Plain-language summary: Granted stores your immigration data on your own device and iCloud. We never sell your data, never show ads, and you can delete everything at any time. Your documents are yours.
1. Overview
Granted processes personal data belonging to non-EU nationals living in Ireland. This data includes immigration status, document metadata, and identity information used for authentication. This policy defines how that data is collected, stored, processed, and protected in compliance with the General Data Protection Regulation (GDPR) and the Irish Data Protection Acts 2018.
As the developer and operator of Granted, the individual developer acts as both Data Controller (for authentication data) and Data Processor (for document metadata facilitating iCloud storage).
1.1 Data Controller
Name: [Developer name]
Contact: privacy@getgranted.ie
Address: Ireland
As a sole trader operating under the Apple Small Business Programme, the developer is personally responsible for GDPR compliance.
1.2 Legal Bases for Processing
| Data Type | Legal Basis | GDPR Article |
|---|---|---|
| Anonymous session (no personal data) | Legitimate interest | Art. 6(1)(f) |
| Firebase UID + email (registered users) | Consent | Art. 6(1)(a) |
| Stamp records (IRP type, dates) | Consent | Art. 6(1)(a) |
| OCR text from IRP card scan | Consent | Art. 6(1)(a) — Pro feature opt-in |
| Document metadata (filename, type, year) | Consent | Art. 6(1)(a) — Pro feature opt-in |
2. Data Inventory
2.1 Data We Store
| Data | Where stored | Retention | Who can access |
|---|---|---|---|
| Firebase UID (anonymous) | Firebase Auth (europe-west1) | Until user deletes app | Developer via Firebase Console |
| Email address (if registered) | Firebase Auth (europe-west1) | Until account deleted | Developer via Firebase Console |
| Display name (if provided) | SwiftData (device + iCloud) | Until user deletes | User only (iCloud encrypted) |
| Stamp records (type, dates, notes) | SwiftData + iCloud | Until deleted by user | User only (iCloud encrypted) |
| Document metadata (filename, type) | SwiftData + iCloud | Until deleted by user | User only (iCloud encrypted) |
| Document files (PDF, images) | User's iCloud Drive (personal) or Firebase Storage europe-west1 (family plan) | Until deleted by user | User only |
| OCR text (from scan — transient) | Memory only — never persisted | Duration of scan session only | On-device only |
2.2 Data We Do NOT Store
- IRP card photographs — images are held in memory only during OCR extraction, then immediately discarded
- Passport photographs or biometric data of any kind
- Payment information — all payment processing is handled exclusively by Apple and RevenueCat
- Location data — the app never requests location permission
- Device identifiers for advertising — no advertising SDKs are used
- Health or biometric data
- Children's data — the app is rated 4+ but the immigration context means users are adults
2.3 Third-Party Data Processors
| Processor | Location | Data Shared |
|---|---|---|
| Firebase (Google) | europe-west1 (Belgium) | Firebase UID, email address, authentication tokens. DPA signed with Google Cloud. |
| Anthropic (AI / OCR fallback) | USA | Raw OCR text from IRP card scan (stamp type, dates, name as text string). No image. No biometrics. SCCs cover EU–US transfer. |
| Apple iCloud | User's iCloud region | All user data stored in iCloud is processed under Apple's own DPA. Developer never has access. |
| RevenueCat | USA | Apple ID receipt data (subscription status only). No payment card data. SCCs apply. |
3. Your Rights
Under GDPR, you have the following rights:
3.1 Right of Access (Article 15)
You can request a copy of all personal data held about you. We will respond within 30 days. Contact: privacy@getgranted.ie. Data provided: Firebase account record, stamp records exported as JSON.
3.2 Right to Erasure (Article 17)
Deleting the app removes all SwiftData records and iCloud documents. You can delete your Firebase account via Settings → Delete My Account in the app. Firebase anonymous accounts auto-expire after 30 days of inactivity.
3.3 Right to Data Portability (Article 20)
You can export your stamp records as a JSON or CSV file from the Settings screen at any time.
3.4 Right to Withdraw Consent
You can withdraw consent at any time by signing out. Anonymous sessions hold no personal data and do not require consent withdrawal. Signing out terminates the Firebase session. Stamp data remains on your device until you delete the app.
3.5 Right to Lodge a Complaint
If you believe your data has been handled incorrectly, you have the right to lodge a complaint with the Data Protection Commission Ireland (DPC):
www.dataprotection.ie · info@dataprotection.ie · +353 (0)761 104 800
4. Privacy by Design
4.1 Data Minimisation
- Anonymous sessions collect zero personal data — the app is fully functional without an account
- Stamp records contain only type and dates — no free-text fields except optional notes
- OCR pipeline discards the IRP card image immediately after text extraction
- Only document metadata is stored in SwiftData — not document content
4.2 Storage Limitation
- Documents are stored in your own iCloud — we never have access to document content
- Firebase stores only authentication credentials — no immigration data
- Firebase Storage uses UID-locked security rules — only you can read your data
4.3 Security Measures
- All iCloud data protected by Apple's end-to-end encryption
- Firebase Security Rules prevent any cross-user data access
- All network connections use TLS (App Transport Security enforced)
- No hardcoded credentials in source code
- No advertising SDKs — ATT prompt is never shown
5. App Store Privacy Nutrition Label
The following is declared in Granted's App Store Connect privacy label:
- Contact Info: Email address — used for account creation, linked to identity
- Identifiers: Firebase User ID — used for app functionality, linked to identity
- Usage Data: Stamp records — used for app functionality, linked to identity
- No data is used for tracking
- No location, browsing, or health data is collected
6. Incident Response
In the event of a personal data breach:
- We will assess the scope within 24 hours of discovery
- If the breach poses risk to individuals, we will notify the DPC within 72 hours
- If the breach poses high risk, we will notify affected users directly without undue delay
- All breaches are documented in an internal breach register
7. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via an in-app notice. The "last updated" date at the top of this page reflects the most recent revision.
8. Contact
For any privacy-related queries:
📧 privacy@getgranted.ie
🌐 getgranted.ie