Light ray background

Privacy Policy

Effective Date: 16.04.2024

Last Updated: 30.01.2026

This Privacy Policy applies to the “Kartoteka” platform (hereinafter referred to as «we», «our», Kartoteka), developed by Pavel Khabusov (Android, Meta Quest) and Seda Martirosyan (iOS).

Data inquiries and requests contact: kartotekapro@gmail.com.

This Policy describes what data we collect when you use Kartoteka applications and services (including the website, layout builder, and MR/AR/VR applications), how we use and store it, and what rights users have.

1. What data we collect and process

  1. Authentication and profile data: Upon login, we use Firebase Authentication. Supported login providers include Google, Apple, and GitHub. Firebase may process your name (if provided), email address, and a unique user identifier (UID). This data is used for user identification and authentication.
  2. Meta / Horizon data: To access Meta platform features (Quest/Horizon), we may receive and process platform identifiers and profile data (e.g., platform UserID / UserProfile) to the extent necessary for collaborative spatial anchors and shared interaction features in AR/MR/VR. This data is not stored in third-party repositories.
  3. Application workspace data: User projects, saved content (plans, uploaded files), chat messages, and associated metadata (timestamps, authorship), as well as profile settings (username, profile photo, short bio) — provided the user creates or publishes them. Username, photo, and bio may be displayed publicly within the application when the user participates in public chats or publications.
  4. Technical data: Diagnostic information about your device/session (e.g., device type, app version, error logs) when necessary for application functionality or troubleshooting.
  5. Storage data: We store only the data necessary for service operation (UID and email for data synchronization and sharing). Data is stored on Firebase servers and is not shared with third parties.

2. Purposes of data processing

  • Account authentication and management (via Firebase login).
  • Application functionality: saving projects, sharing and collaborating on them, cross-device data synchronization, and storing user-generated content.
  • Enabling shared AR/MR/VR interaction features (e.g., shared spatial anchors) using Meta platform identifiers.
  • Service improvement, error diagnostics, and security assurance (e.g., error logging).

3. Third-party sharing and external services

  • For authentication and data storage, we use Firebase (Google) services. Data in Firebase is protected by Firebase's security measures and policies; we do not share personal data with other third parties.
  • When using Meta (Horizon/Quest) features, certain information (e.g., platform identifiers) may be jointly processed with the Meta platform to ensure proper integration functionality.

4. Data storage and security

  • Data is stored on Firebase servers and (as needed) in services required for application operation. We use secure connections (HTTPS) and standard encryption practices for data transmission and storage.
  • We implement reasonable organizational and technical measures to protect data, though we cannot guarantee absolute security during internet transmission.

5. Data deletion — your right and procedure (mandatory for Meta users)

We grant all users, regardless of geographic location, the ability to request deletion of their personal data collected or stored by our application.

How to request data deletion

You may submit a deletion request via email. Send a message to kartotekapro@gmail.com with the subject line “Data Deletion Request”. In the email body, please include:

  • The email address associated with your account;
  • A brief confirmation that you are the account owner (we may request additional verification information).

What happens after your request

  • Acknowledgement of receipt: We will confirm receipt of your request within 7 calendar days (via email notification).
  • Request verification: For security purposes and to prevent unauthorized deletion of another person’s data, we may request additional information to verify account ownership (e.g., confirming your email address or submitting an in-app screenshot).
  • Data deletion: After verification, we will delete your personal data from our operational systems (including Firebase records).
  • Third-party deletion: When data is held by third-party providers (e.g., Firebase), we will initiate their respective deletion procedures according to their policies and processes. Deletion timelines may vary among third-party providers. If necessary, we will inform you of applicable timeframes and status updates.

What to expect

  • Public content you published and which other users have copied or reposted may remain in their possession (we delete your copy and its visibility in our system, but we do not control third-party copies shared by others).
  • Aggregated/anonymized data that cannot identify you personally (e.g., averaged usage statistics) may be retained indefinitely for analytics and service improvement.

6. User rights

Where applicable and as permitted by law, users have the right to:

  • Access their personal data;
  • Rectify inaccurate data;
  • Request erasure;
  • Restrict processing;
  • Data portability — obtain a copy of their data in a machine-readable format.

To exercise these rights, please contact us at kartotekapro@gmail.com.

7. Data retention periods

We retain data only to the extent and for the duration necessary to provide services, fulfill contractual obligations, or comply with legal requirements. Specific retention periods depend on data type and processing purposes. If a user requests deletion, we will take the actions described in the “Data Deletion” section.

8. Policy changes

We reserve the right to update this Privacy Policy. All changes will be published on this page with an updated effective date.

9. Contact and additional information

If you have questions, complaints, or wish to exercise your rights, please contact us via email: kartotekapro@gmail.com.

This Privacy Policy is effective as of 30.01.2026 and remains in force until a new version is published.