Service: Kalkulator Remontu AI (Renovation Calculator AI)
URL: https://kalkulatorremontu.web.app
Data Controller: Marek Papis, sole proprietorship under Gmbi Marek Papis, registered at ul. Pomorska 70 m. 10, 91-409 Lodz, Poland, Tax ID (NIP): 9820319917, e-mail: airenovationcalculator@gmail.com
Effective Date: January 1, 2026
1. Data Controller
- The data controller for personal data processed in connection with the Service is Marek Papis, operating under Gmbi Marek Papis, ul. Pomorska 70 m. 10, 91-409 Lodz, Poland, NIP: 9820319917 (hereinafter: "Controller").
- Contact regarding data protection: airenovationcalculator@gmail.com.
- The Controller has not appointed a Data Protection Officer (DPO). All data protection inquiries should be directed to the Controller.
2. Purposes and Legal Bases for Processing
The Controller processes personal data on the following legal bases (Article 6(1) GDPR):
2.1 Performance of Contract (Art. 6(1)(b) GDPR)
- Account registration and management,
- Provision of Service features (cost calculator, project management),
- Payment and PRO Subscription processing,
- Points system management,
- Project sharing between Users,
- Data export and import,
- Complaint handling.
2.2 Legitimate Interest (Art. 6(1)(f) GDPR)
- Service security (Firebase App Check),
- Traffic analysis and Service improvement (Google Analytics),
- Establishment, exercise, or defense of legal claims,
- Fraud detection and prevention.
2.3 Consent (Art. 6(1)(a) GDPR)
- Analytics and marketing cookies,
- Marketing communications (email),
- AI data processing (photo and description analysis via OpenAI).
2.4 Legal Obligation (Art. 6(1)(c) GDPR)
- Retention of billing data in accordance with tax regulations,
- Response to requests from public authorities.
3. Scope of Data Processed
3.1 User Profile Data
| Data |
Purpose |
| Email address (email) | Authentication, communication, account verification |
| Name (name) | User identification, personalization |
| Phone number (phone) | Contact (optional) |
| Country (country) | Service localization, default "PL" |
| City (city) | Localization and regional price matching |
| Address (address) | Contact data (optional) |
| Notes (notes) | Additional user information |
3.2 Company Data (Company Accounts)
| Data |
Purpose |
| Company type flags (isCompany, isBuildingCompany, isArchitectCompany, isDeveloperCompany, isAdvertCompany) | Categorization and profile display |
| Service categories (categories) | Company service classification |
| Tax ID (taxId) | Tax identification |
| Website (www, wwwInternal) | Company profile |
| Profile photos (photoUrl, photoIconUrl) | Profile visualization |
| Price deviation from average (pricesDeviationFromAvg) | Price analytics |
| Number of quotes (companyQuotedTimes) | Company statistics |
3.3 Account and Status Data
| Data |
Purpose |
| PRO status (isPro, proTillDate) | Subscription management |
| Points balance (pointsLeft) | Internal payment system |
| Account type (isAnonymous, isEmailVerified) | Account management |
| Last activity (lastSeen, lastEstimate) | Security, inactive account cleanup |
| First login flag (isFirstLogin) | User onboarding |
| Profile visibility (show, isOpenForClients, isOpenForEstimate) | Visibility control |
3.4 Financial and Rating Data
| Data |
Purpose |
| Payment history (payments) | Transaction records |
| User rating (rating, extRating, extRatingUrl, ratings) | Rating and reputation system |
| Free days (daysFree1D, daysFree1W, daysFree1M, daysFree3M, daysMinimum) | Labour pricing management |
3.5 Consent Data
| Data |
Purpose |
| Cookie consent (isCookieAccepted, cookieConsentDate, cookieConsentVersion) | Legal compliance (GDPR, ePrivacy) |
| Marketing consent (isMarketingConsentAccepted, marketingConsentDate, marketingConsentVersion) | Direct marketing |
3.6 Project Data
- Renovation project descriptions (names, statuses, notes),
- Room configurations (dimensions, types),
- Lists of materials, labour, and equipment (names, quantities, prices),
- Project and item photos,
- Sharing data (email addresses of co-users).
4. Cookies
4.1 Types of Cookies
Essential
Required for the Service to function properly. No consent needed.
- Firebase authentication session,
- Firebase App Check token,
- Cookie preferences (consent version).
Analytics
Require consent. Used to analyze how the Service is used.
- Google Analytics (traffic measurement, user behavior, visit sources).
Marketing
Require consent. Used for marketing communications.
- Conversion tracking (when active).
4.2 Managing Cookies
- Users can manage cookie preferences in the Service settings (Settings > Cookie Settings).
- Consent for analytics and marketing cookies is voluntary and can be withdrawn at any time.
- Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
- Cookie preferences are versioned (cookieConsentVersion) to track changes.
5. Third-Party Data Processing
5.1 Firebase / Google Cloud
- Provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
- Services: Firestore (database), Firebase Authentication (auth), Firebase Storage (file storage), Cloud Functions (server logic), Firebase App Check (security)
- Data location: Region europe-west1 (Belgium, EU)
- Transfer basis: Google participates in the EU-U.S. Data Privacy Framework. Standard Contractual Clauses (SCCs) under Art. 46(2)(c) GDPR are also in place.
- More information: https://firebase.google.com/support/privacy
5.2 Stripe
- Provider: Stripe, Inc., 354 Oyster Point Blvd, South San Francisco, CA 94080, USA
- Purpose: Payment processing (cards, BLIK, P24), subscription management
- Data scope: Email address, payment data (processed exclusively by Stripe), transaction amounts, payment history
- Data location: Data may be processed in the USA and EU
- Transfer basis: Stripe participates in the EU-U.S. Data Privacy Framework and uses SCCs.
- More information: https://stripe.com/privacy
5.3 OpenAI
- Provider: OpenAI, LLC, San Francisco, CA, USA
- Purpose: AI analysis — processing project photos and text descriptions to generate cost estimates
- Data scope: Project photos, text descriptions submitted for AI analysis
- Data location: OpenAI servers in the USA
- Transfer basis: Standard Contractual Clauses (SCCs) under Art. 46(2)(c) GDPR
- Note: Data submitted for AI analysis is processed by OpenAI according to their API data usage policies (https://openai.com/policies/api-data-usage-policies). Data submitted via the API is not used by default to train OpenAI models.
- More information: https://openai.com/privacy
5.4 Google Analytics
- Provider: Google LLC
- Purpose: Traffic analysis, effectiveness measurement, understanding user behavior
- Data scope: Anonymized visit data, browser, device, location (country/city), navigation paths
- Processing basis: User consent (analytics cookies)
- More information: https://policies.google.com/privacy
6. Data Subject Rights (GDPR)
Under the GDPR, Users have the following rights:
6.1 Right of Access (Art. 15 GDPR)
You have the right to obtain confirmation of whether your data is being processed and to access your data and information about the processing.
6.2 Right to Rectification (Art. 16 GDPR)
You have the right to request correction of inaccurate or completion of incomplete personal data. Some data can be updated directly in the Service settings (Settings > User Data).
6.3 Right to Erasure (Art. 17 GDPR)
You have the right to request deletion of your personal data. This can be exercised by:
- deleting your Account in the Service settings (Settings > Delete Account),
- sending a request to airenovationcalculator@gmail.com.
6.4 Right to Restriction of Processing (Art. 18 GDPR)
You have the right to request restriction of processing in cases specified in Art. 18 GDPR.
6.5 Right to Data Portability (Art. 20 GDPR)
You have the right to receive your personal data in a structured, commonly used, machine-readable format. The Service enables export of project data to PDF and XLS formats.
6.6 Right to Object (Art. 21 GDPR)
You have the right to object to processing based on the Controller's legitimate interest (Art. 6(1)(f) GDPR), including profiling.
6.7 Right to Withdraw Consent (Art. 7(3) GDPR)
You may withdraw consent for data processing at any time, which does not affect the lawfulness of processing carried out before the withdrawal. Consent can be withdrawn by:
- changing cookie settings in the Service,
- sending a message to airenovationcalculator@gmail.com.
6.8 Right to Lodge a Complaint (Art. 77 GDPR)
You have the right to lodge a complaint with a supervisory authority. For Users in Poland: Prezes Urzedu Ochrony Danych Osobowych (PUODO), ul. Stawki 2, 00-193 Warszawa, https://uodo.gov.pl.
7. Data Retention Periods
| Data Category |
Retention Period |
| Account data (profile, settings) | Until Account deletion by the User |
| Project data | Until Project or Account deletion |
| Payment data | 5 years from the end of the tax year (legal obligation) |
| Analytics data (Google Analytics) | 14 months (GA4 default setting) |
| Security logs | 12 months |
| Anonymous account data | 24 hours from account creation |
| Consent records (cookie, marketing) | Until consent withdrawal or Account deletion |
After the retention period, data is deleted or anonymized.
8. International Data Transfers
- User data is primarily stored in the europe-west1 region (Belgium, EU) on Firebase/Google Cloud servers.
- Some data may be transferred outside the European Economic Area (EEA) in connection with the following services:
- Google LLC (USA) — under the EU-U.S. Data Privacy Framework,
- Stripe, Inc. (USA) — under the EU-U.S. Data Privacy Framework and SCCs,
- OpenAI, LLC (USA) — under Standard Contractual Clauses (SCCs).
- In all cases of data transfer outside the EEA, appropriate safeguards are applied in accordance with Art. 46 GDPR, including Standard Contractual Clauses approved by the European Commission.
9. Profiling and Automated Decision-Making
- The Service uses User data for analytical purposes (Google Analytics), including:
- analysis of user behavior within the Service,
- measurement of feature effectiveness,
- content adaptation based on location (country/city).
- The Service does not make decisions based solely on automated processing that would produce legal effects or similarly significantly affect the User (Art. 22 GDPR).
- AI analysis (OpenAI) generates estimates based on provided data, but results are presented only as suggestions — the final decision rests with the User.
10. Data Security
The Controller implements the following technical and organizational measures to protect personal data:
- Encryption in transit — all communication occurs over HTTPS (TLS).
- Authentication — Firebase Authentication with email verification.
- Application security — Firebase App Check protects against unauthorized access.
- Payment security — Stripe PCI DSS Level 1 (highest certification level).
- Access control — Firestore Security Rules restrict data access.
- Data separation — User data is logically separated in the database.
- Automatic deletion — anonymous account data is deleted no later than 24 hours after creation.
- Data minimization — only data necessary for service provision is collected.
11. Children's Privacy
- The Service is not intended for persons under 16 years of age.
- The Controller does not knowingly collect personal data from persons under 16.
- If the Controller becomes aware that data of a child under 16 has been processed without parental or guardian consent, such data will be promptly deleted.
12. California Residents (CCPA)
If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA):
12.1 Right to Know
You have the right to request information about the categories and specific pieces of personal information we have collected, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share your data.
12.2 Right to Delete
You have the right to request deletion of your personal information, subject to certain exceptions provided by law.
12.3 Right to Opt-Out of Sale
We do not sell personal information. However, if this changes, you will have the right to opt out.
12.4 Right to Non-Discrimination
We will not discriminate against you for exercising your CCPA rights.
12.5 Categories of Information Collected
| Category (CCPA) |
Examples |
Collected |
| Identifiers | Email, name, phone, IP address | Yes |
| Commercial information | Payment history, subscription status, Points balance | Yes |
| Internet activity | Pages visited, features used, analytics data | Yes |
| Geolocation | Country, city (user-provided) | Yes |
| Professional information | Company name, Tax ID, business type | Yes (Company Accounts) |
| Visual information | Photos uploaded to projects | Yes |
12.6 How to Exercise CCPA Rights
To exercise your rights, contact us at airenovationcalculator@gmail.com. We will respond within 45 days.
12.7 Authorized Agents
You may designate an authorized agent to make requests on your behalf. We may require verification of the agent's authority.
13. Changes to This Privacy Policy
- The Controller reserves the right to modify this Privacy Policy.
- Registered Users will be notified of material changes via email or in-Service notification at least 14 days before the changes take effect.
- The current version of the Privacy Policy is always available in the Service.
- The date of the last update is indicated at the beginning of this document.
14. Contact
For questions regarding data protection, please contact:
Gmbi Marek Papis
ul. Pomorska 70 m. 10, 91-409 Lodz, Poland
NIP: 9820319917
E-mail: airenovationcalculator@gmail.com
Supervisory authority (Poland):
Prezes Urzedu Ochrony Danych Osobowych (PUODO)
ul. Stawki 2, 00-193 Warszawa
https://uodo.gov.pl
For California residents, you may also contact the California Attorney General:
https://oag.ca.gov/privacy