Responsable del tratamiento

Responsable del tratamiento within the meaning of the GDPR:

Samir Salimovic
Independent iOS Developer
Vienna, Austria

Contacto de privacidad:
E-mail: privacy@mvm-app.at
Web: https://mvm-app.at

Enfoque de privacidad ("Local-First")

MVM Planificador de turnos is primarily designed for local data processing. Planning data is primarily stored on your device. Data is transferred to external services only when necessary for the feature you use (e.g., Firebase login/synchronization, AI assistant, in-app purchases, advertising in the free version).

No vendemos datos personales.

Categorías de datos tratadas

Depending on usage, we process the following data in particular:

Planning and Shift Data

Shift codes, colors, calendar entries, notes, overtime values, planning rules, settings.
Storage: primarily local on the device; when Share/Sync is active, additionally in Cloud Firestore.

Personalization Data

Optional name, language, theme, reminder times, app settings.
Storage: local app storage areas (e.g., UserDefaults).

Authentication Data

Email address, user ID (UID), sign-in status, auth provider information (e.g., Apple, email/password), security-relevant event data (e.g., timestamp, device reference where required).
Storage: Firebase Authentication, required local status data, and where applicable Firestore event data.

MVM Share Data

Connected partner ID, shared shifts, swap requests including status, required timestamps/metadata.
Storage: Cloud Firestore.

Transaction/Subscription Status Data

Purchase and subscription status information from Apple for unlocking Pro features.
We do not process credit card or bank account data.

Technical Data

Diagnostics and crash data, where provided by Apple and enabled by you.

Advertising Data (Free Versión Only)

When using AdMob, advertising/device identifiers (e.g., IDFA) may be processed, where legally permissible and enabled by you.

Legal Bases (Art. 6 GDPR)

We process data based on:

• Art. 6(1)(b) GDPR (contract performance / app functionality)
• Art. 6(1)(a) GDPR (consent, e.g., ATT, optional AI use)
• Art. 6(1)(f) GDPR (legitimate interest, security, stability, abuse prevention)
• Art. 6(1)(c) GDPR (legal obligations, where applicable)

MVM-AI Assistant

The AI feature is optional. When used, data may be transmitted to technical service providers to process your request.

Processed data (depending on request):

• Your entered text (prompt/chat message)
• Required context from the app, to the extent necessary for the response

Destinatarios:

• Cloudflare (technical AI proxy / worker)
• OpenAI (AI service provider)

Purpose:

• Providing the AI response requested by you

Consent:

• Consent is obtained before the first transmission
• No AI transmission takes place without consent
• Consent can be withdrawn at any time with effect for the future

Firebase Authentication & Synchronization (MVM Share)

When you use login and share features, the app uses:

• Firebase Authentication (sign-in, account management)
• Cloud Firestore (synchronization of MVM Share data, e.g., partner connections, shifts, swap requests)

Processing occurs only to the extent required for the features you use.

Email Security Emails (via Firebase Authentication)

When using email login, security-related emails may be triggered (e.g., verification, password reset, login-related notices).

For this, we process in particular:

• Email address
• Security/event data (e.g., timestamp, required device information)

Destinatarios:

• Google Firebase Authentication (for verification/reset and security-related auth processes)

Payments & Suscripciones (StoreKit)

In-app purchases are processed via Apple StoreKit. We only receive required transaction/status information to unlock functionality.

Advertising (Free Versión Only)

The free version may use Google AdMob.

• Personalized advertising only with corresponding consent (ATT)
• Without consent: non-personalized ads may be shown
• Advertising is disabled when an active Pro subscription is present

Destinatarios / Categories of Destinatarios

Depending on usage, data may be transmitted to the following recipients:

• Apple (StoreKit, and possibly diagnostics services)
• Google Firebase (Firebase Authentication, Cloud Firestore)
• Cloudflare (technical AI proxy, only when using AI)
• OpenAI (only when using AI and with consent)
• Google AdMob (free version only, depending on consent)

Third-Country Transfers

Where service providers outside the EEA are used (e.g., USA), third-country transfers may occur. Such transfers are carried out in compliance with legal requirements, in particular based on appropriate safeguards (e.g., EU standard contractual clauses), where required.

Plazos de conservación

• Local app data: until deleted by you or uninstallation
• AI chat histories (local): until deleted by you or uninstallation
• Firestore share data: until deleted by you (e.g., disconnect/removal or "Delete Data") or account deletion, unless legal obligations prevent this
• Auth/login data: according to applicable Firebase and app operational rules, as long as required for operation/security
• Subscription/status data: as long as required for verification/unlocking
• Security/auth event data: only as long as required for operation, security, abuse prevention, and error analysis
• Diagnostics/log data: according to platform provider rules

Your Rights Under GDPR

You have, in particular, the following rights:

• Access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection (Art. 21 GDPR)
• Withdrawal of consent with effect for the future (Art. 7(3) GDPR)
• Reclamación ante una autoridad de control (Art. 77 GDPR), e.g., in Austria at the Data Protection Authority

Seguridad de los datos

We implement appropriate technical and organizational measures to protect data against loss, misuse, and unauthorized access (e.g., transport encryption, access controls, use of established platform services).

Cambios to this Política de privacidad

We reserve the right to update this Política de privacidad when features, legal requirements, or used services change. The currently published version is authoritative.

Contactoo

For privacy inquiries:

privacy@mvm-app.at