Privacy Policy

Last updated: 11 June 2026 · applies to the Bruum app for iOS and Android

In short: we only collect the data needed to run the features you turn on. We don't sell your data, we don't track you across other apps or websites, and we don't use your data for advertising. You can delete your account and all data in the app at any time.

1. Data controller

The controller of your personal data is Autofixer.com sp. z o.o. (the publisher of the Bruum app), registered in Poland, address: ul. Stanisława Staszica 24, 21-400 Łuków, Poland, KRS 0000907364, NIP (tax ID) 8252192865, REGON 389237960.

Data protection contact: privacy@bruum.co or support@bruum.co.

2. What data we process, why, and on what legal basis

Data	Purpose	Legal basis (GDPR)
Email address, user identifier	Creating and operating your account, sign-in, syncing data between devices	Art. 6(1)(b) (performance of a contract)
Device identifier, push notification token	Linking your device to your account, push notifications	Art. 6(1)(b)
Precise location (GPS)	Trip recording, driving style and fuel consumption analysis	Art. 6(1)(a) (consent — a feature you enable)
Vehicle data: VIN, make/model, OBD-II readings (RPM, speed, temperature, fuel, voltage, DTC fault codes)	Diagnostics, explaining faults, predicting issues, fuel analysis, AI assistant answers	Art. 6(1)(b), and (a) for optional features
App diagnostic data: crash reports, performance data, telemetry	Stability and improvement of the app	Art. 6(1)(f) (legitimate interest — reliability)
Usage data (in-app interactions)	Product analytics, feature development	Art. 6(1)(f)

Features that require location, Bluetooth or OBD readings are not activated until you enable them and grant the relevant system permissions on iOS or Android.

3. Bluetooth and the OBD-II adapter connection

Bruum connects to an OBD-II adapter over Bluetooth to read data from your vehicle's on-board computer. We use Bluetooth solely for this connection — we do not scan your surroundings to locate other devices or for advertising purposes. The operating system will ask for your consent on first use.

4. Background location

If you enable trip recording, the app may use location in the background — solely to continuously record your drive while the app is minimised or the screen is off. You can revoke this permission at any time in your system settings; trip recording will then be disabled.

5. Data processed by the AI assistant

To answer questions about your vehicle's condition, selected OBD-II readings and fault codes are sent to our backend, which uses an AI model (Google Gemini). This data is processed exclusively to provide diagnostic features — it is not used for ad training or marketing profiling.

6. Data recipients (processors)

Google Firebase (Google Ireland/LLC) — authentication, database and sync, notifications.
Firebase Crashlytics — crash reports and stability.
Google (Gemini API), via our backend — AI features.

We have data processing agreements with these providers. Some of them may process data outside the EEA (e.g. in the USA) — this is done under Standard Contractual Clauses (SCC) or other GDPR-compliant mechanisms.

7. Retention

Account, vehicle, trip, OBD and fuel data — for as long as you hold an account. Deleted when you delete your account (see section 9).
Crash reports and telemetry — up to 90 days from recording, then deleted or anonymised.
Backups — removed within standard rotation cycles, no later than 30 days after the source data is deleted.

8. Your rights (GDPR)

You have the right to: access your data, rectification, erasure ("right to be forgotten"), restriction of processing, data portability (export), objection to processing based on legitimate interest, and withdrawal of consent at any time (without affecting the lawfulness of processing before withdrawal).

Data export: write to privacy@bruum.co from the email address linked to your account — we will provide your data in a structured format.
Complaint: you have the right to lodge a complaint with your data protection authority; in Poland this is the President of the Personal Data Protection Office (PUODO).

9. Deleting your account and data

You can delete your account directly in the app: Profile → Settings → Delete account. This action is permanent and removes all account data — including your profile, vehicles, trips, OBD readings, settings and shared data. Deletion cascades through Firebase Auth and our database. Deleted data cannot be recovered.

10. Required Reason APIs (iOS)

In line with Apple's requirements, the app uses certain system APIs only for permitted reasons: storing user settings (UserDefaults), checking available disk space, file timestamps and system uptime — all used for the app's correct operation and diagnostics, not to identify your device or you. The full declaration is included in the Privacy Manifest shipped with the app and is consistent with the App Store privacy labels.

11. Tracking (App Tracking Transparency)

Bruum does not track you across other companies' apps or websites and does not use the IDFA. That is why we never show the App Tracking Transparency prompt. No data category is declared as used "for tracking".

12. Children

The app is not directed at children under 16 and we do not knowingly collect their data.

13. Changes to this policy

We will inform you about material changes in the app or by email. The date of the last update is shown at the top of this page.

14. Contact

Privacy questions: privacy@bruum.co. General support: bruum.co/en/support.