Privacy Policy

Effective date: April 23, 2026 · Version 1.1

This policy explains, in plain language, what data Concreto collects, why we need it, and who we share it with. If anything is unclear, email hello@concretoapp.com and a real person will reply.

1. Who we are

Concreto is a bilingual iOS concrete calculator app published by MEAS Partners, LLC, a limited liability company organized in the State of Delaware, United States.

• Data controller: MEAS Partners, LLC
• Privacy contact: hello@concretoapp.com
• Website: https://concretoapp.com
• DMCA designated agent and mailing address: MEAS Partners, LLC, 131 Continental Dr, Ste 305, Newark, DE 19713, United States
• Privacy officer (DPO equivalent): Edwin Urrutia, reachable at the same email

We are a small team. We respond to any data request within 72 business hours.

2. What we collect

We only collect what the app needs to work.

Free tier — no account, nothing leaves your device:

The Free tier requires no sign-in and no internet connection. All of your settings (unit system, language, company name, default material price, waste factor) and the 5 most recent calculations are stored only in your phone’s local storage. No data is ever transmitted to us or any third party when you use the Free tier.

Pro tier — when you sign in with Apple ID:

• Apple ID identifier. When you tap “Sign in with Apple,” Apple generates a unique, stable identifier for your account on our app. Apple may provide a real email address or an anonymized relay address (ending in @privaterelay.appleid.com) — either is accepted. We do not store passwords. You are not required to sign in unless you want Pro features.
• Saved jobs. Job name, optional client name, calculator type, the inputs you entered (lengths, widths, depths, counts), computed outputs (volume in cubic yards or cubic meters, bag count, truck loads), and optional notes.
• Job photos. Photos you choose to attach to a job, uploaded to a private user-scoped bucket in Supabase Storage. Photos are never public.
• Supabase user ID. A UUID generated by Supabase Auth that ties your Apple ID identifier, jobs, and photos together.
• Subscription state. Whether your Pro subscription is active, which billing period (monthly or annual), and its expiry timestamp. This is synced from Apple StoreKit. We never see your card number — Apple handles all billing.

Anonymous analytics — no personal information, no IDFA, no ATT prompt:

• TelemetryDeck paywall signals. We record which paywall trigger fired (e.g., "exceeded free save limit"), whether a purchase was started, succeeded, or was cancelled. The user identifier sent to TelemetryDeck is the literal string anonymous — it is never tied to your email, your Supabase account, or your device.

What Concreto never collects:

• GPS location or any location data.
• Your contacts or photos library (we only access photos you explicitly pick via the system photo picker or camera).
• Microphone.
• Camera (camera permission is requested only if you tap “Add photo” and choose to use the camera; you can also pick from your library without granting camera access).
• IDFA (Identifier for Advertisers) or any advertising identifier. The App Tracking Transparency prompt is never shown because we do not track you.
• Crash data that contains personal information.
• Anything about your device beyond what Apple’s standard StoreKit receipt transmits for subscription validation.

3. How we use your information

1. Make the app work. Authenticate you (Pro only), store and sync your saved jobs and photos across your devices, manage your Pro subscription state.
2. Improve the paywall. TelemetryDeck anonymous signals tell us whether our paywall triggers make sense so we can adjust them. No personal data is involved.
3. Comply with law. We respond to valid legal process and notify you unless the law prohibits it.

We do not use your data for advertising, to sell profiles, or to train AI models. We do not share your data with any party not listed in section 4.

4. Who we share data with

Three vendors. That is it.

• Apple, Inc. (US) — Sign in with Apple authentication (identity token exchange) AND StoreKit subscription receipts for Pro subscription validation. We never see your card number; Apple handles all billing. Apple may relay an anonymized email (@privaterelay.appleid.com) instead of your real address — that is expected and we accept either. Policy.
• Supabase, Inc. (US — US-East region) — Sign in with Apple identity token verification (via Supabase Auth), the jobs and job_photos database tables, and photo file storage for Pro users. Policy.
• TelemetryDeck UG (Germany) — Anonymous paywall funnel signals. No personal identifier is ever sent; the user ID is the literal string anonymous. Policy.

We share with no one else. We do not sell, rent, or barter user data.

5. Children’s data

Concreto is a construction calculation tool intended for adults in the contracting, masonry, and building trades. The Free tier requires no account; no age verification is performed and no data is collected. The Pro sign-in requires a valid email address; by providing one, you represent that you are at least 13 years old. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has created an account, email hello@concretoapp.com and we will delete the account within 7 days. In some EU member states the minimum age for data-processing consent is 16; if you are under the age required by your country’s law, do not create a Pro account.

6. Data retention

• Email address, saved jobs, job photos, Supabase user ID: Until you delete your account.
• Subscription state: Until you delete your account or until the entitlement expires naturally on Apple’s side.
• Free-tier local data: Stored only on your device. Deleted when you uninstall the app or clear app storage from iOS Settings.
• TelemetryDeck anonymous signals: Retained per TelemetryDeck’s default retention policy (anonymous — no link to your account).

7. Account deletion (Apple App Store Guideline 5.1.1(v))

You can delete your Pro account at any time from within the app: Settings → Account → Delete account. A two-step confirmation is shown before anything is deleted. Tapping “Confirm delete” calls a Supabase Edge Function that:

1. Deletes your Supabase Auth user record.
2. Cascades (via foreign-key constraints) to all rows in the jobs and job_photos tables.
3. Removes all photo files from your private Storage bucket.

Your Pro entitlement (annual subscription or lifetime purchase) is a separate Apple IAP transaction on your Apple ID. It is not affected by account deletion and follows Apple’s own subscription and refund rules. If you have an active annual subscription, cancel it from iPhone Settings → Your Name → Subscriptions before deleting your account to avoid future charges.

8. Your rights

You have the right to:

• Access the data we hold about you.
• Correct inaccurate data.
• Delete your account and all associated data (in-app, or by email).
• Export your job data in a readable format (JSON) on request.
• Object to processing or withdraw consent for analytics by disabling Concreto from Settings inside the app.
• Complain to your country’s data-protection authority (e.g., INAI in Mexico, SIC in Colombia, AEPD in Spain, the Information Commissioner in the UK, your state Attorney General in the US).

To exercise any right, email hello@concretoapp.com. We respond within 30 days; in practice, within 48–72 hours.

9. Security

All data in transit between your device and Supabase is encrypted with TLS. Every table that contains user data has Row-Level Security (RLS) enabled — no account can read another’s data. The Supabase service-role key is never included in the app binary; it lives only in server-side Edge Functions. Photo files are stored in a private, user-scoped bucket that requires a valid session JWT to access. We do not use tracking cookies.

If we detect a security incident that compromises your data, we will notify you within 72 hours by email and, where applicable, the relevant authority.

10. Cookies and identifiers

Concreto is a native iOS app; it does not use cookies. We use:

• A Supabase session JWT stored in your device’s secure storage (only to keep Pro users signed in between app launches).
• A literal anonymous string sent to TelemetryDeck — not a device identifier, not tied to your account.
• No IDFA. The App Tracking Transparency prompt is never shown because Concreto does not track you across apps or websites.

11. Where processing happens

• Database, auth, and photo storage: Supabase, US-East region.
• Billing and StoreKit: Apple, US.
• Anonymous paywall analytics: TelemetryDeck, Germany (EU — no international transfer required for this vendor).
• Free-tier data: on-device only; never transferred.

If you use Concreto from outside the United States and sign in to Pro, your data (Apple ID identifier, and saved jobs) is transferred to Supabase in the US. We rely on Standard Contractual Clauses and, where applicable, your explicit consent at account creation.

12. European Economic Area, United Kingdom, and Swiss users

If you use Concreto from the EEA, the UK, or Switzerland, the following applies in addition to everything above.

Data controller. MEAS Partners, LLC, 131 Continental Dr, Ste 305, Newark, DE 19713, USA. Contact: hello@concretoapp.com. We have not appointed an EU or UK representative because the app processes the minimum personal data strictly necessary to deliver a calculation service (Apple ID identifier for Sign in with Apple, saved job data you create) and does not conduct large-scale processing or profiling of EU/UK residents. The Free tier — used by the majority of users — processes no personal data at all.

Legal basis for processing (GDPR Article 6). We rely on (a) performance of a contract with you (Article 6(1)(b)) for Sign in with Apple authentication, saved job storage, photo storage, and subscription sync — these are the core Pro features you purchase; (b) consent (Article 6(1)(a)) for anonymous paywall analytics via TelemetryDeck, which you may withdraw at any time from Settings inside the app; and (c) legitimate interests (Article 6(1)(f)) for fraud and abuse prevention, with our interest in maintaining service integrity weighed against your right to privacy.

International transfers. Our processors Supabase (US-East) and Apple (US) are based in the United States. Transfers rely on the European Commission’s Standard Contractual Clauses (2021/914) and, where applicable, the UK International Data Transfer Addendum, together with supplementary technical measures (TLS in transit, RLS at rest, service-role key never exposed in the client). TelemetryDeck is based in Germany and processes data within the EU; no international transfer is required for that vendor.

Your rights. Under the GDPR / UK GDPR you may request access to, rectification of, erasure of, restriction of processing of, or portability of the personal data we hold about you, and you may object to processing based on legitimate interests. You can delete your account and all associated data from Settings → Account → Delete account. To exercise any other right, email hello@concretoapp.com from the address associated with your account; we respond within one month. You also have the right to lodge a complaint with your national supervisory authority (e.g., AEPD in Spain, CNIL in France, BfDI in Germany, Garante in Italy, the Information Commissioner’s Office in the UK, the FDPIC in Switzerland).

Automated decision-making. We do not make any decisions that produce legal or similarly significant effects on you using automated processing or profiling.

Retention in the EEA / UK / Switzerland. Same as section 6 above.

13. Calculation accuracy disclaimer

Every result produced by Concreto is an estimate. Concrete shrinkage, waste factor variation, mix-design differences, sub-grade settling, supplier product changes, and field conditions all affect actual material consumption. Results are labelled “Estimate only — verify with your supplier or engineer before ordering.” MEAS Partners, LLC is not responsible for over-ordering, under-ordering, or project outcomes based on Concreto’s outputs. See also the Terms of Service.

14. Changes to this policy

If we change anything that affects how we handle your data, we will:

1. Update the effective date at the top of this document.
2. Show an in-app notice the next time you open Concreto.
3. Email the address on your account when the change is material (e.g., a new data vendor, a new use of your data).

If a change expands how we use your data, we will ask for your explicit consent before it takes effect.

15. Contact

• Email: hello@concretoapp.com
• Postal address: MEAS Partners, LLC — 131 Continental Dr, Ste 305, Newark, DE 19713, United States
• Website: https://concretoapp.com

For urgent requests (e.g., suspected unauthorized access to your account), put “URGENT” in the subject line. We respond within 24 hours.

Effective date: April 23, 2026 · Version 1.1