Privacy Policy

1. Introduction

This Privacy Policy explains how staveto s. r. o. (“Staveto”, “we”, “us”, or “our”) collects, uses, and protects personal data when you use the Staveto construction project management SaaS mobile application and related website (the “Service”).

We are committed to processing personal data lawfully, fairly, and transparently in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

2. Controller Details

The controller of your personal data is:

staveto s. r. o.
Registered in the Slovak Republic

Privacy contact: privacy@staveto.sk
General support: support@staveto.sk

3. Personal Data We Collect

We collect only the personal data necessary to provide and improve the Service:

We do not:

4. Purposes of Processing

We process personal data for the following purposes:

Providing and operating the Service

To create and manage your account, enable project and task management, store your content, and ensure core app functionality.

Communicating with you

To send service-related communications, including onboarding messages, feature updates, and important notices.

Subscription management and billing

To manage subscription status, entitlements to paid features, and purchase history via RevenueCat, Apple App Store, and Google Play.

Improving the Service

To understand how the app is used (e.g., feature usage, performance metrics) using product interaction data from Firebase Analytics, in order to improve stability and usability.

Security and fraud prevention

To monitor for misuse, protect users, and ensure the integrity and security of our systems.

Legal and compliance

To comply with legal obligations, including accounting and tax requirements, and to respond to lawful requests from public authorities.

5. Legal Bases under GDPR

We rely on the following legal bases:

Performance of a contract (Art. 6(1)(b) GDPR)

For processing necessary to provide the Service, operate your account, and manage subscriptions.

Legitimate interests (Art. 6(1)(f) GDPR)

For maintaining security, preventing misuse, and analyzing product interaction data to improve the Service, where such interests are not overridden by your rights and freedoms.

Legal obligation (Art. 6(1)(c) GDPR)

For processing required to comply with legal requirements such as accounting or tax regulations.

Consent (Art. 6(1)(a) GDPR)

Where required by law, for optional features or communications. You may withdraw consent at any time without affecting prior lawful processing.

6. Specific Data Uses

6.1 Phone Number (Onboarding Use)

If you provide your phone number during onboarding, we use it to:

We do not use phone numbers for advertising purposes.

6.2 Audio Recordings (Voice Notes)

You may attach audio recordings (voice notes) to tasks or projects. These recordings are processed and stored to:

You are responsible for ensuring compliance with applicable laws when recording or sharing personal data of third parties.

6.3 Product Interaction Data (Firebase Analytics)

We use Firebase Analytics to collect product interaction data such as:

This helps us improve usability, reliability, and performance.

We do not use Firebase Analytics to create advertising profiles or to combine data across third-party services.

6.4 RevenueCat and App Stores

We use RevenueCat to manage subscriptions, entitlements, and purchase history.

RevenueCat processes data such as:

Subscriptions are billed and processed by Apple App Store and Google Play, which act as independent controllers for payment processing. We do not store full payment card details.

7. International Data Transfers

Our primary infrastructure is hosted within the European Union. In limited cases, data may be processed outside the European Economic Area (EEA).

Where data is transferred outside the EEA, we rely on appropriate safeguards such as:

These safeguards ensure a level of protection essentially equivalent to that within the EEA.

8. Data Retention

We retain personal data only as long as necessary:

Account and user-generated content

For the duration of your account. After account deletion, data may be retained for 30–90 days for backup and operational purposes, unless longer retention is required by law.

Subscription and billing records

Retained as required by applicable accounting and tax laws (which may be up to 10 years).

Logs and security data

Retained for limited periods necessary for security and incident investigation.

9. Security Measures

We implement appropriate technical and organizational safeguards, including:

While no system is completely secure, we take ongoing steps to protect your data.

10. Your Rights under GDPR

If you are located in the EEA or similar jurisdictions, you have the right to:

You also have the right to lodge a complaint with a competent data protection authority.

11. How to Contact Us

For privacy-related questions or to exercise your rights:

Email: privacy@staveto.com

We aim to respond within one month of receiving your request. If the request is complex, this period may be extended as permitted by law.

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our Service or legal requirements.

The latest version will always be available on our website and within the app. If changes are material, we will notify you where appropriate.

Privacy Policy

Privacy Policy

1. Introduction

This Privacy Policy explains how staveto s. r. o. (“Staveto”, “we”, “us”, or “our”) collects, uses, and protects personal data when you use the Staveto construction project management SaaS mobile application and related website (the “Service”).

We are committed to processing personal data lawfully, fairly, and transparently in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

2. Controller Details

The controller of your personal data is:

staveto s. r. o. Registered in the Slovak Republic

Privacy contact: privacy@staveto.sk General support: support@staveto.sk

3. Personal Data We Collect

We collect only the personal data necessary to provide and improve the Service:

Name (if provided)

Email address

Phone number (provided during onboarding)

User-generated content (projects, tasks, notes, documents)

Photos or videos (e.g., invoices or construction site photos)

Audio recordings (voice notes attached to tasks)

User ID

Subscription status and purchase history

Product interaction data (via Firebase Analytics)

We do not:

Track users across third-party apps or websites

Use personal data for advertising purposes

Use third-party advertising SDKs

Access your phone contact list

Collect device advertising identifiers

Use personal data for cross-app tracking, behavioral advertising, or marketing profiling

4. Purposes of Processing

We process personal data for the following purposes:

Providing and operating the Service

To create and manage your account, enable project and task management, store your content, and ensure core app functionality.

Communicating with you

To send service-related communications, including onboarding messages, feature updates, and important notices.

Subscription management and billing

To manage subscription status, entitlements to paid features, and purchase history via RevenueCat, Apple App Store, and Google Play.

Improving the Service

To understand how the app is used (e.g., feature usage, performance metrics) using product interaction data from Firebase Analytics, in order to improve stability and usability.

Security and fraud prevention

To monitor for misuse, protect users, and ensure the integrity and security of our systems.

Legal and compliance

To comply with legal obligations, including accounting and tax requirements, and to respond to lawful requests from public authorities.

5. Legal Bases under GDPR

We rely on the following legal bases:

Performance of a contract (Art. 6(1)(b) GDPR)

For processing necessary to provide the Service, operate your account, and manage subscriptions.

Legitimate interests (Art. 6(1)(f) GDPR)

For maintaining security, preventing misuse, and analyzing product interaction data to improve the Service, where such interests are not overridden by your rights and freedoms.

Legal obligation (Art. 6(1)(c) GDPR)

For processing required to comply with legal requirements such as accounting or tax regulations.

Consent (Art. 6(1)(a) GDPR)

Where required by law, for optional features or communications. You may withdraw consent at any time without affecting prior lawful processing.

6. Specific Data Uses

6.1 Phone Number (Onboarding Use)

If you provide your phone number during onboarding, we use it to:

Identify your account and workspace

Facilitate communication regarding your account or service-related matters

We do not use phone numbers for advertising purposes.

6.2 Audio Recordings (Voice Notes)

You may attach audio recordings (voice notes) to tasks or projects. These recordings are processed and stored to:

Enable the core functionality of voice notes

Allow authorized workspace users to access and manage them

You are responsible for ensuring compliance with applicable laws when recording or sharing personal data of third parties.

6.3 Product Interaction Data (Firebase Analytics)

We use Firebase Analytics to collect product interaction data such as:

Feature usage patterns

App performance and stability metrics

This helps us improve usability, reliability, and performance.

We do not use Firebase Analytics to create advertising profiles or to combine data across third-party services.

6.4 RevenueCat and App Stores

We use RevenueCat to manage subscriptions, entitlements, and purchase history.

RevenueCat processes data such as:

User ID or app-specific identifiers

Subscription status and renewal information

Purchase history related to the app

Subscriptions are billed and processed by Apple App Store and Google Play, which act as independent controllers for payment processing. We do not store full payment card details.

7. International Data Transfers

Our primary infrastructure is hosted within the European Union. In limited cases, data may be processed outside the European Economic Area (EEA).

Where data is transferred outside the EEA, we rely on appropriate safeguards such as:

Standard Contractual Clauses (SCCs) approved by the European Commission

Other equivalent legal mechanisms required by applicable law

staveto s. r. o.
Registered in the Slovak Republic

Privacy contact: privacy@staveto.sk
General support: support@staveto.sk