Privacy Policy
Last updated: June 2026 · Version 1.0
1. Data Controller
The data controller responsible for processing your personal data is the operator of gisman.app. For all privacy-related inquiries, contact: [email protected].
2. What Data We Collect
When you register and use gisman.app, we process the following categories of data:
| Category | Examples | Legal basis (GDPR Art. 6) |
|---|---|---|
| Account data | Name, email address, username, company name | Art. 6(1)(b) — contract performance |
| Subscription & billing | Plan type, subscription status; payment processed by Stripe (card data never reaches our servers) | Art. 6(1)(b) — contract performance |
| GIS / geodata | Route geometries, cable layouts, address points, area polygons, field measurements | Art. 6(1)(b) — contract performance |
| Field documentation | Photos (including EXIF metadata such as GPS coordinates, timestamp, device info), comments, work reports | Art. 6(1)(b) — contract performance |
| Usage data | Login timestamps, session activity, IP address (for security) | Art. 6(1)(f) — legitimate interest (security, abuse prevention) |
| Technical data | Browser type, operating system (server logs) | Art. 6(1)(f) — legitimate interest (system stability) |
3. Photo Data and GPS Coordinates
Photos uploaded to gisman.app may contain EXIF metadata, including GPS coordinates recorded by the device camera. We extract and store this location data to enable map-based photo visualisation (showing where photos were taken). You can upload photos without GPS data — devices allow disabling location in camera settings. GPS data extracted from photos is used solely for displaying photos on your project map and is never shared with third parties.
4. How We Use Your Data
- Providing, operating and maintaining the gisman.app service under your subscription contract
- Processing subscription payments via Stripe (Stripe's own privacy policy applies to payment processing)
- Sending transactional emails (account activation, password reset, subscription receipts)
- Security monitoring, fraud prevention and platform abuse detection
- Aggregated, anonymised service improvement analytics
We do not sell, rent or share your personal data or your project data with any third parties for marketing purposes.
5. Data Retention
| Data type | Retention period |
|---|---|
| Account and project data | Duration of subscription + 90 days after account deletion request |
| Billing records | 7 years (legal accounting obligation) |
| Server access logs | 30 days rolling |
| Session data | Deleted at logout or after 30 days of inactivity |
6. Data Portability and Your Rights
Under the GDPR you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — correct inaccurate personal data
- Erasure ("right to be forgotten") — request deletion of your account and personal data
- Data portability — export your GIS project data at any time (Export XLS / GeoJSON available in-app)
- Restriction — request that we stop actively processing your data in certain circumstances
- Objection — object to processing based on legitimate interest
- Withdraw consent — where processing is based on consent, withdraw at any time
To exercise any right, email [email protected]. We respond within 30 days.
You also have the right to lodge a complaint with your national data protection authority.
7. Data Storage and Security
Your data is stored on servers located within the European Union. Access is restricted to authorised personnel only. Data is protected using row-level security (RLS) at the database level — no user can access another contractor's data. Connections are encrypted in transit (HTTPS/TLS). Passwords are stored as one-way bcrypt hashes. Payment processing is handled entirely by Stripe; we never store card numbers or payment credentials.
8. Third-Party Services
| Service | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing | Email, billing address, payment method (processed by Stripe) |
| MapTiler / OpenStreetMap | Background map tiles | IP address (tile requests; no account data) |
9. Cookies
gisman.app uses only a single session cookie (APPSESSID_FTTX) strictly necessary to maintain your login session.
No tracking cookies, advertising cookies or third-party analytics cookies are used.
10. Changes to This Policy
We will notify registered users by email of any material changes to this policy at least 14 days before they take effect. Continued use of the platform after that period constitutes acceptance of the updated policy.
For questions: [email protected]