1. Introduction
Vmarc Automação values the privacy of its users. This policy describes how the application "Super Corretor de Gabaritos" collects, uses, and protects information, reinforcing our commitment to transparency and security. This policy applies to the versions of the application available on the App Store (iOS) and Google Play (Android).
2. Image Processing and Camera
The App uses the device's camera exclusively for the reading and grading of answer sheets via computer vision (OpenCV).
- No Photo Storage: Processing occurs in real time in volatile memory. No photos or videos from the camera are captured, saved to the device, or transmitted to servers.
- Immediate Disposal: Image frames are used solely to identify the marked responses and are discarded immediately upon completion of the reading process.
3. Account Data and Cloud Storage
To support the credits system, purchase history, and multi-device access, the following data is stored on our servers (Google Firebase, region southamerica-east1 — Brazil):
- Display name and e-mail address used during registration.
- Credit balance and transaction history (purchases, video rewards, referrals).
- Daily ad usage counters and an anonymous device identifier (identifierForVendor on iOS / ANDROID_ID on Android), used exclusively to prevent abuse of the welcome bonus system.
- Referral code automatically generated for the referral programme.
- Created answer sheets: all answer sheet templates configured by the user are stored exclusively in the local memory of their mobile device. Vmarc Automação does not upload, transmit, automatically back up, or sync these configurations to the cloud. The application functions as an instant grading tool and does not perform the management, registration, or export of student data; it is up to the user to transcribe the results obtained to their respective spreadsheets or physical assessments. Uninstalling the application or clearing system data will result in the permanent loss of the configured answer sheets, requiring manual re-creation by the user.
The region above (Brazil) refers to the account data listed in this section. Other Google services may operate on global infrastructure — see section 7.
4. Authentication
The App offers the following login methods, all processed by Google Firebase Authentication:
- Email and password: the e-mail address and password (stored as a hash by Firebase) are used to identify the user.
- Sign in with Apple (iOS): the App uses Apple's authentication service. The user may choose to share an anonymous relay e-mail instead of their real address. No additional information is requested from Apple beyond the user identifier and, optionally, the e-mail.
Under no circumstances does the App store passwords in plain text or have access to identity provider credentials.
5. Advertising and Tracking
The App displays video ads provided by Google AdMob in the "Earn Credits" section. Before showing ads, the App requests your permission for tracking (as required by the platform in use).
- If you consent: Google AdMob may use the Advertising Identifier (IDFA on iOS / GAID on Android) to serve personalised ads based on your interests. This identifier is shared with Google and its advertising partners.
- If you decline: the App will continue to display contextual (non-personalised) ads using SKAdNetwork technology (iOS) or its equivalent (Android), without access to your advertising identifier.
You may change your tracking preference at any time in your device's Settings (Settings → Privacy & Security → Tracking, on iOS). Google AdMob operates under Google's Privacy Policy.
6. Support and Communication
Should the user contact our support team, we may collect:
- Name and contact e-mail address.
- Messages and attachments voluntarily submitted (such as screenshots for bug reporting).
Such data is used strictly to resolve your request and is not shared with third parties for marketing purposes. Attachments are automatically deleted from our servers after the support ticket has been processed.
7. Third-Party Services
The App uses the following third-party services, each operating under its own privacy policies:
- Google Firebase (Authentication, Firestore, Cloud Functions, Storage, App Check): backend infrastructure, authentication, and database. May collect device identifiers for diagnostic and technical operation purposes.
- Google Analytics for Firebase: used to understand app usage (screens visited, time spent, interactions), identify usability issues, optimise the interface, and prioritise markets where the app is growing. The data is pseudonymised — it does not identify you directly — but involves: a unique installation identifier (app-instance ID); the device's advertising identifier (IDFA on iOS / GAID on Android), subject to your tracking choice described in section 5; and your approximate location (country, region/state, and city), derived from the IP address of the connection (the IP address itself is not retained in reports). Processing takes place on Google's global infrastructure. Collection respects the control described in section 10 and operates under Google's Privacy Policy.
- Firebase Crashlytics: Google's crash reporting service. Collects diagnostic data (stack traces, device state at the time of the crash, operating system version) to identify and fix app errors. Data is sent only as described in section 10 below. Operates under Google's Privacy Policy.
- Google AdMob: advertising platform described in section 5.
- Apple App Store / Google Play Billing: in-app purchase payment processing. Vmarc Automação does not have access to credit card data — financial transactions are managed entirely by the device's app store.
8. Your Rights (LGPD / GDPR)
In accordance with Brazilian data protection law (LGPD — Lei Geral de Proteção de Dados, Law No. 13.709/2018) and, for users in the European Union, the General Data Protection Regulation (GDPR), you have the right to:
- Access the data we hold about you.
- Correct incomplete or outdated data (via the "My Profile" screen in the app).
- Request the deletion of your personal data and account — available directly in the app (Settings → My Profile → Delete Account) or through the support channel.
- Withdraw consent for crash reporting, usage analytics, or personalised ads at any time (Settings → Privacy).
To exercise any of these rights, please contact: suporte@vmarc.tec.br.
9. Data Retention
Account data is retained for as long as the account remains active. Following account deletion, personal data is removed from our servers within 30 days, subject to any applicable legal retention obligations. Crash reports submitted to Crashlytics follow Google's retention policy (90 days by default).
10. Crash Reports and Ad / Analytics Consent
Crash reports (Firebase Crashlytics) and Analytics data (Firebase Analytics):
- Outside the European Union / EEA / United Kingdom: crash reporting and the collection of usage analytics data (described in section 7) are enabled by default to ensure the stability and continuous improvement of the application. The user may disable either of these at any time under Settings → Privacy within the app.
- In the European Union, EEA, and United Kingdom (subject to GDPR): the collection of behavioural analytics data (Firebase Analytics) and the submission of crash reports (Firebase Crashlytics) are strictly disabled by default. The application will only begin collecting this data after the user's express, free, and informed consent through our privacy management screen. The preference may be revoked at any time under Settings → Privacy → Manage consent.
Ad consent (EU / EEA / United Kingdom): for users located in the European Union, the European Economic Area, or the United Kingdom, the App displays an ad consent form (Google User Messaging Platform — UMP) as required by the GDPR. The user may review or change their consent choices at any time under Settings → Privacy → Manage consent.
11. Contact
E-mail: suporte@vmarc.tec.br
Company: Vmarc Automação e Sistemas LTDA
Location: Brazil