Privacy Policy
Last updated: December 30, 2025 · Effective date: December 30, 2025
Privacy Policy for Chaos 'N Control
1. Introduction
Welcome to Chaos 'N Control ("we," "our," or "us"). This Privacy Policy explains how we collect, use, store, and protect information when you use our mobile application ("App") and related services.
The App is intended for business and professional use and is not directed at children.
By using the App, you agree to the practices described in this Privacy Policy.
Contact Information
Company Name: speXX Solutions AB
Email: policy@cncapp.io
Address: Nya Torget 4, 542 37 Mariestad, Sweden
2. Information We Collect
2.1 Account Information
- Email address
- First and last name
- Encrypted password
- Company affiliation, role, and access permissions
2.2 Company Information
- Company name and settings
- Company logo and branding images
- Subscription status and plan information
2.3 Product and Inventory Data
- Product names, descriptions, and specifications
- Product images
- Barcodes and QR codes
- Inventory levels and locations
- Categories, brands, suppliers, and reorder thresholds
2.4 Order and Activity Data
- Order details and timestamps
- Order status and history
- User activity logs related to inventory and orders
2.5 Image Data
- Product images captured or uploaded by the user
- Company logo images
- Images used for on-device OCR text recognition
2.6 Technical and Usage Data
- Device type and operating system
- App usage patterns and feature interactions
- Error logs and diagnostics
- IP address and session information
2.7 Payment Information
- Payment processing is handled entirely by Stripe
- We do not store credit card or bank account information
- Only subscription metadata and payment status are stored
3. How We Use Information
Information is used solely to provide and operate the App:
- Account creation and authentication
- Inventory and order management
- QR code and barcode scanning
- Image storage and retrieval
- On-device OCR text extraction
- Subscription and billing management
- Transactional email communication
- Legal compliance and security
4. Camera and Image Usage
The App uses the device camera only when explicitly initiated by the user for the following purposes:
- Scanning QR codes and barcodes
- Capturing product images for inventory records
- Capturing images for on-device OCR text recognition
Important clarifications:
- Camera access is never active in the background
- Images are captured only as a direct result of user action
- OCR processing is performed entirely on the device
- No image data is transmitted to Google or any third party servers for OCR processing
5. Third-Party Services
Supabase
- Purpose: Database, authentication, and file storage
- Data: App data including images and inventory records
- Infrastructure: Hosted on AWS
- Privacy Policy: https://supabase.com/privacy
Stripe
- Purpose: Payment processing and subscriptions
- Compliance: PCI DSS Level 1
- Privacy Policy: https://stripe.com/privacy
Resend
- Purpose: Transactional email delivery
- Data: Email address and email content
- Privacy Policy: https://resend.com/privacy
Vercel
- Purpose: Hosting of web services and execution of server-side logic
- Data: Request metadata, IP address, webhook payloads related to subscriptions
- Infrastructure: Hosted in the EU and/or other regions depending on configuration
- Privacy Policy: https://vercel.com/legal/privacy-policy
Google ML Kit (On-Device)
- Purpose: On-device OCR text recognition
- Data Handling: Images are processed locally on the device
- No image data is sent to Google servers
6. Data Sharing
We do not sell personal data.
Data is shared only with trusted service providers strictly necessary to operate the App:
- Supabase (storage and database)
- Stripe (payments)
- Resend (email delivery)
- Vercel (hosting and server-side logic)
Internal visibility within organizations
User profile information such as name and phone number is visible to other authorized users within the same organization for purposes such as order tracking, approvals, accountability, and internal communication.
Data may also be disclosed if required by law.
7. Data Security
We apply industry-standard security measures:
- HTTPS/TLS encryption in transit
- Encryption at rest where supported
- Secure password hashing
- Role-based access control
- Company-level data isolation
8. Data Retention
- Data is retained while the account is active
- Upon account deletion, personal data is deleted or anonymized
- Certain data may be retained for legal and accounting obligations
- Backup data may persist for up to 30 days
9. User Rights
Depending on jurisdiction, users may request:
- Access to personal data
- Correction or deletion
- Data portability
- Restriction or objection to processing
Requests can be made via the contact details above.
10. Children's Privacy
The App is not directed at children and is intended for professional use only. We do not knowingly collect personal data from children.
11. International Data Transfers
Some of our service providers (such as Supabase, Stripe, Resend, and Vercel) may process data outside of Sweden or the EU/EEA. When this occurs, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) to ensure GDPR-compliant data protection.
12. Local Storage
The App may use local device storage to:
- Cache authentication data
- Store user preferences
- Improve performance
This data remains on the device unless required for core functionality.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be communicated by updating this page and the effective date.
14. Contact
Email: policy@cncapp.io
Address: Nya Torget 4, 542 37 Mariestad, Sweden