← Back to home Legal · Privacy

Privacy Policy

This Privacy Policy explains what personal data PlumberFile collects, how we use it, who we share it with, and what rights you have. It applies to the PlumberFile Android application and the related web services operated under the plumberfile.com domain.

Effective date: June 20, 2026 Last updated: June 22, 2026 Version: 2.1.1
Plain-English summary. We only collect the data we need to run the service: your account details, the jobs and customers you save, the photos you attach, and the AI conversations you have. We never sell your data, never use it for advertising, and we secure all traffic with TLS. You can delete your account at any time and we will remove or anonymize your data on the schedule explained below.

1. Who we are

PlumberFile is a mobile field-service management app for plumbers, technicians, and small service businesses. It is operated by PlumberFile (referred to in this policy as “PlumberFile”, “we”, “us”, or “our”).

Operator: PlumberFile
Country: Türkiye
Contact & Privacy Inquiries: support@plumberfile.com

For any privacy-related questions or to exercise your data protection rights, please contact us at the email address above. Our full corporate details (including registered address and tax information) will be updated upon the formal completion of our local registration registries.

2. Scope of this policy

This policy covers:

  • The PlumberFile Android application installed on your device.
  • The PlumberFile API and authentication services we operate at the plumberfile.com domain.
  • The plumberfile.com marketing website (this page and the home page).

It does not cover third-party services that you choose to connect from inside the app (for example, signing in with Google or Facebook, or paying through Google Play). Those services have their own privacy policies and you should review them.

3. Data we collect

We collect only the data we need to deliver the service and to keep your account secure. Categories below correspond to the categories declared in the Google Play Data Safety form for this app.

3.1 Account information

  • Name — provided at registration or supplied by Google/Facebook sign-in.
  • Email address — used as your unique account identifier and for verification messages.
  • Password — only for email-based accounts. We never store your password in clear text; we store a one-way bcrypt hash.
  • Login type — whether you signed up with email, Google, or Facebook.
  • Account state — whether the account is active, the date it was created, and the date of last login.

3.2 Company / business profile

  • Company name, optional address, phone, and email.
  • Subscription plan, trial status, and billing-related dates.
  • AI quota fields — your daily token allowance and any extra balance from top-up purchases.

3.3 Device & session information

  • Device identifier (device_id) — a value generated on first launch and stored locally on your device. It is not the Android Advertising ID and is not shared with advertisers.
  • Device model, platform (Android), OS version, and app version.
  • IP address and user-agent string of API requests.
  • Session metadata — refresh-token records, creation and revocation timestamps, the reason a session was revoked (e.g. logout, password change, device mismatch).
  • Trusted-device records — once you verify a one-time code on a new device, that device is marked trusted so we don't ask you again.
  • Offline storage and sync — when you use the app without an internet connection, some data may be stored locally on your device so the app can continue working. This may include customers, service records, service reports, payment information, scheduled dates, and job photos. When your internet connection is restored, the app may automatically synchronize this data with our servers.

3.4 Service data you create

  • Customers you add — typically name, address, phone, and notes.
  • Service records / jobs — title, description, status, dates, and the customer the job is linked to.
  • Photos you attach to a job — taken with the camera or selected from the device gallery, uploaded to our servers and tied to the job record.
  • Status history — each time a job's status changes, with timestamp.
  • Imported phone contacts — if you choose "Import from Phone Contacts", the app may access your device contacts only for the purpose of letting you select a customer to add. We do not upload your full contact list. Only the contact you choose to import is saved as a customer record in PlumberFile.
  • Location data — if you choose to use the GPS location feature while creating or updating a service record, the app may collect the selected location coordinates and address details and save them to that service record. We do not track your location in the background.
  • Offline job photos — photos or videos you attach to a service record may first be saved locally on your device, especially when you are offline. Once your internet connection is restored, those files may be synchronized with our servers and linked to the relevant service record.

3.5 AI assistant data

  • Conversation messages — the prompts you send and the AI responses you receive.
  • Token usage logs — the number of input and output tokens used per request, used to enforce your daily and monthly quota and to display your usage in the app.

3.6 Operational logs

  • Server logs — short identifiers (request IDs), endpoint name, masked email, masked device-ID prefix, latency, and HTTP status. Used for debugging, abuse detection, and rate-limiting. We do not write full passwords or full tokens to logs.
  • Rate-limit counters — short-lived per-email and per-device counters that protect against brute-force and abuse.

3.7 Optional public plumber / company profile

If you choose to, you can publish your plumber or company profile on www.plumberfile.com. When you opt in, only the details you select — such as your company name, service area, city/district, profile description, phone number, email address, and optional location/address information — may be shown on the website, on the map, or within the quote-request system. This information is used so that customers can reach you, request a quote, and submit a service request. Publishing your profile is entirely optional and based on your choice. You can turn off your profile's visibility on the website at any time, or contact our support team at support@plumberfile.com to request removal of your information.

What we deliberately do NOT collect. We do not collect your full contact list, background location, microphone recordings, calendar data, files outside the photos or videos you choose to attach, advertising identifiers, or browsing history. We do not embed third-party advertising or analytics SDKs in the app. If you import a phone contact or use the GPS location feature, only the specific contact or location information you choose is saved for the service feature you are using.

4. How we use your data

We use the data described above only to:

  • Create and authenticate your account, including device verification and refresh-token rotation.
  • Provide the core features of the app: managing customers, service records, photos, and AI conversations.
  • Enforce your subscription state, free-trial countdown, daily AI token limit, and any extra balance you have purchased.
  • Detect and prevent abuse — for example, repeated failed logins, refresh-token reuse, or device mismatches.
  • Communicate service-related messages: login verification codes, password resets, and important changes to the service. We do not send marketing emails without your separate consent.
  • Comply with our legal obligations and respond to lawful requests from authorities.
  • Improve the service through aggregate, non-identifying usage measurements.

5. AI features

The AI assistant inside PlumberFile is powered by Google's Gemini API. When you send a prompt, that prompt is transmitted to Google for processing and a response is returned to you and saved in your conversation history.

  • Your prompt and the model's response are stored in our database tied to your account so you can read your history later.
  • We log the number of tokens consumed per request to enforce your quota.
  • Google processes the prompt according to the Gemini API terms in effect at the time of the request, which may include processing in the United States and other countries where Google operates infrastructure.
  • We do not use your prompts to train any model. Whether Google does any training on API content is governed by the Gemini API terms; today, paid Gemini API content is not used to improve their models. Always treat AI prompts as you would any third-party processor and avoid pasting highly confidential identifiers (full ID numbers, payment-card numbers, or other secrets) into the chat.
  • If you attach an image to an AI message, that image is sent to Google's Gemini API together with your prompt and is stored in your conversation history.
  • AI answers include like, dislike, copy and report controls. When you dislike or report an answer, the issue you select, your optional comment, the related AI answer, and the surrounding conversation context may be included with your feedback so that we can improve the quality and safety of the service.
  • AI responses are for informational purposes only. For important technical decisions, please rely on your own expert assessment.

6. Sharing & third parties

We do not sell your personal data. We share it only with the limited set of service providers required to operate the app, on a least-privilege basis.

Recipient Data shared Purpose Region
Hosting provider (server & database) All service data at rest, processed in our infrastructure Hosting the API and storing your data Provider region (specified in our deployment configuration)
Google — Gemini API The AI prompt you send + minimal request metadata Generating the AI response United States & other Google regions
Google — Sign-In / OAuth Your Google ID token if you choose Google sign-in Authenticating you Worldwide (Google)
Meta / Facebook — Login Your Facebook access token if you choose Facebook sign-in Authenticating you Worldwide (Meta)
Google Play Billing Subscription purchase tokens / order IDs Processing your subscription & in-app purchases Worldwide (Google)
Email delivery provider Your email address & the message body of verification / reset emails Delivering account-security emails Provider region
Law enforcement & courts Only the data legally required by a valid order Compliance with applicable law Jurisdiction of the request

We do not share your data with advertising networks, data brokers, or analytics platforms outside the providers listed above.

7. Data you upload about your customers

When you save a customer record (their name, address, phone, notes) inside PlumberFile, you are the data controller for that information and PlumberFile acts as a data processor on your behalf.

  • You decide what customer data to enter and you are responsible for having a lawful basis to enter it (for example, the existence of a service contract with that customer).
  • You are responsible for responding to your customers' rights requests under applicable law (access, rectification, erasure, etc.). We will help you fulfill those requests on the data we hold for you.
  • We process customer data only on your instructions and only to provide the service to you.
  • We will not contact your customers directly for any purpose other than to deliver the service to you.

How customer deletion works inside the app

When you tap Delete on a customer record in PlumberFile, that customer is marked as inactive (is_active = 0) and is hidden from your active customer list. The underlying database row is preserved so that any past service records that reference the customer remain coherent in your history. The deactivated record is not exposed to other users or in any other company's app.

If you (or one of your own customers exercising their right to erasure) need a full physical deletion of a specific customer's personal data — beyond the deactivation above — email support@plumberfile.com from your account email address with the subject line "Customer data erasure request" and identify the customer to be erased. We will hard-delete the row within 30 days and confirm by email.

If you delete your entire PlumberFile account (see Section 13), customer records associated with your company are deactivated alongside the rest of your company data and are no longer visible to anyone. To request a full physical erasure of those rows as well, use the procedure described in Section 13.

8. Android permissions

The PlumberFile Android app requests only the permissions it needs to function. You can revoke any of these at any time from your device's Settings > Apps screen; the affected feature simply will not work until you re-enable the permission.

Permission Why we use it Required?
INTERNET Communicate with the PlumberFile API. Required
ACCESS_NETWORK_STATE Detect online/offline state for retries. Required
Camera (system camera app) Take job photos. Photos are captured through Android's own camera app; PlumberFile does not hold a standing CAMERA permission. Optional — only when you tap the camera button
Photos (Android photo picker) Attach existing photos to a job. On modern Android the system photo picker needs no media permission; on Android 12 and older, READ_EXTERNAL_STORAGE is used. Optional — only when you tap the gallery button
ACCESS_FINE_LOCATION / ACCESS_COARSE_LOCATION Used only when you tap the GPS / location button to fill a service address or coordinates. We do not collect background location. Optional — only when you use the GPS feature
READ_CONTACTS Used only when you choose "Import from Phone Contacts" to select a person and add them as a customer. We do not upload your full contact list. Optional — only when you use contact import
POST_NOTIFICATIONS (Android 13+) Show optional service notifications (verification reminders, important account messages). Optional
SCHEDULE_EXACT_ALARM Schedule on-time reminders for your upcoming service records. Optional — only if you enable reminders
BLUETOOTH / BLUETOOTH_ADMIN (Android 11 and older) Connect to a supported TP107 pressure-test pump on older devices. Optional — only on the device screen
BLUETOOTH_CONNECT (Android 12+) Connect to your already-paired TP107 test pump to read its pressure data. Optional — only when you use the device feature
BLUETOOTH_SCAN (Android 12+, neverForLocation) Detect the TP107 test pump in order to connect. Flagged neverForLocation and never used to derive your location. Optional
Google Sign-In / Facebook Login Authenticate via your existing account if you choose social sign-in. Optional — only if you tap the corresponding button
Google Play Billing Process subscriptions and any in-app purchases. Required for paid plans

9. Security

We protect your data with industry-standard controls:

  • Transport encryption. All traffic between the app and our servers uses TLS 1.2 or higher.
  • Password hashing. Passwords are stored as bcrypt hashes; we cannot recover or read your password.
  • Token security. Access tokens are short-lived JWTs. Refresh tokens are rotated on every use; reuse is detected and forces re-authentication.
  • Device verification. A one-time code may be required when you sign in from a new device. Once verified, the device can be marked trusted so we do not ask again. In limited company-managed or testing configurations, device verification may be disabled by account settings.
  • Encrypted local storage. Tokens are stored on your device using Android Jetpack Security-Crypto (EncryptedSharedPreferences).
  • Rate limiting. Repeated failed logins, refresh-token misuse, and abusive request patterns are throttled and can trigger temporary blocks.
  • Least-privilege access. Only authorized engineers can access production systems, and all access is logged.
  • Patch hygiene. Server and dependency updates are reviewed and applied on a regular schedule.

No system can guarantee 100% security. If you believe your account has been compromised, please change your password immediately and contact us at support@plumberfile.com.

10. Data retention

We keep your data for as long as your account is active and only as long as necessary for the purposes described in this policy. Indicative retention periods are:

Data type Retention
Account profile (name, email, password hash, login type) Until you delete your account, then up to 30 days for backup rotation
Service records and customer records (rows) Marked inactive when you delete them in the app; deactivated when you close your account, after which they remain only as anonymized historical context. See Section 13 for full details and how to request a hard-delete. Backups rotated within 30 days.
Job photos & other file attachments Permanently deleted (database row + file on disk) when you delete the parent service record or close your account, then rotated out of backups within 30 days
Locally stored offline data Kept on your device until it is synchronized, deleted by you, or removed when app data is cleared / the app is uninstalled
Imported contact data Kept as part of the customer record until you delete the customer or delete your account
Location saved in service records Kept as part of the service record until you edit / delete the record or delete your account
AI conversation messages Until you delete the conversation or your account; visible in-app for as long as kept
AI usage logs (token counts) Up to 13 months — needed for billing, quota enforcement, and abuse detection
Active sessions / refresh tokens Until you log out, you log out everywhere, or the session expires
Server access & security logs Up to 90 days, then deleted or anonymized
Rate-limit counters Up to 24 hours after the relevant window closes
Billing records (subscription / in-app purchase records) As long as required by tax and accounting law (typically up to 10 years)

11. International transfers

Some of our service providers (notably Google for the Gemini API and Sign-In) process data in the United States and other countries. When we transfer data outside your country of residence, we rely on the safeguards offered by those providers, which include the EU Standard Contractual Clauses where applicable and Google's certification under recognized data-transfer frameworks.

12. Your rights

Depending on where you live, you have rights over your personal data under the EU General Data Protection Regulation (GDPR), the UK GDPR, the Turkish Personal Data Protection Law (KVKK – Law No. 6698), and similar laws.

  • Access the personal data we hold about you.
  • Correct data that is inaccurate or out of date.
  • Delete your account and the personal data tied to it (subject to legal retention obligations).
  • Restrict or object to specific uses of your data.
  • Portability — receive a copy of the data you provided in a common machine-readable format.
  • Withdraw consent where processing is based on your consent.
  • Lodge a complaint with your local data-protection authority (in Türkiye: Kişisel Verileri Koruma Kurumu — KVKK; in the EU/EEA: your national supervisory authority; in the UK: the Information Commissioner's Office).

To exercise any of these rights, email support@plumberfile.com from the email address on your account. We respond within 30 days; we may ask for additional information to verify your identity before acting on the request.

13. Account & data deletion

You can request deletion of your PlumberFile account and the personal data associated with it at any time. There are two ways to do this:

  1. From inside the app: open Settings → Account → Delete account and confirm. You will receive a confirmation email.
  2. By email: send a request from your account email address to support@plumberfile.com with the subject line "Account deletion request".

Once we verify your request, the following actions are carried out automatically by our deletion endpoint:

  • Your user record is anonymized. Your name is replaced with "Deleted User", your email is replaced with a non-routable placeholder of the form deleted+<id>+<timestamp>@plumberfile.local, your stored password hash and any linked Google or Facebook account IDs are removed, the account is marked inactive, and the deletion timestamp is recorded. The account can no longer log in.
  • Your company profile is anonymized. Company name, tax number, address, city, country, phone, and email are cleared, and the company is marked inactive.
  • Job photos and other file attachments are permanently deleted — both the database rows and the actual files on the server's disk are removed.
  • AI usage logs and AI quota / billing-period records are permanently deleted.
  • Service notes and service status history are permanently deleted.
  • Your customers and service records are deactivated (marked inactive / soft-deleted). They become inaccessible from the app and to any other user. The personal-data fields on these rows are preserved only as part of historical service-record context; on request we will hard-delete them — see below.
  • All active sessions on every device are revoked, any trusted-device records are deactivated, and any pending login-verification codes are voided.
  • A confirmation email is sent to your account email address noting that the deletion request has been received and processed.

Backups containing pre-deletion copies of the data above are rotated out within 30 days. Server-side access and security logs that identify you are deleted within the standard log-retention window (up to 90 days).

If you also want a full physical erasure of the soft-deleted customer or service records — beyond the deactivation and anonymization above — email support@plumberfile.com from your account email address (or from the placeholder address we send your confirmation to) with the subject "Hard-delete request" and we will perform a manual erasure within 30 days.

We retain only the minimal records required by law (for example, billing entries needed for tax compliance), which are kept on a least-privilege basis and are not used for any other purpose.

Heads-up. Deleting your account is permanent. After deletion we cannot recover your customers, service records, photos, or AI conversation history. If you only want to stop your subscription, cancel it through Google Play instead — your data stays available under the free tier.

14. Children

PlumberFile is a business productivity tool for adults working in the trades. It is not directed to children under 16 and we do not knowingly collect personal data from anyone under 16. If you believe a minor has created an account, please contact us and we will delete it.

15. Cookies & similar technologies

The PlumberFile Android app does not use browser cookies. It stores authentication tokens locally on your device using Android EncryptedSharedPreferences so you don't have to log in every time you open the app. The plumberfile.com marketing website may set strictly necessary cookies for basic operation; it does not run third-party analytics or advertising trackers.

16. Changes to this policy

We may update this policy as the service evolves or as regulations change. When we make a material change, we will:

  • Update the Last updated date at the top of this page.
  • Notify you in-app and/or by email at least 14 days before the change takes effect for any changes that materially expand how we use your data.

Your continued use of PlumberFile after the effective date of an update means you accept the revised policy. If you do not agree, you can stop using the service and request account deletion as described above.

17. Contact us

If you have any questions about this policy or how we handle your data:

Our registered postal address and data-protection contact details are currently being updated in line with the finalization of our local registration registries. In the meantime, you can formally reach our data protection representative directly via support@plumberfile.com for any KVKK, GDPR, or general privacy requests.

Thank you for trusting PlumberFile with your work.