Privacy Policy

WarrantyVault · Effective February 15, 2026

1. Data Controller

The data controller for the WarrantyVault application is:

Vizaxis Mateusz Olszewski
ul. Dworcowa 22/32
10-437 Olsztyn, Poland
Email: contact@vizaxis.com

2. What Data We Process and Why

WarrantyVault stores all user-created content (products, warranties, receipt photos, settings) locally on your device only. We do not operate user accounts, cloud storage, or backend servers. We cannot access your locally stored data.

The app uses the following third-party services that process data on our behalf or as independent controllers:

Service	Data Processed	Purpose	Legal Basis (GDPR)	Retention
Google Gemini API Google LLC	Receipt photo image data, sent over HTTPS for processing. On our paid API plan, Google does not use your data to train AI models. Google may temporarily process the image to generate a response.	AI-powered text extraction from receipt photos (OCR)	Consent — Art. 6(1)(a). You actively choose to use the receipt scanner each time. An offline fallback (ML Kit, on-device) is used when there is no internet connection — no data leaves your device in that case.	Google does not retain input data beyond the time needed to generate a response on paid API plans. See Google's Gemini API Terms.
Firebase Analytics Google LLC	Pseudonymous app instance identifier, IP address (used for geolocation and then discarded by Google in the EU), device model, OS version, app usage events (screens viewed, features used), and user properties: subscription status, theme preference, haptics preference.	Understanding how the app is used to improve it	Consent — Art. 6(1)(a). You can opt out in Settings → Privacy Settings. When declined, analytics collection is fully disabled.	26 months (Google default). Aggregated, non-identifiable reports may be retained longer.
Firebase Crashlytics Google LLC	Installation UUID (pseudonymous device identifier), device model, OS version, crash stack traces, custom diagnostic keys (subscription status, theme preference).	Identifying and fixing app crashes	Consent — Art. 6(1)(a). You can opt out in Settings → Privacy Settings. When declined, crash reporting is fully disabled.	90 days for crash data.
RevenueCat RevenueCat Inc.	Anonymous app user identifier (generated by RevenueCat, not linked to your identity), purchase tokens from Google Play or Apple App Store, device platform, IP address (used for approximate geolocation).	Managing in-app subscriptions and verifying purchase status	Contract performance — Art. 6(1)(b). Processing is necessary to deliver and validate the features you purchased.	Purchase records retained for the lifetime of the app user ID. See RevenueCat Privacy Policy.

3. App Tracking Transparency (iOS)

On iOS, the app requests your permission via Apple's App Tracking Transparency (ATT) framework before enabling analytics. If you deny this request, analytics data collection is limited according to Apple's policies. This does not affect the core functionality of the app.

4. Data We Do Not Collect

• Your name, email address, phone number, or any directly identifying personal information
• Precise location data (GPS, Wi-Fi-based location)
• Contacts, calendar, or phone call data
• Your receipt photos or product details — these are stored on your device only and are never uploaded to our servers (Gemini API processing is initiated only when you explicitly use the scanner)
• Payment card details, billing address, or bank information — all payment processing is handled entirely by Google Play or the Apple App Store

We do not serve ads and do not integrate any advertising SDKs or tracking networks.

5. Data Sharing

We do not sell, rent, or trade your data. The third-party services listed in Section 2 process data as follows:

• Google (Firebase Analytics, Crashlytics, Gemini API) — acts as a data processor under Google's Data Processing Terms. For the Gemini API on our paid plan, Google processes data solely to provide the service and does not use it for model training.
• RevenueCat — acts as a data processor for purchase management. See RevenueCat DPA.

We do not share data with any other third parties.

6. Consent and Opt-Out

On first launch, the app requests your consent for analytics and crash reporting. You can change your choice at any time in Settings → Privacy Settings. When you decline:

• Firebase Analytics collection is fully disabled
• Firebase Crashlytics collection is fully disabled
• No usage or crash data is sent to Google
• Core app functionality (adding products, scanning receipts, notifications) remains fully available

Note: Opting out does not affect data already collected before you changed your preference. To request deletion of previously collected analytics data, contact us.

7. Receipt Photo Processing

When you use the AI receipt scanner, your receipt photo is sent to Google's Gemini API over an encrypted (HTTPS) connection for text extraction. The extracted data (product name, brand, price, date, store, category) is returned to your device and stored locally. We use a paid Gemini API plan — Google does not use your input data for AI model training.

When your device is offline, the app falls back to ML Kit (on-device OCR). In this case, no image data leaves your device.

8. Data Retention and Deletion

On your device: All products, warranties, receipt photos, and settings are stored locally. You can delete individual items within the app at any time. Uninstalling the app permanently deletes all local data.

Third-party services: Data processed by third-party services is subject to their retention policies as described in Section 2. We do not control third-party retention, but you can contact us to request that we initiate deletion where technically possible.

9. Data Security

Your local data is protected by your device's built-in security (device encryption, screen lock, sandboxed app storage). All network communications with third-party services use HTTPS encryption in transit.

10. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the right to:

• Access your personal data (Art. 15)
• Rectify inaccurate data (Art. 16)
• Erase your data — right to be forgotten (Art. 17)
• Restrict processing (Art. 18)
• Data portability (Art. 20)
• Object to processing (Art. 21)
• Withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal (Art. 7(3))

For locally stored data, you exercise these rights directly on your device (edit, delete products, change privacy settings). For data held by third-party processors (Firebase, RevenueCat), contact us at contact@vizaxis.com and we will assist you in exercising your rights.

We will respond to data rights requests within 30 days.

11. Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority. For Poland:

Urząd Ochrony Danych Osobowych (UODO)
ul. Stawki 2, 00-193 Warszawa, Poland
uodo.gov.pl

12. Children's Privacy

WarrantyVault is not directed at children under 16 (the age of digital consent in Poland under GDPR). We do not knowingly collect personal information from children. If you believe a child under 16 has used the app in a way that resulted in personal data being processed, contact us and we will take steps to delete such data.

13. International Data Transfers

Third-party services (Google LLC, RevenueCat Inc.) are based in the United States and may process data outside the European Economic Area. These transfers are governed by:

• The EU-U.S. Data Privacy Framework (where applicable)
• Standard Contractual Clauses (SCCs) incorporated into the providers' data processing agreements

14. Changes to This Policy

We may update this Privacy Policy when our data practices change. The updated version will be posted at this URL with a revised effective date. For material changes that affect how your data is processed, we will provide notice through the app. Continued use of the app after changes constitutes acceptance of the revised policy.

15. Contact

For questions about this Privacy Policy or to exercise your data protection rights:

Vizaxis Mateusz Olszewski
Email: contact@vizaxis.com
ul. Dworcowa 22/32, 10-437 Olsztyn, Poland