Kropia Privacy Policy

Last updated: March 26, 2026

AppToLast ("we", "our" or "the company") operates the Kropia mobile application ("the Application"). This Privacy Policy describes how we collect, use, store and protect the personal information of users ("you" or "the user") when using our Application.

By registering or using Kropia, you agree to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Information Provided by the User

During registration and use of the Application, we collect the following information:

Company data: company name, tax identification number.
Contact data: first name, last name, email address, phone number (optional), postal address (optional).
Login credentials: email address and password (stored in encrypted form on our servers).

1.2 Information Generated Through Use of the Application

Sensor and greenhouse data: temperature, humidity, CO2, light intensity, wind speed readings and other sensors associated with your greenhouses.
Actuator data: status of irrigation, ventilation, heating devices and other actuators, including the history of state changes.
Commands sent: log of control actions performed by the user (activate/deactivate irrigation, modify setpoints), including the timestamp and the email address of the user who executed the command.
Configuration data: setpoints and parameters configured for devices.

1.3 Information Stored Locally on the Device

Authentication token (JWT): stored locally to maintain the active session.
Username and session preferences: stored locally to facilitate access.

We do not store sensor data or reading history on the user's device. All telemetry data is maintained exclusively on our servers.

1.4 Information We Do NOT Collect

We do not collect location data from the user's mobile device.
We do not use third-party analytics services (Google Analytics, Firebase Analytics, Crashlytics or similar).
We do not collect contacts, photos, files or any other personal data from the device.
We do not display advertising or share data with advertising networks.

2. How We Use the Information

We use the collected information exclusively to:

Provide the service: display real-time sensor data, enable remote control of actuators and generate historical charts.
Authentication and security: verify user identity and protect account access.
Multi-tenant management: associate greenhouses and devices with the corresponding company, ensuring data isolation between clients.
Action traceability: record which user executed each control command for internal audit purposes.
Service improvement: analyze usage patterns in an aggregated and anonymous manner to improve the Application's functionality.

3. How We Share Information

We do not sell, rent or share your personal information with third parties for commercial or advertising purposes.

We may share information only in the following cases:

With other users in your organization (tenant): members of the same organization can view the data of greenhouses and devices associated with that organization.
Legal obligation: when required by law, court order or request from a competent authority.
Infrastructure providers: we use cloud hosting services for the operation of our servers. These providers process data on our behalf and are subject to confidentiality agreements.

4. Data Security

We implement technical and organizational measures to protect your information:

Encryption in transit: all communications between the Application and our servers are carried out via HTTPS and encrypted WebSocket connections.
Token-based authentication: we use JWT tokens with expiration to protect API access.
Encrypted passwords: passwords are stored in encrypted form on our servers and never in plain text.
Multi-tenant isolation: each company's data is isolated and not accessible by other users or organizations.

5. Data Retention

Account data: we retain your account data as long as it remains active. If you request the deletion of your account, we will proceed to delete your personal data within a maximum period of 30 days.
Telemetry data (sensors): historical sensor data is retained in accordance with the retention policy agreed with each client.
Session tokens: locally stored authentication tokens are deleted upon logout.

6. Your Rights

In accordance with the General Data Protection Regulation (GDPR) and applicable Spanish legislation, you have the right to:

Access: request a copy of the personal data we hold about you.
Rectification: request the correction of inaccurate or incomplete data.
Erasure: request the deletion of your personal data ("right to be forgotten").
Portability: receive your data in a structured and commonly used format.
Objection: object to the processing of your data in certain circumstances.
Restriction: request the restriction of the processing of your data.

To exercise any of these rights, please contact us at the address indicated in section 9.

7. Application Permissions

Kropia requests only the following device permission:

Internet access: required for communication with our servers, receiving real-time data and sending control commands.

We do not request permissions to access the camera, microphone, contacts, storage, location or any other device resource.

8. Children's Privacy

Kropia is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us so that we can proceed with its deletion.

9. Contact

If you have questions, suggestions or wish to exercise your rights regarding your personal data, you can contact us:

Email: admin@apptolast.com
Company: AppToLast
Country: United Kingdom

10. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. Any changes will be posted on this page with the corresponding update date. We recommend that you review this policy periodically.

If we make significant changes, we will notify you through the Application or by email.