punchly-privacy

Privacy Policy for Punchly

Effective Date: 06/01/2025 Last Updated: 15/01/2025

Introduction

This Privacy Policy describes how Punchly (“we,” “our,” or “us”) collects, uses, and protects your information when you use our mobile application Punchly (the “Service”).

Information We Collect

Personal Information

• Email Address: For account creation and communication
• Name: For user identification and team collaboration
• Profile Photo: Optional, for user identification
• Company Information: Company name and phone number (optional)

Location and Localization Data

• Time Zone: Your device’s time zone for proper scheduling and notifications
• Language Preference: Your preferred language for app interface
• Country and City: General location information for localization and regional features
• Note: We do not collect precise GPS location data

Professional Information (Optional)

• Job Title/Position: For team organization and role-based features
• Industry/Sector: To provide industry-specific templates and features
• Company Size: For tailored feature recommendations
• Experience Level: To customize onboarding and help content

Project and Usage Data

• Project Information: Project names, descriptions, categories, and metadata
• Punch List Data: Punch descriptions, status, priority, discipline, and assignments
• Photos and Attachments: Images and files you upload to projects
• Comments and Notes: Text content you create within the app
• Location Descriptions: Text-based location descriptions you enter (e.g., “2nd Floor”, “Main Entrance”)

App Usage and Preferences

• Usage Statistics: Features used, session duration, project creation frequency
• Notification Preferences: Your choices for different types of notifications
• Theme Preference: Light, dark, or system theme selection
• Default Settings: Your preferred project categories and disciplines
• Onboarding Status: Whether you’ve completed the initial setup process
• Last Login Date: For account security and activity tracking

Technical Information

• Device Information: Device model, operating system name and version
• App Version: Version of Punchly you’re using
• Performance Data: App performance metrics and crash reports
• Authentication Data: Login methods used (email, Google, Apple)
• Sync Status: Data synchronization information across devices

How We Use Your Information

We use your information to:

Core Functionality

• Provide and maintain the Punchly service
• Enable team collaboration and project management
• Sync your data across devices securely
• Authenticate your account and maintain security

Personalization and User Experience

• Customize the app interface based on your preferences
• Provide localized content and features
• Suggest relevant project templates and categories
• Tailor onboarding experience to your skill level

Communication and Notifications

• Send important notifications about your projects
• Provide customer support and respond to inquiries
• Send optional updates about new features (with your consent)
• Deliver time-sensitive project alerts in your time zone

Analytics and Improvement

• Analyze app usage to improve performance and features
• Understand user needs for product development
• Generate anonymized usage statistics
• Identify and fix technical issues

Data Storage and Security

Cloud Storage

Your data is stored securely using:

• Firebase (Google Cloud): For real-time database, authentication, and analytics
• Industry-standard encryption: AES-256 encryption both in transit and at rest
• Regular security audits: Continuous monitoring and security assessments
• Data redundancy: Multiple backup systems to prevent data loss

Local Storage

• Some data is cached locally on your device for offline functionality
• Local data is encrypted using iOS/Android security features
• Sensitive information is never stored in plain text locally

Data Processing Locations

• Primary data processing occurs in Google Cloud data centers
• Data may be processed in multiple regions for performance and redundancy
• All processing locations maintain equivalent security standards

Third-Party Services

We use the following third-party services:

Firebase (Google)

• Purpose: Authentication, real-time database, analytics, crash reporting, cloud messaging
• Data Shared: Email, usage analytics, crash reports, device tokens
• Privacy Policy: https://policies.google.com/privacy

RevenueCat

• Purpose: Subscription and purchase management
• Data Shared: Purchase history, subscription status, user ID
• Privacy Policy: https://www.revenuecat.com/privacy

Apple Services

• Purpose: App Store, Sign in with Apple, device integration, push notifications
• Data Shared: As required by iOS platform and user consent
• Privacy Policy: https://www.apple.com/privacy/

Google Services

• Purpose: Sign in with Google, cloud infrastructure
• Data Shared: Basic profile information (with consent), usage data
• Privacy Policy: https://policies.google.com/privacy

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

With Your Explicit Consent

• When you invite team members to collaborate on projects
• When you choose to share project data with external stakeholders
• When you opt-in to marketing communications or surveys

For Legal Compliance

• When required by law, regulation, or legal process
• To comply with valid government requests
• To protect against legal liability

For Safety and Security

• To protect rights, property, or safety of users
• To prevent fraud, abuse, or security threats
• To investigate violations of our terms of service

Business Transfers

• In case of merger, acquisition, or asset sale (with user notification)
• Data protection standards will be maintained in any transfer

Service Providers

• With trusted third-party service providers who assist in app operations
• Only necessary data is shared under strict confidentiality agreements
• Service providers are prohibited from using data for their own purposes

Your Rights and Choices

You have the following rights regarding your personal information:

Access and Portability

• View Your Data: Access all personal information we have about you
• Export Data: Download your projects and data in standard formats
• Data Summary: Request a summary of data processing activities

Control and Correction

• Update Information: Modify your profile and preferences at any time
• Correct Errors: Fix any inaccurate information in your account
• Manage Preferences: Control notification and privacy settings

Deletion and Restriction

• Delete Account: Permanently delete your account and associated data
• Selective Deletion: Remove specific projects or data categories
• Restrict Processing: Limit how we use your data in certain circumstances

Communication Preferences

• Opt-out: Unsubscribe from marketing communications
• Notification Control: Manage which notifications you receive
• Contact Preferences: Choose how we communicate with you

To exercise these rights, contact us at ayhanulker1@gmail.com with your request and account information.

Data Retention

We retain your information based on the following criteria:

Active Accounts

• Personal information: As long as your account is active
• Project data: Until you delete projects or your account
• Usage analytics: Up to 2 years for service improvement

Deleted Accounts

• Most personal data: Deleted within 30 days of account deletion
• Some technical data: May be retained for up to 90 days for security purposes
• Legal requirements: Some data may be retained longer if required by law

Inactive Accounts

• Accounts inactive for 3+ years may be subject to deletion
• We will notify you before deleting inactive accounts
• You can reactivate your account to prevent deletion

Children’s Privacy

Punchly is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will:

• Delete the information immediately
• Terminate the account
• Notify parents/guardians if contact information is available

International Data Transfers

Your information may be transferred to and processed in countries other than your own, including:

• United States (Google Cloud data centers)
• European Union (for EU users, data may be processed within EU)
• Other countries where our service providers operate

We ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) for EU data transfers
• Adequacy decisions where applicable
• Other legally recognized transfer mechanisms

Cookies and Tracking Technologies

In-App Analytics

• We use Firebase Analytics to understand app usage
• Analytics data is anonymized and aggregated
• You can opt-out of analytics in app settings

No Web Cookies

• As a mobile app, we do not use traditional web cookies
• Similar technologies (like device identifiers) are used for analytics
• These can be reset through your device settings

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new policy in the app with prominent notice
• Sending an email notification to your registered email address
• Requiring acknowledgment of changes for significant updates
• Updating the “Last Updated” date at the top of this policy

Types of Changes

• Minor updates: Clarifications or administrative changes
• Material changes: Changes affecting how we collect, use, or share data
• Major changes: Fundamental changes to our privacy practices

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Email: ayhanulker1@gmail.com Response Time: We aim to respond within 48 hours Language: We can respond in English or Turkish

For urgent privacy concerns, please mark your email as “URGENT - Privacy Request”

Compliance and Certifications

This Privacy Policy and our data practices comply with:

International Regulations

• GDPR: General Data Protection Regulation (European Union)
• CCPA: California Consumer Privacy Act (United States)
• PIPEDA: Personal Information Protection and Electronic Documents Act (Canada)

Platform Requirements

• Apple App Store Guidelines: iOS privacy requirements
• Google Play Store Policies: Android privacy requirements
• Firebase Terms: Google Cloud privacy standards

Industry Standards

• ISO 27001: Information security management
• SOC 2: Security, availability, and confidentiality controls
• Privacy by Design: Proactive privacy protection principles

Definitions

Personal Information

Any information that can be used to identify you directly or indirectly, including but not limited to name, email address, device identifiers, and usage patterns.

Processing

Any operation performed on personal data, including collection, storage, use, disclosure, and deletion.

Data Controller

Punchly acts as the data controller for your personal information, meaning we determine how and why your data is processed.

Data Processor

Third-party services (like Firebase) that process data on our behalf according to our instructions.

---

Effective Date: This policy is effective as of the date listed at the top and applies to all information collected on or after that date.

Previous Versions: Previous versions of this policy are available upon request.

Language: This policy is available in English. In case of conflicts, the English version prevails.