privacy / Markerra
Markerra Privacy Policy
This document explains how we process data in the Markerra app, on the website, and while operating QR/NFC campaigns. Location is used only when scanning a marker or using the map. The app does not track location in the background.
In short
Markerra is used for promotional campaigns with physical QR/NFC points. We use data to sign users in, save campaign progress, check the campaign area, issue rewards, handle errors, and prepare aggregated reports for the campaign client. The campaign client does not receive participants' personal data.
Data controller
The controller of participant data is Przemysław Wiśniewski Digital, a sole proprietorship registered in CEIDG, Polish tax ID/NIP: 5243019522, REGON: 529876286, address: ul. Turmoncka 22/1103, 03-254 Warsaw, Poland.
Privacy and support contact: wisniewski.prz@gmail.com.
Providers and recipients
- Appwrite Cloud acts as a processor for Markerra application data.
- Google and Apple are login providers and process data under their own privacy terms.
- Depending on the platform, the app may use Apple, Google, and system map services.
- The campaign client receives only an aggregated report, without participant personal data.
Technology providers may use infrastructure or subprocessors outside the European Economic Area. The exact transfer mechanisms, including DPA, SCCs, or adequacy decisions, should be periodically verified in the providers' official documentation.
Data we process
| Area | Data | Purpose |
|---|---|---|
| Account and login | Appwrite user ID, email, profile name, Google or Apple provider, session | Authentication, account maintenance, and progress storage |
| Campaign | campaignId, markerId, scan status, platform, event time | Progress, duplicate checks, rewards, and campaign diagnostics |
| Location | Position and accuracy at scan time, approximate distance, or area status | Checking whether the marker is collected inside the campaign area |
| App analytics | Events such as session start, map, scanner, progress, reward, and CTA click | Measuring campaign operation and preparing aggregated reports |
| Reward | Code, link, or reward instruction assigned to the account; pseudonymous participant hash for one-code-per-campaign control | Issuing the reward after the campaign rules are completed and preventing repeated reward claims |
| Bug report | Report content, account email, user ID, platform, app version, campaign, progress, last scan status | Support and diagnostics |
| B2B contact | Brand, contact email, campaign description, scale, reward, message content | Handling business inquiries and preparing a response |
Legal bases
| Purpose | Legal basis |
|---|---|
| Login and account | Performance of the app terms/service agreement |
| Campaign progress | Performance of the app terms/service agreement |
| Location check at scan time | Performance of the service/campaign rules; anti-fraud as legitimate interest where applicable |
| Reward, code, or link | Performance of campaign rules |
| Security and anti-fraud | Controller's legitimate interest |
| Product analytics | Controller's legitimate interest |
| Aggregated report | B2B contract performance / legitimate interest |
| Bug report | Handling the request / legitimate interest |
| B2B contact | Pre-contractual steps / legitimate interest |
Location
We use location only when scanning a marker or using the map, so the app can check whether the user is within the campaign area. The app does not track users in the background.
New progress records do not store the user's raw phone location. For compatibility with the existing data structure, some technical fields may store the campaign circle center or an approximate distance bucket, not the precise phone position.
Reports for campaign clients
The campaign client receives a business report with aggregated metrics, such as number of participants, collected markers, completed routes, and reward CTA clicks. The client does not receive emails, user IDs, raw location, raw Appwrite exports, reward codes assigned to people, or individual participant paths.
The client must not attempt to reidentify participants. Report segments are shown only when
they include at least 5 users. Smaller cells are marked as <5 or described qualitatively.
Data retention
| Data | MVP retention period |
|---|---|
| scan_attempts / scan diagnostics | Until campaign archival + up to 14 days, unless a longer period is needed for security or complaint handling |
| user_markers / progress | Until campaign archival + up to 180 days |
| rewards / codes and links | Until campaign archival + up to 365 days, or the period defined in campaign rules |
| reward_claims / pseudonymous reward claims | Until campaign archival + up to 365 days, or the period defined in campaign rules |
| analytics_events | Until report delivery + up to 180 days, then deletion or anonymisation |
| Bug reports | Case closure + 90 days |
| B2B forms and contact | 12 months from the last contact |
| Aggregated reports | Longer, if they do not contain personal data |
| Minimal account-deletion log | Up to 12 months for accountability and security |
Account deletion
A user can delete the account in the app. Instructions are available on the Delete account page. Account deletion removes the app account and the app data linked to that account, including progress, scan attempts, rewards, and analytics events, except data that we must keep for a limited time for security, complaint handling, or accountability. In particular, we may keep a pseudonymous reward claim to prevent one person from receiving multiple codes in the same campaign by deleting and recreating an account.
User rights
Users may request access, rectification, erasure, restriction of processing, data portability, objection to processing based on legitimate interest, and may lodge a complaint with the President of the Polish Personal Data Protection Office.
For privacy requests, contact: wisniewski.prz@gmail.com.