Privacy Policy

Effective date: March 3, 2026

zamio ("the App") is a mobile application that allows users to manage tickets on their self-hosted or cloud-hosted Zammad helpdesk instance. This policy explains what data the App collects and how it is handled.

1. Data You Provide

• Zammad server URL and API token — used to authenticate with your Zammad instance. The token is stored securely on your device using the operating system's secure keychain. It is never sent to any third party.
• Photos and files — when you choose to attach images or documents to a ticket, the App accesses your camera or photo library only with your explicit permission. These files are uploaded directly to your Zammad server.

2. Data Collected Automatically

• Push notification token — a device identifier generated by Expo/APNs/FCM, used to deliver push notifications. This token is stored on our notification relay server together with your Zammad user ID and server URL so that notifications can be routed correctly.
• Language preference — stored locally on your device to display the App in your preferred language.

3. How Data Is Used

All data is used solely to provide the App's functionality:

• Communicating with your Zammad instance to display and manage tickets.
• Sending push notifications when ticket events occur on your Zammad server.

We do not use your data for analytics, advertising, profiling, or any purpose unrelated to the App's core functionality.

4. Data Sharing

Your data is not sold, rented, or shared with any third parties. The only external communication is:

• Between the App and your Zammad server (direct API calls).
• Between the App and our notification relay server at notification.zamio.kaju.pl for push notification delivery via Expo's push notification service.

5. Data Storage & Security

• Credentials are stored in the device's secure keychain (iOS Keychain / Android Keystore).
• App preferences are stored locally on your device.
• The notification relay server stores only push tokens, Zammad user IDs, and server URLs. No ticket content is stored on our servers.
• All network communication uses HTTPS/TLS encryption.

6. Data Retention & Deletion

When you log out of the App or unregister from push notifications, your push token is deleted from our relay server. All locally stored data is removed when you uninstall the App.

7. Children's Privacy

The App is not directed at children under 13. We do not knowingly collect data from children.

8. Your Rights

You can delete all your data at any time by logging out and uninstalling the App. For questions or data deletion requests, contact us at the email below.

9. Changes to This Policy

We may update this policy from time to time. Changes will be reflected by an updated effective date at the top of this page.

10. Contact

If you have questions about this privacy policy, please contact:
pocztamichaldawid@gmail.com