Terms of Use

Version 1.4 - June 2026

GEOTAPP FLOW & TIMETRACKER TERMS OF USE

Version 1.4 - June 2026 (IT Establishment - Zero Knowledge Encryption)

Last modified: 26 June 2026

⚠️ Updated draft, to be re-validated with legal counsel. Changes in v1.4: §2 actual prices (Flow 390/990/1990, licenses 36/30 per operator); §10.1 withdrawal aligned (VAT number mandatory, minimum term 12 months, residual balance -10%, WAIVER clause); Annex 1 DPA corrected (AES-256-GCM, data residency verified: Firestore EU, photos/Functions USA with SCC+DPF). Separate DPA docs/legal/dpa-geotapp.md merged here and deleted.

Data Controller: GeoTapp di Michele Angelo Petraroli - VAT IT04183990987 GDPR/DPO/EU Rep Contact: info@geotapp.com

1. INTRODUCTION AND ACCEPTANCE

These Terms of Use ("ToS") govern the use of the SaaS services GeoTapp Flow (web dashboard for owners) and GeoTapp TimeTracker (Android app for employees), deployed on Firebase (geotap-v2).

Acceptance: The "I accept the ToS and Privacy Policy" checkbox at Stripe checkout creates a contractual binding (art. 1341 c.c.). IP/timestamp logs are retained for audit. Automatic renewal unless withdrawal. 14-day free trial.

⚠️ IMPORTANT NOTICE - ZERO-KNOWLEDGE ARCHITECTURE (end-to-end encryption): Sensitive work data (GPS locations, contacts, addresses) are encrypted on the device using an envelope scheme (secureV2): each record is encrypted with a random key (AES-256-GCM), which is itself protected via the public keys of the user and the company. The private keys remain in the device secure keystore (Android Keystore / Secure Enclave iOS) and in the company's custody; on the server side, only encrypted data and public keys exist.

Client-side encrypted fields: GPS coordinates (workSessions), phone/email/address (employees, clients).

GeoTapp does NOT possess, does NOT store and CANNOT recover the decryption keys. The data remains accessible through the authorized devices and the company's key; it is unrecoverable only if the company loses its own key/access credentials. Custody of the keys is the company's responsibility.

2. PRICING PLANS AND PAYMENTS

GeoTapp Flow (management dashboard) — subscription per company:

PlanAnnual (+VAT)Monthly (+VAT)
Solo€390 / year€39 / month
Team€990 / year€99 / month
Business€1.990 / year€199 / month

GeoTapp TimeTracker licenses (app for employees) — price per operator:

OperatorsAnnual per operatorMonthly per operator
up to 25€36 / year€3 / month
26 to 150€30 / year€2,50 / month
  • Flow + TimeTracker bundle: 15% discount.
  • Annual payment = 2 months free compared to monthly.
  • B2B service: VAT number mandatory. Minimum term 12 months (see §10.1).

Payments: Stripe, automatic renewal. Invoicing compliant with the applicable EU VAT regulation (B2B transactions). Withdrawal, minimum term and waiver: see §10.1.

3. ACCESS REQUIREMENTS

  • Age 18+, EU/EEA companies.
  • Firebase Auth (email/Google), custom claims (companyId/role: ADMIN/USER/ACCOUNTANT).
  • ⚠️ KEY CUSTODY: the Customer is responsible for the custody of the company's keys/access credentials, which are necessary for the client-side encrypted data.
  • Multi-tenancy: all data filtered by companyId.

4. PERMITTED AND PROHIBITED USE

Permitted:

  • CRM management (clients, projects, suppliers, products)
  • GPS clock-ins with anti-spoofing and geofence validation
  • Employee shift and leave management (shift management, leave requests)
  • AI automation with Gemini
  • Channel-based internal communications
  • Banking integration and Prima Nota (cash book)
  • CSV/PDF export of non-encrypted data

Prohibited:

  • Reverse engineering of the software
  • GPS spoofing or location falsification (permanent ban)
  • Uploading illegal or defamatory data
  • Use for unlawful activities
  • Sharing credentials between users
  • Requests to recover client-side encrypted data (impossible due to the Zero Knowledge architecture)

5. SLA AND AVAILABILITY

  • Uptime: 99.9% monthly (Firebase SLA)
  • Credits: 10% of subscription for downtime >0.1%
  • Maintenance: 48h advance notice
  • Support: Email info@geotapp.com (response within 15 business days)
  • ⚠️ Zero Knowledge Limitation: Support does NOT include recovery of lost encrypted data

6. INTELLECTUAL PROPERTY

  • Software © GeoTapp di Michele Angelo Petraroli
  • User is the owner of its own company data
  • Data export: CSV/PDF/Excel available (encrypted fields require the authorized keys, device/company)
  • License: Non-exclusive, revocable in case of breach

7. LIABILITY AND LIMITATIONS

7.1 ZERO KNOWLEDGE ARCHITECTURE - EXCLUSION OF LIABILITY FOR UNRECOVERABLE DATA

CLIENT-SIDE ENCRYPTION (Field-Level Encryption):

GeoTapp implements a Zero Knowledge Architecture via GeoEncryptManager on the TimeTracker apps (Android and iOS):

Client-Side Encrypted Data (AES-256):

CollectionEncrypted FieldsAlgorithmKeys
workSessionsgpsLat, gpsLng, locationAddressAES-256-GCMrandom DEK, dual-wrap user+company
employeesphone, email, addressAES-256-GCMrandom DEK, dual-wrap user+company
clientsemail, phone, addressAES-256-GCMrandom DEK, dual-wrap user+company

Key management (envelope encryption, secureV2):

  • Each record is encrypted with a random data key (DEK) in AES-256-GCM.
  • The DEK is wrapped twice via ECDH (P-256 curve) + HKDF: one copy for the user's public key, one for the company's public key.
  • The private keys are held in the device secure keystore (Android Keystore / Secure Enclave iOS), non-extractable, and in the company's custody: they never leave the device.
  • On the server side (Firestore/Firebase), only encrypted data, wrapped DEKs and public keys are stored. Never a private key.

Example Firestore Data (Encrypted): ``json { "workSessions": { "sessionId123": { "userId": "user456", "companyId": "company789", "gpsLat": "U2FsdGVkX1+vupppZksvRf5pq5g5XjFRIipRkwB0K1Y=", "gpsLng": "U2FsdGVkX1+12rzKg37X8jG6bFw23dmFOqJlKr5kL9E=", "locationAddress": "U2FsdGVkX1+Qw8jG5gT23Kmg8hG2l..." } } } ``

CONSEQUENCES - KEY RECOVERY AND LOSS:

  1. GeoTapp cannot decrypt or recover the encrypted data: it possesses no private key. Technical support is limited to non-encrypted data (CRM, invoices, shifts).
  1. Dual access path: since the DEK is wrapped for both the user and the company, the data remains accessible through the company's authorized devices even if an individual employee loses access to their own device.
  1. Unrecoverability: encrypted data becomes permanently inaccessible only if the company loses its own key/credentials and all authorized devices. In that case no one, GeoTapp included, can recover it.
  1. Export: a CSV/PDF export of the encrypted fields will contain encrypted strings, not readable without the authorized keys.

LIMITATION OF LIABILITY:

The Customer acknowledges and accepts that:

  • Zero-Knowledge encryption is a security feature, not a defect;
  • the custody of the company's keys/access credentials is the Customer's exclusive responsibility;
  • GeoTapp is exempt from any liability for encrypted data that has become unrecoverable following the Customer's loss of its own keys/credentials, as GeoTapp possesses no decryption key;
  • no refund or compensation is owed for the loss of access to encrypted data due to a cause attributable to the Customer.

SPECIFIC APPROVAL (art. 1341 c.c.):I understand that GeoTapp uses end-to-end Zero-Knowledge encryption and does not possess the keys. ☐ I understand that custody of the company's keys/credentials is my responsibility. ☐ I accept that GeoTapp is not liable for encrypted data that is unrecoverable due to the loss of my keys.

7.2 Other Liability Limitations

  • No guarantee of specific business results
  • Maximum liability: €10,000 per year for direct damages
  • Force majeure: Firebase/Google outage, extraordinary events

8. PRIVACY AND GDPR COMPLIANCE (EU/EEA)

GeoTapp is a PROCESSOR (Art.28 GDPR). Single contact: info@geotapp.com

8.1 Processed Data - Encryption Distinction

CategoryExamplesEncryptionRecoverable?Legal BasisRetention
Identifiersemail, first name, last name, companyId❌ Plain✅ AlwaysContractTerm+5yrs
GPS LocationgpsLat, gpsLng (workSessions)✅ Client AES-256-GCM❌ Only with the authorized keysConsent12 months
Encrypted Contactsphone, email (employees/clients)✅ Client AES-256-GCM❌ Only with the authorized keysContractTerm+5yrs
Encrypted Addressesaddress (employees/clients)✅ Client AES-256-GCM❌ Only with the authorized keysContractTerm+5yrs
Clock-in Metadatatimestamp, pauseMinutes❌ Plain✅ AlwaysContract5 years
CommunicationsInternal channel messages❌ Plain✅ AlwaysLegitimate interest90 days
BillingStripe data❌ Plain✅ AlwaysLegal obligation10 years

Zero Knowledge GDPR Note: Client-side encrypted data compliant with Art. 32 GDPR (technical security). The Controller (Customer) is responsible for key management as an additional security measure. GeoTapp as Processor has no access.

8.2 Extra-EU Transfers

  • Firebase Servers: US/EU with EU SCC 2021 + TIA
  • Sub-processors: Google (Firebase/Firestore), Stripe (Payments)
  • Safeguards: AES-256 encryption, SOC2 compliance
  • Zero Knowledge: Sensitive data encrypted client-side, transmitted encrypted

8.3 GDPR User Rights

  • Access (Art.15): CSV export available (encrypted fields as base64)
  • Portability (Art.20): JSON/CSV (user responsible for decryption)
  • Erasure (Art.17): Request via info@geotapp.com (30 days)
  • Rectification (Art.16): Modification of plaintext data; encrypted fields require the authorized keys

Zero Knowledge GDPR Limitation: The right of access/portability over encrypted data is limited to an encrypted export. Decryption is the user's responsibility using their own keys.

9. SPECIFIC INTEGRATIONS

9.1 Internal Communications

  • Channel-based messaging (NOT encrypted client-side)
  • Read receipts, real-time Firestore updates
  • Retention: 90 days

9.2 AI Gemini

  • Context-aware CRM suggestions
  • Privacy: Anonymous data, no training on encrypted data
  • Disclosure for EU AI Act compliance

9.3 Banking Integration

  • IMAP parsing of bank statements
  • Open Banking (GoCardless/EnableBanking)
  • Automatic Prima Nota (cash book)

10. WITHDRAWAL AND TERMINATION

10.1 Withdrawal, minimum term and waiver (updated 24/06/2026)

  • B2B service: access requires a valid VAT number, mandatory upon conversion from trial to subscription. The service is not intended for consumers.
  • Minimum term 12 months: by subscribing, the Customer specifically approves the minimum-term clause of 12 (twelve) months and the obligation to pay the fees for the entire period even in the event of early cancellation. In the case of monthly payment, the installments remain due until the end of the 12 months, with the option to settle the residual amount in a single payment, discounted by 10%.
  • Waiver of withdrawal and immediate activation (WAIVER clause): the Customer may request immediate activation of the service by expressly declaring that they waive the 14-day right of withdrawal; once provision has begun, this right may no longer be exercised. If the Customer does not waive, they retain the cooling-off right and the paid service is activated after 14 days.
  • Data migration: CSV/Firestore export (encrypted data requires the authorized keys, device/company).

10.2 GeoTapp Termination

  • ToS violation: Immediate ban
  • Non-payment: Suspension 15 days → cancellation 60 days
  • Post-termination: Data deleted after 30 days (backup 90 days for disputes)
  • Encrypted data: Final export available for 30 days (user responsible for saving)

11. CHANGES TO THE POLICY

  • Email notice 30 days before application
  • Continued use = implicit acceptance
  • Changelog: https://geotapp.com/tos-changelog

12. GOVERNING LAW AND JURISDICTION

  • Law: Italian
  • Exclusive jurisdiction: Court of Brescia (Rome I, EC Reg. 593/2008)
  • Versions: IT (official), EN, DE, NL, FR, ES, PT, DA, SV, NB, RU

13. CONTACTS

GeoTapp di Michele Angelo Petraroli VAT: IT04183990987

Email: info@geotapp.com

  • DPO / GDPR Representative EU
  • Technical support (response within 15 days)
  • Complaints (response within 15 days)
  • NOT for: Recovery of encrypted data (impossible)

Website: https://geotapp.com Documentation: https://docs.geotapp.com


ANNEX 1: DPA (DATA PROCESSING ADDENDUM) GDPR

A1.1 Processor Instructions

GeoTapp processes personal data on behalf of the Controller (Customer) pursuant to GDPR Art.28.

A1.2 Technical Security

Multi-Layer Encryption:

LayerImplementationKeysResponsible
Client-side (ZK)AES-256-GCM field-levelClient-derivedUser
At-restFirebase encryptionGoogle managedGeoTapp/Google
In-transitTLS 1.3SSL certificatesGeoTapp/Google

GPS Anti-Spoofing:

  • isMock detection (Android flag)
  • Teleportation check (Haversine distance, impossible speed)
  • Accuracy validation (100m threshold)
  • Geofence validation (tolerance radius)

Access Control:

  • Role-based: ADMIN/USER/ACCOUNTANT
  • Multi-tenant Firebase Security Rules (companyId filtering)
  • Complete audit logs (Firebase Auth)

A1.3 Approved Sub-Processors and data residency (verified 25/06/2026)

ProviderServiceData residencyTransfer safeguardCertifications
Google (Firebase/Google Cloud)Firestore Database (clock-ins, hours, GPS)EU (multi-region eur3)Stays in EUSOC2, ISO 27001
Google (Firebase/Google Cloud)Photo Storage + Cloud Functions (processing)USA (us-central1)EU SCC 2021 + EU-US DPFSOC2, ISO 27001
Stripe Payments EuropePayments (billing data, not employee data)EU/USASCC + DPFPCI-DSS Level 1
CloudflareCDN/security for the website (not employee data)Global edgeSCC + DPFSOC2, ISO 27001
The structured work data (clock-ins, hours, locations) resides in the EU. Only the photographs (Storage) and the transient processing (Cloud Functions) are in the USA, covered by SCC + EU-US DPF.

A1.4 Data Breach Notification

  • Discovery → Customer: 24h
  • Discovery → Supervisory Authority (Garante): 72h
  • Data subjects: If high risk
  • ZK encrypted data: Reduced risk (keys not possessed)

A1.5 Transfer Impact Assessment (TIA)

  • Risk: Low (sensitive data encrypted client-side)
  • Safeguards: SCC + Zero Knowledge + SOC2
  • Conclusion: US transfer GDPR-compliant

ANNEX 2: STANDARD CONTRACTUAL CLAUSES (SCC) EU 2021

SCC adopted under EU Commission Decision 2021/914:

  • Modules: Controller-to-Processor (Module 2)
  • Supplementary safeguards: Zero Knowledge Encryption, audit rights
  • Full text: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj

CUSTOMER ACCEPTANCE

MANDATORY CONFIRMATIONS (Art. 1341 c.c. - Double Approval):

I accept the ToS, Privacy Policy, DPA, SCC. ☐ I authorize the processing of data as described. ☐ I confirm that I am 18+ and have authority to bind the company.

I SPECIFICALLY APPROVE (Art. 1341 c.c.):

Sec. 7.1 - Zero Knowledge Encryption: - I understand that GeoTapp CANNOT recover encrypted data - I accept exclusive responsibility for the custody of the company's keys/credentials - I waive any request for recovery/compensation for lost data

Sec. 7.2 - Limitation of liability: Max €10,000 per year

Sec. 12 - Competent jurisdiction: Court of Brescia exclusive

Acceptance log:

  • IP: {user_ip}
  • Date/Time: {timestamp}
  • User-Agent: {user_agent}
  • ToS Version: 1.4 (26 June 2026)

Document generated for GeoTapp di Michele Angelo Petraroli - VAT IT04183990987 GDPR EU/EEA compliant - Zero Knowledge Architecture - Valid EU + Switzerland + Norway + Iceland