Privacy Policy

Effective date: 2026 January 7
Last updated: 2026 March 10

This Privacy Policy explains how Protoboard Designer Korlátolt Felelősségű Társaság (Protoboard Designer Kft.) (“Company”, “we”, “us”, “our”) collects, uses, discloses, and protects Personal Data when you use our mobile application(s) and/or website(s) and related services (together, the “App” and “Services”).

This Privacy Policy is intended to meet the requirements of the EU General Data Protection Regulation (“GDPR”) and applicable Hungarian data protection laws (including Act CXII of 2011, as amended), as applicable.

If you do not agree with this Privacy Policy, please do not use the App or Services.

1. Introduction

1.1 Purpose

  • what Personal Data we collect;
  • why we collect it and how we use it;
  • the legal bases for our processing;
  • when we share data with others (including our hosting provider, Appwrite, and third‑party content providers);
  • how long we keep data;
  • your privacy rights and how to exercise them; and
  • how to contact us.

1.2 Definitions

  • Personal Data: any information relating to an identified or identifiable natural person.
  • Processing: any operation performed on Personal Data (e.g., collecting, storing, using, disclosing, deleting).
  • User: any person who accesses or uses the App or Services.
  • App: our mobile and/or web application(s) branded as Protoboard/Protoboard Designer.
  • Services: features, content, and functionality offered through the App.
  • Controller: the entity that determines the purposes and means of processing Personal Data.
  • Processor: an entity that processes Personal Data on behalf of the Controller.
  • EEA: the European Economic Area.

2. Company Information (Data Controller)

  • Legal name: Protoboard Designer Korlátolt Felelősségű Társaság (Protoboard Designer Kft.)
  • Country of registration: Hungary
  • Company registration number: CR 9311244142 (as provided by the publisher/developer)
  • Company register (Cégjegyzékszám): 01-09-274849 (HU)
  • Registered address: 1119 Budapest, Fehérvári út 97-99, Hungary
  • Email: info@protoboarddesigner.com
  • Postal address for privacy requests: 1119 Budapest, Fehérvári út 97-99, Hungary

3. What Personal Data We Collect

3.1 Data you provide to us

  • Account data: email address, username/display name, password (or authentication tokens), and account identifiers.
  • Profile and preferences: name or nickname, language, settings, and preferences you choose to store.
  • User content / project data: designs, files, project metadata, comments/notes, and other data you create or upload.
  • In-app feedback: when you submit feedback through the App, we may collect your email address (optional), a text description, an optional screenshot, and contextual metadata (device model, OS version, app version, current screen name, platform). This data is stored on our Appwrite backend.
  • Support and communications: messages you send to us (e.g., support emails), and related metadata.

3.2 Data collected automatically

  • Device information: device model, OS version, app version/build, locale, time zone, and identifiers (such as an app instance ID).
  • Usage data: interactions with screens/features, session duration, and in‑app events.
  • Diagnostics and crash data: crash reports, error logs, stack traces, and performance metrics.
  • Network and log data: IP address, timestamps, and server logs; approximate location derived from IP (city/region level).
  • Web data (if using the web app): browser type/version, referrer URLs, and cookie/local storage identifiers.
  • Local on-device storage: The App stores project data and preferences locally using an embedded database and shared preferences. This data remains on your device and is not transmitted to our servers unless account sync is active.

3.3 Data processed by our hosting provider (Rackhost)

Our website is hosted by Rackhost Zrt. (Hungary / EU). Like most hosting providers, Rackhost may process limited technical data to deliver and secure the website, such as IP address, timestamps, requested URL, user agent, referrer header, and server/security logs.

3.4 Third‑party content and external providers (web)

When you use our website or web app, your browser may connect to third parties to load content we rely on. Those third parties may receive technical data such as your IP address, user agent, and referrer URL in order to serve the requested content.

  • Google Fonts (fonts.googleapis.com, fonts.gstatic.com): we load the DM Sans font remotely.
  • jsDelivr CDN (cdn.jsdelivr.net): we load the PDF.js library used for PDF viewing in the web app.
  • Google OAuth provider (if you choose “Sign in with Google”): Google processes authentication data as an independent provider.
  • GitHub (raw.githubusercontent.com): when you use the footprint component library, the App downloads a public catalog from GitHub. This request may expose technical data (IP address, user agent) to GitHub under their privacy policy. No Personal Data you have entered is included in this request.

3.5 Data collected via Firebase (Google)

We use Firebase Analytics and Firebase Crashlytics, provided by Google LLC.

Firebase Analytics collects:

  • Behavioral eventsno personal data (name, email, or user ID) is included in event parameters — in the following categories:
    • Authentication flows: sign-up, sign-in, logout, password recovery, email verification, Google OAuth, guest mode, guest account migration.
    • Project management: creation, opening, renaming, duplication, deletion, restoration, cloud sync.
    • Editor actions: component placement/deletion, trace drawing, layer/grid/zoom changes, undo/redo, DRC runs.
    • Import/export: KiCad PCB file import; Gerber, PDF, and image export.
    • Footprint library: searches, previews, adding to board, custom footprint management.
    • Subscription & paywall: entitlement loading, plan selection, purchase completion. Purchase transactions are processed by Google Play / Apple App Store under their own terms; we do not receive or store payment details.
    • Navigation: screen views. Settings: theme and unit system changes.
  • User properties: auth_method (email/google), is_guest (true/false), user_plan, project_mode.
  • Device and app instance information: device model, OS version, app version, app instance ID.

Firebase Crashlytics collects crash reports and error stack traces, custom session context (auth method, guest status) as Crashlytics keys, and analytics event breadcrumbs (event names and non-PII parameters). Crashlytics is enabled only in release builds.

Firebase may process data on Google’s infrastructure outside the EU/EEA (see Section 10).

3.6 Data processed via Appwrite

We use Appwrite as a backend platform (e.g., for authentication, databases, file storage, and server functions). Through Appwrite, we may process:

  • Account identifiers (Appwrite user ID), authentication/session data, and sign‑in details.
  • User profile data you choose to store (e.g., name, avatar, preferences).
  • Custom application data stored in databases (e.g., projects, designs, settings).
  • Files and attachments stored in storage (e.g., exports, uploads, snapshots).
  • Backend logs (e.g., API request logs, security events) to maintain reliability and security.

Hosting location: Appwrite Cloud EU region — Frankfurt, Germany (fra.cloud.appwrite.io).

Guest mode: If you use the App without an account (guest mode), your project data is stored only on your device and is not sent to Appwrite or any external server.

Account deletion: When you delete your account through the App, an automated server function immediately and permanently purges all your server-side data (projects, files, custom footprints, account records). Local device data is deleted by the App at the same time.

4. How We Use Personal Data

  • Provide and operate the Services: accounts, core features, storage/sync of projects and user content.
  • Improve and develop: understand feature usage, fix bugs, optimize usability, and develop new features.
  • Authentication and account management: sign-in, session management, fraud prevention, and account security.
  • Reliability and diagnostics: troubleshoot errors, prevent abuse, and maintain performance and availability.
  • Subscription management: verify subscription entitlements to unlock premium features and record purchase events.
  • Customer support and communications: respond to support requests, send service messages (e.g., important changes, security notices).
  • Security and abuse prevention: monitor, detect, and prevent malicious, fraudulent, or abusive activity.
  • Legal compliance and enforcement: comply with legal obligations, enforce our terms, and protect our rights and users.

Automated decision-making: We do not use your Personal Data for solely automated decision‑making (including profiling) that produces legal effects concerning you or similarly significantly affects you.

5. Legal Basis for Processing (GDPR)

We rely on one or more of the following legal bases:

  • Performance of a contract (GDPR Art. 6(1)(b)) — to provide the Services you request.
  • Consent (GDPR Art. 6(1)(a)) — only where required (e.g., for non-essential tracking, if enabled in the future); you may withdraw at any time.
  • Legitimate interests (GDPR Art. 6(1)(f)) — e.g., service security, preventing abuse, and improving reliability.
  • Legal obligation (GDPR Art. 6(1)(c)) — to comply with applicable laws.

5.1 Legal basis by purpose (summary)

  • Create and manage your account; provide core app features — contract (Art. 6(1)(b)).
  • Store and sync projects/user content — contract (Art. 6(1)(b)); and, where applicable, legitimate interests (Art. 6(1)(f)) for reliability and troubleshooting.
  • Authentication/security (including fraud prevention and abuse detection) — legitimate interests (Art. 6(1)(f)); and contract (Art. 6(1)(b)) where needed to provide secure access.
  • Support communications and service messages — contract (Art. 6(1)(b)) and/or legitimate interests (Art. 6(1)(f)).
  • Legal compliance (e.g., responding to lawful requests) — legal obligation (Art. 6(1)(c)).
  • Website delivery and security logs (hosting/CDN) — legitimate interests (Art. 6(1)(f)).

5.2 Whether you must provide Personal Data

Some Personal Data is required to use the Services. For example, account credentials (such as email and a password, or a chosen sign‑in method) are required to create and access an account. If you do not provide required data, we may be unable to provide the Services (or certain features).

6. Data Sharing and Disclosure

We do not sell your Personal Data. We may share Personal Data only:

  • With service providers (processors) that help us deliver the Services (e.g., hosting/infrastructure, Appwrite), under contractual safeguards.
  • With third‑party providers you choose to use (e.g., Google as an OAuth provider), which may act as independent controllers under their own terms.
  • For legal reasons (law enforcement, courts, or lawful requests), where required.
  • In business transfers (merger, acquisition, reorganization, asset sale), with notice where required.

7. Data Retention

We keep Personal Data only as long as necessary for the purposes described in this policy, unless a longer period is required by law. We apply data minimization principles and periodically review retention settings.

  • Account data: while your account is active. After account deletion, we aim to delete or anonymize account identifiers within 30 days, unless retention is required for legal/security reasons.
  • User content / project data: while you keep it in your account. When you delete content or your account, we aim to remove active copies within 30 days, subject to backup cycles and legal/security needs.
  • Server/security logs (including hosting/Appwrite logs): typically retained for up to 30 days, then deleted or anonymized where feasible (unless needed longer for incident investigation or legal compliance).
  • Backups: may persist for up to 90 days before being overwritten or deleted (depending on backup lifecycle and disaster recovery requirements).
  • Local web storage used during login (see Cookies and Tracking): kept only as long as necessary to complete sign‑in and normally cleared automatically after successful sign‑in.

8. Your Rights

Subject to applicable law, you have the right to access, rectify, erase, restrict, object, data portability, and withdraw consent (where applicable).

To exercise your rights, contact us at info@protoboarddesigner.com.

You also have the right to lodge a complaint with the Hungarian authority: Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)https://www.naih.hu/
Address: 1055 Budapest, Falk Miksa utca 9-11., Hungary
Postal address: 1363 Budapest, Pf.: 9., Hungary

9. Security Measures

  • encryption in transit (TLS/HTTPS);
  • encryption at rest where appropriate (including backups where used);
  • access controls and least‑privilege policies;
  • logging and monitoring for security events; and
  • processor contracts (e.g., data processing agreements).

10. International Data Transfers

We are based in Hungary (EU). Some third‑party providers (such as Google for Fonts or OAuth, and global CDNs) may process data outside the EU/EEA (e.g., the United States), depending on their infrastructure and your location. Where transfers occur, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) and other lawful mechanisms.

11. Children’s Privacy

Our App and Services are not directed to children under 16 (or the minimum age required by local law). We do not knowingly collect Personal Data from children without valid parental consent. If you believe a child has provided Personal Data, contact us at info@protoboarddesigner.com.

12. Cookies and Tracking

We use cookies and similar technologies that are necessary to provide the Services (for example, to keep you signed in and to protect against abuse). We may also use local storage in your browser to support the login flow on the web.

  • Strictly necessary cookies: Appwrite may set authentication/session cookies that enable account login and session management.
  • Local storage (web login flow): during OAuth sign‑in, the web flow may temporarily store a userId/secret in local storage (e.g., appwrite_oauth_userId, appwrite_oauth_secret) to complete sign‑in and then clear them.
  • Third‑party content requests: loading remote fonts (Google Fonts) and libraries (jsDelivr/PDF.js) involves network requests to those providers, which may use their own logs/cookies according to their policies.

You can manage cookies in your browser settings. Disabling certain cookies may affect functionality (including login). If we introduce non-essential analytics/marketing cookies in the future, we will provide appropriate notice and, where required, obtain consent.

13. Changes to This Privacy Policy

We may update this policy from time to time by publishing an updated version and updating the “Last updated” date. If changes are material, we will provide additional notice where required.

14. Contact

  • Email: info@protoboarddesigner.com
  • Company: Protoboard Designer Korlátolt Felelősségű Társaság (Protoboard Designer Kft.)
  • Address: 1119 Budapest, Fehérvári út 97-99, Hungary

15. Third‑Party Privacy Policies