# Privacy Policy

**DepositShield**  
**Effective date:** 13 July 2026  
**Last updated:** 13 July 2026

---

## 1. Introduction

DepositShield ("**we**", "**us**", or "**our**") is a mobile application developed by **Federico Tessarin** (trading as **devprg**) that helps tenants and landlords document rental property condition at move-in and move-out using timestamped photos and notes.

This Privacy Policy explains how we collect, use, store, share, and protect personal data when you use the DepositShield mobile application (the "**App**") on iOS and Android, and any related services such as optional cloud backup for Pro subscribers.

We are committed to protecting your privacy and processing personal data in accordance with the **General Data Protection Regulation (GDPR)** (EU) 2016/679, the UK GDPR, and other applicable data protection laws.

If you have questions about this policy or your data, contact us at:  
**privacy@depositshield.app**

---

## 2. Data Controller

The data controller responsible for your personal data is:

**Federico Tessarin / devprg**  
Email: privacy@depositshield.app  
Website: https://depositshield.app

For EU/EEA users, you may also contact your local data protection authority if you believe your rights have been infringed.

---

## 3. Summary

| Topic | Summary |
|-------|---------|
| **Offline-first design** | Your property documentation is stored primarily on your device. |
| **Cloud backup (Pro only)** | Optional, encrypted cloud sync if you subscribe to DepositShield Pro. |
| **Permissions** | Camera and location (GPS) are requested only when needed for documentation. |
| **No sale of data** | We do not sell, rent, or trade your personal data. |
| **Your control** | You can export, delete, or request erasure of your data at any time. |

---

## 4. Personal Data We Collect

### 4.1 Data you provide directly

- **Account information** (if you create an account for Pro cloud backup): email address, display name, and authentication credentials.
- **Property documentation**: photos, room labels, notes, checklists, timestamps, and metadata you attach to a rental deposit record.
- **Property details**: address, landlord/tenant names, lease dates, deposit amount, and related notes you enter voluntarily.
- **Support communications**: messages you send to us, including attachments.

### 4.2 Data collected automatically

- **Device and app data**: device model, operating system version, app version, language, and crash/diagnostic logs (only if you opt in or where required for stability).
- **Purchase data**: transaction identifiers and subscription status from Apple App Store or Google Play (we do not receive your full payment card details).
- **Usage analytics** (if enabled): anonymised or aggregated feature usage to improve the App. Analytics can be disabled where the platform allows.

### 4.3 Data from device permissions

| Permission | Purpose | Required? |
|------------|---------|-----------|
| **Camera** | Capture timestamped photos of property condition | Yes, for core functionality |
| **Photo library / storage** | Save and retrieve documentation images on your device | Yes, for core functionality |
| **Location (GPS)** | Embed approximate location and time metadata in photos for evidentiary context | Optional; you may decline and still use the App |
| **Notifications** | Reminders for move-in/move-out deadlines and backup status | Optional |

We request each permission at the point of use and explain why it is needed. You can revoke permissions in your device settings at any time, though some features may no longer work.

### 4.4 Data we do not collect

We do **not** intentionally collect:

- Government ID numbers or financial account numbers
- Health data
- Contacts, call logs, or SMS messages
- Browsing history outside the App
- Precise real-time location tracking in the background

---

## 5. How We Use Your Data

We process personal data only where we have a lawful basis under GDPR:

| Purpose | Lawful basis |
|---------|--------------|
| Provide core documentation features (local storage, camera, export) | Performance of a contract / legitimate interest |
| Operate optional Pro cloud backup and sync | Performance of a contract |
| Process in-app purchases and subscriptions | Performance of a contract / legal obligation |
| Respond to support requests | Legitimate interest / performance of a contract |
| Improve App stability and fix bugs | Legitimate interest |
| Comply with legal obligations | Legal obligation |
| Send service-related communications (e.g. backup failures) | Performance of a contract / legitimate interest |

We do **not** use your property photos or notes for advertising profiling.

---

## 6. Local Storage (Offline-First)

DepositShield is designed **offline-first**:

- Photos, notes, and property records are stored **locally on your device** by default.
- Data remains on your device unless you explicitly enable cloud backup (Pro) or export/share it.
- Uninstalling the App may permanently delete local data unless you have exported it or enabled cloud backup.

**You are responsible for** maintaining backups of your documentation (via Pro cloud backup, device backup, or manual export) before changing or replacing your device.

---

## 7. Cloud Backup (DepositShield Pro)

If you subscribe to **DepositShield Pro**, you may optionally enable **encrypted cloud backup and sync**:

- Data is transmitted over TLS (HTTPS) and stored encrypted at rest on servers operated by us or our EU-based infrastructure providers.
- Cloud backup is **opt-in**; free users' documentation never leaves their device unless they manually export or share it.
- You can disable cloud sync and delete cloud-stored data from within the App or by contacting us.
- If your Pro subscription lapses, cloud backup may be suspended; we will retain cloud data for **90 days** to allow reactivation, after which it is permanently deleted unless you request earlier deletion.

---

## 8. Data Sharing and Third Parties

We do **not sell, rent, or trade** your personal data to third parties.

We share data only in these limited circumstances:

| Recipient | Purpose |
|-----------|---------|
| **Apple / Google** | In-app purchase and subscription processing |
| **Cloud infrastructure providers** | Hosting encrypted Pro backup data (EU/EEA where possible) |
| **Crash reporting tools** (if used) | Anonymised diagnostics to improve stability |
| **Legal authorities** | Only when required by applicable law or valid legal process |

All processors act under data processing agreements and are bound to protect your data consistent with this policy and GDPR.

---

## 9. International Data Transfers

Where personal data is transferred outside the EU/EEA (for example, to support infrastructure or app store services), we ensure appropriate safeguards are in place, such as:

- Standard Contractual Clauses (SCCs) approved by the European Commission
- Transfers to countries with an adequacy decision
- Additional technical measures (encryption in transit and at rest)

---

## 10. Data Retention

| Data type | Retention period |
|-----------|------------------|
| Local documentation | Until you delete it or uninstall the App |
| Cloud backup (Pro) | While subscription is active, plus 90 days after lapse |
| Account data | Until account deletion, plus up to 30 days for backup purge |
| Purchase records | As required by tax and accounting law (typically 7–10 years for transaction metadata only) |
| Support emails | Up to 24 months after case closure |

You may request deletion at any time (see Section 12).

---

## 11. Security

We implement appropriate technical and organisational measures to protect your data, including:

- Encryption in transit (TLS) for all network communication
- Encryption at rest for cloud-stored Pro backup data
- Access controls limiting employee access to production systems
- Regular security reviews of infrastructure and dependencies

No method of transmission or storage is 100% secure. You should protect your device with a passcode/biometrics and keep your account credentials confidential.

---

## 12. Your Rights (EU/EEA and UK Users)

Under GDPR, you have the following rights:

1. **Right of access** — Request a copy of personal data we hold about you.
2. **Right to rectification** — Correct inaccurate or incomplete data.
3. **Right to erasure ("right to be forgotten")** — Request deletion of your data, subject to legal retention obligations.
4. **Right to restriction** — Ask us to limit processing in certain circumstances.
5. **Right to data portability** — Receive your data in a structured, machine-readable format (JSON/PDF export).
6. **Right to object** — Object to processing based on legitimate interests.
7. **Right to withdraw consent** — Where processing is based on consent (e.g. optional analytics), withdraw at any time without affecting prior lawful processing.
8. **Right to lodge a complaint** — With your national data protection authority.

**To exercise your rights**, email **privacy@depositshield.app** with the subject line "GDPR Request". We will respond within **30 days** (extendable by 60 days for complex requests, with notice).

**In-app deletion:** You can delete individual properties, photos, or your entire account (including cloud data) from **Settings → Privacy → Delete My Data**.

---

## 13. Children's Privacy

DepositShield is not directed at children under **16** (or the applicable age of digital consent in your country). We do not knowingly collect personal data from children. If you believe a child has provided us data, contact **privacy@depositshield.app** and we will delete it promptly.

---

## 14. Cookies and Tracking

The mobile App does not use browser cookies. If our website (depositshield.app) uses cookies or similar technologies, a separate website cookie notice applies. The App may use local device storage (SQLite, secure keychain) solely to operate its features.

---

## 15. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.

---

## 16. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via:

- In-app notice on next launch, and/or
- Email (if you have an account), and/or
- Updated "Last updated" date at the top of this document

Continued use of the App after the effective date constitutes acceptance of the updated policy, where permitted by law.

---

## 17. Contact Us

**Federico Tessarin / devprg**  
Email: **privacy@depositshield.app**  
General support: support@depositshield.app  
Website: https://depositshield.app

For GDPR-related requests, please include:
- Your full name and account email (if applicable)
- A description of your request
- Proof of identity (if required to prevent unauthorised disclosure)

We aim to respond to all privacy enquiries within **5 business days** and to fulfil GDPR requests within **30 days**.

---

*This Privacy Policy is provided in English. Translated versions may be made available for convenience; in case of conflict, the English version prevails unless local law requires otherwise.*
