the meaning of the GDPR:
2. Privacy Approach ("Local-First")
MVM Shift Planner is fundamentally designed for local data processing. Planning data is stored primarily on your device. Transmission to external services only occurs when required by the feature you are using — for example for login and synchronisation via Firebase, the optional AI assistant, in-app purchases or advertising in the free version.
We do not sell personal data.
3. Processed Data Categories
Planning and Shift Data
Shift abbreviations, colours, calendar entries, notes, overtime values, planning rules, reminder times, widget settings, export and import settings. Storage location: primarily local on the device. With the Share function active, also in Cloud Firestore.
Personalisation Data
Optional name, language, theme, app design, accent colour, widget view, live activity status, app settings. Storage location: local app storage areas (UserDefaults, App Group storage for widgets).
Authentication Data
Email address, user ID (UID), login status, auth provider information, security-relevant event data such as timestamps, device reference, IP address or user agent — where required for authentication, security and abuse prevention. Storage location: Firebase Authentication.
MVM Share Data
Connected partner ID, shared shifts, swap requests, status, timestamps and metadata. Storage location: Cloud Firestore.
Import, Export and Backup Data
Export files may contain shift data, notes, overtime, settings and abbreviations. If you share files with other apps via the iOS Share Sheet, their privacy terms also apply.
Transaction and Subscription Status Data
Purchase and subscription status information from Apple to unlock Pro features. Credit card or bank details are not processed.
Advertising Data (Free Version)
When using the free version, Google AdMob may be used. Where legally permitted and authorised by you, advertising or device identifiers (IDFA or comparable identifiers) may be processed.
4. Legal Bases (Art. 6 GDPR)
- Art. 6(1)(b): Contract performance and app functionality
- Art. 6(1)(a): Consent — e.g. ATT, optional AI use or optional permissions
- Art. 6(1)(f): Legitimate interests — in particular security, stability, abuse prevention and error analysis
- Art. 6(1)(c): Legal obligations, where applicable
5. Calendar, Widgets, Live Activities and Reminders
The app may display local calendar views, widgets, lock screen widgets, live activities and reminders. Shift abbreviations, colours, times and status information are processed locally and stored in App Group storage so that widget and live activity extensions can display them.
This data remains on your device. No transmission to external services occurs. Apple system features (notifications, widgets, live activities, share sheet) are additionally subject to Apple's privacy terms.
6. Import, Export, Backups and Local Text Recognition
The app can import and export shift schedules — e.g. as backup, PDF, CSV or calendar file. For PDF or image imports, the app may read text locally (Apple system frameworks such as PDFKit or Vision). This processing takes place on the device.
When you save, share or transfer export files to other apps, you determine the recipient. From that point, the privacy terms of the respective service also apply.
7. MVM-AI Assistant
The AI function is optional. When used, the following data may be transmitted:
- Your entered text (prompt or chat message)
- Required app context, where necessary for the response
- Technical metadata for provision, security and error analysis
Recipients: Cloudflare (technical proxy) · OpenAI (AI service provider)
Consent: Consent is obtained before the first transmission. Without consent, no AI transmission occurs. Consent can be withdrawn at any time with effect for the future.
Please do not enter sensitive personal data in the AI chat if it is not required for your request.
8. Firebase Authentication and Synchronisation (MVM Share)
When you use login and share features, the app uses:
- Firebase Authentication — for login and account management
- Cloud Firestore — for synchronisation of MVM Share data (partner connections, shifts, swap requests)
Processing only takes place to the extent required for the features you use. Access to Firestore data is controlled via Firebase Authentication and Firestore security rules.
9. Email Security Messages via Firebase Authentication
When using email login, security-related emails may be triggered — e.g. verification, password reset or login-related notices.
The following data is processed: email address, timestamp, required device information, IP address or user agent.
Recipient: Google Firebase Authentication for verification, reset and security-related auth processes.
10. Payments and Subscriptions (StoreKit)
In-app purchases are processed via Apple StoreKit. We only receive the necessary transaction and status information for feature activation. Payment data (credit card or bank details) is not processed by us.
11. Advertising in the Free Version
Google AdMob may be used in the free version:
- Personalised advertising only occurs with corresponding consent (Apple's App Tracking Transparency — ATT).
- Without consent, non-personalised advertising may be displayed.
- With an active Pro subscription, advertising is deactivated.
- Google may provide its own privacy information in the context of AdMob.
12. Recipients or Categories of Recipients
Depending on use, data may be transmitted to:
- Apple — StoreKit, widgets, live activities, notifications, diagnostic services, share sheet
- Google Firebase — Firebase Authentication and Cloud Firestore
- Cloudflare — only when using AI, as a technical proxy
- OpenAI — only when using AI and with consent
- Google AdMob — only in the free version and depending on consent
- Recipients chosen by you — when sharing, exporting or saving files
13. Third-Country Transfers
Where service providers outside the EEA are used (e.g. USA), a third-country transfer may occur. This takes place in accordance with legal requirements, in particular on the basis of appropriate guarantees such as EU standard contractual clauses or applicable adequacy mechanisms.
According to Google, Firebase Authentication is operated exclusively in US data centres. Other Firebase services may be processed on Google's global infrastructure.
14. Retention Period and Deletion
- Local app data: until deleted by you or the app is uninstalled.
- Widget and live activity data: local, as long as required for display and updates.
- AI chat histories: local until deleted by you or the app is uninstalled.
- Firestore share data: until deleted by you (disconnection, data deletion, account deletion).
- Auth and login data: as long as required for operation, security and account management.
- Subscription and status data: as long as required for verification and activation.
- Export and backup files: until deleted by you at the respective storage location.
You can delete data in the app (remove entries, disconnect share connections, reset settings, delete account) or send a deletion request to privacy@mvm-app.at.
15. Your Rights under the GDPR
- Access (Art. 15 GDPR)
- Rectification (Art. 16 GDPR)
- Erasure (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Objection (Art. 21 GDPR)
- Withdrawal of consent with effect for the future (Art. 7(3) GDPR)
- Complaint to a supervisory authority (Art. 77 GDPR) — in Austria: Datenschutzbehörde
16. Data Security
We use appropriate technical and organisational measures to protect data against loss, misuse and unauthorised access — e.g. local storage, transport encryption, access controls, App Group restrictions, Firestore security rules and established platform services.
According to Google, Firebase services encrypt data in transit via HTTPS and, for several services, also at rest.
17. Changes to this Privacy Policy
We reserve the right to update this privacy policy when features, legal requirements or services used change. The current published version is always authoritative.
18. Contact & Supervisory Authority
For privacy enquiries: