mickbitsoftware

Terms of Use for Poyki

Below, we will clarify a few things and set some rules for using Poyki. For using Poyki, you have to be okay with these rules. If you are not okay with them, please stop using Poyki and uninstall Poyki now. A Family Space is a shared and synchronized database which can be used by up to 20 users simultaneously. We may change this number at a later point in time. Each Family Space has a unique ID which is generated automatically and randomly for you. Every user joining / using the same Family Space (i.e. using the same Family Space ID) will use / work on the same data. Using Family Spaces is a paid feature of Poyki. You may still use it for free if another user unlocked a Family Space with a "Poyki Sync Family" subscription. Unlocked Family Spaces can be used for free by up to five users. We may change this number at a later point in time. Everyone who knows the Family Space ID of a shared family space can access it, edit it and delete it. If one member of a family space requests deletion or changes of/within the family space (e.g. the recipe of Granny's Cheesecake), he/she has the right to do so. Deletions and changes will be synchronized with the other members of the Family Space. The Family Space ID cannot be changed. The app may only be used for its intended purpose, as described on the website poyki.app.

It is prohibited to use the app to save or share texts or images with or about content unrelated to the app's purpose, which is a shopping list, recipe database, package list, and stock kitchen inventory list. Disallowed content therefore includes but is not limited to references to illegal substances, sexual content and profanity. When using a shared database (Family Space) you have the option to report abuse or inappropriate content for the used Family Space. When we receive a report about abuse or inappropriate content, we will double-check the reported issue and take appropriate action. We will also monitor uploaded content on a regular basis for violations against our terms of use. We may remove inappropriate content, disable access to single Family Spaces or block users not respecting our terms of use.

We cannot be held accountable for any harm the app caused or may cause. The app user is responsible for creating and keeping a backup of his/her Poyki data. Also, a copy of the Family Space ID has to be stored or noted in a secure way as a backup. It's your responsibility to double-check and confirm all calculated amounts, shopping list items etc. by hand. The shared database (Family Space) has to be used on a fair-use basis. Excessive reading from or writing to the database may result in temporary or permanent blocking your app or Family Space.

We may stop our service and cancel and refund your subscription at any time. We may change the price of subscriptions at any time. We may change the price of currently paying customers independently from the price for new customers.

In case of a raise of the subscription price, you will be notified by Google Play and will have to approve the price change. If you don't accept the higher subscription price, your subscription will be cancelled.

The actual price is the price shown on Google Play. Subscriptions can and must only be purchased via the same app store where the app was downloaded from. Existing customers may cancel the automatic renewal of their subscription at any time from Google Play. Changes to the subscription (e.g. cancellation, pause) have to be done via Google Play (app or website).

Subscriptions always last full billing cycles. Once a subscription is purchased for a period, it is valid through that period and cannot be cancelled. You can opt out of the auto-renew, but the purchased subscription is not cancelled immediately. After opting-out of auto-renew, you can still use your subscription until the end of the billing cycle.

You can change your subscription plan (Poyki Sync Family / Poyki Sync Friends) while your subscription is active. In this case your already paid fee will be prorated.

It's your own responsibility to cancel a subscription you don't need or don't use anymore. Subscriptions have to be canceled via Google Play. Subscriptions cannot be canceled directly from the Poyki app. Uninstalling an app does not automatically cancel your subscriptions.

Family Spaces will be deleted if not used for one year. This is independent from any active subscriptions. In case of requests or issues, please contact us at poyki@poyki.app. We may change the privacy policy and terms of use at any time. In case of changes, both have to be accepted again when the app starts up. By using the app, you agree to the latest terms of use and to the latest privacy policy. If you don't agree to changes to the terms of use, please contact us and request a refund of already paid subscription fees. Place of jurisdiction is Graz, Austria

In case of discrepancies between the translated terms of use or privacy policy, the original German version has to be applied.

Thank you for your trust in Poyki. We hope that it simplifies and improves your (grocery shopping) life.

Privacy Policy for Poyki

We value your privacy which is why we want to let you choose your privacy settings and inform you how we use/process/store your data and which third party services we use. On first start of the app you can set privacy-related settings and you can change them later in the app settings.

Introduction

Poyki is a smartphone app which allows to keep track of your kitchen inventory, your recipes and packages. Based on a cooking schedule, Poyki creates a shopping list for you.

In Poyki you have the option to use a local database which is stored on your device only or you may use a shared, synchronized, cloud-based database. We call that feature "Poyki Sync". If you use a shared database, you have to join a so called "Family Space". Data within the same Family Space will be shared with everyone who has joined the same Family Space. For accessing a Family Space, the corresponding Family Space ID is needed. It looks similar to the following example: 12345678-12345678-12345678-12345678. Everyone who knows this ID can access the corresponding Family Space (read and write). Therefore, this ID has to be kept secret. Only those who should be allowed to access the Family Space should receive the Family Space ID.

Example: User Alice decides to use the shared database. She joins family space with ID 12345678-12345678-12345678-12345678. User Bob also uses the same Family Space ID. Bob and Alice now will see the same recipes, ingredients, shopping list etc. This is made possible by using a cloud-based service called Firebase. More details see below.

Services we use

This section provides an overview of services we use for Poyki. More details about processed and stored data, data retention etc. can be found after this section further below.

Optional Services

The app is able to work without the following services.

App insights

The following services are used for us developers to gain more insight in the users' and apps' behavior for being able to improve the app. The app can function without them, but at the same time the data we get from these services is very valuable for future development of Poyki. You, as a user, can choose to not enable these services in case you have privacy concerns. The services are disabled on first start of the app until the user decides himself/herself to activate or deactivate these services.

Google Analytics for Firebase

Collection of anonymous usage statistics which help us to improve our app and service by learning how the app is typically used and which features are used to which extent. We collect statistics about interactions with the user interface, for example button clicks. We do not collect unique ids such as user ids Family Space IDs, order IDs or IP addresses. For us, it is not possible to track back for example certain button clicks to specific users.

Firebase Crashlytics

Collection of crash reports and exceptional app behavior such as unexpected errors which help us to find and fix bugs and crashes and to improve the app's overall stability. Together with crash reports, we send the last actions the user performed before the crash occurred (e.g. button clicks) (logs) so it's easier for us to find the reason for the crash. Sending of crash and error reports or the inclusion of logs can be deactivated by the user.

Essential Services

The following services are required for the app to work as intended.

Firebase Remote Config

Provides configuration data used by the app. This configuration data is created by the app developer and consumed by the app by contacting Firebase servers. Reading configuration data from servers is only done after the user has accepted the privacy policy.

Services for synchronization feature

If you switch to the sync database (or in other words: if you use a Family Space, or respectively the "Poyki Sync" feature), we will use the following services. These services are needed for synchronization of your shared database with other members of your Family Space.

Firebase Firestore

Firestore is the database service we use for the "Poyki Sync" feature (i.e. the synchronized database or a so-called Family Space). The database stores data about ingredients, recipes, schedule, shopping list, packages and settings. We do not use Firestore if the local database is used.

Cloud Storage for Firebase

Stores the images the user provides for recipes and packages if Poyki Sync is used. We do not use Cloud Storage if the local database is used.

Poyki API

Our API servers are hosted by world4you.com. World4You complies with GDPR and is based in Linz, Austria. The API servers host an API (Application Programming Interface) which provides additional required functionality for Poyki: Validation of subscription receipts and Firebase Cloud Messaging (FCM) ID management (more details see below). All communication with the API servers is secured (encrypted) with SSL (https), which means that messages from and to our hosting provider's servers cannot be listened to or manipulated by an unauthorized 3rd party by current security standards.

Firebase Authentication

Provides authentication features to secure the Firestore Database and Cloud Storage. This is required to protect the remote databases to be accessed by unauthorized users.

Firebase Cloud Messaging (FCM)

For the "Poyki Sync" feature we use Firebase Cloud Messaging (FCM) for sending notifications to other users sharing the same Family Space ID. We use FCM for both sending user visible notifications and silent notifications which are used for making the synchronization feature more reliable while the app is not actively running. We are also using FCM to occasionally send push notifications to app users. These push messages are sent by the developer and may contain messages about Poyki or other topics. You can disable display of these messages from Android's notification settings for Poyki without deactivating FCM completely.

Note that you can deactivate all FCM related features. This will have some negative impact on the functionality of the app (synchronization will be less reliable, and you won't be able to receive certain notifications).

Services for app updates and billing of subscriptions

Google Play

Google Play app version data is used to check for app updates. It will notify you if there is an update available for Poyki.

Google Play Billing

Handles purchase of subscriptions and handles payment. This is all handled by Google. We do not get access to your personal data, such as credit card data or your name / address etc.

Data we process and store

Poyki Database

The Poyki database contains your data about ingredients, recipes, schedule, shopping list, packaging and app settings. For each entry the last change date and the username of the user who last edited the entry are stored. Your username can be any name or even just an emoji - it doesn't have to be your real name. It's only used for family members to recognize you. You can export data stored in your local and/or synchronized database at any time from within the app. You can also delete all your Family Space's data from within the app. Warning: if you delete your synchronized database, the data will be deleted for all other members of the same Family Space as well! Your local database is stored on your device only. Your sync database is stored in Firebase Firestore. Firebase Firestore is a service provided by Google and allows real-time synchronization of data between devices. We will delete Family Space's data (entries and corresponding images) within one month if it was not used for more than one year. The deletion is done independently from any active subscription. We do not associate billing information with used Family Spaces in a way we could reliably link active subscriptions with actively used Family Spaces, so there is no way for us to know whether or not there is an active subscription related to an actively used Family Space.

Image Data

In case you add images to recipes or packages these images will be cropped and resized and stored on your device. For your local database the images are only stored locally on your device. For your sync database your images will be uploaded to Firebase Cloud Storage, a service provided by Google. This way other users sharing the same database can download the images from there and see the same images. You can download and save the previously uploaded images from within the app. You can also delete them from the app. We will delete your data if the corresponding Family Space is deleted (see above).

Analytics and Crashlytics

With Analytics and Crashlytics (both services provided by Google's service Firebase) we track the usage of the app. Both is deactivated when the app first starts and you can choose to enable it if you wish to help us improve the app. When accepting this privacy policy while the corresponding switches are turned on, Analytics and Crashlytics will be activated. With Analytics we track screen views and certain actions in the app anonymously: button clicks, change of certain settings, usage duration of the app etc.

We do not send any unique IDs to Analytics (FCM ID, Family Space ID, Order ID etc.) and we do not send any text you entered to Analytics (e.g. text searches, username, label names, ingredient names etc.). We solely track certain events and screen views. The data we track with Analytics helps us to identify areas of the app which are used often and areas of the app which are not well accepted by our users. Data retention for Analytics is set to 2 months. This means that after 2 months individually tracked Analytics data will be deleted by Google. Aggregated data may be stored longer. With Crashlytics we track app crashes and severe unexpected app errors. An app crash report contains technical information about the crash itself, where in the code it happened and technical information about the user's device. If enabled by the user, we also send the last few events and actions (i.e. the app log) with the crash report. This includes which buttons were clicked, which screens were visited inside the app, which APIs were used. This way we can better understand which actions led to the crash. Same as for analytics, we do not send any unique IDs or text input to Crashlytics. Sending logs with crash reports is optional - you can enable crash reporting but disable inclusion of logs. Crash reports are essential for us to improve the app and to fix severe app issues. The more information we get about the crash itself and about what happened right before the crash, the more likely it is that we can actually find and fix the issue. According to Firebase's privacy information document (link see below) crash data is retained for 90 days.

Google Play Billing

Payment of subscriptions happens outside of our app - it is completely handled by Google Play, which is provided by Google. All we, as app developers, get from Google is a receipt, an order number and information about the ordered product (or subscription). The receipt we can use to check and verify if the user made a successful purchase. Personal data such as credit card data, your name, address etc. remains at Google and is not accessible by us. We do not get access to any of these personal data. This also means, that in case of questions or requests about your payment, you have to send us your Google order number. To verify the purchase receipt, we send the receipt data to our API servers. On our API servers the receipt is validated and exchanged for a token (a unique code). This token is then sent to Firestore and Cloud Storage with each request. Firestore and Cloud Storage then verify the token. This is implemented using Firebase Authentication. Only if the token is valid, access to the Firebase databases is granted. The token does not contain any personal information is only stored on your device. On your device, the token is stored for a limited time before it expires and is exchanged for a new token. This ensures that only paying customers can access our database and prevents fraud and protects from unauthorized database access.

Poyki API

This section describes the data sent and processed by the Poyki API. The Poyki API is hosted by our hosting provider World4You. Validation of subscription receipts: After a subscription was purchased by the user, the app receives a receipt from the app store. This receipt contains data about the bought product and a digital signature. It does not contain personal data of the buyer. This receipt is sent to our hosting provider's servers where it is verified and exchanged for a token. This token is needed to use the synchronized database (Firestore, Cloud Storage). Neither the receipt nor the token is stored on our hosting provider's servers after the validation request is finished. For being able to know which Family Space is unlocked by a "Poyki Sync Family" subscriber, we store a mapping of the user's subscription order ID and the corresponding unlocked Family Space ID. The family space is unlocked for one month after the last use of the family space with a "Poyki Sync Family" subscription. After that period the expired mapping data is deleted from our servers within one month. FCM ID management: In order to be able to send FCM notifications to specific devices, we need to know their "address". Therefore, we store a mapping of the FCM IDs of the users' devices and the last used Family Space IDs in a database on our hosting provider's servers. Details see below.

Firebase Cloud Messaging (FCM) ID

To improve synchronization between devices, to send (deactivatable) notifications between users of the same Family Space and to send push-notifications from the developer, we are using Firebase Cloud Messaging (FCM), a service provided by Google. For FCM to work, FCM creates a unique ID (or "token") for your device. The ID is like an address so FCM knows where to send the messages to. Poyki has to tell FCM which FCM addresses certain messages should be sent to. Therefore, Google's servers need to know about the devices' FCM IDs and we, as app developers, need to maintain a mapping of FCM IDs and Family Space IDs on our hosting provider's servers (see API servers). You can delete your FCM ID and the FCM-ID-to-Family-Space-ID-mapping anytime from within the app and you can deactivate FCM ID storage on our API servers completely. You can do this from Poyki's app settings by choosing "Delete FCM Token". In case you don't delete your FCM ID manually by clicking the button, we will delete the FCM-ID-to-Family-Space-ID-mapping from our servers within one month after it was last updated. After this time frame, you have to use Poyki once to get your FCM ID re-registered. The FCM ID will only be generated and re-registered if you have the feature activated. When you uninstall the app or delete the app's app data the FCM token will be deleted from your device. Next time you use the app again while having any of the features enabled which require FCM, a new random token will be generated. Note that uninstalling the app or deleting the app data does not automatically delete the token from our servers. Without registered FCM ID you will not be able to receive Family Space related notifications. Also, the synchronization feature will work less reliably while Poyki app is paused or backgrounded. Another feature we use FCM for is to send push notifications to Poyki users, independent from the used database and independent from the used Family Space. The notifications are sent by the app publisher and may contain information about Poyki or other topics. You may deactivate display of these notifications from Android's notification settings for Poyki. For this function, the above described mapping is not needed and therefore these push notifications work without an FCM ID entry in our server's database. On first start of the app the FCM ID won't be generated and registered immediately, but only after the FCM features are activated by your consent and after accepting the privacy policy. No mapping will be stored as long as you are using your local database only.

Summary:

IP-Addresses

Please note that when contacting a server, your IP address will be sent to that server. This is inevitable, because that's how the internet works. So the services mentioned above will receive your IP address. It is possible that your internet provider may determine your identity via your IP address. According to their own policies, the services we use, use your IP address only to fulfil the server request. The services may log server access time together with your IP address for technical or diagnostic reasons. This is described in the privacy policies of the respective services.

E-Mail

You can contact us anytime via poyki@poyki.app. Of course, if you send us an email, we will receive your email address. Our email server is located in Linz, Austria and hosted by World4You. After we have successfully processed your request(s) you sent us via email, we will delete your emails within one month. We will not use your email address to sent you promotional or other unwanted messages and we will not hand out your email address to unauthorized third parties.

More information about data processing

We do not show ads from ad networks in the app nor on our website. We disable Analytics and Crashlytics when the app first starts until the user actively decides to deactivate or activate the services by clicking the continue button on the Privacy Policy page shown on first app start. Not required cloud services for using the local database (e.g. Firestore, Cloud Storage) will only be enabled after switching to a shared Family Space ("Poyki Sync"). Please note that the use of any web service (visit of a website, use of an API or cloud-based service) will transmit your device's IP address to the server handling the request. To protect our accounts and therefore your data, we use secure passwords and 2-factor authentication for our accounts at Google and Firebase as well as for our hosting provider. We use secure connections (https) for all services.

We, as app developers, have access to all synchronized databases and corresponding image data. We access this data solely to provide intended functionality of the Poyki service, for monitoring compliance of uploaded data with our terms of use, and for diagnostic or debugging reasons. In particular, we do not sell your data to third parties or use your data for personalized ads.

For the Firebase services and Google Play services, Google LLC is data processor. Google LLC is based in the USA and processes data there. The European Court of Justice has not certified the USA as having an adequate level of data protection. In particular, there is a risk that your data may be accessed by US authorities for control and monitoring purposes and that no effective legal remedies are available. Google obligates itself to be subject to GDPR. However, since the termination of the "Privacy Shield" agreement between EU and USA, due to US laws, it cannot be guaranteed that all privacy related rights of EU citizens can be enforced. For example, Google could be forced by the US government to hand out user data, and therefore the US government could get a copy of data from EU citizens. In this case, enforcement of rights EU citizens have due to GDPR, may be difficult or even impossible (e.g. erasure or correction of inaccurate personal data). Wherever possible, we have chosen a location in the EU for Google servers, but not all Google services allow such a server location selection. Therefore, it is possible that certain data might be transmitted to Google servers in the USA. Note: The "Cloud Act" obliges American Internet companies and IT service providers to guarantee US authorities (and also the secret services) access to stored data even if it is not stored in the USA. When using services by Google (and therefore also by using this app) you deliberately take that risk.

For the Poyki API on mickbitsoftware.com and Poyki Website poyki.app as well as the email address poyki@poyki.app, World4You is hosting provider and therefore data processor which complies with GDPR.

Server locations

Google Cloud Platform resource location (Firestore, Cloud Storage) is "eur3 (europe-west)". API Server and API database hosted by World4You Internet Services GmbH and is located in Linz, Austria.

Your rights

According to GDPR you have the right to:

If you believe that the processing of your data violates data protection law or that your data protection claims have been violated in any other way, you can complain to the supervisory authority.

Please find more information on your rights and the GDPR in general on https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/my-rights/what-are-my-rights_en

Contact

App publisher and developer and responsible for data processing

Michael Brodacz-Geier
Radegunder Straße 6a/18
8045 Graz
Österreich

In case you have questions, concerns, complaints or any other input, please contact us. E-Mail: poyki@poyki.app

App's Webseite: https://poyki.app Publisher's Webseite: https://www.mickbitsoftware.com

3rd party services and providers

Poyki API, websites and email addresses are hosted by:

World4You Internet Services GmbH
Hafenstrasse 35, 4020 Linz, Austria
office@world4you.com

Google Services (Google Play, Firebase) are provided by:

Google LLC
1600 Amphitheatre Parkway in Mountain View, California, United States

Privacy Policies and Terms of Use

Privacy Policy of the website poyki.app: https://poyki.app/en/privacy-policy

Below, find the Privacy Policies and Terms of Service of the used services and providers. These documents inform about data processing and retention policies of services and providers we use for Poyki.

world4you.com: https://www.world4you.com/en/unternehmen/datenschutzerklaerung.html

Google: