Roomify Privacy Policy
This policy explains how Roomify collects, uses, stores, and protects personal data processed by the Roomify Smart Camera mobile app and related cloud services (FastAPI backend, ML processor, MinIO storage, etc.) used to capture cargo bays and measure available truck space.
1. Data controller & contact
Roomify acts as the data controller. For privacy questions reach us at privacy@roomify.tech.
2. Data we collect
2.1. Account data
- First/last name, work e-mail, password (stored hashed), user role within the company.
- Company name and identifiers linked to the account.
2.2. Operational data
- Cargo bay photos, depth maps, 3D masks, and other visuals captured during measurements.
- Measurement metadata: order IDs, trip IDs, comments, timestamps.
- Geolocation and telemetry when the customer enables trip-level location tagging.
- Wallet/balance records for internal Roomify transactions (no card data stored).
2.3. Technical & log data
- IP address, device model, OS version, locale, and network parameters.
- App logs, crash reports, and performance metrics (including Crashlytics/Sentry if enabled by the customer).
- Offline queue files stored until synchronization finishes.
2.4. Support & feedback
- Support tickets, attachments, and contact details provided by the user.
3. How we use the data
- Provide core app features: authentication, queued measurements, wallet, dashboards.
- Run ML processing to generate depth maps and estimate available cargo volume.
- Sync data with the Roomify admin console and customer reporting systems.
- Ensure security, prevent fraud, and audit user activity.
- Send operational alerts, incident messages, and service updates.
- Analyze aggregated usage to improve reliability and plan new features.
4. Legal bases (GDPR)
- Contractual necessity with the customer organization and app users.
- Legitimate interests (service improvement, abuse prevention, platform security).
- Legal obligations such as record keeping and compliance.
- Consent for optional features (e.g., geolocation tagging).
5. Sharing with third parties
We do not sell data and do not run ads. Access is restricted to:
- Roomify hosting infrastructure (PostgreSQL, Redis, MinIO, container hosts secured via TLS and RBAC).
- Monitoring/logging vendors (e.g., Sentry) strictly for diagnostics.
- Transactional e-mail/SMS providers when notifications are enabled.
- Customer administrators who manage their tenant’s users, orders, and measurement data.
- Regulators or law enforcement when we are legally obliged to respond.
Geospatial attribution: Roomify uses the Natural Earth dataset (public domain) for country boundary data. Source: naturalearthdata.com.
6. Retention
- Account data: for the duration of the customer contract plus up to 12 months post-offboarding.
- Media & measurements: according to the customer’s policy, 24 months by default before deletion or anonymization.
- Logs & telemetry: 6–18 months depending on risk classification.
7. Security controls
- HTTPS/TLS for all endpoints and S3-compatible encryption for artifacts.
- SecureStore token storage, automatic expiration, and refresh-token rotation.
- Environment isolation (dev/stage/prod), Sentry monitoring, API audit trails.
- Role-based access control and mandatory authentication for every API call.
8. Your rights
Depending on applicable law (GDPR, local privacy statutes) you may:
- Request access to your data and obtain a copy.
- Correct inaccurate information.
- Ask us to delete data where no lawful basis requires retention.
- Restrict or object to certain processing activities.
- Receive data in a portable format.
- Withdraw consent for processing that relies on consent.
Send requests to privacy@roomify.tech. Signed-in users can also start an account deletion request from the Roomify mobile app under Profile > Account Security > Delete account. A public deletion request page is available at https://roomify.tech/delete-account.
9. Device permissions
- Camera & storage: used solely to capture and store measurements.
- Location: optional, enabled per customer policy to tag trips.
- Network & notifications: required for syncing jobs and sending service alerts.
10. International transfers
Roomify hosts production systems in the EU. If data leaves the EU/EEA we rely on Standard Contractual Clauses or other GDPR-compliant safeguards.
11. Children
Roomify is not intended for individuals under 16 and we do not knowingly collect their data.
12. Updates
We may revise this policy to reflect service or legal changes. The latest version will be published in the app and on this dedicated hosting page.
13. Contact
Questions? Contact privacy@roomify.tech or reach out via your Roomify tenant administrator.