Privacy Policy

Last updated: April 7, 2026

Apiaryum ("we", "us", "our") is a mobile application for beekeeping management. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the Apiaryum application ("App"). We are committed to compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

The data controller is:

Kamil Tomaszewski
Dworczysko 8/1
16-506 Dworczysko, Poland
Email: support@apiaryum.com

We have not appointed a Data Protection Officer because this is not required under Art. 37 GDPR. For all matters relating to personal data, you can contact us at support@apiaryum.com.

2. What Data We Collect

2.1 Account Data

• Email address and password – when you create an account with email registration (processed by Firebase Authentication).
• Anonymous identifier – if you choose to use the App without an email account, we create an anonymous user identifier.
• Display name and username – optionally provided by you.
• Country and region – selected during registration for localization.
• Language preference – based on device settings or manual selection.

2.2 Beekeeping Data

We process beekeeping management data that you choose to enter into the App. This may include apiaries (with optional map location), hives, queens, inspections (with optional photos and voice notes), storage records, financial transactions, tasks, and change history.

2.3 Media

• Photos – taken by camera or selected from gallery for inspections, apiaries, receipts, and marketplace listings. Stored locally on device and synced to cloud.
• Audio recordings – voice notes attached to inspections. Stored locally and synced to cloud.

2.4 Location Data

We do not continuously track your location via GPS. Location data is collected only when you explicitly place an apiary on a map or use the map picker. This location (latitude/longitude) is stored as part of the apiary record.

Location data is processed only on the basis of your consent and only when you actively use the map or location picker features.

2.4a Special Categories of Data

The App is not intended for processing special categories of personal data within the meaning of Art. 9 GDPR. Users should not enter such data into the App.

2.5 Voice Data

The App offers voice-controlled inspections using a keyword-spotting (KWS) model. All voice processing happens entirely on your device using an on-device machine learning model (ONNX Runtime). Raw audio is never sent to our servers or any third party for speech recognition purposes.

2.6 AI-Assisted Features

For users who opt in to AI-assisted inspection analysis, with availability and usage limits depending on the current plan:

• Audio recordings, text transcriptions, and the necessary active inspection context (for example available fields and allowed values) may be sent to Google Gemini AI for intelligent analysis and inspection field completion.
• You will be asked for separate in-app consent before using this feature for the first time. We may ask you to confirm it again if this feature or the consent terms materially change.
• Google processes this data according to their Privacy Policy.
• We store a record of this consent (for example consent date and consent version) and limited usage metrics for this feature (such as request counts or audio duration) to enforce limits, prevent abuse, and control service costs.
• We do not store your AI-processed data beyond the scope of the feature.

2.7 Social and Marketplace Data

If you use optional social and marketplace features:

• Groups and posts – group memberships, post content, comments, votes.
• Private messages – messages exchanged with other users.
• Marketplace listings – listing details, photos, prices, delivery options, seller profile information.

2.8 Subscription Data

Premium subscriptions are processed through RevenueCat (via Google Play or Apple App Store). We store your subscription tier and expiration date. We do not have access to your payment card details.

2.9 Push Notification Tokens

If you enable push notifications, we store your device's Firebase Cloud Messaging (FCM) token to deliver notifications. You can disable notifications at any time in your device settings.

The push notification token is processed only on the basis of your consent expressed by enabling notifications on your device.

3. How We Use Your Data

• Providing and maintaining the App's beekeeping management features.
• Syncing data across devices when you are logged in.
• Enabling social and marketplace features when you opt in.
• Delivering push notifications you subscribe to.
• Processing and managing your premium subscription.
• Providing AI-assisted analysis (with consent, depending on plan and usage limits).
• Managing AI feature limits, security, and service costs.
• Complying with legal obligations.

4. Statistics and Anonymization

We may use anonymized and aggregated data to generate statistics, insights, and product features for the beekeeping community. This data:

• Is published or made available only in aggregated form, with minimum thresholds that support anonymity.
• Does not allow identification of individual users, operations, transactions, or source records.
• May be used for statistical, informational, and product purposes, including premium features.

5. Legal Basis for Processing (GDPR)

• Contract performance – processing necessary to provide the App's functionality (Art. 6(1)(b) GDPR).
• Consent – for optional features such as push notifications, location access, camera, microphone, and AI processing. You may withdraw consent at any time (Art. 6(1)(a) GDPR).
• Legal obligation – where processing is necessary to comply with legal obligations applicable to us (Art. 6(1)(c) GDPR).
• Legitimate interest – for improving the App and ensuring security (Art. 6(1)(f) GDPR).

6. Third-Party Services

We use the following third-party services that may process your data:

• Firebase (Google) – authentication, Cloud Firestore (database), Cloud Storage (media files), Cloud Functions (backend logic), Cloud Messaging (push notifications), App Check (security). Data may be stored in Google Cloud infrastructure. https://firebase.google.com/support/privacy.
• Google Maps Platform – displaying maps and geocoding apiary locations. https://policies.google.com/privacy.
• Google Gemini AI – processing text/voice data and necessary inspection context for AI-assisted inspection analysis (with consent, depending on plan and usage limits). https://policies.google.com/privacy.
• RevenueCat – subscription management and in-app purchases. https://www.revenuecat.com/privacy.

As of the last update of this Policy, we do not use tracking analytics services such as Google Analytics or Firebase Analytics, and we do not display advertisements.

7. Data Storage and Security

• Your data is stored locally on your device (encrypted local database) and synced to Firebase Cloud Firestore and Firebase Cloud Storage.
• Sensitive authentication credentials are stored in encrypted device storage (Flutter Secure Storage).
• Firebase App Check (Play Integrity / Device Check) is used to protect our backend from abuse.
• Access control rules ensure users can only access their own data and data explicitly shared with them through the collaboration system (ACL).

8. Data Sharing

We do not sell your personal data to third parties. Your data may only be shared:

• With other users when you actively participate in social features, marketplace, or grant collaboration access to your apiaries.
• With third-party service providers listed in Section 6, solely to operate the App.
• When required by law or to protect our rights.

9. Data Retention

We retain your data for as long as your account is active. Beekeeping data deleted in the App is marked as deleted and permanently removed during synchronization. When you delete your account, your data is removed from active production systems (see Section 10).

Limited system backups may continue to store deleted data for some time until they are overwritten or permanently removed in accordance with the retention cycles of our infrastructure providers.

10. Account Deletion and Your Rights

You can delete your account from within the App (Settings → Account → Delete Account). This permanently removes:

• All your data from Cloud Firestore (apiaries, hives, queens, inspections, tasks, histories, storage, messages, social content, marketplace listings, granted permissions, and more).
• All your media files from Cloud Storage (photos, audio recordings).
• All local data from your device.
• Your Firebase Authentication record and username mapping.

Under GDPR and other applicable laws, you have the right to:

• Access your personal data.
• Rectify inaccurate data.
• Erase your data ("right to be forgotten").
• Restrict or object to processing.
• Data portability – receive your data in a structured format.
• Withdraw consent at any time for consent-based processing.
• Lodge a complaint with a supervisory authority (UODO in Poland, or your local authority).

To exercise any of these rights, contact us at support@apiaryum.com.

11. Children's Privacy

The App is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

12. International Data Transfer

Some data may be transferred to and processed outside the European Economic Area (EEA), in particular in connection with third-party providers such as RevenueCat and, depending on configuration, certain Google services. Where applicable, those providers state that they use appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the App or by other means. The "Last updated" date at the top reflects the most recent revision.

14. Contact

If you have questions about this Privacy Policy or your data, contact us:

support@apiaryum.com