Privacy Policy

Last updated: 10 May 2026

This Privacy Policy describes how the repark iOS app and its backend service (collectively, "repark", "we", "us") process personal data when you use the service. We follow the EU General Data Protection Regulation (GDPR) and the Czech Personal Data Processing Act (Act No. 110/2019 Coll.).

1. Data Controller

Zoltán Páll, an individual residing in the Czech Republic.
Contact: pallzoltan@gmail.com

2. What We Collect and Why

Data	Why we collect it	Legal basis (GDPR Art. 6)
Email address (when you create an account)	Sign-in, account recovery, communication about your account.	(b) performance of contract
Apple Push Notification (APNS) device token + iOS install UUID	Sending the cleaning reminders you ask for.	(b) performance of contract
Approximate location (only when you tap "Centre on me")	Showing the map centred on your current location. Not stored on our servers.	(a) consent (granted via the iOS permission prompt)
Subscription state (Apple "originalTransactionId", expiry, auto-renew)	Determining whether you have an active repark Premium entitlement.	(b) performance of contract; (c) tax / accounting obligations
Sector subscriptions (which streets you've subscribed to and your reminder times)	Sending the right reminders at the right time.	(b) performance of contract
Server logs (IP address, request path, status code) for up to 30 days	Security, debugging, abuse prevention.	(f) legitimate interest

We do not use third-party advertising networks. We do not track you across other apps or websites. We do not sell your data.

3. How Long We Keep It

Account data (email, sector subscriptions): kept until you delete your account from inside the app, then immediately removed.
APNS device token: kept while the device is active; removed once Apple invalidates the token, you sign out, or you delete the account.
Subscription records: retained for up to 7 years to meet Czech tax/accounting obligations under Act No. 235/2004 Coll. (VAT) and Act No. 563/1991 Coll. (Accounting).
Server logs: 30 days, then automatically rotated out.
Database backups: 14 daily + 8 weekly snapshots; older backups are deleted automatically.

4. Who Processes Your Data on Our Behalf

We use the following sub-processors, each contractually bound to the GDPR Art. 28 standard:

Apple Inc. — App Store, App Store Server Notifications, Apple Push Notification service. Data may be processed in the EU and the US (under the EU-US Data Privacy Framework).
Google LLC (Firebase) — authentication backend (your email and a Firebase user ID). EU-US Data Privacy Framework.
Fly.io, Inc. — application hosting. Data is stored in Frankfurt, Germany (region fra).
Backblaze, Inc. — encrypted database backups, EU region.

5. International Transfers

The Apple and Firebase sub-processors operate in the United States. Data is transferred under the EU-US Data Privacy Framework adequacy decision (C(2023) 4745 final).

6. Your Rights

You have the right to:

Access the personal data we hold about you.
Rectify inaccurate data.
Erase your account and all associated data — use "Delete account" in the app's Account screen, which removes the data immediately.
Restrict or object to certain processing.
Receive your data in a portable format (write to us at the address above and we'll send a JSON export within 30 days).
Withdraw consent for location access via iOS Settings → repark → Location.
Lodge a complaint with the Czech supervisory authority: Úřad pro ochranu osobních údajů (ÚOOÚ), Pplk. Sochora 27, 170 00 Praha 7, www.uoou.cz.

7. Children

repark is not directed at children under 16. We do not knowingly collect personal data from anyone under that age.

8. Security

All connections to repark use TLS 1.2 or later. Account passwords are managed by Firebase Authentication and never reach our servers in plaintext. Database backups are encrypted at rest.

9. Changes to this Policy

We will update the "Last updated" date above when this policy changes. Material changes (new sub-processors, new data categories) will be announced via the in-app account screen or by email.

10. Contact

Questions about this policy or your data? Email pallzoltan@gmail.com.