Privacy Policy

Last updated: December 15, 2025

1. Introduction

Recoat Suite ("we", "our", or "the application") respects your privacy and is committed to protecting your personal information. This Privacy Policy describes how we collect, use, store, and protect your information when you use our mobile application.

2. Information We Collect

2.1 Information You Provide

• Account Data: Email and password for authentication
• Profile Data: Name, email, role, and assigned location
• Usage Data: Information about how you use the application, including actions performed (material requests, stock transfers, etc.)

2.2 Automatically Collected Information

• Authentication Tokens: Access tokens and refresh tokens to maintain your active session
• Device Information: Device type, operating system, and browser information (collected for security and technical support purposes)
• IP Address: Collected when you log in or use the application (for security purposes)
• Connection Status: Network connectivity information for offline functionality

3. How We Use Your Information

We use the collected information to:

• Authentication and Security: Verify your identity, maintain secure sessions, and prevent unauthorized access
• Application Functionality: Enable you to manage stock, request materials, transfer items, and view movements
• Improvements: Understand how the application is used to improve features and user experience
• Technical Support: Resolve technical issues and provide support when needed
• Legal Compliance: Comply with legal obligations and respond to valid legal requests

4. Data Storage

4.1 Local Storage (Device)

Some information is stored locally on your device using secure storage:

• Authentication tokens (access and refresh)
• User data (name, email, role)
• Cached data for offline functionality

This data is encrypted and protected. You can clear this data by uninstalling the application or logging out.

4.2 Server Storage

Your data is stored on secure servers with the following security measures:

• Data encryption in transit (HTTPS/TLS)
• Passwords stored with secure hashing (bcrypt)
• Authentication tokens with automatic expiration
• Access restricted to authorized personnel only

5. Information Sharing

We do not sell, rent, or share your personal information with third parties, except in the following circumstances:

• Service Providers: We may share information with trusted service providers who help us operate the application (hosting, analytics, etc.), subject to confidentiality agreements
• Legal Requirements: We may disclose information if required by law or in response to valid legal processes
• Protection of Rights: We may disclose information to protect our rights, property, or security, or that of our users

6. Security

We implement technical and organizational security measures to protect your information:

• Data encryption in transit (HTTPS/TLS)
• Passwords stored with secure hashing (never in plain text)
• Authentication tokens with short expiration (15 minutes for access, 45 days for refresh)
• Two-factor authentication through JWT tokens
• Security monitoring and detection of suspicious activities
• Access to personal data restricted to authorized personnel only

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law:

• Account Data: Retained while your account is active
• Authentication Tokens: Access tokens expire in 15 minutes; refresh tokens expire in 45 days
• Usage Data: May be retained in aggregated and anonymized format for analysis purposes

When you request deletion of your account, we delete or anonymize your personal information, except when retention is necessary to comply with legal obligations.

8. Your Rights

You have the following rights regarding your personal information:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Portability: Request a copy of your information in a structured format
• Objection: Object to the processing of your personal information
• Withdrawal: Withdraw consent for data processing when applicable

To exercise these rights, please contact us using the information provided in the "Contact" section below.

9. Cookies and Similar Technologies

Our mobile application does not use traditional cookies. However, we use similar technologies:

• Authentication Tokens: Stored locally to maintain your session
• Local Storage: Data stored on the device for offline functionality

10. Children's Privacy

Our application is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If we discover that we have collected information from a child, we will take steps to delete that information immediately.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by publishing the new policy on this page and updating the "Last updated" date at the top of this policy.

We recommend that you review this policy periodically to stay informed about how we protect your information.

12. International Transfers

Your data may be processed and stored on servers located outside your country of residence. By using our application, you consent to the transfer of your information to these servers. We ensure that adequate security measures are in place to protect your information.

13. Applicable Law

This Privacy Policy is governed by applicable privacy laws in your jurisdiction, including but not limited to:

• Privacy Act 2020 - New Zealand
• General Data Protection Regulation (GDPR) - European Union
• Applicable local data protection laws

© 2025 Recoat Suite. All rights reserved.