PRIVACY POLICY

Last updated: 24/11/2025 – Owner: Meccanica Group

This Privacy Policy describes how the MyMeccanica Mobile application collects, uses, stores, and protects the personal data of its users on Android and iOS devices. By installing or using the application, you accept the terms of this policy.

1. Information Collected by the Application

1.1. User-Provided Data

Files selected by the user for upload or download.
Account details (email), if required for login.
Optional data (depending on app functionality, e.g., requests, permissions).

The application never collects data without user action.

1.2. Device Data

Device technical information (device type, OS version).
IP address for security and server logging.
Network state (ACCESS_NETWORK_STATE).
Push token for notifications (if enabled).

We do not collect unique identifier trackers.

1.3. Media Data (Android & iOS)

The application requests access to:

🔹 Camera Access

To allow capturing photos or videos that the user wants to upload.

🔹 Photo Library / Media Gallery

For selecting images/files from storage.

🔹 File Picker (iOS & Android)

For selecting documents and saving files to the device by the user.

The application only has access to files explicitly selected by the user.

1.4. Biometric Data (Fingerprint / Face ID)

The application may use the device's biometric verification system for access or authentication.

We do not collect, store, or transmit biometric data.
Data remains on the device (Android BiometricPrompt / iOS TouchID/FaceID via Secure Enclave).

1.5. Push Notifications

If the user chooses to enable them:

We only collect the push token (Firebase / Apple APNs).
It is not used for tracking.
Can be disabled at any time.

2. How Data is Used

We use data for:

Providing app functionality (file upload, access control).
Performance and security optimization.
Displaying notifications, if the user chooses.
User support services.

We do not use data for advertising or profiling.

3. Apple App Store Requirements Compliance

3.1. App Tracking Transparency

The application DOES NOT use data for cross-app tracking. It does not require AppTrackingTransparency permission.

3.2. iOS Usage Descriptions (NSPermissions)

This policy covers the following iOS requirements:

NSCameraUsageDescription – required for camera access.
NSPhotoLibraryUsageDescription – required for photo library access.
NSFaceIDUsageDescription – required for FaceID usage (if enabled).

4. Google Play Compliance

The application requests and uses:

CAMERA
READ_MEDIA_IMAGES
ACCESS_NETWORK_STATE
INTERNET
BIOMETRIC / USE_FINGERPRINT
POST_NOTIFICATIONS (Android 13+)
WAKE_LOCK
GET_CONTENT query intents
IMAGE_CAPTURE query intents

And complies with Google Play Data Safety requirements.

5. Data Sharing

Data is NOT shared with third parties, except for:

Cloud services used for storage or functionality (e.g., Firebase).
Legal requirements (if the company is obligated).

Not shared with advertising or tracking networks.

6. Data Security

Encryption in transit (HTTPS).
Local storage encryption where applicable.
Biometric functions performed entirely on the device via secure APIs.

7. User Rights (GDPR)

Application users have the following rights under the General Data Protection Regulation (GDPR):

7.1. Right of Access (Art. 15 GDPR)

The user has the right to:

receive confirmation regarding whether we process their personal data,
receive a copy of the data we hold,
be informed about processing purposes, data categories, recipients, retention period, their rights, and data origin.

Data is provided in an understandable and electronically readable format.

7.2. Right to Rectification (Art. 16 GDPR)

The user can request correction or update of inaccurate or incomplete personal data.

7.3. Right to Erasure (Right to be Forgotten – Art. 17 GDPR)

The user can request deletion of their data when:

it is no longer necessary,
they withdraw consent,
they object to processing,
or processing is unlawful.

7.4. Right to Restriction of Processing (Art. 18 GDPR)

The user can request restriction of processing, e.g., when contesting data accuracy or objecting to processing.

7.5. Right to Data Portability (Art. 20 GDPR)

The user has the right to receive their data:

in a structured, commonly used, and machine-readable format (e.g., JSON/CSV),
and/or request its transfer to another data controller.

7.6. Right to Object (Art. 21 GDPR)

The user can object to the processing of their data for specific purposes.

7.7. Right to Withdraw Consent

The user can withdraw their consent at any time for any processing based on it.

7.8. Right to Lodge a Complaint

The user has the right to lodge a complaint with the competent data protection supervisory authority in their country (in Greece: Hellenic Data Protection Authority – www.dpa.gr).

8. Data Retention

We retain data only as long as necessary for service operation. The user can request deletion at any time.

9. Children

The application is not intended for children under 13 years old.

10. Policy Changes

Any changes are updated on this page.

11. Contact

For any questions regarding the privacy policy, contact:

Email: privacy@meccanica.gr
Address: Meccanica Group, Greece