Privacy Policy

1. Who We Are

MasterPlan is a floor plan sketching and inspection app developed and operated by LineForge, a company registered in Denmark. Our server infrastructure is hosted entirely within the European Union (Frankfurt, Germany).

For privacy-related inquiries, contact us at pacmenco@gmail.com.

2. What Data We Collect

We collect and process the following categories of personal data:

• Account data: Email address (used as username) and a securely hashed password. This is the minimum required to authenticate you and enable cloud features.
• Profile data: Optional public display name, avatar, city, country, website, and self-description (used for the Share Plan collaborator picker).
• Report header data: Optional company logo and custom text fields (company name, contact info, license number, tagline, etc.) that you choose to attach to PDF and Excel reports. Stored per plan and as an account-level default.
• Plan data: Floor plan drawings, measurements, observation pins, text notes, and structured field data that you create in the app.
• Media files: Photos and audio recordings you attach to observation pins. These are stored locally on your device and uploaded to our servers only when you explicitly save a plan to the cloud.
• Collaboration data: On shared plans, we store the comments you post (text, anchor position on the canvas, photos you attach, and your displayed author name), per-user “read” timestamps for each thread (so unread badges sync across your devices), per-thread visual layout shared with collaborators (bubble offset, arrow anchor, arrow-hidden flag), and tagging metadata (who tagged whom on which thread).
• Edit activity: When you save a plan, we record an aggregated count of the changes you made in that editing session (e.g. “3 walls added, 1 room deleted”). We do not store the actual changes — only the counts, the time of the session, and the editor’s identity. This drives a per-plan activity feed visible to every collaborator on that plan. Limited to the 20 most recent sessions per plan, kept for at most 60 days.
• Client records: Names, phone numbers, email addresses, websites, and addresses of your clients that you enter for report auto-fill.
• Community content: Feedback submissions, forum posts, and custom objects you choose to publish to the marketplace.
• Technical data collected automatically: When you make a request to our server (cloud sync, sharing, subscription activation, etc.), our web server logs the request's IP address, user-agent string, timestamp, HTTP method, URL path, response status, and response size. These access logs are used for security monitoring, abuse detection, and debugging. They are not combined with your account data for profiling or marketing.

3. Legal Basis for Processing (GDPR Art. 6)

• Art. 6(1)(b) — Contractual necessity: Processing your account data, plan data, and media files is necessary to provide the core service (cloud sync, sharing, collaboration, PDF report generation).
• Art. 6(1)(f) — Legitimate interest: Crash reporting (via Sentry, with no personally identifiable information) and basic server access logs for security monitoring and abuse prevention.
• Art. 6(1)(a) — Consent: Publishing custom objects or forum posts to other users is an explicit, voluntary action.

4. Where Your Data Is Stored

All data is processed and stored exclusively within the European Union:

• Application server: DigitalOcean Droplet in Frankfurt, Germany.
• File storage: DigitalOcean Spaces (S3-compatible object storage) in Frankfurt, Germany.
• Database: PostgreSQL on the same Frankfurt server.
• Transactional email: Mailgun EU endpoint.

No data is transferred outside the EU.

5. Sharing and Exports

MasterPlan gives you two ways to send plan data out of the app. We show you what is included before each share, and you remain in control of whether to proceed.

5.1 Cloud collaborators (in-app sharing)

When you invite another MasterPlan user to a plan, we create a share record on our server and the recipient's app downloads a copy of the plan. The recipient receives:

• The floor plan itself (rooms, walls, measurements, observations, photos, audio recordings).
• The client contact details you entered for that plan (name, phone, email, website, address).
• Your report header — logo and any custom fields you attached.

Recipients invited as editors can modify the plan and keep it in sync. Recipients invited as viewers can only see the plan. You can remove a collaborator at any time from the Share Plan sheet; future changes will no longer sync to them, but any local copy they already have stays on their device.

From the removed collaborator’s side, the plan moves into a “Recovered Plans” section of their plan list. They can either delete it or save it as a separate, independent copy on their own account (with a fresh internal ID); the original cloud plan, its files, and any comments posted on it stay with you as the owner.

If you and your collaborators use Collab Mode (the comment layer on a shared plan), additional data is exchanged on top of the plan itself:

• Comments are visible to every collaborator on the plan — the text, any photos you attach, and the displayed author name on each message.
• Tagging another collaborator on a thread highlights it for them so they are drawn back to the conversation.
• Per-thread visual layout choices (where the bubble sits, where the arrow tip points, whether the arrow is hidden) are saved server-side and shown to every collaborator. The change itself is shared; we do not record which collaborator made it.
• When you open a thread, your device records a read timestamp on the server. We use this only to drive the unread badges on your own devices — it is not visible to the other collaborators on the plan.
• The mail icon in the plan list aggregates threads from every plan you collaborate on into a single inbox feed whenever a thread you have previously posted in receives a new reply. The aggregation runs on the server; the feed shows the plan name, the replier’s displayed name, a short snippet of the latest reply, and the count of new messages.

5.2 File exports (PDF, Excel, MasterPlan archive)

When you use Send Report, Share PDF, or Export Excel, the app generates a file and hands it to your device's native share sheet. We do not see or store the recipient — you choose where the file goes (email, messaging app, cloud drive, etc.). Each file format contains:

• PDF: The rendered observation report, including your header, client details, and plan data.
• Excel (.xlsx): A spreadsheet with project info, rooms, and observations in tabular form, including client contact fields.
• MasterPlan archive (.masterplan): An editable bundle of the full plan, including photos and audio files. Recipients with the MasterPlan app can import it.

5.3 Third-party personal data (your clients)

Plans typically contain personal data about your clients (for example, the name and address of the person whose building you inspected). Under GDPR, you are the data controller for that data — you decided to collect it and you decide how it flows. MasterPlan acts as a data processor on your behalf.

Before you share a plan or export a file, you are responsible for making sure your client has been informed and, where required by your local law, has agreed to the sharing. MasterPlan shows an in-app disclosure listing exactly what is included each time you invite a collaborator, to help you meet that obligation.

6. Third-Party Services

MasterPlan does not use any analytics, advertising, or tracking services. There is no Google Analytics, no Facebook Pixel, no Firebase Analytics, no Mixpanel, and no equivalent.

• Sentry (crash reporting): We use Sentry for crash and error reporting with sendDefaultPii = false — no personally identifiable information is included in crash reports.
• Apple App Store / Google Play: Subscription purchases are handled entirely by the respective platform. We do not process or store any payment information.

7. On-Device Processing

Audio transcription is performed entirely on your device using an offline AI model (Whisper via sherpa-onnx). No audio data is ever sent to any server for transcription. The speech recognition model is downloaded once from HuggingFace and stored locally on your device.

8. Cookies

We use only essential, functional cookies required for the web portal to operate (session management, theme preference). We do not use tracking cookies, advertising cookies, or any third-party cookie services.

9. Data Retention

• Your account data is retained as long as your account is active.
• Cloud-stored plans and files are retained until you delete them or delete your account.
• Plan-scoped data — including comments, comment thread layouts, per-thread read timestamps, tagging records, individual observation samples, and the per-session edit-activity history — is retained alongside the plan and is permanently deleted when the plan is deleted.
• Server access logs (including IP addresses and user-agent strings) are retained for up to 90 days for security purposes, then permanently deleted.
• Deleting a plan removes all associated data (observations, photos, audio) from both your device and our servers.
• Client records you delete (your saved contacts — names, phone numbers, emails, addresses, logos) are retained in a deleted state for up to 20 days so your other devices can sync the deletion, then permanently purged from our database and from file storage.
• Account deletion follows a 20-day grace period. When you request deletion, your account is immediately locked and you receive a confirmation email with a cancellation link. You can cancel the deletion at any time during the grace period via that link or from the web dashboard. A reminder email is sent 3 days before the purge date. After 20 days, all data linked to your account is permanently removed from our servers: account row, profile, plans you own and their files, client records, custom objects, forum posts, and any personal data on plans others have shared with you. One exception: comments you posted on plans owned by another user remain visible to that plan’s collaborators with your displayed author name attached, because removing them would leave anonymous gaps in conversations the plan owner relies on. The link back to your account row is severed.

10. Your Rights Under GDPR

As a data subject in the EU, you have the following rights:

• Right of access (Art. 15): Request a copy of all personal data we hold about you.
• Right to rectification (Art. 16): Correct inaccurate personal data. You can update your profile directly in the app or web portal.
• Right to erasure (Art. 17): Request deletion of your account and all associated data.
• Right to data portability (Art. 20): Receive your data in a structured, machine-readable format. Plans can be exported individually from the app as PDF reports or JSON. Account information is visible in the in-app account screen. For a bulk export of all your data, contact us at the address below.
• Right to object (Art. 21): Object to processing based on legitimate interest.
• Right to restriction (Art. 18): Request that we restrict processing of your data in certain circumstances.

To exercise any of these rights, contact us at pacmenco@gmail.com. We will respond within 30 days.

11. Children's Privacy

MasterPlan is not directed at children under 16. We do not knowingly collect any personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Changes to This Policy

If we make material changes to this policy, we will post the revised version on this page with an updated date. For significant changes, we may also notify you via the app or email.

13. Contact

For any privacy-related questions or requests:
LineForge
Groefthoejparken 162, 5 sal mf., 8260 Viby J, Denmark
Email: pacmenco@gmail.com
Website: masterplan.templus.be