Privacy Policy

1. Data Controller

The data controller responsible for processing your personal data is:

Email: [email protected]

2. What Data We Collect

We collect the following categories of personal data to provide our services:

• Account information — name, email address, and securely hashed password
• Project data — project addresses, status, completion dates, and notes
• Equipment usage — allocation records, return dates, and equipment details
• Drying protocol data — measurement readings, moisture levels, and visit records
• Voice data — audio recordings submitted through the in-app voice assistant, processed for transcription and then deleted
• Organization details — company name and logo
• Technical data — log data (such as IP address and device/app information) necessary for security and troubleshooting

3. Legal Basis for Processing (Art. 6 GDPR)

We process your personal data on the following legal grounds:

• Performance of a contract (Art. 6(1)(b) GDPR) — processing is necessary to provide the services you have subscribed to
• Legitimate interests (Art. 6(1)(f) GDPR) — to improve our services, ensure security, and prevent fraud
• Consent (Art. 6(1)(a) GDPR) — where you have given explicit consent (e.g. for optional communications)
• Legal obligation (Art. 6(1)(c) GDPR) — where processing is required by law

4. Purpose of Data Processing

Your data is used exclusively for the following purposes:

• Managing construction and drying projects
• Tracking equipment allocations and returns
• Recording and reporting drying protocol measurements
• Generating project reports
• Providing AI-powered voice assistant features (transcription and natural language commands)
• Authenticating your identity and securing your account

5. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described above.

If your account is cancelled, personal data will be permanently deleted within 30 days, unless legal retention obligations require otherwise.

Non-personal, aggregated statistics (for example, total project counts) may be retained for internal reporting purposes. These statistics do not contain information that can identify individuals.

6. Data Sharing & Transfers

Your data is only accessible to authorized users within your organization's account.

We do not sell or rent personal data.

To operate the Service, we use trusted data processors under Article 28 GDPR:

• Hetzner Online GmbH (Germany/EU) — hosting infrastructure and storage services
• Amazon Web Services (AWS, eu-central-1 region) — transactional email delivery
• OpenAI, LLC (USA) — AI-powered voice transcription and natural language processing. Audio recordings are sent to OpenAI for processing and are not used by OpenAI to train their models. OpenAI's data usage policy applies (see openai.com/policies/usage-policies).
• Google LLC (USA) — our mobile app uses the Google Maps SDK to display project locations on a map. When you use the map feature, Google may collect technical data such as your IP address, device information, and map interaction data. We do not collect or transmit your device's location; only project addresses stored in our system are displayed. For more information, see Google's privacy policy (policies.google.com/privacy).

Most personal data is processed within the European Union. For AI voice processing, audio data is transferred to OpenAI in the United States under appropriate safeguards, including the EU-U.S. Data Privacy Framework. For the map feature, technical data may be processed by Google in the United States under similar safeguards. No other personal data is transferred outside the EU/EEA.

7. Your Rights (Art. 15–21 GDPR)

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15) — obtain a copy of your personal data
• Right to rectification (Art. 16) — correct inaccurate or incomplete data
• Right to erasure (Art. 17) — request deletion of your data
• Right to restriction (Art. 18) — restrict processing under certain conditions
• Right to data portability (Art. 20) — receive your data in a portable format
• Right to object (Art. 21) — object to processing based on legitimate interests
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time

You also have the right to lodge a complaint with a supervisory authority if you believe your data is being processed unlawfully.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encrypted data transmission (HTTPS/TLS)
• Secure password hashing
• Network-level protection (firewalls and restricted database access)
• Access controls within customer accounts

9. Changes to This Policy

We may update this privacy policy from time to time. The latest version will always be available within the application. The date of the last update is shown at the top of this page.