Privacy Policy

Last updated: May 29, 2026

This Privacy Policy describes how Pilna ("we", "our", or "the app") handles information when you use our mobile application. This policy applies to the Pilna iOS application developed and operated by Ivan Tsviatkou, a sole proprietor registered in Poland (hereinafter "the Developer").

1. Who We Are

Data Controller:
Ivan Tsviatkou
Sole Proprietor registered in Poland

Contact for privacy matters:
ivan.tsviatkou.pl@gmail.com

If you have questions about this Privacy Policy or how your data is handled, you can reach us at the email above.

2. Our Approach to Privacy

Pilna is designed with privacy as a core principle. We do not require you to create an account, and we do not collect your subscription data on our servers. Information about your subscriptions stays on your device.

However, to operate the app effectively and improve it over time, we do process limited technical and usage data through third-party services, described below.

3. What Information We Process

3.1 Data Stored Locally on Your Device

The app stores the following data locally on your device only:

• Subscription details you enter manually (name, price, billing cycle, billing date, color, notes)
• Your interaction history with the app (review sessions, zone assignments)
• App preferences (default currency, theme, font, notification settings)

This data is stored locally by the app on your device. We do not have access to this data, and we do not transmit it to our servers or analytics providers.

You can delete all app data at any time by deleting the app.

3.2 Analytics Data (Mixpanel)

We use Mixpanel (EU region) to understand how the app is used in aggregate. The following data is collected:

• App events (screen views, feature usage, button taps, errors)
• Device type and model, operating system version, app version
• Anonymous identifier (Mixpanel distinct_id) generated on your device — not linked to your personal identity
• Approximate timezone and language settings
• Country-level geographic region

We do not collect:

• Your name, email, or any personal contact information
• Your subscription names, prices, or any subscription-specific details
• Precise location
• Contents of your messages, photos, or other device data

Mixpanel servers are located in the European Union. For more information, see Mixpanel's privacy policy: https://mixpanel.com/legal/privacy-policy/

3.3 Analytics Data (Google Analytics for Firebase)

In addition to Mixpanel, we use Google Analytics for Firebase (provided by Google LLC) to understand app usage and to measure the effectiveness of our advertising campaigns. Firebase may collect similar anonymous app events, such as:

• App events (app opens, subscription added, review session completed, purchase completed)
• Device type and model, operating system version, app version
• Anonymous identifier (Firebase App Instance ID) generated on your device — not linked to your personal identity
• Approximate geographic region

We do not collect through Firebase:

• Your name, email, or any personal contact information
• Your subscription names, prices, or any subscription-specific details
• Precise location

Firebase Analytics data is processed by Google in the United States. For more information, see Google's privacy policy: https://policies.google.com/privacy

3.4 Purchase Data (RevenueCat)

We use RevenueCat to manage in-app purchases. Pilna offers a one-time non-consumable purchase to unlock premium features (lifetime access — no recurring charges). When you make or restore a purchase, RevenueCat processes:

• Apple-provided transaction identifiers
• Anonymous app user identifiers used to connect purchase status with app analytics
• Purchase status (active, refunded)
• Firebase App Instance ID, linked as a customer attribute to correlate purchases with anonymous analytics

RevenueCat does not receive your name, email, Apple ID, or payment details. Payment processing is handled entirely by Apple.

For more information, see RevenueCat's privacy policy: https://www.revenuecat.com/privacy

3.5 Crash and Error Reporting (Sentry)

We use Sentry to detect crashes and errors in the app. When an error occurs, Sentry may collect:

• Error type and stack trace
• App version, device model, operating system version
• Anonymous device identifier
• Technical state of the app at the time of the error (no personal or subscription data)

This helps us fix bugs faster. Sentry data is not linked to your personal identity.

For more information, see Sentry's privacy policy: https://sentry.io/privacy/

4. App Tracking Transparency and Advertising Attribution

Pilna may ask for your permission to track your activity across other companies' apps and websites, as required by Apple's App Tracking Transparency framework.

If you allow tracking: Google may receive your device's advertising identifier (IDFA) through the Google/Firebase SDKs to measure which advertisement, if any, led to your installation of Pilna. The IDFA is a random identifier provided by Apple and does not contain your name or personal information. This information is used solely to measure the performance of our advertising and helps us spend our marketing budget responsibly.

If you decline tracking: No IDFA is shared for this purpose. Advertising attribution may still be measured using Apple's SKAdNetwork framework, which provides anonymous, aggregated campaign-level signals and does not include personal information or the IDFA.

You can change your tracking choice at any time in iOS Settings → Privacy & Security → Tracking → Pilna.

We also use Apple Search Ads attribution via Apple's AdServices framework to measure the effectiveness of our advertising on the App Store. This does not involve IDFA or cross-app tracking.

We do not show advertisements inside Pilna. We do not sell your data to advertisers or anyone else.

5. Why We Process This Data

We process the limited data described above for the following purposes:

• To operate the app (displaying your subscriptions, processing purchases, providing features)
• To improve the app (understanding which features are used, fixing bugs, planning improvements)
• To process purchases (validating in-app purchases through Apple's App Store and RevenueCat)
• To ensure app stability (detecting and fixing crashes via Sentry)
• To measure the effectiveness of our advertising (so we can spend our marketing budget responsibly)

Our legal basis under GDPR is:

• Legitimate interest (Article 6(1)(f)) — for analytics, crash reporting, non-IDFA advertising attribution, and app improvement
• Contract performance (Article 6(1)(b)) — for processing in-app purchases you initiate
• Consent (Article 6(1)(a)) — for IDFA-based advertising attribution, granted through Apple's App Tracking Transparency framework (see Section 4)

6. Data Sharing and Transfers

We do not sell your data. We share limited data only with the service providers named above (Mixpanel, Google, RevenueCat, Sentry, Apple) as strictly necessary to operate the app and measure our advertising.

International transfers: Some of our service providers process data outside the European Union: Google (Firebase Analytics and advertising attribution) and RevenueCat in the United States. Mixpanel and Sentry process data within the European Union. International transfers are protected by standard contractual clauses or other mechanisms approved under GDPR Article 46, including the EU-US Data Privacy Framework where applicable.

7. How Long We Keep Data

• Local device data: remains on your device until you delete the app. You can delete all data at any time by deleting the app.
• Analytics data (Mixpanel): retained according to Mixpanel's default retention period, currently up to 5 years.
• Analytics data (Firebase): retained according to Google's default Firebase Analytics retention settings (typically 14 months), then deleted.
• Purchase data (RevenueCat): retained as required for accounting and Apple platform compliance, typically 7 years.
• Crash reports (Sentry): retained for 90 days, then deleted.

8. Your Rights Under GDPR

If you are located in the European Economic Area, you have the following rights:

• Right to access — request a copy of the data we hold about you
• Right to rectification — request correction of inaccurate data
• Right to erasure — request deletion of your data ("right to be forgotten")
• Right to restrict processing — request that we limit how we use your data
• Right to data portability — request data in a machine-readable format
• Right to object — object to processing based on legitimate interest
• Right to withdraw consent — where processing is based on consent
• Right to lodge a complaint — with your local data protection authority

To exercise any of these rights, email us at ivan.tsviatkou.pl@gmail.com. We will respond within 30 days.

To stop sharing your device advertising identifier (IDFA) with Google, you can disable tracking for Pilna at any time in iOS Settings → Privacy & Security → Tracking → Pilna. This will not affect other functionality of the app.

Note: Because we do not collect personal identifiers, in some cases we may not be able to identify which data relates to you specifically. In that case, we will explain what data categories we process and how you can delete your local data through the app.

9. Your Rights Under CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

• Right to know what personal information we collect and how it's used
• Right to delete personal information we've collected
• Right to opt out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your CCPA rights

To exercise CCPA rights, email ivan.tsviatkou.pl@gmail.com.

10. Children's Privacy

Pilna is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided information to us, please contact us at ivan.tsviatkou.pl@gmail.com and we will delete it.

11. Security

We use industry-standard security measures to protect data in transit (HTTPS/TLS) and rely on trusted service providers with their own security certifications. Data stored locally on your device is protected by iOS system security.

However, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the app or through App Store update notes. The "Last updated" date at the top indicates when the policy was most recently revised.

13. Digital Services Act (DSA) Statement

As a trader established in the European Union, we comply with the Digital Services Act. Our contact for DSA-related matters is ivan.tsviatkou.pl@gmail.com. We do not operate a platform service subject to the DSA's platform-specific obligations.

14. Governing Law

This Privacy Policy is governed by the laws of Poland and, where applicable, the European Union. Any disputes arising from this policy shall be resolved in the competent courts of Poland, subject to mandatory consumer protection laws in the user's country of residence.

15. Contact

For any questions, concerns, or requests related to this Privacy Policy:

Email: ivan.tsviatkou.pl@gmail.com
Developer: Ivan Tsviatkou, sole proprietor registered in Poland