Privacy Policy

This Privacy Policy describes how BoltOrigin ("we", "us", or "our") collects, uses, and protects your personal data when you use the WageWarden application ("App"). We respect your privacy and are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and Dutch implementation law (Uitvoeringswet AVG).

BoltOrigin is based in the Netherlands and operates under Dutch and European law.

The data controller for your personal data is:

BoltOrigin
[Address to be added upon company registration]
The Netherlands
KvK: [To be added upon registration]

For questions about this privacy policy or your personal data, you can contact us at: [email protected]

3.1 Data you provide to us

When you create an account:

• Email address

3.2 Data you enter in the App

Work and shift data:

• Jobs (name, employer, currency)
• Shift types (name, color, default start/end time, breaks)
• Shifts (start/end time, notes)
• Premium rules (bonuses for evening/night/weekend shifts)
• Holidays

Pay rates stay on your device. Your hourly and premium pay rates are never uploaded to our servers, even when cloud sync is on. They live only in the App's local storage, so after you restore on a new device you re-enter them.

Optional integrations:

• Calendar subscription settings (if you enable the ICS feed)

3.3 Automatically collected data

• A randomly generated sync identifier (created on-device; not linked to hardware)
• App version and platform (included in network requests)
• Last synchronized timestamp
• Advertising identifier (used by Google AdMob to serve banner ads to free users; can be limited in your device's Privacy or Ads settings)

3.4 Purchase data

Premium purchases are processed entirely through Google Play. We do not receive or store transaction data on our servers. Premium status is verified locally on your device via the Google Play Billing API. Google's own privacy policy governs data collected during purchases.

We process your data for the following purposes:

Performance of contract (Art. 6(1)(b) GDPR)

• Providing App functionality
• Synchronizing data between your devices
• Processing premium purchases
• Providing customer support

Legitimate interest (Art. 6(1)(f) GDPR)

• Improving and optimizing the App
• Fraud prevention and security
• Technical debugging

We have conducted a balancing test and determined that our legitimate interests do not override your privacy rights, as this processing is strictly necessary for a secure and well-functioning App and involves minimal personal data.

Consent (Art. 6(1)(a) GDPR)

• Generating a calendar subscription (ICS) URL when you opt in

Automated decision-making (Art. 22 GDPR)

WageWarden does not use automated decision-making or profiling as defined in Article 22 GDPR. All decisions regarding your data are made by humans or are purely functional (such as calculating your earnings based on the data you enter).

5.1 Local storage

The App works primarily offline. Your data is stored locally on your device using encrypted SQLite databases.

5.2 Cloud synchronization (optional)

If you create an account, your data is synchronized with our servers hosted in the European Union. Your pay rates are the one exception: they are never included in this synchronization and never leave your device. We use:

• Encrypted connections (TLS 1.3)
• Encrypted storage
• Access control based on user authentication
• Regular security audits

5.3 Data processors

We use the following service providers:

• An EU-based Oracle Cloud virtual machine that hosts our optional cloud sync backend
• Google AdMob for serving banner advertisements to free users
• Nager.Date (date.nager.at) for fetching public holiday data based on your country setting

5.4 Data sharing

We do not sell your data. Free users see banner advertisements served by Google AdMob — Google may use your advertising identifier to show relevant ads. You can limit ad personalization in your device's Privacy or Ads settings. We do not share your shift data, earnings data, or other app content with advertisers. Data is otherwise only shared with processors necessary for the operation of the App, as listed above.

• Account data: Retained as long as your account is active
• Shift and work data: Retained as long as your account is active
• Technical logs: Maximum 90 days

After account deletion, your data will be permanently deleted within 30 days, except where legal retention requirements apply.

You have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR): You can request a copy of all data we hold about you.
• Right to rectification (Art. 16 GDPR): You can have incorrect data corrected.
• Right to erasure (Art. 17 GDPR): You can request deletion of your data ("right to be forgotten").
• Right to restriction (Art. 18 GDPR): You can request restriction of processing of your data.
• Right to data portability (Art. 20 GDPR): You can request your data in a structured, commonly used, and machine-readable format.
• Right to object (Art. 21 GDPR): You can object to processing based on legitimate interest.
• Right to withdraw consent (Art. 7(3) GDPR): You can withdraw previously given consent at any time.

To exercise your rights, contact us at [email protected]. We will respond within 30 days.

In the App

You can delete your account and all associated data via Settings > Account > Delete Account.

What gets deleted

• Your user account and profile
• All jobs, shifts, shift types, and premium rules
• Calendar subscription settings
• Synchronization data

What is retained

• Server access logs (maximum 90 days, standard server operation)

After account deletion, you can still use the App in offline mode without an account.

The App itself

The WageWarden mobile app does not use cookies. We use:

• Local storage for app settings
• Secure storage for authentication tokens (only if you sign in for cloud sync)

This website

This website (wagewarden.app) does not use cookies, local storage, tracking pixels, or analytics. Your language preference is resolved from your browser settings or a ?lang= URL parameter on each visit and is not persisted.

Cross-app tracking

We do not use your data for tracking across third-party apps or websites. Your data is only used within WageWarden for the purposes described in this policy.

Your data is stored within the European Economic Area (EEA). The optional cloud sync backend is hosted in the EU and we do not transfer your personal data outside the EEA in normal operation.

Free users may have their advertising identifier processed by Google AdMob (Google LLC), which is certified under the EU-US Data Privacy Framework. Your country setting is sent to Nager.Date to retrieve public holiday data; no personal data is included in these requests. Purchase data is managed entirely by Google Play and is not transferred through our servers.

We ensure all international data transfers comply with GDPR requirements for adequate protection.

WageWarden is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you are a parent or guardian and discover that your child has provided data to us, please contact us at [email protected].

We may update this privacy policy from time to time. For significant changes:

• We will post a notice on this website
• We will update the "Last updated" date at the top of this page

We recommend reviewing this policy regularly.

If you have complaints about how we process your data, you can:

1. Contact us at [email protected]
2. File a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):
   • Website: autoriteitpersoonsgegevens.nl
   • PO Box 93374, 2509 AJ The Hague, Netherlands

You also have the right to file a complaint with the supervisory authority in your EU member state of residence or place of work.

For questions about this privacy policy or your personal data:

BoltOrigin
Email: [email protected]

We aim to respond to general inquiries within 5 business days and to GDPR requests within 30 days.