1. Data controller
The data controller is Banbosh Studio — Petr Knobloch, a self-employed individual based in the Czech Republic. Contact e-mail for any privacy-related question: podpora@banbosh.cz.
Given the nature and scope of processing we are not legally required to appoint a Data Protection Officer (DPO). The above e-mail is the single contact point for all privacy submissions.
2. What data we process
A quick overview of every data category, where it goes and how long we keep it. Details for each category follow below.
E-mail and password
Destination
Supabase Auth (EU region, Zurich)
Retention
Until account deletion (max. 30 days for physical removal)
Profile — name, address, phone
Destination
Supabase Database (EU). Optional, used only to pre-fill the PDF complaint.
Retention
Until account deletion or manual removal in the app
Receipt photos
Destination
Supabase Storage (EU). Sent in real time to Google Cloud Vision for OCR — Google does not retain the image.
Retention
Until the user deletes the receipt or the account
OCR data (merchant, date, items, price)
Destination
Supabase Database (EU). On AI assessment requests, an anonymized description is sent to the Anthropic Claude API.
Retention
Until receipt / account deletion
FCM push token
Destination
Firebase Cloud Messaging (Google)
Retention
Until uninstall, sign-out or disabling push in settings
Company business ID (lookup)
Destination
Public ARES registry (Czech Ministry of Finance). Not stored beyond the current complaint.
Retention
Only during the lookup; only the result is stored
Payment details (Pro subscription)
Destination
Google Play Billing / Apple App Store. Banbosh Studio has no access.
Retention
Per platform policy. We only receive the subscription status.
Anonymized usage statistics
Destination
Supabase Database (EU). No personal link — aggregated events only.
Retention
Collection can be disabled in Profile → Privacy
2.1 Registration and sign-in data
- E-mail and password — stored in Supabase Auth (EU region, Zurich). The password is stored only as a secure hash, never in cleartext.
- Optional two-factor authentication (2FA) — one-time codes sent by e-mail (Resend); codes remain in the database for at most 10 minutes.
- Trusted device identifier— a random signature of your device if you select "remember for 30 days" with 2FA.
2.2 Profile data (optional)
- First and last name, postal address, phone — fill these in only if you want the app to pre-generate complaint letters in your name.
2.3 Receipts and complaints data
- Receipt photos — stored in Supabase Storage in the EU region.
- Structured OCR data — merchant, business ID, VAT ID, purchase date, items, prices. Extraction runs through Google Cloud Vision API (server-side; the photo is sent to Google only for the purpose of text extraction).
- Company information — supplemented from the public ARES registry. Not personal data.
- Complaints — defect description, occurrence date, status, optional AI analysis (see below).
2.4 AI complaint analysis
If you request a legal assessment, we send an anonymized description of the situation (without your personal details) to the Anthropic Claude API. Anthropic does not use API customer data to train models (contractual commitment for API customers).
2.5 Push notifications
- FCM push token — issued by Firebase Cloud Messaging when you grant notification permission. Used only to deliver warranty and complaint deadline reminders. You can invalidate the token at any time by signing out of the app.
2.6 Technical and diagnostic data
- IP address on API requests (Vercel server logs) — used for abuse protection, retained for max. 30 days.
- We do not process advertising identifiers (AAID/IDFA). The app contains no third-party analytics SDK and no ads.
3. How we use the data
- Providing the service — storing receipts, computing warranty periods, generating complaints, AI recommendations.
- Push reminders for expiring warranties (30 / 7 / 1 days ahead) and complaint deadlines under § 19 of Czech Act No. 634/1992 Coll. (30-day complaint resolution window).
- Communication — answering inquiries sent to podpora@banbosh.cz and notices about material changes to the app.
- Security — 2FA, sign-in audit, account abuse protection.
What we do NOT do: we do not sell data to third parties, do not use it for targeted advertising, do not profile users for marketing.
4. Legal basis for processing
- Contractual performance (Art. 6(1)(b) GDPR) — providing the service itself.
- Consent (Art. 6(1)(a) GDPR) — push notifications, AI complaint analysis. Consent can be withdrawn at any time.
- Legitimate interest (Art. 6(1)(f) GDPR) — abuse protection, server logs.
5. Recipients (processors)
To run the service we use the following processors. We have data processing agreements with each in line with Art. 28 GDPR.
- Supabase (Supabase Inc., USA / EU region) — database, authentication, photo storage. Processing region: Zurich, EU.
- Vercel (Vercel Inc., USA) — hosting for the backend and this site. Functions run in the EU (Frankfurt).
- Google Cloud Vision (Google LLC) — OCR text extraction from the receipt photo.
- Anthropic (Anthropic PBC, USA) — AI legal assessment of complaints.
- Firebase Cloud Messaging (Google LLC) — push notification delivery.
- Resend (Resend Inc., USA) — transactional e-mails (2FA verification codes, notices).
Transfers outside the EU/EEA happen only to processors in the USA under Standard Contractual Clauses (SCC) per Art. 46 GDPR and in alignment with the EU-US Data Privacy Framework.
6. Retention period
- Active account — data is retained for the entire time you use the service.
- After account deletion — all personal data including photos, receipts and complaints is deleted within 30 days. Anonymized aggregated statistics with no personal link may be kept.
- Server logs — max. 30 days.
- 2FA codes — max. 10 minutes, then auto-deleted.
7. Your rights (GDPR)
- Right of access — request a copy of your data.
- Right to rectification — anytime in the app's Profile section.
- Right to erasure("to be forgotten") — see Delete account.
- Right to restrict processing and right to object.
- Right to data portability — export your data in a structured format (on request).
- Right to withdraw consent — push notifications can be turned off in the app or in Android settings.
- Right to lodge a complaint with the Czech Office for Personal Data Protection (ÚOOÚ), www.uoou.cz.
To exercise any right, contact us at podpora@banbosh.cz. We respond within 30 days.
8. Security
- All communication between the app and the server runs over HTTPS with TLS 1.2+.
- Data at rest in the database is encrypted (AES-256, Supabase managed).
- Passwords are never stored in cleartext — only bcrypt hashes.
- Biometric sign-in (fingerprint / face) happens exclusively on the phone (Android Keystore / iOS Secure Enclave) — biometrics never leave the device.
- Database-level Row Level Security ensures each user only sees their own data.
9. Children
The app is intended for people aged 13 and older. If you are a parent or legal guardian and believe your child has provided us personal data without consent, contact us — we will delete the data immediately.
10. Changes to this policy
We will notify users of changes inside the app and by updating this document. The last update date appears in the header.