Privacy Policy
Last updated:
Craft Navigator is operated by ARport Navigation Kft.
Address: 1162 Budapest, Sarkad utca 49, Hungary
Contact: info@arportnavigation.com · +36 30 684 7278
Privacy contact: Levente Palicsek
This Privacy Policy explains how ARport Navigation Kft. ("ARport", "we", "us") processes information when visitors use the Craft Navigator mobile application (Android and iOS, Hungary).
1. Who controls your data
For this deployment, ARport Navigation Kft. acts as data controller for the Craft Navigator service.
Some data (e.g. journey analytics, feedback, or billboard content decisions) may be shared with the facility/client operating the site. If that organisation uses such data on its own terms for its purposes, parallel controller or joint-controller analysis may apply; practically, journeys and feedback are disclosed to the client as part of delivering the navigation product.
Processors and third-party services used to run the backend and AR stack are listed below (Section 8).
Supabase hosting is described as EU-hosted per current deployment decisions.
2. What we process
The app uses licence-key access rather than requiring visitors to sign in with email/password.
Depending on permissions and configuration, processing may include:
| Category | Examples |
|---|---|
| Licence / access | Licence key semantics, mapped navigation area, Supabase authentication session (e.g. service-style credentials tied to the key), encrypted session payload on device. |
| Location | Precise GNSS-derived position, altitude, accuracy metrics, timestamps, and use of GNSS-assisted priors for AR localisation where georeferencing is enabled. |
| Camera / AR | Camera access via Vuforia for AR tracking; ARport does not intentionally store or upload camera images/video for Craft Navigator described here. |
| Journey data | Destination id/name, area id, start/end timestamps, distances, serialized navigation preferences, sampled XYZ positions along a route during navigation where collection is enabled. |
| Feedback | Numerical/experience metrics and optional free-text notes. |
| Promotional billboard content | AR billboards may show ads or branding as part of navigation content. See Section 7. |
| Technical data | App version, platform, connectivity, operational errors, Supabase/host logs where applicable. Production builds are not configured to upload application debug/AppLog dumps for this deployment. |
Local cache (sessions, payloads, queued journeys/feedback, area assets) uses encryption with device-bound key material where the platform supports it (Android Keystore / iOS Keychain patterns as implemented in-app).
Operational backend logs via Supabase: approximately 7 days retention. Backups may roll approximately one month.
3. Permissions
The OS may prompt for:
- Camera — required for AR detection/tracking (Vuforia).
- Precise location — required where the site uses georeferencing / GPS-aided flows.
Visitors can revoke permissions in system settings; core navigation features may cease to function without them.
Mic, Bluetooth-as-permission-class, notifications for ads, advertising identifiers, and cross-app behavioural ad SDKs are not described as part of this product stance; if introduced later, this Policy and store declarations must be updated.
4. Purposes and legal bases (GDPR)
| Purpose | Typical legal basis |
|---|---|
| Provide navigation & AR positioning | Performance of requested service / pre-contract necessity |
| OS permission prompts where required | Consent (where applicable under platform/law interplay) |
| Security, misuse prevention, troubleshooting | Legitimate interests / legal obligations |
| Journey analytics | Legitimate interests and/or contractual necessity toward site/client reporting |
| Feedback | Legitimate interests / consent depending on wording of UI |
| In-app billboard / promotional creatives | Legitimate interests and/or contractual arrangements with advertisers/site; non-personalised to named profiles unless behavioural ad tech is added |
You may withdraw device permissions anytime; withdrawal may degrade or stop navigation.
Supervisory complaints: Hungarian NAIH.
5. Retention
| Data | Approach |
|---|---|
| Journeys / feedback (backend) | Stated operational intent includes long-term / indefinite retention for analytics/site improvement unless law or contractual change requires otherwise — counsel review recommended vs minimisation/anonymisation. |
| Supabase ops logs | ~7 days (per stakeholder input). |
| Backups | ~1 month rollout (per stakeholder input); deletion from live DB may coexist with backups for a residual window until cycles complete. |
| Device cache | Until reinstall, purge, overwrite, or app-driven deletion |
6. Visitor rights under GDPR
Even without a classical "user profile," GDPR rights may attach to identifiable natural persons interacting with identifiable records.
Visitors may email info@arportnavigation.com or call +36 30 684 7278 to exercise access, correction, deletion, restriction, objection (where lawful), portability (where technically feasible), etc. Identification may rely on reasonable corroborators (approximate usage window, licence scope, partial technical identifiers reported by operators, verbatim feedback excerpts, destination names, etc.). Ignoring rights because "there is no account" can be unlawful if identifiers still single out persons.
Processors: contractual instruments (Supabase DPA, Vuforia terms) underpin sub-processing.
7. In-app billboard advertising
The navigation experience may display advertising or branded content on virtual billboards inside AR or the authored environment.
7.1 No third-party behavioural ad SDK (current stance)
We do not describe using third-party ad networks embedded in-app for personalised tracking, GAID/IDFA based audience building, impression auctions, remarketing fingerprints, nor cross-app ad profiles tied to behavioural SDKs — as long as billboard content stays publisher/site controlled imagery.
7.2 How boards may differ
Billboard payloads may simply be static or editorial creatives chosen by ARport/site operator.
Alternatively, selection may use non-profile contextual signals routed through our own backends, e.g.:
- navigation area / site geometry,
- coarse or fine real-world position correlated to authored anchor graph,
- time of day,
- navigated destination/category.
That is typically service-owned contextual placement, distinct from behavioural ad profiling provided no third-party DSP/SSP & ID bridging is involved.
7.3 If behavioural ad stacks are added later
Any introduction of programmatic ads, advertiser measurement pixels inside WebViews, hashed email matching, attribution SDKs (Adjust, Firebase Analytics for ads branch, AppsFlyer, Meta SDK, …) forces rewriting Sections 2, 4, 7, store labels, DPIA/consent artefacts, ATT / Play ads declarations.
8. Sharing and subprocessors / third parties
| Party | Role (summary) |
|---|---|
| Supabase | EU Postgres/Auth/Storage/RPC/logs infrastructure — processing under controller instructions + DPA |
| Vuforia / PTC | AR engine — consult their Privacy Notice / DPIA artefacts |
| Google Play Services Location (Android fused stack) | High-accuracy location acquisition during warm-ups / fused paths where applicable |
| Apple CoreLocation APIs | iOS location authorization & updates |
| Unity Player | Runtime host (review Unity privacy statement for aggregated analytics if submitAnalytics/services remain relevant to your build audits) |
| Site/client operator | Receives journeys/feedback/adjacent artefacts per contractual scope |
We do not sell personal information.
9. Children
Not targeted at unattended young children beyond ordinary facility traffic. Operators/parents with concerns → info@arportnavigation.com.
10. Changes
We will refresh this file when lawful bases, billboard tech, trackers, backends, jurisdictions, or retention materially change — increment Last updated.
11. Appendix — Mobile store safety / questionnaire hints
Use these as drafts for Google Play Data safety & Apple privacy nutrition labels alignment; reconcile with shipped binary permissions & actual backend schema.
Disclose minimally:
- Precise Location — Collected — App functionality (+ analytics if journey analytics characterised that way locally).
- Camera — Accessed only on device OR Collected depending on storefront definitions (camera frames processed on device; clarify "not uploaded").
- User Content — Free-text feedback.
- Diagnostics — Limited (no prod AppLog upload per current intent); Supabase infrastructure logs retained ~7 days.
- Advertising — Advertising data may appear as authored billboard creatives inside navigation; clarify non-cross-app-profiling stance absent ad SDKs.
- Identifiers — Licence/session artefacts.
Explicit negatives useful if true at ship:
- No third-party behavioural ad SDK network.
- No sale of visitor data.