隐私政策
This 隐私政策 applies to the iOS app "MVM 排班计划".
数据控制者
数据控制者 within the meaning of the GDPR:
Samir Salimovic
Independent iOS Developer
Vienna, Austria
Privacy 联系:
E-mail: privacy@mvm-app.at
Web: https://mvm-app.at
隐私方法 ("Local-First")
MVM 排班计划 is primarily designed for local data processing. Planning data is primarily stored on your device. Data is transferred to external services only when necessary for the feature you use (e.g., Firebase login/synchronization, AI assistant, in-app purchases, advertising in the free version).
我们不出售个人数据。
处理的数据类别
Depending on usage, we process the following data in particular:
Planning and Shift Data
Shift codes, colors, calendar entries, notes, overtime values, planning rules, settings.
Storage: primarily local on the device; when Share/Sync is active, additionally in Cloud Firestore.
Personalization Data
Optional name, language, theme, reminder times, app settings.
Storage: local app storage areas (e.g., UserDefaults).
Authentication Data
Email address, user ID (UID), sign-in status, auth provider information (e.g., Apple, email/password), security-relevant event data (e.g., timestamp, device reference where required).
Storage: Firebase Authentication, required local status data, and where applicable Firestore event data.
MVM Share Data
Connected partner ID, shared shifts, swap requests including status, required timestamps/metadata.
Storage: Cloud Firestore.
Transaction/Subscription Status Data
Purchase and subscription status information from Apple for unlocking Pro features.
We do not process credit card or bank account data.
Technical Data
Diagnostics and crash data, where provided by Apple and enabled by you.
Advertising Data (Free 版本 Only)
When using AdMob, advertising/device identifiers (e.g., IDFA) may be processed, where legally permissible and enabled by you.
Legal Bases (Art. 6 GDPR)
We process data based on:
- Art. 6(1)(b) GDPR (contract performance / app functionality)
- Art. 6(1)(a) GDPR (consent, e.g., ATT, optional AI use)
- Art. 6(1)(f) GDPR (legitimate interest, security, stability, abuse prevention)
- Art. 6(1)(c) GDPR (legal obligations, where applicable)
MVM-AI Assistant
The AI feature is optional. When used, data may be transmitted to technical service providers to process your request.
Processed data (depending on request):
- Your entered text (prompt/chat message)
- Required context from the app, to the extent necessary for the response
接收方:
- Cloudflare (technical AI proxy / worker)
- OpenAI (AI service provider)
Purpose:
- Providing the AI response requested by you
Consent:
- Consent is obtained before the first transmission
- No AI transmission takes place without consent
- Consent can be withdrawn at any time with effect for the future
Firebase Authentication & Synchronization (MVM Share)
When you use login and share features, the app uses:
- Firebase Authentication (sign-in, account management)
- Cloud Firestore (synchronization of MVM Share data, e.g., partner connections, shifts, swap requests)
Processing occurs only to the extent required for the features you use.
Email Security Emails (via Firebase Authentication)
When using email login, security-related emails may be triggered (e.g., verification, password reset, login-related notices).
For this, we process in particular:
- Email address
- Security/event data (e.g., timestamp, required device information)
接收方:
- Google Firebase Authentication (for verification/reset and security-related auth processes)
Payments & 订阅 (StoreKit)
In-app purchases are processed via Apple StoreKit. We only receive required transaction/status information to unlock functionality.
Advertising (Free 版本 Only)
The free version may use Google AdMob.
- Personalized advertising only with corresponding consent (ATT)
- Without consent: non-personalized ads may be shown
- Advertising is disabled when an active Pro subscription is present
接收方 / Categories of 接收方
Depending on usage, data may be transmitted to the following recipients:
- Apple (StoreKit, and possibly diagnostics services)
- Google Firebase (Firebase Authentication, Cloud Firestore)
- Cloudflare (technical AI proxy, only when using AI)
- OpenAI (only when using AI and with consent)
- Google AdMob (free version only, depending on consent)
Third-Country Transfers
Where service providers outside the EEA are used (e.g., USA), third-country transfers may occur. Such transfers are carried out in compliance with legal requirements, in particular based on appropriate safeguards (e.g., EU standard contractual clauses), where required.
保存期限
- Local app data: until deleted by you or uninstallation
- AI chat histories (local): until deleted by you or uninstallation
- Firestore share data: until deleted by you (e.g., disconnect/removal or "Delete Data") or account deletion, unless legal obligations prevent this
- Auth/login data: according to applicable Firebase and app operational rules, as long as required for operation/security
- Subscription/status data: as long as required for verification/unlocking
- Security/auth event data: only as long as required for operation, security, abuse prevention, and error analysis
- Diagnostics/log data: according to platform provider rules
Your Rights Under GDPR
You have, in particular, the following rights:
- Access (Art. 15 GDPR)
- Rectification (Art. 16 GDPR)
- Erasure (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Objection (Art. 21 GDPR)
- Withdrawal of consent with effect for the future (Art. 7(3) GDPR)
- 向监管机构投诉 (Art. 77 GDPR), e.g., in Austria at the Data Protection Authority
数据安全
We implement appropriate technical and organizational measures to protect data against loss, misuse, and unauthorized access (e.g., transport encryption, access controls, use of established platform services).
变更 to this 隐私政策
We reserve the right to update this 隐私政策 when features, legal requirements, or used services change. The currently published version is authoritative.
联系
For privacy inquiries: