Privacy Policy

Last updated: 18 May 2026 · Version: 1.0

1. Who we are

The data controller for personal data processed in connection with the Workio Android app and the website at workio-app.com is:

Innovatek di Cafaro Carmelina
P.IVA / VAT: 06424410659
Email: privacy@workio-app.com

We act as the data controller for the limited identity and subscription data we hold to operate cloud features. The business documents you create with Workio (quotes, invoices, customer records and so on) stay on your device under your sole control — for that data we do not act as controller or processor.

2. When this policy applies

This policy covers:

• The website workio-app.com
• The Workio Android app available on Google Play
• The Workio cloud services (account, sharing, backup, subscription validation) when you choose to use them

It does not cover services run by third parties through which you may distribute documents you have created with Workio (for example email providers, messaging apps or cloud drives you use from Android's share sheet). Once you tap "share" and pick a destination, that destination's privacy policy applies.

3. What data we process

3.1 Without any cloud feature (default)

If you use the free, local-only experience and never sign in, Workio collects:

• Diagnostic data (Firebase Crashlytics): crash stack traces, device model, OS version and an anonymous installation identifier. Used only to fix bugs.
• Anonymous usage data (Firebase Analytics): feature-level events with no personal identifiers. You can opt out from inside the app.

We do not collect: your customers, your documents, your products, your logo or your business profile. They live in the app's local database and are never transmitted.

3.1bis Website analytics (only with your consent)

If — and only if — you accept the analytics option in the cookie banner on workio-app.com, the website loads Google Analytics 4 to measure aggregate page views, navigation paths and country at city-level resolution. IP addresses are anonymised before any further processing. Until you accept, GA4 operates in Consent Mode v2: only a cookieless, identifier-less ping is sent. You can change your choice at any time from the Cookie Policy page. See the Cookie Policy for the full list of cookies involved.

3.2 When you sign in (Pro subscription, cloud sharing or backup)

Through Google Sign-In we receive from Google:

• Your email address (verified by Google)
• Your display name
• Your locale (language preference)
• A Google subject identifier — a stable opaque string used to re-link your account on future logins

We do not receive your Google password, your profile photo or your contact list.

3.3 When you use cloud sharing

When you create a shareable link for a document, the generated PDF is uploaded to Azure Blob Storage in the EU. The link points to an opaque token; we record viewing count and, if your customer signs, the signature image. You can revoke a link at any time.

3.4 When you use encrypted backup (Pro)

Your local database is encrypted on the device and the resulting binary blob is uploaded to Azure Blob Storage in the EU. We store the blob, its size and the app version that produced it. We cannot read the content of your backups; the encryption key never leaves your device.

3.5 When you subscribe to Workio Pro

Subscriptions are managed by Google Play Billing. We receive subscription-state updates from Google (active, expired, on hold, refunded) via webhooks. We do not see your card details — those stay with Google.

3.6 Operational data

For security and abuse prevention we keep:

• Refresh tokens: stored as a SHA-256 hash, with issue and expiry timestamps and a device descriptor (model, OS version).
• Consent log: when you accept this policy or the terms, we record the consent type, the policy version, the timestamp and a hashed form of your IP address.

4. Purposes and legal bases

Data	Purpose	Legal basis (GDPR Art. 6)
Email, name, Google subject ID	Account creation, login, customer support	Performance of a contract
Subscription state	Unlocking Pro features	Performance of a contract
Encrypted backup blob	Restoring your data on a new device	Performance of a contract
Shared document blob & signature	Showing the document to your recipient	Performance of a contract / your consent
Refresh token hash, device descriptor	Session security, abuse prevention	Legitimate interest
Crashlytics crash reports	Detecting and fixing bugs	Legitimate interest
Firebase Analytics events (app)	Understanding feature usage	Your consent (opt-in)
Google Analytics 4 events (website)	Measuring aggregate website traffic	Your consent (cookie banner)
Consent log	Demonstrating compliance with GDPR Art. 7	Legal obligation

5. Sub-processors

We rely on the following providers to operate the service. Each acts under a written data processing agreement.

Provider	Role	Location
Microsoft Ireland Operations Ltd. (Azure)	Hosting of cloud functions, database, storage and key vault	EU (Italy / West Europe)
Google LLC / Google Ireland Ltd.	Sign-In, Play Billing, Crashlytics, Analytics	EU + USA (under SCCs)

6. International transfers

The main service (account, sharing, backup) is hosted entirely in the European Union. Some Google sub-processors transfer data to the United States; in those cases the transfers rely on the European Commission's Standard Contractual Clauses and Google's Data Processing Addendum. You can request a copy of the safeguards in place by writing to privacy@workio-app.com.

7. How long we keep your data

• Account data: for as long as your account exists. When you delete the account from the app or by writing to us, identity data is removed within 30 days, except for entries required by law (e.g. invoicing records for the subscription).
• Shared document blobs: until the link expiry you set, or until you revoke the link.
• Backups: until you replace them or delete the account.
• Refresh tokens: until expiry, plus a short grace period for security audit.
• Crashlytics reports: 90 days.
• Google Analytics 4 events: 14 months (default GA4 retention).
• Consent log: 10 years (legal obligation).

8. Security

We apply technical and organisational measures appropriate to the risk:

• TLS 1.2+ for all data in transit
• Encryption at rest on Azure Storage
• Client-side encryption for backups: the key never leaves your device
• Secrets managed in Azure Key Vault with role-based access
• No password — authentication delegated to Google
• Hashed (SHA-256) refresh tokens, never stored in clear

9. Your rights

Under the GDPR you can:

• Access the personal data we hold about you (Art. 15)
• Correct inaccurate data (Art. 16)
• Delete your data — this also closes your account (Art. 17)
• Restrict or object to certain processing (Art. 18, 21)
• Export your data in a machine-readable format (Art. 20)
• Withdraw consent at any time, without affecting past processing (Art. 7.3)
• Lodge a complaint with your local supervisory authority — in Italy, the Garante per la Protezione dei Dati Personali

You can exercise most of these rights directly from the app's settings, or by writing to privacy@workio-app.com. We respond within one month.

10. Children

Workio is not directed at children under 16. We do not knowingly collect data from anyone under that age. If you believe a minor has provided us with personal data, please contact us and we will delete it.

11. Changes to this policy

We may update this policy from time to time to reflect changes in the product or in the law. When the change is material we will notify you in the app or by email, and the "last updated" date at the top of this page will be revised. Continuing to use Workio after a material change means you accept the updated policy.

12. Contact

Questions, complaints or rights requests:

Innovatek di Cafaro Carmelina
Email: privacy@workio-app.com
General contact: info@workio-app.com