Privacy Policy

CarpTimer · Last updated: May 6, 2026

This policy explains what personal data we collect through the CarpTimer app ("the App") and how we use it. The data controller is Georgian Stanciu, Perieni commune, Vaslui county, Romania, contact: g.stanciu1988@gmail.com.

1. Data we collect

• Account: email address (manual sign-up or via Google Sign-In), optional name. Passwords are stored as hashes; we never see your password in plain text.
• Fishing activity: sessions you create (lake, swim, duration), casts (time, distance, rod, bait), bites you mark.
• User-generated content: lakes and swims you propose for the shared database (after moderator approval).
• Minimal technical data: IP address at sign-in (for security), timestamps of sync operations.

We do not collect: precise GPS location, contacts, photos, microphone, advertising IDs, usage data outside the App.

2. How we use the data

• To show you your own sessions and statistics on any device you sign in.
• To sync your data between your phones.
• To improve the App (aggregated, anonymous error analysis — without identifying users).
• To respond to questions if you contact us by email.

3. Sharing with third parties

We do not sell or transfer your data to third parties for marketing. The only entities that process data to make the App work are:

• Hetzner Online GmbH (Germany, EU) — server where data is stored.
• Google LLC — only if you sign in with Google (we process only the identity token, we don't access your Google account).
• Better-Auth — open-source library running on our server; does not transmit data to third parties.

4. Storage location and duration

Data is stored exclusively on a server in Nuremberg, Germany (European Union), in compliance with GDPR. We do not transfer data outside the EU.

Data is retained as long as your account is active. If you delete a session, its content (location, casts) is anonymized immediately — your name is detached from those rows. They may be retained in aggregated, anonymous form to improve the App.

5. Your rights (GDPR)

You have the right to:

• Access the data we hold about you.
• Correct or update any incorrect information.
• Delete your account and all associated data (anonymized for already-aggregated data).
• Export your data in a readable format.
• Object to processing or withdraw consent.

For any of these requests, write to g.stanciu1988@gmail.com. We respond within 30 days.

6. Security

• Connections between the App and the server are encrypted via HTTPS (TLS 1.3).
• Passwords are hashed with industry-standard algorithms (bcrypt/argon2).
• Single-device policy: only one active session per account at a time. Signing in on another phone automatically signs out the previous one.

7. Cookies and tracking

The mobile app does not use cookies and does not integrate any analytics or advertising service (Google Analytics, Facebook Pixel, etc.). Data stays between you and our server.

8. Children under 16

The App is not directed to children under 16. We do not knowingly collect data from minors. If you are a parent and believe we have processed data about your child, please contact us.

9. Changes to this policy

We may update this policy occasionally. Major changes will be announced in the App or by email. The last updated date appears at the top of this page.

10. Contact

For questions or complaints: g.stanciu1988@gmail.com

For formal GDPR complaints, you may also contact the Romanian National Supervisory Authority for Personal Data Processing or your local Data Protection Authority.