Plain-language summary: Granted stores your immigration data on your own device and iCloud. We never sell your data, never show ads, and you can delete everything at any time. Your documents are yours.
1. Overview
Granted processes personal data belonging to non-EU nationals living in Ireland. This data includes immigration status, document metadata, and identity information used for authentication. This policy defines how that data is collected, stored, processed, and protected in compliance with the General Data Protection Regulation (GDPR) and the Irish Data Protection Acts 2018.
As the developer and operator of Granted, the individual developer acts as the Data Controller for all personal data processed through the app. Third-party services (Firebase, Anthropic, Apple iCloud, RevenueCat) act as Data Processors under their respective data processing agreements.
1.1 Data Controller
Name: Naveen George Thoppan
Contact: privacy@getgranted.ie
Address: Ireland
As an individual developer based in Ireland, Naveen George Thoppan is personally responsible for GDPR compliance under the Irish Data Protection Acts 2018.
1.2 Legal Bases for Processing
| Data Type | Legal Basis | GDPR Article |
|---|---|---|
| Anonymous session (no personal data) | Legitimate interest | Art. 6(1)(f) |
| Firebase UID + email (registered users) | Consent | Art. 6(1)(a) |
| Stamp records (IRP type, dates) | Consent | Art. 6(1)(a) |
| Absence records (travel dates, destination) | Consent | Art. 6(1)(a) |
| OCR text from IRP card scan | Consent | Art. 6(1)(a) — Pro feature opt-in |
| Document metadata (filename, type, year) | Consent | Art. 6(1)(a) — Pro feature opt-in |
2. Data Inventory
2.1 Data We Store
| Data | Where stored | Retention | Who can access |
|---|---|---|---|
| Firebase UID (anonymous) | Firebase Auth (europe-west1) | Until user deletes app | Developer via Firebase Console |
| Email address (if registered) | Firebase Auth (europe-west1) | Until account deleted | Developer via Firebase Console |
| Display name (if provided) | SwiftData (device + iCloud) | Until user deletes | User only (encrypted in iCloud per Apple's security model) |
| Stamp records (type, dates, notes) | SwiftData + iCloud | Until deleted by user | User only (encrypted in iCloud per Apple's security model) |
| Absence records (travel dates, destination) | SwiftData + iCloud | Until deleted by user | User only (encrypted in iCloud per Apple's security model) |
| Document metadata (filename, type, year) | SwiftData + iCloud | Until deleted by user | User only (encrypted in iCloud per Apple's security model) |
| Document files (PDF, images) | User's iCloud container — all subscription tiers. Developer never has access. | Until deleted by user | User only (encrypted in transit and at rest under Apple's iCloud security policies) |
| OCR text (from scan — transient) | Memory only — never persisted | Duration of scan session only | On-device only |
2.2 Data We Do NOT Store
- IRP card photographs — images are held in memory only during OCR extraction, then immediately discarded
- Passport photographs or biometric data of any kind
- Payment information — all payment processing is handled exclusively by Apple and RevenueCat
- Location data — the app never requests location permission
- Device identifiers for advertising — no advertising SDKs are used
- Health or biometric data
- Children's data — the app is rated 4+ but the immigration context means users are adults
2.3 Third-Party Data Processors
| Processor | Location | Data Shared |
|---|---|---|
| Firebase (Google) | europe-west1 (Belgium) | Firebase UID, email address, authentication tokens. DPA signed with Google Cloud. |
| Anthropic (AI / OCR fallback) | USA | Raw OCR text from IRP card scan (stamp type, dates, name as text string). No image. No biometrics. SCCs cover EU–US transfer. |
| Apple iCloud | User's iCloud region | All user data stored in iCloud is processed under Apple's own DPA. Developer never has access. |
| RevenueCat | USA | Apple ID receipt data (subscription status only). No payment card data. SCCs apply. |
3. Your Rights
Under GDPR, you have the following rights:
3.1 Right of Access (Article 15)
You can request a copy of all personal data held about you. We will respond within 30 days. Contact: privacy@getgranted.ie. Data provided: Firebase account record, stamp records exported as JSON.
3.2 Right to Erasure (Article 17)
Settings → Delete My Account removes your Firebase account, all on-device records, and your documents from your iCloud Drive (including any family-member document folders) in a single action. The deletion runs in two passes: per-document removal for any files tracked in metadata, followed by a sweep of your entire iCloud subtree to catch any orphan files. Anonymous Firebase accounts that have been inactive for an extended period may additionally be removed by Firebase.
3.3 Right to Data Portability (Article 20)
You can export your stamp records as a JSON or CSV file from the Settings screen at any time.
3.4 Right to Withdraw Consent
You can withdraw consent at any time by signing out. Anonymous sessions hold no personal data and do not require consent withdrawal. Signing out terminates the Firebase session. Stamp data remains on your device until you delete the app.
3.5 Right to Lodge a Complaint
If you believe your data has been handled incorrectly, you have the right to lodge a complaint with the Data Protection Commission Ireland (DPC):
www.dataprotection.ie · info@dataprotection.ie · +353 (0)761 104 800
4. Privacy by Design
4.1 Data Minimisation
- Anonymous sessions collect zero personal data — the app is fully functional without an account
- Stamp records contain only type and dates — no free-text fields except optional notes
- OCR pipeline discards the IRP card image immediately after text extraction
- Only document metadata is stored in SwiftData — not document content
4.2 Storage Limitation
- Documents are stored in your own iCloud — we never have access to document content. This applies to all subscription tiers including Family.
- Firebase stores only authentication credentials (UID, email) — no immigration data, no documents
4.3 Security Measures
- All iCloud data protected by Apple's end-to-end encryption
- Firebase Security Rules prevent any cross-user data access
- All network connections use TLS (App Transport Security enforced)
- No hardcoded credentials in source code
- No advertising SDKs — ATT prompt is never shown
5. App Store Privacy Nutrition Label
The following is declared in Granted's App Store Connect privacy label:
- Contact Info: Email address — used for account creation, linked to identity
- Identifiers: Firebase User ID — used for app functionality, linked to identity
- Usage Data: Stamp records — used for app functionality, linked to identity
- No data is used for tracking
- No location, browsing, or health data is collected
6. Incident Response
In the event of a personal data breach:
- We will assess the scope within 24 hours of discovery
- If the breach poses risk to individuals, we will notify the DPC within 72 hours
- If the breach poses high risk, we will notify affected users directly without undue delay
- All breaches are documented in an internal breach register
7. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via an in-app notice. The "last updated" date at the top of this page reflects the most recent revision.
8. Contact
For any privacy-related queries:
📧 privacy@getgranted.ie
🌐 getgranted.ie