Data Controller

The controller of your personal data is Mateusz Wyszogrodzki, a private individual residing at ul. Doroszewskiego 9/54, 93-140 Łódź, Poland (hereinafter: "the controller", "we", "us"). You can contact the controller at [email protected].

1. Information We Collect

When you use TruePrice, we may collect the following information:

Email address — provided by Apple when you Sign in with Apple. May be your real email or Apple's private relay address (@privaterelay.appleid.com). Used solely to identify your account.
Subscription and purchase data — when you purchase Supporter or Pro access, Apple and RevenueCat process your payment and share your subscription status with us. We do not receive your full payment details (card number, billing address, etc.).
AI query text — when you use the AI Price Check feature, the text of your question is sent to our server and forwarded to our AI provider (OpenRouter / Google Gemini) for processing. We do not store this text on our own servers beyond the time needed to deliver the response.
Country context — the country you select (or, with your permission, the country detected from your device's GPS) is transmitted together with AI queries so the model can provide relevant local pricing. It is not linked to your identity beyond the request.
App usage analytics — we use PostHog (EU cluster) to collect product analytics such as which screens are visited and how features are used. Events are associated with a random, device-scoped identifier generated locally on first launch. We do not link analytics events to your account, email, name or any other personal identifier — even after you sign in. PostHog is configured to never create person profiles for our users (personProfiles: never), and IP addresses are not retained by PostHog for projects hosted in EU organisations. Analytics never processes your AI queries or payment data.
Apple sign-in status — if you use "Sign in with Apple", the app periodically checks with Apple whether your credential is still valid. Only an opaque identifier (not your email or name) is sent to Apple.

2. How We Use Your Information and Legal Basis

Authentication (Sign in with Apple) — legal basis: performance of the contract under GDPR Art. 6(1)(b) — to create and manage your account.
Subscription management (RevenueCat status) — legal basis: performance of the contract under GDPR Art. 6(1)(b) — to unlock paid features and enforce usage limits you have agreed to.
AI query delivery — legal basis: performance of the contract under GDPR Art. 6(1)(b) — to process and return the price estimate you have requested. We do not use your queries to train AI models.
Product analytics (PostHog, EU) — legal basis: legitimate interest under GDPR Art. 6(1)(f) — to understand aggregate usage, measure feature adoption, detect crashes and improve the app. Our assessment is that this processing has minimal privacy impact because (i) no advertising or cross-service tracking occurs, (ii) IPs are dropped at ingestion and (iii) the data cannot be used to target you individually outside the app. You may object at any time — see Section 7.
Advertising (free tier only) — legal basis: your consent under GDPR Art. 6(1)(a), collected via the App Tracking Transparency (ATT) prompt and, for users in the EEA, the United Kingdom or Switzerland, Google's User Messaging Platform (UMP) consent form.
Security and legal compliance — legal basis: legitimate interest under GDPR Art. 6(1)(f) and legal obligation under GDPR Art. 6(1)(c) — for example, preventing abuse of the AI feature and responding to lawful requests from authorities.

3. Data Storage

Account data (email, subscription status, AI query counters, favourites) is stored in Supabase, our cloud database provider, hosted in the European Union (Frankfurt region).

Price data (country prices, categories, exchange rates) is stored locally on your device using SQLite. This data is downloaded from our servers and kept offline for fast access; no personal data is included.

AI queries are processed by OpenRouter and Google Gemini. We do not store the query text on our own servers beyond the time needed to deliver the response. Our upstream providers may retain inputs for short periods for abuse prevention in line with their own privacy policies (see Section 5).

Analytics data is stored by PostHog on its EU cluster (Frankfurt) and retained according to PostHog's retention policy.

4. International Data Transfers

Most of your data stays within the European Economic Area (EEA): Supabase hosts the database in the EU, and PostHog processes analytics on its EU cluster.

However, when you use the AI Price Check feature, your query text is transmitted to OpenRouter, Inc. (United States) and processed by Google Gemini. This constitutes a transfer of personal data outside the EEA.

We rely on the Standard Contractual Clauses adopted by the European Commission (GDPR Art. 46(2)(c)) as the transfer mechanism, combined with additional technical safeguards (TLS 1.2+ encryption in transit; no persistent storage on our side). Apple and Google Ireland may also transfer limited operational data to affiliates in the United States under their own Standard Contractual Clauses.

You can request a copy of the relevant clauses at any time by contacting us.

5. Third-Party Services

TruePrice relies on the following third-party processors. Each has its own privacy policy.

Supabase — authentication and cloud database (EU region). supabase.com/privacy
RevenueCat — subscription and in-app purchase management. revenuecat.com/privacy
OpenRouter / Google Gemini — AI processing for the AI Price Check feature (USA). openrouter.ai/privacy
Google AdMob — advertising shown to free-tier users. policies.google.com/privacy
PostHog — product analytics (EU host). posthog.com/privacy
Apple — app distribution, payment processing, Sign in with Apple. apple.com/legal/privacy

6. Advertising

Free-tier users see ads delivered by Google AdMob. On first launch, the app shows an App Tracking Transparency (ATT) prompt as required by Apple, followed by Google's GDPR consent form (UMP) if you are in the EEA, the United Kingdom or Switzerland. If you decline tracking you will still see ads, but they will be non-personalised.

Upgrading to Supporter or Pro removes all ads. You can also change ad-tracking preferences at any time in your device's Settings → Privacy & Security → Tracking.

7. Your Rights (GDPR)

If you are located in the European Economic Area you have the following rights regarding your personal data:

Access — you may request a copy of the personal data we hold about you.
Rectification — you may ask us to correct inaccurate data.
Erasure ("right to be forgotten") — you may request deletion of your account and associated data. Account deletion is available directly in the app under Settings → Delete Account.
Portability — you may request your data in a portable, machine-readable format.
Restriction of processing — you may ask us to limit how we process your data in certain circumstances.
Objection — you may object at any time to processing based on our legitimate interests, including product analytics. Upon a justified objection we will stop processing your data for that purpose.
Withdrawal of consent — where processing is based on your consent (e.g. personalised ads), you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

Automated decision-making. We do not subject you to decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you within the meaning of Art. 22 GDPR. The AI Price Check feature returns informational price estimates only and has no legal effect on you.

Right to lodge a complaint. If you believe our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. The competent authority for the controller is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych), ul. Stawki 2, 00-193 Warszawa, Poland, https://uodo.gov.pl. You may also lodge a complaint with the supervisory authority of your usual place of residence or work.

8. Data Retention

We retain your account data (email, subscription status, usage counters) for as long as your account is active. When you delete your account through the app, your personal data is removed from our live database within 7 days; residual copies in automated backups are purged within a further 30 days.

AI query text is not stored on our servers after the response is delivered. Product-analytics data (PostHog) does not contain your email or payment data and may be retained for longer periods for trend analysis, in line with PostHog's retention policy.

9. Children's Privacy

TruePrice is not directed at children under the age of 16 in the European Economic Area (or the minimum age set by applicable national law, which may be as low as 13 in some countries). We do not knowingly collect personal data from children below this age. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in legal requirements. Significant changes will be posted on this page with a revised "Last updated" date. Continued use of the app after changes are posted constitutes your acceptance of the updated policy.

11. Contact

If you have questions or concerns about this Privacy Policy or how we handle your data, please contact us at [email protected] or by post at the address listed at the top of this policy.