ShopMaps Privacy Policy
ShopMaps can be used locally without creating an account. Data is sent to cloud services only when using features that require an internet connection, such as signing in, groups, sharing lists and deposit vouchers, publishing store maps, and searching for stores near an address.
1. Data Controller
The controller of personal data processed in connection with the ShopMaps app is Dawid Ogły Software.
Dawid Ogły Software, Tax ID (NIP): 6653049635, Business Registry Number (REGON): 522604461, address: ul. Święty Marcin 29/8, 61-806 Poznań, Poland
For privacy-related matters or to exercise your rights, contact: dawidogly@gmail.com.
2. Data We Process
The scope of the data depends on how the app is used.
Data stored locally on the device
- private grocery lists and their items;
- private store maps, categories, and their order;
- local deposit vouchers;
- history, frequently used items, and app settings.
This data remains on the device unless the user chooses to share it. It may be deleted by uninstalling the app, clearing its data, or using the appropriate feature in the app.
Account and sign-in data
- the account identifier and data provided by the selected sign-in provider, such as an email address or name, depending on the account settings;
- the public ShopMaps username and its assigned tag;
- session data required to keep the user signed in;
- the device notification token if the user allows push notifications.
Group data and shared content
- group names, memberships, roles, and invitations;
- shared grocery lists, including list names, items, categories, and quantities;
- shared deposit vouchers, including the code, format, amount, store, scan date, and validity or redemption information.
Publicly shared store maps
- the store name and standardized address;
- geographic coordinates and source location identifiers;
- the layout and order of categories in the store;
- the map creator's name or designation;
- the publication date and the number of times other users added the map.
Address and store searches
When searching for an address, the app sends the entered query, the selected address or its coordinates, and the query language to a ShopMaps intermediary service that uses Geoapify. After selecting “Find near me,” the device's current location is used only to sort public stores locally and is not sent to or stored by ShopMaps.
Technical data
Infrastructure, authentication, and location search providers may process technical data such as the IP address, device information, timestamps, request logs, session identifiers, and diagnostic data in accordance with their privacy policies.
3. Purposes and Legal Bases
Data may be processed to:
- create and manage an account and provide selected ShopMaps features at the user's request;
- synchronize and share data with other group members;
- publish and download shared store maps;
- search for addresses and nearby stores;
- ensure security, prevent abuse, and diagnose errors;
- comply with legal obligations.
The legal basis is primarily the necessity of processing for the performance of a contract or to take steps at the user's request (Article 6(1)(b) of the GDPR), the controller's legitimate interest in securing and maintaining the service (Article 6(1)(f) of the GDPR), and, where applicable, compliance with a legal obligation (Article 6(1)(c) of the GDPR). If consent is required for a specific activity, it will be obtained separately.
4. Data Visibility and Sharing
- Private local data is not automatically sent to the cloud.
- Content shared within a group is visible to its members and may be updated or deleted by them according to their permissions.
- Public store maps are visible to signed-in ShopMaps users.
- Data may be disclosed to authorized authorities when required by law.
5. Service Providers
ShopMaps uses the following third-party services:
- Supabase - authentication, database, real-time synchronization, and server-side functions;
- Google and Apple, and Facebook - optional sign-in providers;
- Geoapify - address search and standardization and nearby store searches;
- Firebase Cloud Messaging - delivery of notifications about new items on shared lists;
- app stores and operating system providers - app distribution and technical operation of the device.
Providers may process data outside the European Economic Area. The scope, location, and safeguards of such processing are governed by the relevant provider's terms and privacy policies.
6. Retention Period and Account Deletion
Account and cloud data is retained while the service is in use and is then deleted or anonymized unless continued retention is required by law, for service security, or to establish, exercise, or defend legal claims. Infrastructure providers may retain logs and backups for the periods specified in their own policies.
The user can delete their account from within the app. Account deletion deletes or dissociates account data, memberships, invitations, and published maps, and deletes shared lists and deposit vouchers created by the user. If the user owns a group, ownership may be transferred to another member, and a group without a successor may be deleted.
Deleting the account does not delete private data stored locally on the device. This data can be deleted in the app or by uninstalling the app or clearing its data. Content created by other users is not deleted with the account.
7. User Rights
Subject to the conditions set out in the GDPR, the user may have the right to access, rectify, and erase their data, restrict processing, receive data portability, object to processing, and withdraw consent where processing is based on consent. Withdrawing consent does not affect the lawfulness of processing carried out before its withdrawal.
Requests can be sent to dawidogly@gmail.com. The user also has the right to lodge a complaint with the President of the Personal Data Protection Office in Poland.
8. Security
ShopMaps uses measures designed to restrict access to data, including authentication, database access rules, and encrypted transmission provided by service providers. However, no method of transmitting or storing data can guarantee complete security.
9. Analytics and Advertising
ShopMaps currently does not use advertising or SDKs for user behavior analytics. Infrastructure providers may collect technical data necessary for the operation, security, and diagnostics of their services.
10. Children's Privacy
ShopMaps is not a service specifically directed at children. A person who, under applicable law, cannot independently accept the terms of service should use the service only with the consent and supervision of a parent or guardian.
11. Changes to This Privacy Policy
This policy may be updated due to changes in app features, providers, or applicable law. The current version and the date of the latest update will be published on this page.
12. Contact and Support
Questions about privacy or how the app works, as well as bug reports, can be sent to dawidogly@gmail.com.