Privacy Policy

1. Introduction

Developer Vladimír Urík built the Cenly app as a Free app. This SERVICE is provided at no cost and is intended for use as is.

This page is used to inform visitors regarding our policies with the collection, use, and disclosure of Personal Information if anyone decided to use our Service.

If you choose to use our Service, then you agree to the collection and use of information in relation to this policy. The Personal Information that we collect is used for providing and improving the Service. We will not use or share your information with anyone except as described in this Privacy Policy.

2. Information Collection and Use

For a better experience, while using our Service, we may require you to provide us with certain personally identifiable information. The information that we request will be retained by us and used as described in this privacy policy.

Legal Basis for Processing

We process your data based on the following legal grounds:

Contract Performance – providing app functionality (lists, cards, synchronization)
Legitimate Interest – ensuring security, backups, technical support, and abuse prevention
Consent – for marketing communication and voluntary feedback (can be withdrawn at any time)

Cookies and Tracking Technologies

Our websites and applications use "Cookies" and similar technologies only for necessary technical purposes:

Session Cookies – to maintain login sessions and secure communication (XSRF protection)
Local Storage – for storing settings and offline data (see below)

We do not use advertising cookies or third-party cookies for cross-site tracking.

Registration Data and Newsletter

Email Address – for registration, account recovery, and (if you consent) for sending newsletters
Name – for app personalization
Password – for account security (stored in hashed form)

Marketing Communication

If you have consented to receive newsletters (waitlist/newsletter), we may occasionally send you information about app updates. You can unsubscribe at any time by clicking the "Unsubscribe" link in the footer of every email.

App Usage Data

Shopping Lists – items you add to lists
Saved Prices – product price information for calculating savings
Loyalty Cards – barcodes of your loyalty cards (store brand, code type, code data)

Loyalty Cards

You can save a maximum of 3 loyalty cards for each store brand. Card data is stored securely and accessible only to you after logging in.

Local Storage (on your device)

We store some data directly in your device's memory to ensure app functionality, offline mode, and faster loading.

Auth Tokens – to maintain persistent login in the app
App Settings – preferences (language, dark mode) and state information (e.g., first launch)
Offline Cache – temporarily stored data (lists, products) for offline functionality
Diagnostic Data – technical log history from the last 5 launches (for bug reporting purposes)

Activity Tracking in App

To improve our services and ensure a better user experience, we may collect the following data about your activity:

Login and Registration – login time, IP address, login method
Product Search – search queries and number of results
Feature Usage – interactions with shopping lists, viewing products

Option to Disable Tracking

You can disable activity tracking at any time in the app settings:
Settings → Privacy → Activity Tracking.
After disabling, no data about your activity will be collected.

Note for Test Versions: In closed test versions (marked as "cr-"), activity tracking is permanently enabled for diagnostics and app improvement purposes. By using a test version, you agree to this.

Feedback

If you decide to fill out the feedback form, we collect the following data:

App Rating – overall rating 1-5 stars
NPS Score – likelihood of recommendation (0-10)
What you like / What to improve – options you selected
Discovery Source – how you found the app
Usage Issues – what frustrates you
Text Comments – your suggestions and remarks

Feature Suggestions and Community Content (Feature Feeder)

The application includes a "Feature Feeder" section where you can suggest new features, vote on them, and comment. Please note:

Public Content – The title and description of your suggestion, as well as comments you add, are publicly visible to other users.
Identity – Your contribution (suggestions, comments) displays your name and profile picture to identify the author.
Moderation – We reserve the right to moderate, edit, or remove any content that violates rules of conduct or is inappropriate.

Notification Management

We respect your privacy and give you full control over what messages you receive from us. In App Settings → Notifications, you can manage your preferences in detail:

Channels: You can independently toggle email notifications and phone push notifications.
Message Types: You can choose specific types of notifications you want to receive:
- Security Alerts (e.g., login from a new device)
- Marketing and News (newsletters, shopping tips)

Marketing communications are sent only based on your consent (opt-in) or legitimate interest (upon registration), and always contain a link for immediate unsubscription.

Security Alerts

To ensure your protection, automatically sent security emails (e.g., upon login) contain device identification and IP address from which the login was performed.

Password Recovery and Change

To ensure the security of your account, we provide the following functions:

Forgot Password – If you forget your password, you can request a reset by entering your email address. An 8-digit verification code valid for 15 minutes will be sent to your email.
Change Password – Logged-in users can change their password in settings. To verify identity, an 8-digit code sent to email is required again.

Verification Emails

Verification codes for password recovery and change are sent exclusively to the email address associated with your account. These emails contain no sensitive data other than the code itself. Codes are one-time use and are automatically deleted after use or expiration.

Managed Logged-in Devices

In the section Settings → Security → Logged-in Devices, you have an overview of all active sessions of your account:

Device List – Shows all devices you are logged in from, including device type (iPhone, Android, Mac, Windows), IP address, and last used time.
Current Device – The device you are currently using is marked with a "THIS DEVICE" tag.
Logout Device – You can remotely log out any other device. To confirm this action, entering your password is required.

Session Data

For each active session, we store the IP address and user agent (browser/app info) upon login. This data is used exclusively for display in the device overview and for security purposes (unauthorized access detection). Upon logout, this data is deleted along with the session.

Bug Reports

If you report a bug in the app via the form, we process:

Bug Description and Reproduction Steps – information you enter to fix the bug
Technical Data – platform (iOS/Android) and app version
Resolution Status – information about the progress of fixing your reported bug
Support Communication – messages exchanged between you and administrators while resolving your report

Real-time Communication

The app enables two-way communication between you and our support team in real-time. Messages are delivered instantly using WebSocket technology and stored for communication history purposes. All communication is linked to your user account and is accessible only to you and administrators.

Notifications: When your report status changes or you receive a new message from support, you will receive a push notification and data will automatically sync in the app.

Feedback and Your Account

Feedback and reported bugs are linked to your user account so we can potentially respond to your suggestions. We use this data exclusively for improving and fixing the application.

Technical Logs: The app stores a history of technical logs locally on your device for the last 5 launches. This data is sent to the server only as an attachment if you decide to send a "Bug Report".

Savings Tracking and Purchase History

To provide the "Total Saved" feature and savings statistics, we process:

Purchase History – product prices at the moment of checking off items in the shopping list
Savings Amount – difference between the lowest and highest product price on the market
Total Savings – cumulative sum of savings across all your purchases

How We Calculate Savings

When you mark an item as "completed", the app automatically compares the current product price with the highest available price on the market. The difference is calculated as your savings and added to the "Total Saved" sum.

This data is stored to display your statistics and is not shared with third parties. You can reset your savings data at any time by deleting your account.

Real-time Synchronization

The app uses WebSocket technology to ensure instant data synchronization:

Shopping Lists – list changes (adding, editing, deleting items) sync immediately
Savings Statistics – "Total Saved" updates appear in real-time
Bug Reports – new messages and status changes display without needing to refresh

Synchronization Technical Details

WebSocket connection is established after login and maintained during active app usage. Transmitted data is encrypted and authenticated using a unique token linked to your account. No sensitive data is stored on third-party servers.

3. Third Party Services

The app uses third-party services that may collect information used to identify you. Links to the privacy policy of third-party service providers used by the app:

Google Play Services Expo Cloudflare Sentry (Error Tracking)

Expo Push Notifications

We use Expo infrastructure to deliver notifications. Notifications (including their content) may temporarily pass through Expo servers, which ensure their secure delivery to Apple (APNs) and Google (FCM) platforms. Notification tokens are shared with this service for the purpose of message delivery.

Web Analytics (Umami)

We use a self-hosted instance of Umami Analytics to analyze traffic. This tool does not use cookies, does not track users across other websites, and collects only anonymized usage data. All data is stored on our server and is not shared with the tool creators or any other third parties.

Email Services (UseSend, Amazon SES)

We use a self-hosted instance of UseSend and Amazon Simple Email Service (SES) for sending transactional and marketing emails. These services process your email address and message content exclusively for delivery purposes.

Zoho ZeptoMail (Zoho Corporation)

We also use Zoho ZeptoMail (part of Zoho Cloud) for sending transactional emails. This service processes your email address and message content exclusively for delivery purposes. All data is processed on servers located in the European Union (EU), ensuring compliance with European data protection regulations.

Real-time Server (Custom Solution)

To ensure instant synchronization of shopping lists and changes, we use a custom (self-hosted) real-time server. Communication takes place via the secure WebSocket protocol (WSS) and is used exclusively for data synchronization between your devices.

Data Storage and Transfer

Main Data and Files: All data, including the database and uploaded files (S3 compatible storage), are stored on secure servers in the European Union (Germany). The hosting provider is Hetzner Online GmbH.

Third Party Services: Due to the use of global services for notifications and distribution (Google, Expo, Cloudflare), some technical data (e.g., notification tokens) may be processed on servers outside the EEA.

Over-the-Air Updates (OTA)

The app uses Expo Updates service to deliver fixes and improvements directly to your device without needing to download a new version from the store. When checking for updates, the app may send technical device data (OS version, app version) to download the correct bundle.

3.1 Artificial Intelligence (AI) Services

We use third-party artificial intelligence services to provide AI Assistant features (chat, shopping list suggestions, discount analysis). When using these features, necessary data is shared with the provider.

Google Gemini (Google LLC)

We use the Gemini model by Google to generate assistant responses and process queries. When interacting with the assistant, the following data is sent to the provider:

The text of your chat messages
Relevant context (e.g., current shopping list, your preferences)

Google processes this data in accordance with their privacy policy. Data sent via our API interface is not used to train their public models.

4. Log Data

We want to inform you that whenever you use our Service, in a case of an error in the app we collect data and information (through third-party products) on your phone called Log Data.

This Log Data may include information such as:

Your device Internet Protocol ("IP") address
Device Name
Operating System version
The configuration of the app when utilizing our Service
The time and date of your use of the Service
Other statistics

Error Processing (Sentry)

To monitor application stability, we use Sentry service. In case of an app crash or error, anonymized data about the app state, stack trace, and basic device info are sent.

Data Location: Error report data is sent and processed on servers in the European Union (Germany) (ingest.de.sentry.io), ensuring compliance with European data protection standards.

4.1 Admin Access

Selected administrators of the Cenly app have access to some user data for the following purposes:

Customer Support and Management

To resolve your inquiries, problems, and requests, administrators may view your data, saved store loyalty cards, shopping lists, and detailed activity history (including search history and IP addresses).

Analytics and Service Improvement

To analyze app usage and improve it, administrators may view aggregated and anonymized statistics, search overviews, and feature usage.

Security and Abuse Prevention

To ensure service security and prevent abuse, administrators may monitor suspicious activity and take appropriate measures, including temporary or permanent account ban. In case of a ban, we retain the reason for this action.

5. Data Retention

We retain your personal data only for as long as necessary for the purposes described in this Privacy Policy. Below is an overview of our data retention periods:

Account Data

Your account information (email, name, password hash) is retained until you delete your account. After account deletion, all personal data is permanently removed within 30 days.

Shopping Lists and Activity

Shopping lists, purchase history, and savings data are retained until you delete your account. Activity logs (login history, searches) are automatically deleted after 90 days.

Bug Reports and Support

Bug reports and support communication are retained for 2 years after resolution to help with recurring issues and service improvement.

Technical Logs

Server logs and error reports (Sentry) are retained for 90 days. Anonymized analytics data may be retained indefinitely for statistical purposes.

6. Your Rights

Under the General Data Protection Regulation (GDPR) and applicable data protection laws, you have the following rights regarding your personal data:

Right of Access

You have the right to request a copy of all personal data we hold about you. Contact us at privacy@cenly.cz to request access to your data.

Right to Rectification

You can update your personal information (name, email) at any time through the app settings. If you cannot make changes yourself, contact us and we will correct any inaccurate data.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your account and all personal data by contacting us at privacy@cenly.cz. All your personal data will be permanently removed within 30 days.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format. Contact us at privacy@cenly.cz to request a data export.

Right to Object and Restrict Processing

You can object to processing based on legitimate interest. You can disable activity tracking in Settings → Privacy → Activity Tracking and manage notification preferences.

Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For users in the Czech Republic, this is the Office for Personal Data Protection (ÚOOÚ). For users in Slovakia, this is the Office for Personal Data Protection of the Slovak Republic.

To exercise any of these rights, please contact us at privacy@cenly.cz. We will respond to your request within 30 days.

7. Children's Privacy

Our Service is not intended for use by children under the age of 16 years. We do not knowingly collect personal data from children under 16.

Age Requirement

By using this app, you confirm that you are at least 16 years old or have parental consent. If we discover that we have collected personal data from a child under 16 without parental consent, we will delete that information as quickly as possible.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@cenly.cz so we can take appropriate action.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will take appropriate measures to inform you, consistent with the significance of the changes.

How We Notify You

Minor changes: Updated policy will be posted on this page with a new "Last updated" date.
Significant changes: We will notify you via email or in-app notification before the changes take effect.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

9. Contact & Service Provider

If you have any questions about this Privacy Policy, please contact us:

privacy@cenly.cz

Service Provider

Vladimír Urík - Development
ID: 56435410
Address: 97248 Horná Ves, Rudica 389
Registration: District Office Prievidza, Trade Register No.: 340-51286