Privacy without ambiguity
Privacy Policy
Kaucio does not require an account, and voucher data stays on your device. The app, kaucio.pl website and email contact are explained separately.
1. Key points
- The app works without an account and contains no advertising.
- Photos, OCR text, codes and saved voucher details stay on the device.
- Kaucio has no proprietary cloud service or in-app analytics.
- The website uses Vercel hosting and Web Analytics.
- Email correspondence is handled by Google's Gmail service.
- We do not make automated decisions or profile users.
2. Controller and contact
The personal data controller is Stanisław Stawowski, acting as a private individual. You can contact the controller at kontakt.projektquovadis@gmail.com.
You can use this address to ask a question, submit a request concerning your data or report a security issue.
3. Data in the Kaucio app
What the app stores
After you take a photo, Kaucio can process the voucher image, suggest a crop, recognise text and detect a barcode or QR code. The image, a code crop, OCR text and information entered or corrected by the user can be stored on the device, for example the amount, voucher number, code value and dates.
Where processing takes place
Image, text and code recognition runs locally using iPhone system features. Kaucio does not send voucher photos or data to the creator's server, does not require an account and does not provide its own cloud synchronisation.
Permissions
- Camera: to photograph a paper voucher.
- Photos: to choose an image when the user starts this action.
- Notifications: for local reminders about a date saved in the app.
You manage permissions in iOS settings. Refusing a permission only limits the feature that needs it.
Deleting data
App data stays on the device until you delete it in Kaucio or uninstall the app. The creator cannot access it or delete it remotely. A system device backup, if enabled, is governed by your settings and Apple's terms.
4. Data when using kaucio.pl
Vercel Web Analytics
The website uses Vercel Web Analytics to measure aggregate visit counts, page popularity and general traffic sources. The service is designed without third-party analytics cookies and does not give the Kaucio owner an identifiable person's browsing history. According to Vercel documentation, an individual measurement may include the visit time, page URL, referring page after parameters are filtered, approximate region, operating system, browser and device type. The technical session identifier used to reduce repeat counting is discarded after 24 hours. Details are provided in the Web Analytics privacy documentation.
Hosting and security
Vercel serves the website and may process standard request data such as the IP address, connection time, requested page, browser and device information. This data is used to deliver the website, diagnose failures and protect it against abuse.
Cookies and advertising
Kaucio.pl does not use advertising cookies, conduct behavioural marketing or sell user data. If a future feature requires consent, this policy and the consent mechanism will be updated before that feature is enabled.
5. Email contact
When you send a message, we process your email address, the correspondence and any information you provide voluntarily. The data comes directly from you. Providing it is voluntary, but without a return address and the content of your request we cannot reply.
Email is handled by Google's Gmail service. Do not send voucher photos, codes or other data that is not needed to explain the issue.
6. Purposes and legal bases
Where the GDPR applies, data is processed for the following purposes:
- answering a question, handling a request and taking pre-contractual steps at your request: Article 6(1)(b) GDPR;
- maintaining website security and reliability, measuring its general use, preventing abuse, and establishing, pursuing or defending claims: legitimate interests under Article 6(1)(f) GDPR;
- complying with a legal obligation, for example properly handling a data subject request: Article 6(1)(c) GDPR.
Where processing is based on Article 6(1)(f) GDPR, you may object on grounds relating to your particular situation.
7. How long we keep data
- App data stays on the device until the user deletes it or uninstalls Kaucio.
- Correspondence is kept while the matter is handled and afterwards only as long as necessary to document the response, meet a legal obligation or protect against claims.
- Technical and statistical data is kept according to Vercel service settings and retention periods, no longer than necessary for the stated purposes.
The period is assessed by reference to the purpose, scope of data, risk to the person and applicable legal time limits. When the purpose ends, data is deleted or anonymised.
8. Recipients and transfers outside the EEA
Vercel may receive access as the hosting and analytics provider, and Google as the email provider. Data may also be disclosed to an authorised public authority when required by law. We do not disclose it to data brokers or advertising networks.
Providers may process data outside the European Economic Area. In that case, the transfer should rely on a mechanism under Chapter V GDPR, such as an adequacy decision or standard contractual clauses, together with supplementary safeguards where needed. Details are provided in the Vercel privacy policy and the Google privacy policy.
9. Your rights
Within the limits set by the GDPR, you may request:
- access to your data and a copy of it,
- rectification of inaccurate data,
- erasure of data or restriction of processing,
- data portability where the statutory conditions are met,
- objection to processing based on legitimate interests.
Send your request to the contact address above. A response should be provided without undue delay and, as a rule, within one month. For a particularly complex request, the deadline may be extended in accordance with Article 12 GDPR, and you will be informed.
You also have the right to lodge a complaint with the President of the Personal Data Protection Office if you believe that your data is processed unlawfully.
Voucher data stored only on the device is not available to the Kaucio creator. You can manage it directly in the app and in your device settings.
10. Security and processing principles
We limit data to information needed for the relevant purpose. Organisational and technical measures are selected with regard to risk and the principles of data minimisation, purpose limitation, accuracy, storage limitation, integrity and confidentiality under Articles 5 and 32 GDPR.
No transmission or storage method removes all risk. If you suspect an incident, contact us at the address above.
11. No profiling or automated decisions
Kaucio does not use data for profiling, behavioural advertising or decisions that produce legal effects or similarly significantly affect a user. Text and code recognition only suggests data that the user can correct.
12. Policy changes and legal sources
This policy may change with app features, providers or the law. The date of the current version appears at the top of this page. Material changes will be explained clearly before they take effect.
The principal legal sources are the General Data Protection Regulation, in particular Articles 5, 6, 12, 13, 14 and 32, and the Polish Personal Data Protection Act of 10 May 2018.