Last Updated: 2025/04/13
Hanna Kasmachova is the developer of the mobile application CarCadence (the "App"). The App is a platform that helps users manage their vehicles and maintenance tasks. We are committed to protecting your privacy. This Privacy Policy describes how we collect, use, store, and disclose information when you use the App. It also explains your rights regarding your personal data and how you can exercise those rights. We abide by all applicable global data protection laws – including the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) – to ensure that your privacy is respected and protected. By using the App, you acknowledge that you have read and understood this Privacy Policy.
We collect various types of information from and about users of our App. This includes:
Personal Data You Provide: When you create an account or sign in (for example, via Sign in with Apple), you provide personal information such as your name and email address. You may also provide information related to your vehicles and maintenance tasks (e.g., vehicle make, model, service dates, notes, or other details) in order to utilize the App’s features. Any personal data you choose to give us is used only for the purposes described in this Privacy Policy.
Authentication Information (Sign in with Apple): If you use third-party authentication like Sign in with Apple, we receive from Apple certain information about you (such as a unique user identifier, your name, and your email address, which may be a private relay email address). We use this information solely to authenticate your account and enable you to log into the App. We treat all information obtained via Apple authentication as personal data under this Privacy Policy.
Usage and Log Data: When you use the App, we automatically collect certain information about your device and your use of the App. This includes, for example, the device type and model, operating system and version, unique device identifiers, and the dates/times of access. We also collect log information about your interactions with the App’s features (such as the screens you view and the functions you perform). This usage and log data helps us troubleshoot technical issues, maintain security, and improve the App’s performance.
Analytics Information: We use Firebase Analytics (a service provided by Google) to gather aggregate information about how users engage with the App. Firebase Analytics may automatically collect data such as the frequency and duration of App usage, the screens and features you interact with, and generalized location information (e.g., country or region inferred from your IP address). This information is collected in a manner that does not directly identify you and is used to understand user behavior and to enhance the App. All analytics data is used in compliance with applicable privacy laws and the Google Firebase terms.
Crash and Diagnostics Data: The App uses Firebase Crashlytics and related logging services to collect crash reports and diagnostics information. If the App crashes or encounters an error, Crashlytics will collect data about the incident (such as device model, operating system version, the timestamp, and technical details of the crash including stack traces). Crash reports may include device identifiers or other contextual information at the time of the error. We use this information exclusively to investigate and fix bugs, improve compatibility, and enhance the stability and security of the App.
No Sensitive Personal Data: We do not collect any sensitive personal information. In particular, we do not collect precise geolocation data, financial information, health or medical information, or any special categories of personal data such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, or sexual orientation. The App is designed to provide its services without accessing such sensitive data.
We use the information we collect for the following purposes, in accordance with applicable law:
To Provide and Maintain the Service: We use your information to create and manage your user account and to provide the core functionalities of the App. This includes, for example, saving your vehicle details and maintenance records, and synchronizing your data across devices via our cloud backend. Processing your data for these purposes is necessary to deliver the services you expect from the App.
To Communicate with You: We may use your contact information (such as your email address) or in-app notifications to send you important notices about the App. This might include account confirmations, technical or security alerts, maintenance reminders, and responses to support inquiries. We do not use your information to send marketing or promotional communications without your explicit consent.
To Improve and Personalize the App: We analyze usage, log, and analytics data to understand how our App is used and to make improvements. This helps us troubleshoot issues, optimize user experience, and develop new features. For example, understanding which features are most popular or where users encounter problems allows us to focus our efforts on enhancements that matter to our users. We may also personalize aspects of your experience (such as interface preferences) based on your usage, but we do not profile you in a way that produces legal effects or similarly significant effects.
To Ensure Legal Compliance and Prevent Misuse: We may process and retain your information as necessary to comply with applicable laws, regulations, legal processes, or enforceable governmental requests. For instance, we might preserve data to comply with tax or accounting regulations, or disclose information pursuant to a court order. Additionally, we will use and disclose information if we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, or violations of our Terms of Service, or to protect the rights and safety of our users or others.
Push Notifications (Reminders): If you have enabled push notifications on your device, the App will use a device token (a unique identifier provided by the operating system) to send you notifications, such as reminders for upcoming maintenance tasks or important service announcements. These notifications are sent only with your permission (which you grant by enabling them), and you can opt out of receiving push notifications at any time by adjusting your device settings or the App’s notification preferences.
If you are located in the European Economic Area (EEA) or the United Kingdom, our legal bases for processing your personal data under the GDPR (and UK GDPR) are as follows:
Performance of a Contract: We process personal data to provide you with the services and features of the App, pursuant to our agreement (Terms of Service) with you. This includes handling your account data and content (like vehicle information and maintenance records) as needed to deliver the App’s core functionality that you have requested.
Legitimate Interests: We process certain data for our legitimate business interests, provided that such processing does not override your rights and freedoms. For example, it is in our legitimate interest to collect and analyze crash reports and usage analytics in order to maintain the security and performance of the App, as well as to improve our services. We always consider your rights and take steps to minimize impacts on your privacy (for instance, using aggregated or non-identifying information when possible) when processing data for our interests.
Legal Obligation: In some circumstances, we need to process personal data to comply with a legal obligation. For example, we may retain certain information to comply with tax laws, or disclose information if required by a court or regulatory order.
Consent: Where we rely on your consent to process personal data, we will make this clear to you and obtain your consent. For instance, if we were to collect optional information for new features or send you marketing communications, we would do so based on your consent. You have the right to withdraw your consent at any time. (At present, the App’s processing of personal data is primarily based on the bases above, as we do not collect or use additional personal data that would solely rely on consent beyond the permissions you grant such as for notifications.)
We do not sell or rent your personal data to third parties. However, we may share your information in the following circumstances, and always in accordance with appropriate safeguards:
Service Providers (Data Processors): We share data with trusted third-party service providers who perform services on our behalf to keep the App running. These include cloud infrastructure and analytics providers. In particular:
Google Firebase (Google LLC): We use Google Firebase as our backend cloud service for data storage, database, user authentication, analytics, and crash reporting. Firebase acts as our data processor (or “service provider” under U.S. laws) – this means Google processes your personal data only on our instructions and for the purposes described in this Policy. Personal data such as your account details, vehicle entries, usage analytics, and crash logs are stored on Firebase servers. Google is contractually obligated to implement appropriate security measures and to protect your data in line with GDPR, CCPA, and other applicable laws. Data handled by Firebase is encrypted in transit and at rest. Google Firebase is certified under industry security standards (like ISO 27001) and participates in relevant privacy frameworks to facilitate compliant data transfers (see Section 9 on International Data Transfers).
Sign in with Apple (Apple Inc.): If you use Sign in with Apple to authenticate, Apple will verify your identity and share with us only the information necessary for account setup (your name and email address, as described above in Section 2). We do not share any personal data back with Apple, except as needed to facilitate the login process or if required under Apple’s developer policies. Your use of Sign in with Apple is also governed by Apple’s Privacy Policy. We encourage you to review Apple’s terms and privacy policy for how they treat your credentials.
Legal Compliance and Protection: We may disclose your information to third parties (such as courts, law enforcement agencies, or regulators) when required to do so by law, or if such action is necessary to comply with a legal obligation. We may also disclose data if we believe in good faith that it is appropriate to enforce our Terms of Service, investigate or defend against third-party claims or allegations, protect the security or integrity of our App, or protect the rights, property, or safety of Hanna Kasmachova, our users, or others
Business Transfers: If Hanna Kasmachova is involved in a merger, acquisition, sale of assets, bankruptcy, or other transaction, your personal data may be transferred to a successor or affiliated entity as part of that transaction. In such an event, we will ensure that your personal data remains subject to a privacy policy that offers the same level of protection as this Policy, or we will obtain your consent if required by law. We will also provide you with notice before your personal data becomes subject to a different privacy policy.
With Your Consent: Apart from the cases listed above, if we ever need to share your information for any other purpose, we will do so only with your explicit consent. For example, if in the future we partner with another service and you opt-in to have your data shared with that service, we will share your data only as specified at that time and with your permission.
We require all third parties that process personal data on our behalf to adhere to strict privacy and security obligations consistent with this Privacy Policy and applicable law. Except as described in this Policy, we will not disclose your personal information to any third party for their own marketing or advertising purposes.
The App does not use cookies in the traditional web-browser sense, since it is a mobile application. However, we and our third-party service providers (such as Firebase) use technologies in the App that are analogous to cookies for similar purposes like recognizing your device and collecting usage information. These include:
Device Identifiers: The App may assign or utilize unique identifiers associated with your device (for example, a device ID or an advertising ID) to distinguish your device for analytics or to deliver certain features (like push notifications). These identifiers function similarly to cookies by allowing us to remember your device across sessions. We do not use device identifiers to track you across unrelated apps or websites.
Analytics and Crash Logs: As described above, Firebase Analytics uses unique instance identifiers to log events tied to your device or account (without revealing your identity), and Firebase Crashlytics uses installation identifiers to group crash reports. These tools help us recognize repeat usage by the same user or device in an anonymized manner and to analyze aggregate usage patterns and app stability.
Opt-Out of Analytics/Tracking: You have options to limit certain tracking. If you do not want some information (such as an Advertising ID) to be used, you can use your mobile device’s settings to limit ad tracking or reset the advertising identifier. On iOS devices, you can select “Limit Ad Tracking” or, on newer versions, disallow tracking for specific apps; on Android devices, you can opt out of personalized ads in your Google settings. While our App does not serve advertisements, these system settings may limit the data that Firebase Analytics collects (for example, Firebase will honor the “Opt out of Ads Personalization” setting on Android by not using the Advertising ID for Analytics). If you wish to completely opt out of Firebase Analytics and Crashlytics, you may contact us for assistance or choose to discontinue use of the App; however, note that disabling analytics and crash reporting might impair our ability to diagnose issues and improve the App over time.
Cookies on External Websites: If our App includes links to any external websites or if you use a companion web portal provided by us, those websites may use cookies or similar tracking technologies. Any such usage will be governed by the cookie policy of the respective website. This Privacy Policy applies only to the data collected through the App itself.
We retain personal data for only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The retention periods can vary depending on the type of information and the purposes of processing. In general:
Account Data and User-Provided Content: Information associated with your account, including your profile details and any vehicle or maintenance data you have entered, is kept for as long as your account remains active. We will retain this data until you delete it or request that we delete it, or for as long as needed to provide you with the App’s services. (Because the App currently does not offer an in-app tool for you to export or delete your data, you may contact us at any time to request deletion or export of your data—see the Your Rights section below.)
Analytics Data: Data collected for analytics purposes is retained within Firebase Analytics for a set period (by default, Firebase retains analytic event data for up to 14 months, unless we configure a shorter period). We generally view analytics data in aggregate form, and we may retain aggregated, non-identifying information (which cannot be linked back to an individual user) indefinitely for statistical purposes.
Crash Logs and Diagnostics: Crash reports and related diagnostic data are retained for a limited time necessary to analyze and fix issues. Firebase Crashlytics, for example, typically retains crash log data for 90 days. We do not retain crash data longer than needed to address the underlying problem.
Inactive Accounts: If you stop using the App and your account becomes inactive, or if you request to close your account, we will either delete or anonymize (de-identify) your personal data after a reasonable period of inactivity. What constitutes a “reasonable period” may depend on operational considerations, but we will not keep your data indefinitely without use. We may retain data for a brief period after an account deletion request to ensure we can fulfill the request properly and not restore the account in error.
Legal Obligations and Disputes: In certain cases, we may retain some information for longer if we are obligated to do so by law or if necessary to resolve disputes or enforce our agreements. For instance, we might need to keep records to comply with financial regulations or to evidence our compliance with privacy laws. Any data retained for such purposes will be limited to what is necessary and proportionate for that purpose and will be securely stored until no longer needed.
Retention Criteria: In all cases, we determine the appropriate retention period for personal data by considering the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process it and whether we can achieve those purposes through other means, and applicable legal requirements.
We implement a variety of technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or disclosure. These measures include:
Encryption: We protect data transmitted between your device and our servers using encryption protocols such as HTTPS/TLS. In addition, the data stored in our cloud database (Firebase) is encrypted at rest on Firebase’s servers. This means that your information is encoded both in transit and in storage, adding layers of security to prevent unauthorized access.
Access Controls: Access to personal data is restricted to personnel and service providers who have a need to know such data for operating, developing, or improving the App. We ensure that those who have this access (for example, authorized staff or contractors) are bound by strict confidentiality obligations and are subject to discipline (including termination or legal action) if they fail to meet these obligations.
Security Audits and Certifications: Our backend infrastructure provided by Firebase is maintained by Google, which adheres to high security standards and holds certifications such as ISO 27001 and SOC 2. Google regularly audits its Firebase services for security and compliance. We rely on these robust security measures and supplementary contractual commitments from Google to safeguard the data stored on Firebase.
Network and System Security: We employ firewalls and monitoring systems to protect our network and servers. We regularly update our application and backend systems with security patches and conduct periodic security reviews and testing. We also monitor for potential vulnerabilities and attacks, and have incident response plans ready to address security breaches should they occur.
While we strive to protect your information, no security measure is perfect. The internet and mobile environments carry inherent risks, and thus we cannot guarantee absolute security of your data. However, we continuously work to update and improve our security practices. In the unlikely event of a data breach involving your personal data, we will notify you and the appropriate authorities as required by law, and we will take all reasonable steps to mitigate any potential harm.
Because our App is available to users around the world, your information may be transferred to or stored on servers located in countries different from your own. In particular, the servers and databases for the App (including Firebase) may reside in the United States or other locations outside of your home country. This means that when you use the App, your personal data might be processed in a country that has different data protection laws than those in your jurisdiction.
We understand the importance of safeguarding your personal data when it is transferred across borders. If you are located in the EEA, UK, or Switzerland, we take measures in line with applicable data protection laws to ensure that your data remains protected. These measures may include using standard contractual clauses approved by the European Commission to contractually require the protection of your personal data, and/or relying on Google’s participation in recognized international data transfer frameworks (such as the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework, as applicable) for transfers of data to the United States.
By using the App, you acknowledge that your personal information may be transferred to and processed in jurisdictions outside your country of residence. Regardless of where your data is processed, we will take appropriate steps to ensure that your privacy rights continue to be protected in line with this Privacy Policy. We will also comply with applicable legal requirements providing adequate protection for the transfer of personal information, and will conduct such transfers only under a lawful basis (for example, your consent or necessary for performance of our contract with you, or through the aforementioned safeguards).
You have certain rights regarding your personal data, which you may exercise under applicable data protection laws. These rights include:
Right of Access: You have the right to request confirmation of whether we are processing personal data about you, and if so, to request a copy of the information we hold about you. This includes the right to receive your personal data in a structured, commonly used, and machine-readable format, and you have the right to transmit that data to another controller (data portability).
Right to Rectification: You have the right to request that we correct or update any inaccurate or incomplete personal data we hold about you. If available, you may also correct certain information by editing your profile or settings within the App. For other corrections, you can contact us directly to have your data updated.
Right to Deletion: You have the right to request the deletion of your personal data that we hold (also known as the “right to be forgotten”). If you request, we will erase your data from our records, provided we do not have a valid legal reason to retain it. Please note that because there is currently no in-app mechanism to delete your account or data, you will need to contact us to initiate such a deletion request (simply uninstalling the App will not automatically delete your account data from our servers). Once your request is verified and processed, we will delete or anonymize your personal data within a reasonable timeframe, unless retention is required by law.
Right to Object to Processing: You have the right to object to our processing of your personal data in certain situations. In particular, you can object to processing that we undertake based on legitimate interests (see Section 4 above), such as analytics or usage tracking. If you lodge an objection, we will re-evaluate the necessity of the processing. We will stop processing the affected data unless we have compelling legitimate grounds that override your rights or if we need to continue processing for legal reasons.
Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in certain circumstances – for example, if you contest the accuracy of the data we hold about you, or you want to restrict processing while you pursue an objection (as described above). When processing is restricted, we will continue to store your personal data but will not use it for other purposes until the issue is resolved.
Right to Withdraw Consent: If we rely on your consent to process any of your personal data, you have the right to withdraw that consent at any time. For instance, if you initially permitted us to send push notifications or to collect a certain type of optional information, you can change your mind later. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, and it will not affect processing of your data under other legal bases (such as processing that is necessary for providing the service).
Additional Rights for EEA/UK Users: If you are located in the European Economic Area or United Kingdom, you also have the right to lodge a complaint with a data protection supervisory authority, especially in the country where you reside or work, or where an alleged infringement of data protection law occurred. We would appreciate the chance to address your concerns before you approach a regulator, so please feel free to contact us with any issues. Additionally, as an EEA/UK user, you have the right not to be subject to a decision based solely on automated processing (we do not engage in any automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you).
Additional Rights for California Residents: California law (including the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA)) provides California residents with specific rights regarding their personal information. These include:
Right to Know: You may request that we disclose the categories of personal information we have collected about you in the last 12 months, the categories of sources of that information, the business or commercial purposes for collecting it, and the categories of third parties with whom we have shared your information. You may also request the specific pieces of personal information we have collected about you.
Right to Delete: You may request that we delete any personal information about you that we have collected, subject to certain exceptions (for example, if the information is necessary to complete a transaction you requested or to comply with a legal obligation, we may retain it as allowed by law).
Right to Opt-Out of Sale/Sharing: You have the right to opt out of the “sale” or “sharing” of your personal information. However, please note that we do not sell personal information to third parties, and we do not share your personal information for cross-context behavioral advertising as those terms are defined under California law.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your California privacy rights. This means we will not deny you our services, charge you different prices, or provide a lesser quality of service just because you exercised your rights under CCPA/CPRA.
To exercise any of your rights described above, please contact us using the contact details provided in the Contact Information section of this Policy (Section 13). We may ask you to verify your identity or provide additional information before we can fulfill your request, to ensure that we do not disclose or delete data to the wrong person. For requests under the CCPA, you may designate an authorized agent to make a request on your behalf by providing written permission or a power of attorney, but we will still require verification of your identity with us.
We will respond to your request within the time frames required by law. Under GDPR/EEA laws, this is typically within one month, and under CCPA it is within 45 days (with the possibility of a 45-day extension in certain cases). If we need more time or if we cannot fulfill your request (due to a legal exception), we will inform you of the reason and any extension in writing.
Please note that some rights may be limited. For example, if fulfilling your request would adversely affect the rights and freedoms of others, or if you request deletion of information which we are legally obligated to keep, we may not be able to comply fully. In such cases, we will explain the situation to you.
Our App is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 years old (or under the equivalent minimum age in jurisdictions where a higher age is required). Users of all ages may access the App’s general features, but if you are under 13 you should only use the App with the involvement of a parent or guardian and you should not provide personal data to us.
If we learn that we have inadvertently collected personal information from a child under 13 without appropriate consent, we will take prompt steps to delete that information from our records. If you are a parent or guardian and you believe that a child under 13 has provided us with personal data, please contact us immediately using the contact information below so that we can investigate and address the issue.
For minors aged 13 to 18 (or the age of majority in your jurisdiction), we recommend using the App with parental guidance. We encourage parents and guardians to educate their children about safe internet and mobile app practices and to monitor their children’s use of apps, including our App.
We may update this Privacy Policy from time to time. If we make changes, we will post the updated policy within the App and update the "Last Updated" date at the top of this Policy. If the changes are significant, we will provide a more prominent notice of the update (such as via a pop-up notification in the App or an email to the address associated with your account, if we have it).
We encourage you to review this Privacy Policy periodically to stay informed about our data practices. By continuing to use the App after any updates become effective, you acknowledge and agree to the updated Privacy Policy. We will not make retroactive changes that reduce your privacy rights under this Policy without your consent.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please contact us at:
Hanna Kasmachova
Email: kasmachovah@gmail.com
Postal Address:
13990 Bartram Park Blvd
Unit 2224
Jacksonville, Florida 32258
United States
Hanna Kasmachova is the entity responsible for the processing of your personal data as described in this Policy. For the purposes of data protection laws, Hanna Kasmachova is the “data controller” of your personal data. You can also use the above contact information if you need to reach our Data Protection Officer (if one is appointed) or if you have any complaints or concerns about your privacy.
We will do our best to promptly respond to your inquiries and resolve any concerns.