Privacy policy

Columba Jacobi

Last Modified: November 29, 2024

Columba Jacobi Corporation ("Columba Jacobi," "we," or "us") values your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use our website, application, and services (collectively, the "Services"). By using our Services, you agree to the practices described in this Privacy Policy.

For individuals in the European Union (EU), we adhere to the General Data Protection Regulation (GDPR), which governs the processing of personal information within the EU, and we are responsible as controller of that personal information for the purposes of those laws.

1. Personal information we collect and use

Information collected by us: In the course of providing you with the Service, we collect the following personal information, either automatically, unintentionally, or when you explicitly provide it to us:

• Your IP address, browser type, and activities on the Services are collected automatically while you use the Service (your “Analytic Information”). The legal basis for collecting this information is to fulfill a contract with you, under GDPR Art. 6 (1) (b).
• Your name and email address, only when you provide them voluntarily, such as when you contact us with questions or request support. The legal basis for collecting this information is:
  • Your consent, under GDPR Art. 6(1)(a), when you voluntarily provide your information.
  • Our legitimate interest, under GDPR Art. 6(1)(f), to respond to inquiries and improve our Services.

Analytics Information: We collect anonymized and aggregated data provided by Apple through App Store Connect to understand how our app is being used, monitor subscription performance, and improve our Services. This data includes metrics such as the number of active subscriptions, app downloads, and general usage trends.

This information is provided by Apple in compliance with their privacy guidelines and does not include personally identifiable information about users.

For more details about how Apple handles user data, please review Apple’s Privacy Policy.

• When you contact us via email or other communication channels, we collect the email address and any other information you provide in your message to respond to your inquiry.
• We use the collected email addresses for the purpose of responding to inquiries unless users have consented to additional uses (e.g., marketing).

We use anonymized and aggregated analytics information to:

• Understand App Performance: Analyze metrics such as app downloads, subscription trends, and user retention rates to evaluate the performance of our app.
• Improve User Experience: Identify trends and usage patterns to enhance app features, navigation, and usability.
• Monitor and Optimize Subscriptions: Track subscription metrics like activations, renewals, and cancellations to ensure smooth functionality and customer satisfaction.
• Troubleshoot Issues: Detect and resolve bugs or crashes to provide a seamless user experience.
• Make Informed Business Decisions: Use insights to guide our product development and marketing strategies.

Employee Data Import, Storage, and Sharing: Our app allows you to import, store, and optionally share employee data, such as names, contact details, or schedules, which you may provide through CSV files. You may choose to use real or fictional data, and the accuracy of the information is solely your responsibility.

• Employee data is stored locally on your device in User Defaults for your convenience.
• This data is not transmitted to or accessible by us or any third parties unless you choose to share it using the app’s sharing functionality.

• We cannot access, retrieve, or modify your employee data.
• Any requests to manage, edit, or delete employee data must be performed directly on your device using the app’s features.
• Reinstalling the app will delete all locally stored data, including employee information.

Sharing and Posting Employee Data: The app provides functionality to share schedules containing employee data by generating a URL. This URL can be hosted on your servers or other designated locations you control. When you use this functionality:

• The responsibility for ensuring the security and privacy of the data shared via the URL rests with you.
• We do not process, access, or store data shared or posted to external servers through this feature.

• Employee data is used only within the app to provide its intended functionality, such as displaying schedules in the app, sharing and posting schedules to URLs.
• We do not access, process, or use this data for any purpose other than providing the app’s core features.

User Responsibility: By using the app’s import and sharing features, you acknowledge and agree that:

• You have the legal right to share and use this data for its intended purpose.
• If the data pertains to real individuals (e.g., employees), you are responsible for ensuring compliance with applicable privacy laws, including obtaining necessary consents.
• You are responsible for securing any URLs generated by the app to share employee data.

Data Security: We take reasonable measures to ensure the security of data stored in User Defaults on your device. However:

• The security of your device and the data it stores is your responsibility.
• We recommend using device-level security features, such as passcodes or biometric authentication, to protect your data.
• The security of data shared via URLs is beyond our control and is your responsibility.

California Residents (CCPA): Under the California Consumer Privacy Act (CCPA):

• If employee data pertains to California residents, they may have the right to request access, correction, or deletion of their personal information.
• As the user, you are responsible for responding to such requests. The app does not process or transmit this data, so we cannot assist with these requests.

EU Residents (GDPR): Under the General Data Protection Regulation (GDPR):

• If the imported or shared data pertains to individuals in the European Union, you are considered the data controller of that data, and you must ensure compliance with GDPR, including obtaining lawful consent where required.
• The app does not process this data on your behalf or transmit it outside your device unless you explicitly share it.

Fictional Data: You may choose to use fictional data within the app. If fictional data is used, no legal obligations apply as the information does not pertain to real individuals.

Other Sharing: We will share your Personal Information if we have a good faith belief that (i) access, use, preservation or disclosure of such information is reasonably necessary to satisfy any applicable law, regulation, legal process, such as a court order or subpoena, or a request by law enforcement or governmental authorities, (ii) such action is necessary to detect, prevent, or otherwise address fraud, security or technical issues associated with the Services, or (iii) such action is appropriate to protect the rights, property or safety of Columba Jacobi, its employees, clients, or users of the Services.

How long your Personal Information will be kept: We will keep your Personal Information for the length of time required to provide you with the Services and for the reasons described in this privacy policy, unless a longer retention period is required or permitted by law. Afterwards, we delete all aforementioned data in our possession within a reasonable timeframe. We do not verify the correctness of personal data that we collect or you provide.

Please note that some data may be retained if necessary for legitimate business interests, like resolving disputes or tracking past issues to provide better customer support or as proof of an agreement, and comply with technical and legal requirements and constraints related to the security, integrity, and operation of the Services.

Our app does not contain content inappropriate for children. However, our app is not specifically designed for children under the age of 13 (or the applicable age of consent in your region), and we do not knowingly collect personal information from children under this age. If we become aware that we have inadvertently collected personal information from a child without parental consent, we will delete that information promptly. If you believe that a child has provided us with personal information, please see the "How to Contact Us" section below.

Links to Other Sites: The Service may contain links to other sites and applications. If you click on a third-party link, you will be directed to that site. These external services are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites and mobile applications. We have no control over, and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

2. Transfer of your information out of the European Economic Area (EEA)

Columba Jacobi is based in the United States. No matter where you are located, you consent to the processing, transfer and storage of your information in and to the U.S., and other countries, in accordance with this privacy policy and the privacy policies of third parties with whom we share your Personal Information. The laws of the U.S. and other countries governing data collection and use may not be as comprehensive or protective as the laws of the country where you live.

3. EU Residents’ Rights

If you are a resident of the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

• Access: Request access to the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your data when it is no longer necessary or if processing is unlawful.
• Restrict Processing: Request that we limit the use of your personal data.
• Object: Object to the processing of your personal data for certain purposes.
• Data Portability: Request a copy of your data in a machine-readable format or transfer it to another provider.
• Withdraw Consent: If processing is based on your consent, you may withdraw it at any time.
• Lodge a Complaint: File a complaint with your local data protection authority if you believe your rights are violated.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) (https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/) on individuals rights under the General Data Protection Regulation.

4. California Residents’ Rights

If you are a resident of California, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request details about the personal information we collect, how we use it, and who we share it with.
• Right to Access: Request a copy of the personal information we have collected about you in the past 12 months.
• Right to Delete: Request that we delete your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale or Sharing: We do not sell or share personal information as defined under CCPA/CPRA. Any data sharing (e.g., schedules with employee data) is fully controlled by the user and not initiated by the app or us.
• Right to Correct: Request corrections to inaccurate personal information we hold.
• Right to Limit Use of Sensitive Personal Information: Request that we limit the use of sensitive personal information to what is necessary for providing the requested services.
• Right to Non-Discrimination: Exercise your rights without discrimination.

5. Keeping Your Personal Information Secure

We take reasonable steps to protect the personal information you provide through our app. However, it is important to understand how security applies to specific features of the app, particularly when sharing or posting schedules.

Data Transmission Security: Our app enforces secure network communication using industry-standard encryption protocols, such as SSL/TLS, for all data transmitted between the app and external services. This ensures that sensitive data exchanged during schedule sharing or posting is protected against interception during transmission.

Encryption Mechanism for Posting Data: When posting schedules to a URL for back-end integration purposes, the app offers an optional encryption mechanism to enhance the security of your data:

• Symmetric AES Encryption: Used to encrypt the data payload.
• Asymmetric RSA Encryption: Used to encrypt the AES encryption keys for secure key exchange.

Storage of Public RSA Key: If you provide a public RSA key for encryption, the app securely stores this key in the keychain, a secure storage mechanism provided by iOS. The keychain encrypts stored data and restricts access to only your app, providing enhanced protection against unauthorized access.

Option to Share Data Without Encryption: If you choose not to use the provided encryption option, the data is transmitted in plain text. While this may simplify back-end integration, it exposes the data to potential risks, such as interception or unauthorized access during transmission. You are fully responsible for ensuring the security of the data when encryption is disabled.

Your Responsibility: When sharing or posting schedules, it is your responsibility to determine whether encryption is necessary based on the sensitivity of the data and the security requirements of your receiving server. If encryption is enabled, ensure that the provided public key is valid and corresponds to the intended receiving server. The server administrator is responsible for generating, hosting, and sharing the public key. We recommend retrieving the public key over a secure HTTPS connection to prevent tampering or interception.

General Security Measures: We employ reasonable technical and organizational measures to protect the data stored locally within the app, such as encrypting sensitive information where applicable and using secure storage methods like the keychain. However, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, and you should exercise caution when transmitting sensitive information.

While we strive to protect your data, no method of storage or transmission is completely secure. Therefore, we cannot guarantee the absolute security of data stored or shared using the app. Users are encouraged to take responsibility for safeguarding their device and any URLs or shared schedules they generate.

6. No Advertising or Tracking

We do not use Advertising IDs (e.g., IDFA or GAID), and our app does not serve advertisements or track user behavior across apps and websites. Any data you provide within the app is stored locally on your device and is not used for advertising, marketing, or tracking purposes.

7. How to Complain

If you have concerns about how your personal data is handled, please see the "How to Contact Us" section below. We will review your complaint and respond within a reasonable timeframe.

For residents of the European Union (EU): You have the right to lodge a complaint with your local data protection authority if you believe we have violated your data privacy rights under the General Data Protection Regulation (GDPR).

For residents of California: If you believe your rights under the California Consumer Privacy Act (CCPA) have been violated, you can file a complaint with the California Attorney General's office.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The revised policy will be posted on this page with a new effective date. Continued use of our Services after changes constitute acceptance of the updated policy.

9. How to contact us

Please contact us if you have any questions about this privacy notice or the information we hold about you.

If you wish to contact us:

• Please send an email to: support@columbajacobi.com, or
• Use the contact form on the Service.