Privacy Policy

Last updated: 29 May 2026.

This Privacy Policy explains how Grymala Sp. z o.o., ul. Nowogrodzka 31/414, 00-511 Warsaw, Poland ("Grymala", "we", "us") collects, uses, shares, stores and protects personal data when users use our mobile applications, websites and related services.

This Policy applies to our iOS and Android applications, including measurement, scanning, document, OCR, AI, nutrition, voice, audio, video, image-processing, productivity and other applications published by Grymala.

1. Who is responsible for data processing

Grymala Sp. z o.o. is the data controller for personal data processed under this Policy.

Users can contact us about privacy matters at support@grymalaltd.com.

If we appoint a Data Protection Officer or another privacy representative, we will provide the relevant contact details in this Policy.

2. Data we may process

Depending on the app, device, platform, country, account type and features used, we may process the following categories of data:

Account and contact data, such as name, email address, account identifiers, authentication information, subscription status and support communications.

User content, such as photos, videos, audio recordings, voice memos, documents, scans, PDFs, OCR text, measurement projects, floor plans, notes, prompts, AI requests, AI outputs and files uploaded, imported, generated or created in the app.

Device and technical data, such as device model, operating system, app version, language, region, IP address, device identifiers, advertising identifiers where permitted, crash logs, diagnostics, performance data and security logs.

App usage data, such as feature usage, onboarding events, subscription screen interactions, purchase status, errors, session information and other product interaction data.

Permission-based data, such as camera, microphone, photos, files, location, motion, LiDAR, AR or sensor data, where needed for the feature the user chooses to use.

Purchase and subscription data, such as product identifiers, entitlement status, renewal or cancellation status and transaction identifiers received from app stores or subscription infrastructure.

Wellness or nutrition-related data, where relevant to apps that provide calorie, food, diet or similar AI-assisted features. These features are for informational purposes and are not medical advice.

3. How we collect data

We collect data when users provide it directly, create or upload content, scan or record content, use AI or cloud features, create an account, purchase a subscription, contact support, or use app features that generate technical, analytics, crash or diagnostic data.

Some data is processed locally on the device. Some data may be transmitted off the device when required to provide a selected feature, such as cloud sync, backup, AI processing, OCR, transcription, analytics, crash reporting, security, advertising, attribution or customer support.

4. Why we use data

We use data to provide, maintain, secure and improve our apps; deliver features such as measuring, scanning, OCR, transcription, summaries, AI analysis, file storage, sync, export and sharing; manage accounts and subscriptions; provide support; analyze performance; fix bugs; prevent fraud and abuse; measure marketing performance; show ads where permitted; and comply with legal obligations.

5. Legal bases under GDPR

Where the General Data Protection Regulation (GDPR) applies, we rely on one or more legal bases depending on the context: performance of a contract, consent, legitimate interests and legal obligations.

Performance of a contract means processing needed to provide the app or a feature requested by the user. Consent means the user has agreed to optional processing, such as certain permissions, tracking, personalized advertising or AI/cloud processing where consent is required. Legitimate interests may include security, fraud prevention, diagnostics, non-personalized analytics and product improvement. Legal obligation means processing required by law, accounting, tax, platform or regulatory obligations.

Users may withdraw consent where processing is based on consent. Withdrawal does not affect processing that happened before consent was withdrawn.

6. AI and cloud processing

Some features may send user content to external AI, cloud, OCR, speech-to-text, image recognition, storage, database, hosting or infrastructure providers. This may include photos, audio, video, documents, text, prompts, metadata and generated outputs.

We use these providers to deliver the feature requested by the user, such as transcription, summarization, OCR, object recognition, calorie estimation, document processing, measurement processing, cloud backup, sync, export or account access across devices.

We do not sell user content. We require service providers to protect data and use it only to provide services to us, unless users are clearly informed otherwise and applicable consent is obtained.

Users should not upload content they are not allowed to share or content that contains sensitive personal data unless they understand and accept that it may be processed by external providers for the selected feature.

AI-generated results may be inaccurate, incomplete or unsuitable for important decisions. They should not be treated as professional, medical, legal, financial, architectural, engineering or safety advice.

7. Sharing with third parties

We may share data with categories of third parties that help us operate, secure, analyze, monetize and improve our apps. These may include cloud and infrastructure providers, AI and content-processing providers, analytics and diagnostics providers, attribution and marketing analytics providers, advertising partners, app stores and payment platforms, support and communication providers, legal advisors, auditors and authorities where required by law.

The exact providers may vary by app, platform, country, version and feature. We aim to keep our App Store and Google Play privacy disclosures consistent with the data practices of each app.

8. International transfers

We are based in Poland. Some providers may process data in other countries, including outside the European Economic Area. Where required, we rely on appropriate safeguards such as adequacy decisions, Standard Contractual Clauses, data processing agreements or other lawful transfer mechanisms.

9. Retention

We keep personal data only for as long as reasonably necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law.

Retention periods may depend on the data category, app, account status, subscription status, provider requirements, backup cycles, legal obligations, fraud prevention needs, dispute resolution and security requirements.

When data is no longer needed, we delete, anonymize or aggregate it according to our retention practices and technical limitations.

10. Deletion and account deletion

Users may delete certain files, projects or app content inside the app where this functionality is available.

If an app allows account creation, users may request deletion of their account and associated data through the app where available, by contacting us, or through a web resource that we provide for account/data deletion requests.

Deletion may not remove data that we are required or allowed to keep for legal, security, fraud prevention, accounting, tax, dispute-resolution or backup reasons. Where we retain such data, we keep it only for the relevant purpose and period.

11. User rights

Depending on the user's location, users may have rights to access, correct, delete, restrict or object to processing of their personal data, receive a portable copy of data, withdraw consent, opt out of certain advertising or tracking, and lodge a complaint with a data protection authority.

Users in Poland or the European Union may contact the Polish supervisory authority, Prezes Urzedu Ochrony Danych Osobowych (UODO), or another competent EU supervisory authority.

12. Permissions and privacy choices

Users can control many data practices through iOS or Android permission settings, App Tracking Transparency settings on iOS, advertising ID settings, in-app privacy/account/subscription settings, Apple App Store or Google Play account settings, and by contacting us.

If a user denies a permission, some features may not work. We aim to request permissions only when they are relevant to the feature being used.

13. Security

We use reasonable technical and organizational measures designed to protect personal data, including encryption in transit, access controls, security monitoring and provider security controls. No system is completely secure, and we cannot guarantee absolute security.

14. Ads, analytics and tracking

Some apps may use analytics, attribution, advertising or similar technologies. Where required, we ask for consent before personalized advertising, tracking or access to advertising identifiers. If users decline, they may still see non-personalized ads or limited measurement may still occur where permitted by law and platform rules.

We do not sell personal and sensitive user data as defined by Google Play policies.

15. App-specific differences

Not every app collects every category of data. Measurement and AR apps may process camera, AR, LiDAR, sensor and project data. Scanner, PDF, document and OCR apps may process documents, images, PDFs and extracted text. AI voice or transcription apps may process audio, video, transcripts, summaries and prompts. Nutrition or calorie apps may process food images, meal descriptions and wellness-related estimates.

Data practices may vary depending on the app, app version, platform, country, account type, subscription status and features used.

16. Children

Our apps are not intended for children under the age required by applicable law without parental consent. We do not knowingly collect children's personal data where prohibited. If we learn that we have collected such data without required consent, we will take appropriate steps to delete it.

17. Changes

We may update this Policy when our apps, providers, laws or data practices change. We will post the updated version on this page and update the Last updated date. Where required, we will notify users or request consent before material changes take effect.

18. Contact

Grymala Sp. z o.o., ul. Nowogrodzka 31/414, 00-511 Warsaw, Poland. Privacy contact: support@grymalaltd.com. Website: https://www.grymalaltd.com.