This Privacy Policy explains how WASCHBUDDY collects, uses, stores, preserves, and protects personal information across all parts of our service — including the web-based administration console, mobile applications for residents and staff, and the backend APIs that connect them — and how we comply with the General Data Protection Regulation (GDPR) and UK GDPR where applicable.
Effective date: May 17, 2026
1. Who we are
WASCHBUDDY("we", "us", or "our") provides software that helps property managers and housing operators run shared laundry facilities: machine availability, reservations, queues, user onboarding, maintenance notices, and multi-location administration (countries, cities, dorms, and clients).
For privacy questions, GDPR requests, or to exercise your rights, contact us at rovitatech@gmail.com.
2. Scope — platforms covered
This policy applies to personal data processed through every WASCHBUDDY surface, including:
- Web administration console — client administrators and super administrators who manage users, machines, dorms, cities, countries, clients, reservations, maintenance, and platform settings in the browser
- Mobile applications — native or hybrid apps for residents and on-site staff to sign in, view machine availability, make and manage reservations, join queues, receive notifications, and use laundry features at their assigned dorm or property
- Backend services and APIs — authentication, data storage, and business logic that power both the web console and mobile apps
- Account lifecycle communications — onboarding, password reset, maintenance notices, profile approvals, and support messages sent by email or in-app
The same privacy rules apply whether you access WASCHBUDDY from a desktop browser, tablet, or mobile device. Data collected in the mobile app is linked to the same account and client organization as data from the web console, where applicable.
Each client(property operator) may act as an independent controller for their end-users' data. Where we process data only on a client's instructions, we act as a processor; where we determine purposes (e.g. platform security, product improvement), we act as a controller.
3. Information we collect
3.1 Account and identity
- Name, email address, and password (stored in hashed form)
- Role (e.g. resident, client admin, super admin)
- Account status (active, inactive, pending approval)
- Mobile number, when provided during registration or profile updates
- Last login time and authentication tokens (access and refresh tokens)
3.2 Location and tenancy context
- Client identifier, country, city, and dorm (property) associations
- Timezone settings for cities where applicable
3.3 Service usage and operations
- Laundry machine reservations, queue entries, start/cancel events, and usage history
- Machine status, maintenance messages, and dorm-specific settings
- Profile change requests and approval workflows
- User support queries and replies submitted through the platform
- Aggregated statistics (user counts, dorm counts, reservation stats) shown in admin dashboards
3.4 Technical and device data
- IP address, browser or app version, operating system, device model, and request logs
- On web: cookies and browser local storage for session management and preferences (e.g. selected city or dorm)
- On mobile: secure storage of session tokens, push notification identifiers where enabled, and app-specific settings needed to run the service
- Error and performance logs needed to secure, debug, and operate the service
4. How we use your information
We use personal data to:
- Provide, authenticate, and maintain your account across web and mobile
- Enable reservations, queues, and machine control at your assigned location
- Allow client admins and super admins to manage users, machines, dorms, and settings
- Send transactional messages (onboarding, password reset, maintenance notices, query replies)
- Deliver push or in-app notifications on mobile where you have enabled them
- Enforce terms of use, prevent fraud, and protect the security of our systems
- Comply with legal obligations and respond to lawful requests
- Improve reliability and usability of the platform (using aggregated or anonymized data where possible)
5. How we store and preserve your data
We preserve personal data only for as long as necessary and in line with the purposes described in this policy. Our approach includes:
- Centralized storage — account, reservation, machine, and operational data are held in secure databases behind our production API, accessed by the web console and mobile apps under the same access controls
- Encryption in transit — all communication between your browser or mobile app and our servers uses HTTPS/TLS
- Access controls — role-based permissions limit who can view or change data; administrators only see data for organizations and locations they manage
- Backups — periodic backups support disaster recovery and service continuity; backups are protected with equivalent security measures and retained only for a limited period
- Retention limits — when data is no longer needed for the service, legal obligations, or legitimate business purposes, we delete or anonymize it where feasible
- Account deletion — when an account is removed or a client requests deletion, associated personal data is removed or anonymized subject to legal retention requirements (e.g. audit logs for security or disputes)
Reservation history, authentication logs, and administrative audit trails may be kept longer where required for billing disputes, security investigations, or regulatory compliance, then deleted or aggregated according to our retention schedule.
6. GDPR and UK GDPR compliance
Where you are in the European Economic Area (EEA), United Kingdom, or another jurisdiction with similar data protection law, we process personal data in accordance with the GDPR and UK GDPR. This includes the following principles and obligations:
6.1 Data protection principles
- Lawfulness, fairness, and transparency — we process data on valid legal bases and explain our practices in this policy
- Purpose limitation — we collect data for specified, explicit purposes and do not use it in incompatible ways
- Data minimisation — we collect only what is needed to operate WASCHBUDDY
- Accuracy — you may update your profile; admins may correct records on your behalf
- Storage limitation — we do not keep data longer than necessary (see sections 5 and 9)
- Integrity and confidentiality — we apply technical and organizational measures to protect data
- Accountability — we maintain records of processing and work with clients under data processing terms where we act as processor
6.2 Legal bases for processing
We rely on one or more of the following, depending on the activity:
- Contract — to deliver the service you or your organization signed up for (web and mobile access)
- Legitimate interests — security, fraud prevention, and improving the platform, balanced against your rights
- Legal obligation — where required by applicable law
- Consent — where we ask for it explicitly (e.g. optional marketing or non-essential cookies, if offered)
6.3 Processors and subprocessors
We use trusted infrastructure and service providers (e.g. cloud hosting, email delivery) that process data on our instructions. Where required by GDPR, we use data processing agreements that require subprocessors to protect personal data to the same standard.
6.4 International transfers
Data may be processed in countries outside your own. Where personal data is transferred from the EEA or UK to countries without an adequacy decision, we use appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or UK authorities.
6.5 Data breaches
If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours where required by GDPR, and affected individuals without undue delay when the breach is likely to result in a high risk to them.
7. Sharing and disclosure
We do not sell your personal data. We may share information with:
- Your client organization — admins at your dorm, city, or operator who manage accounts and operations on the platform
- Infrastructure providers — hosting, email delivery, and monitoring services that help us run WASCHBUDDY under data processing agreements where required
- Authorities — when required by law or to protect rights, safety, and security
8. Data retention
We keep personal data only as long as needed for the purposes above, including while your account is active and for a reasonable period afterward for legal, security, and backup requirements. Clients may request deletion of user data subject to their policies and applicable law. See section 5 for how we preserve and eventually remove data.
9. Security
We use industry-standard measures including encrypted connections (HTTPS/TLS), access controls, role-based permissions, secure password hashing, and restricted access to production systems. Mobile apps use secure token handling and platform security features where available. No method of transmission over the Internet is 100% secure; we encourage strong passwords and prompt reporting of suspected unauthorized access to rovitatech@gmail.com.
10. Your rights under GDPR
If GDPR or UK GDPR applies to you, you have the following rights in relation to your personal data:
- Right of access — obtain a copy of the personal data we hold about you
- Right to rectification — correct inaccurate or incomplete data
- Right to erasure — request deletion in certain circumstances ("right to be forgotten")
- Right to restrict processing — limit how we use your data in specific situations
- Right to object — object to processing based on legitimate interests
- Right to data portability — receive your data in a structured, commonly used format where technically feasible
- Right to withdraw consent — where processing is based on consent, without affecting prior lawful processing
- Right to lodge a complaint — with your local data protection supervisory authority
To exercise any of these rights, email rovitatech@gmail.com. We will respond within one month as required by GDPR (this may be extended by two further months for complex requests, with notice). Residents may also contact their dorm or housing administrator, who can act on the platform on your behalf.
11. Cookies and similar technologies
Web: We use essential cookies and browser storage for login sessions, security, and remembering administrative preferences (such as selected city or dorm). We do not use third-party advertising cookies on the administration console.
Mobile: The app may store session tokens and preferences locally on your device using secure storage mechanisms provided by the operating system. Push notifications, if enabled, use platform-specific identifiers managed according to Apple and Google policies.
You can control cookies through your browser settings; disabling essential cookies may prevent the web service from working correctly. On mobile, you can revoke notification permissions in device settings.
12. Children
WASCHBUDDYis intended for use in student and residential housing contexts. Accounts are typically created by housing operators or by users who meet their institution's eligibility rules. We do not knowingly collect data from children under 16 without appropriate authorization; contact us if you believe we have done so.
13. Third-party links
Our service may link to external sites. We are not responsible for their privacy practices. Review their policies before providing personal data.
14. Changes to this policy
We may update this Privacy Policy from time to time. We will post the revised version on this page and update the effective date. Material changes may be communicated via the platform, mobile app, or email where appropriate.
15. Contact us
For privacy requests, GDPR inquiries, questions, or complaints regarding WASCHBUDDY:
- Email: rovitatech@gmail.com
- Product: WASCHBUDDY
We aim to respond to privacy and GDPR requests within 30 days (one month under GDPR).