Privacy Policy

Effective date: March 2026 · Last updated: March 2026

This Privacy Policy describes how MendWise ("we", "us", "our") collects, uses, and protects your personal data when you use the MendWise mobile application ("App"). We are committed to protecting your privacy and complying with applicable data protection laws, including the GDPR.

1. What Data We Process

Account data: email address, display name, provider ID (via Firebase Auth — Google, Apple, or email).
App usage data: timestamps, features used, AI call counters, subscription status.
Content you submit: problem descriptions, photos, and other inputs you provide to receive AI repair suggestions.
Diagnostics & device info: app version, OS version, crash/error logs, coarse geographic region.
Purchase metadata: subscription entitlement status and product identifiers managed via RevenueCat and the app stores. We do not store full payment card details.

2. Purposes and Legal Bases (GDPR)

Provide and improve the App and its AI features (Art. 6(1)(b), (f) GDPR).
Authenticate users and secure access (Art. 6(1)(b)).
Enforce usage limits, prevent abuse, and ensure reliability (Art. 6(1)(f)).
Process purchases and manage subscription entitlements (Art. 6(1)(b)).
Comply with legal obligations (Art. 6(1)(c)).
With your consent where required, e.g. certain analytics (Art. 6(1)(a)).

3. AI Processing

Your prompts — text descriptions and photos you submit — are sent to our AI provider (Google Vertex AI / Gemini) to generate repair suggestions. Do not submit sensitive personal data (health, biometric, financial, or children's data). AI outputs may be inaccurate; always review before acting on any repair guidance.

4. Service Providers

Google Firebase — authentication, database (Firestore), cloud functions, hosting, analytics.
Google Vertex AI (Gemini) — AI inference for repair guidance generation.
RevenueCat — subscription and in-app purchase infrastructure (Google Play / Apple App Store).

These providers may process data in the EU and outside the EEA. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses.

5. Data Sharing

We do not sell your personal data. We may share data with:

Service providers listed above, solely to operate the App;
Competent authorities where legally required;
A successor entity in case of a business transfer, subject to equivalent privacy safeguards.

6. Retention

Account data: retained for the lifetime of your account; certain records kept as required by law after deletion.
Usage logs and diagnostics: typically 12–24 months.
AI inputs/outputs: transient or as needed to deliver features; do not submit sensitive data.

7. Your Rights (GDPR / EEA)

You have the right to request access, rectification, erasure, restriction of processing, or portability of your personal data. You may also object to processing based on legitimate interests. Where processing is based on consent, you may withdraw it at any time. You can lodge a complaint with your local Data Protection Authority in the EEA.

To exercise any right, contact us at the address below.

8. Security

We apply technical and organizational measures appropriate to the risk, including encryption in transit, access controls, and server-side secrets management. No security measure is 100% guaranteed.

9. Children

The App is not directed at children under the age of 16 and must not be used by them. We do not knowingly collect personal data from children under 16.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted at this URL with a new effective date. Continued use of the App after changes constitutes acceptance.

11. Contact

For privacy-related questions or to exercise your rights:
Lukasz Pawlowski — lpawlowski99@gmail.com
Katowicka 27, Jastrzebie Zdroj, Poland