PL EN UK

FixControl Privacy Policy

Effective from 4 May 2026 · Terms of Service

§ 1. Data Controller

  1. The controller of personal data processed in connection with the FixControl website and application (Windows, Android) is Nadzory Budowlane Grzegorz Turowski, address: Czerska 33/16, 80-180 Gdańsk, Poland, VAT ID: PL8461594579 (hereinafter: "Controller").
  2. Contact for data protection matters: [email protected]. The Controller will respond within 30 days of receiving a request.

§ 2. Legal Basis for Processing

The Controller processes personal data in accordance with:

  • Regulation (EU) 2016/679 (GDPR),
  • Polish Personal Data Protection Act of 10 May 2018,
  • Polish Act on Electronic Services of 18 July 2002.

§ 3. Data Collected by the Mobile and Desktop Application

The FixControl app (Android, Windows) transmits data exclusively to the server at fixcontrol.pl. The following table describes what data is collected and for what purpose:

Data TypePurposeRequired?
Login and passwordUser authenticationYes
Defect data (descriptions, types, statuses)Construction defect management — core application functionYes
Defect photosPhotographic documentation of defects (Android only; initiated manually by the user)No
Floor plan images (PDF/PNG)Locating defects on building plans; files cached locally for up to 90 daysNo
Voice recordings (microphone)Dictating defect descriptions (speech-to-text); processed locally by the OS API, not transmitted to the ControllerNo

The application does not collect GPS location data, contact lists, advertising identifiers, or any device diagnostic data.

§ 4. App Permissions

Android
  • CAMERA — taking photos of construction defects in the field. Used only upon user request. Photos are uploaded to the server and linked to a specific defect record.
  • RECORD_AUDIO — dictating defect descriptions (speech-to-text). Speech recognition is performed locally by the Android Speech Recognizer API. No audio recordings are stored or transmitted by the Controller.
  • INTERNET — communication with fixcontrol.pl server (HTTPS).
  • READ/WRITE_EXTERNAL_STORAGE (Android ≤ 9) — saving exported PDF/XLSX files to the Documents folder.
Windows
  • Microphone — dictating defect descriptions via Windows Speech Recognition API. Processing is local; no audio is transmitted to the Controller.
  • File system access (Documents) — saving PDF/XLSX exports and floor plan cache files.
  • Outbound internet access — communication with fixcontrol.pl server (HTTPS).

§ 5. Data Collected by the Web Panel

  1. At company Registration: company name, administrator email address, password (stored as a bcrypt hash).
  2. During panel use: user actions logged in defect history (login, operation type, timestamp).
  3. Technical data: IP address (logged by nginx for security purposes), browser headers.
  4. Analytics: anonymous traffic data via Google Analytics 4 (GA4) — only after consent to analytics cookies.

§ 6. Purpose and Legal Basis for Processing

  1. Service provision (Art. 6(1)(b) GDPR) — account registration and management, defect handling.
  2. Legal compliance (Art. 6(1)(c) GDPR) — documentation, invoices.
  3. Legitimate interests of the Controller (Art. 6(1)(f) GDPR) — system security, technical logs.
  4. User consent (Art. 6(1)(a) GDPR) — GA4 analytics cookies.

§ 7. Data Storage and Security

  1. All data transmitted between the application and the server is encrypted using TLS 1.2/1.3 (HTTPS).
  2. Passwords are stored in hashed form (bcrypt with SHA-256 pre-hashing) — never in plain text.
  3. Data is stored on Hetzner Online GmbH servers in Germany (European Union), compliant with GDPR and ISO 27001.
  4. The floor plan cache (PNG files) is stored locally on the user's device for up to 90 days from last access, then automatically deleted by the application.

§ 8. Data Retention

  1. Account data — for the duration of the active account.
  2. Defect data and photos — for the duration of service use or until manually deleted by the user.
  3. Billing data — for 5 years from the end of the tax year (legal obligation).
  4. Technical server logs — maximum 90 days.
  5. Local device cache — maximum 90 days from last access.

§ 9. Recipients of Personal Data

  1. User data may be shared only with:
    • Hetzner Online GmbH (Germany, EU) — server infrastructure provider,
    • Google LLC (USA) — anonymous analytics data via GA4, only after user consent; Google LLC holds a Data Privacy Framework certification,
    • PayPro SA (Przelewy24) (Poland, EU) — subscription payment processing in PLN,
    • Stripe, Inc. (USA) — subscription payment processing in EUR and USD,
    • government authorities — only as required by applicable law.
  2. The Controller does not sell, rent, or transfer personal data to third parties for marketing purposes.
  3. The FixControl app contains no advertisements and does not use any advertising networks or tools that track user activity for the purpose of ad profiling.

§ 10. User Rights (GDPR)

  1. Each user has the right to:
    • Access their personal data (Art. 15 GDPR),
    • Rectification of inaccurate data (Art. 16 GDPR),
    • Erasure of data — "right to be forgotten" (Art. 17 GDPR),
    • Restriction of processing (Art. 18 GDPR),
    • Data portability (Art. 20 GDPR),
    • Objection to processing (Art. 21 GDPR),
    • Withdrawal of consent at any time (Art. 7(3) GDPR).
  2. To exercise these rights, contact the Controller at: [email protected].
  3. Users also have the right to lodge a complaint with the Polish supervisory authority (UODO, ul. Stawki 2, 00-193 Warszawa, www.uodo.gov.pl).

§ 11. Account and Data Deletion

  1. Users may request deletion of their account and associated personal data at any time by sending an email to [email protected] with the subject line "FixControl Account Deletion".
  2. The Controller will delete the data within 30 days of receiving the request, subject to data that must be retained by law (e.g. billing records for 5 years).
  3. The local application cache (floor plans, temporary files) can be deleted via the operating system settings: Settings → Apps → FixControl → Clear Data (Android), or by manually deleting the Documents\usterki_rzuty folder (Windows).

§ 12. Children's Privacy

  1. The FixControl app and website are intended exclusively for adults acting in a professional context (construction defect management). The service is not directed at children under 16 years of age.
  2. The Controller does not knowingly collect personal data from children under 16. If such data is discovered, it will be deleted immediately. If you believe we have inadvertently collected data from a child, please contact us at [email protected].

§ 13. Cookies (Web Panel)

  1. The web service uses the following cookies:
    • Necessary: usterki_token — JWT for session authentication (7 days, httpOnly, SameSite=Lax); usterki_lang — language preference (1 year).
    • Analytics (GA4): _ga, _ga_* — only after user consent. Validity: 2 years.
    • Payment: Przelewy24 or Stripe cookies during payment processing.
  2. The mobile and desktop application does not use cookies. It uses secure local storage (Flutter Secure Storage) only to store the JWT authentication token on the device.

§ 14. Changes to This Privacy Policy

  1. The Controller reserves the right to amend this Policy. Users will be notified of significant changes via the service website or email with 14 days' advance notice.
  2. Current version effective from 4 May 2026.

Home · Terms of Service · Sign in

🍪 We use cookies
We use cookies essential for the service (login, language, consent memory) and — with your consent — Google Analytics 4 analytics. Payment operator cookies may be used during payments. Your choice is remembered for one year.   Cookie details  ·  Privacy Policy