Build and Track

Privacy Policy – Build and Track Mobile Application

§1 General Provisions

1.1. This Privacy Policy sets out the rules for collecting, processing, and storing personal data necessary for providing services via the Build and Track mobile application (hereinafter referred to as the “Application”) by HIGH HEELS CODE Spółka z ograniczoną odpowiedzialnością (limited liability company).

1.2. The data controller is HIGH HEELS CODE Sp. z o.o. with its registered office in Bielsko-Biała, Poland (43-382), ul. Stanisława Skrzydlewskiego 9/25, entered into the National Court Register under KRS number: 0000999116, NIP: 5472233978, with a share capital of PLN 30,000.00 (hereinafter referred to as the “Controller”).

1.3. A User is any natural person using the services provided via the Application.

1.4. By registering in the Application and accepting this Privacy Policy, the User agrees to the collection and processing of their personal data.

1.5. Personal data may be used to send marketing and promotional information, only if the User gives explicit consent to receive such messages.

1.6. Use of the Application signifies the User’s acceptance of this Privacy Policy and the Terms of Service.

§2 Automatically Collected Data

2.1. The Application collects only non-personal data automatically (e.g., usage statistics, crash reports). These are referred to as “Automatically Collected Data.”

2.2. Automatically Collected Data cannot directly identify the User.

2.3. These data may be used to improve service quality, e.g., by analyzing error events or device behavior at the time of a crash.

2.4. Automatically Collected Data cannot be modified or deleted.

§3 Data Collected for Contact

3.1. When contacting the Controller via forms or support features, the following data may be required: name, surname, email address, phone number, and optionally company tax number (NIP).

3.2. Providing this information is voluntary but necessary to enable effective communication and verification.

§4 Personal Data Collection

4.1. During registration and use of the Application, the User may be asked to provide personal data necessary for the provision of services.

4.2. Collected data may include: name, surname, email, phone number, company name, tax number, account credentials (username, password), and organizational role.

4.3. The Application also collects:

  • Photos of users, organizations, projects, and reports,
  • PDF documents,
  • Data regarding owners and employees of companies (organization members),
  • Geolocation coordinates of projects (not real-time GPS tracking).

§5 Data Processing

5.1. Personal data are encrypted before being stored in Firebase Firestore and Firebase Storage.

5.2. Data are processed to provide application functionalities, support team collaboration, project tracking, and reporting.

5.3. Users only have access to the data of their own organization.

§6 Rights and Obligations of the Controller

6.1. The Controller undertakes to process personal data in accordance with the GDPR and applicable EU/Polish regulations.

6.2. Appropriate technical and organizational measures are used to protect data against unauthorized access, loss, or damage.

6.3. Data are retained as long as necessary to provide services or until an organization is removed.

6.4. The Controller may retain anonymized statistical and business contact data (e.g. company name, NIP, number of users, size of organization) for analytical and marketing purposes, even after a user’s account or organization is deleted.

6.5. Data may be shared with:

  • Law enforcement or supervisory authorities upon lawful request,
  • External service providers (in the future, e.g., ERP or invoicing integrations), provided a data processing agreement is signed.

Currently, no personal data is shared with third parties.

§7 User Rights

7.1. Users may view, modify, or delete their personal data using in-app tools.

7.2. Permanent deletion of essential data may result in loss of access to services.

7.3. Users cannot delete their accounts independently; requests for removal must be submitted via the Application (Settings → Organization → Request deletion).

7.4. Account deletion (e.g. employee accounts) does not remove activity history (e.g., daily reports), which is retained until the owner deletes the organization.

7.5. After one month of unpaid subscription, the Controller may remove organization data, upon prior notice.

7.6. When an organization is deleted by the owner, all related data (including photos and documents) are permanently removed from the system, except statistical data as outlined in §6.4.

§8 Application Details

8.1. Login is done via email and password only. Email verification is required.

8.2. The application is not publicly accessible without an account.

8.3. The application uses Firebase Authentication, Firestore, Firebase Storage, and Google Analytics.

§9 Contact Information