Privacy Policy
For the Citizenship Day Calculator iOS and Android apps.
Effective: 13 May 2026 · Last reviewed: 13 May 2026
1. Who we are
This privacy notice is issued by HUZK LTD, a private limited company registered in England & Wales under company number 13052672 ("HUZK", "we", "us").
We are the controller of the personal data described below within the meaning of the UK GDPR and EU GDPR. You can contact us at any time at [email protected].
2. Two surfaces, two practices
This policy covers the Citizenship Day Calculator mobile apps (iOS and Android). The marketing website at citizenshipdaycalculator.com is separately covered by its own browser-only privacy notice and does not collect personal data beyond an optional locale preference cookie.
The mobile apps run in two tiers:
- Free tier (default). The calculator works fully offline. We do not require an account, do not transmit your trip data off the device, do not run analytics or advertising, and do not request the IDFA on iOS or Advertising ID on Android.
- Optional Pro tier (US$4.99/month or US$29.99/year). Activating Pro adds an account, end-to-end-encrypted cloud sync of trip data, multilingual PDF report export, smart reminders, and a Face ID / fingerprint app lock. The data we process for the Pro tier is described in section 3.
3. Data we process when you use the Pro tier
3.1 Account data
- Email address. Collected at sign-up (Sign in with Apple, Sign in with Google, or passwordless email magic link). Used solely to authenticate you and to send transactional account messages (password-less magic links, subscription receipts). Not used for marketing.
- Anonymous user ID. A UUID generated by the platform identity provider (Apple Sign-In private relay, Google Account, or our own UUID for magic-link sign-in). Linked to your account record. Not shared with third parties.
3.2 Trip data (end-to-end encrypted)
The trip-by-trip records you enter into the calculator never leave your device in plaintext. Before any byte is sent to api.citizenshipdaycalculator.com, your device encrypts the payload locally using AES-256-GCM with a key derived from a passphrase you control via Argon2id. Our server stores only ciphertext bound to your user ID and country slug; we cannot read your trips, dates, or annotations.
3.3 Diagnostics & crash reports (opt-in)
- Crash logs. Sent to Sentry (Functional Software, Inc., USA) only if you explicitly opt in under Settings → Privacy → Crash reports. Crash logs are scrubbed of personal data at the SDK level and are not linked to your account.
- Performance data. Anonymous timing and error frequency, opt-in under the same toggle.
3.4 Push notification token (opt-in)
If you enable eligibility reminders, the platform supplies a device push token that we forward to OneSignal (OneSignal, Inc., USA). The token is rotated by the platform and carries no personally identifiable content.
3.5 Subscription state
When you purchase Pro, Apple App Store or Google Play handles the transaction. We receive an opaque transaction receipt and entitlement state from RevenueCat, Inc. (USA), our subscription state provider. We never see your full payment card or bank details.
4. Legal basis and purposes
| Data | Purpose | Legal basis (UK / EU GDPR) |
|---|---|---|
| Email + user ID | Provide the Pro account, authenticate sessions | Performance of a contract (Art 6(1)(b)) |
| Encrypted trip data | Cloud sync of your records across devices | Performance of a contract (Art 6(1)(b)) |
| Crash logs & diagnostics | Identify and fix bugs | Consent (Art 6(1)(a)), withdrawable at any time |
| Push token | Send eligibility reminders you scheduled | Consent (Art 6(1)(a)) |
| Subscription receipts | Provide and bill the Pro tier; tax compliance | Contract (Art 6(1)(b)) and legal obligation (Art 6(1)(c)) |
5. Third-party processors
We share personal data with the following sub-processors strictly to operate the service:
- Apple Inc. (USA / Ireland) — Sign in with Apple, iOS App Store purchases, APNs push delivery.
- Google LLC (USA / Ireland) — Sign in with Google, Google Play purchases, FCM push delivery.
- RevenueCat, Inc. (USA) — subscription state and receipt validation.
- Sentry / Functional Software, Inc. (USA) — opt-in crash and performance reporting.
- OneSignal, Inc. (USA) — opt-in push delivery routing.
- Hetzner Online GmbH (Germany) — hosting of
api.citizenshipdaycalculator.com.
International transfers from the UK / EU to the USA rely on the EU–US Data Privacy Framework where the recipient is certified, or on the UK Addendum to the EU Standard Contractual Clauses (2021) where they are not. A current list of sub-processors with adequacy mechanisms is available on request.
6. Retention
- Account record (email, user ID): for as long as your account is active, plus 30 days after deletion to allow restoration if you change your mind.
- Encrypted trip data: deleted within 30 days of account deletion.
- Crash and diagnostic data: 90 days at Sentry, then deleted.
- Subscription and billing records: 6 years to meet UK HMRC tax obligations (Finance Act 1998 Sch 18).
7. Your rights
Under UK GDPR, EU GDPR, the California CPRA, India's DPDP Act and similar laws you have, where applicable, the right to:
- Access the personal data we hold about you and obtain a copy.
- Correct inaccurate data.
- Erase your data (right to be forgotten).
- Port your data in a structured machine-readable format.
- Object to or restrict processing based on legitimate interests.
- Withdraw consent for opt-in processing (crash logs, push notifications).
- Not be subject to automated decision-making — we do not run any.
To exercise any right, email [email protected] from the address tied to your Pro account, or use the in-app Settings → Account → Delete Account flow. We respond within one month (UK / EU) or sooner where the local law requires it. Account deletion instructions and self-service options are also available at /app/account-deletion.
If you are unhappy with our handling of your data and you are in the UK, you can lodge a complaint with the Information Commissioner's Office (ico.org.uk). Other regional regulators are also available; we will tell you how to reach yours on request.
8. Children
The app targets adults applying for citizenship or naturalisation. The store listings declare an age rating of 18+. We do not knowingly process the personal data of children under 13 (United States, COPPA) or under 16 (UK / EU GDPR default). If you believe a child has registered with us, contact [email protected] and we will delete the account.
9. Tracking and advertising
The app does not run advertising, does not request App Tracking Transparency on iOS, does not read the IDFA, and does not collect the Google Play Advertising ID. We do not share data with data brokers.
10. Cookies
The mobile apps do not use cookies. The marketing website may set a single locale preference cookie which is described in the website privacy notice.
11. Changes to this policy
We may update this policy from time to time. The effective date at the top of this page will change. Material changes (new processors, new data types, new purposes) will be notified in-app before they take effect.
12. Contact
HUZK LTDCompany number 13052672 (England & Wales)
Email: [email protected]
Support · Delete your account · End User License Agreement · About the app