Privacy Policy
1. Data Controller
Your data is controlled by:
Maciej Stanuch
Email: support@tactido.com
This Privacy Policy describes how we collect, use, and protect your data when you use the Tactido app.
2. What Data We Collect
2.1. Data Stored LOCALLY on Your Device
Tactido is an "offline-first" application - most of your data is stored only on your device and is not transmitted to our servers.
| Data | Purpose | Storage |
|---|---|---|
| Activities and time history | Tracking time spent on various tasks | Local, encrypted |
| App settings | Personalization (theme, language, notifications) | Local, encrypted |
| Subscription status | Verifying access to premium features | Local, encrypted |
| Backups | Data recovery on user request | Local, encrypted |
| Calendar event cache | Integration with device calendar | Local |
Encryption: Your data is protected with AES-256-CBC encryption, with keys stored in iOS Keychain or Android Keystore.
2.2. Data Transmitted to External Services
To improve app quality, we use the following external services:
| Service | Data | Purpose | Your Control |
|---|---|---|---|
| Firebase Analytics | Anonymous events, device ID | App usage analysis | Can be disabled in settings |
| Firebase Crashlytics | Error reports, stack traces | Bug fixing | Can be disabled in settings |
| Firebase Performance | Performance metrics | App optimization | Can be disabled in settings |
| App Store / Google Play | Purchase data | Subscription handling | Managed by Apple/Google |
| NTP Servers | Time query | Clock synchronization | Automatic |
Anonymity: All data sent to Firebase is anonymous - it does not contain your name, email, or other identifying information.
3. What We Do NOT Collect
Tactido does NOT collect the following data:
- First or last name
- Email address
- Phone number
- GPS location
- Browsing history
- Contact list
- Photo content (no image analysis)
- Advertising identifier
- Behavioral profiling data
4. App Permissions
Tactido may request the following permissions:
| Permission | Purpose | Required? |
|---|---|---|
| Calendar | Import events from device calendar (read-only) | Optional |
| Notifications | Activity reminders | Optional |
| Microphone | Speech-to-text (for creating notes) | Optional |
| Camera | Adding photos to activities | Optional |
| Photo Library | Selecting photos as attachments | Optional |
All permissions are optional - the app works without them, but some features will be unavailable.
5. Your Rights (GDPR)
Under the General Data Protection Regulation (GDPR), you have the following rights:
5.1. Right of Access
You can check what data the app stores at any time:
- Settings → Export Data - download all your data
5.2. Right to Erasure ("Right to be Forgotten")
You can delete your data:
- Delete individual activities - in the app
- Delete all data - uninstall the app
- Delete backups - manually from device storage
5.3. Right to Data Portability
You can export your data in JSON format:
- Settings → Export Data
5.4. Right to Object
You can disable analytics data collection:
- Settings → Privacy → Analytics (disable)
- Settings → Privacy → Error Reporting (disable)
5.5. Right to Restriction of Processing
The app works offline - you can use it without an internet connection, which automatically limits data processing.
6. Children's Privacy
6.1. User Age
Tactido is intended for users of all ages. However:
- Users under 16 years old should obtain parental or guardian consent before using the app.
- We do not knowingly collect personal data from children without parental consent.
6.2. Parental Consent
If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us: support@tactido.com
6.3. Deleting Children's Data
Upon parental request, we will delete any data associated with the child's account.
7. Data Security
We implement the following security measures:
| Measure | Description |
|---|---|
| AES-256-CBC Encryption | All local data is encrypted |
| iOS Keychain / Android Keystore | Encryption keys in secure system storage |
| HMAC-SHA256 | Data integrity verification |
| No Personal Data Transmission | Your activities never leave your device |
8. Data Retention Period
| Data | Retention Period |
|---|---|
| Local data (activities, settings) | Until deleted by user |
| Firebase Analytics | 45 days (Google policy) |
| Firebase Crashlytics | 30 days (Google policy) |
| Backups | Until deleted by user |
9. Third-Party Services
We use services from the following providers:
9.1. Google Firebase
- Purpose: Analytics, crash reporting, performance monitoring
- Privacy Policy: firebase.google.com/support/privacy
9.2. Apple App Store / Google Play Store
- Purpose: Subscription and purchase handling
- Apple Privacy Policy: apple.com/legal/privacy
- Google Privacy Policy: policies.google.com/privacy
10. International Data Transfers
Data transmitted to Firebase may be processed on Google servers located outside the European Economic Area (EEA). Google ensures an adequate level of data protection in accordance with Standard Contractual Clauses (SCCs).
11. Changes to This Privacy Policy
We will notify you of significant changes to this Privacy Policy through:
- In-app notification
- Updating the "Last Updated" date at the top of this document
We recommend periodically reviewing this page.
12. Contact Us
For privacy-related questions, please contact us:
Email: support@tactido.com
We respond to inquiries within 30 business days.
13. Legal Basis for Processing
| Processing Purpose | Legal Basis (GDPR) |
|---|---|
| Service provision (time tracking) | Art. 6(1)(b) - contract performance |
| Analytics and app improvement | Art. 6(1)(f) - legitimate interest |
| Error reporting | Art. 6(1)(f) - legitimate interest |
| Subscription handling | Art. 6(1)(b) - contract performance |
Tactido - Your time, your control.
© 2024 Maciej Stanuch. All rights reserved.