Controller: Phoenix Capital ("we", "us"). · Last updated:
This policy describes how we collect, use, store, and share information when you use the mobile application MB Inspect (the "App"), published under Phoenix Capital's PCapital brand. By using the App, you agree to this policy.
Note: Update this page before going to production — replace the contact email below; confirm whether your backend is production or staging; and align wording with your Google Play Data safety form.
1. Who we are
Phoenix Capital is the data controller for personal data processed through the App in connection with motor inspection workflows. For privacy requests, contact us at: devop.phoenixcapital@gmail.com.
2. Information we collect
Depending on how you use the App, we may process:
Account and authentication data. The App uses industry-standard sign-in (OpenID Connect / OAuth 2) through our identity provider (Keycloak-compatible SSO). This may include your name, email address, identifiers, and security tokens needed to keep you signed in.
Photos and inspection media. With your permission, the App uses the device camera to capture images required for motor vehicle inspections (e.g. vehicle parts, documents where applicable). Images may be stored temporarily on the device and transmitted to our backend for processing and storage as part of the inspection service.
Vehicle and policy-related information. Data you enter or load in the App (e.g. chassis numbers, policy or quotation references, governorate, customer details as required by your workflow) may be sent to our APIs to register vehicles, complete inspections, and related insurance processes.
Technical and usage data. The App uses network connections to reach our servers. Standard technical data (such as IP address, timestamps, device/OS type as observed by our infrastructure) may be collected in server logs as part of normal operation.
3. Permissions (Android)
The App may request:
Camera — to take inspection photos.
Internet — to authenticate and sync data with backend services.
Storage (where applicable) — on older Android versions, limited access to read/write external storage may be declared to save or access images; on newer versions the App uses scoped storage / media APIs where appropriate.
4. How we use information
We use the information above to:
Authenticate you securely and maintain your session;
Provide motor inspection features, including capturing and uploading photos;
Submit and retrieve inspection, vehicle, and policy-related records through our APIs;
Operate, secure, and improve the App and related services; and
Comply with legal obligations where applicable.
5. Legal bases (where applicable)
If you are in the EEA, UK, or similar jurisdictions, we rely on appropriate bases such as: performance of a contract, legitimate interests (operating and securing the service), consent (where required for certain permissions or marketing — the App does not use the camera for advertising), and legal obligation.
6. Sharing and subprocessors
We share data with:
Identity / SSO provider — for login and token issuance (e.g. Keycloak-operated service at a host configured for our environment).
Backend / API infrastructure — systems that host inspection and policy APIs (environment-specific; your build may point to staging or production hosts).
We do not sell your personal information. We may disclose information if required by law or to protect rights and safety.
7. International transfers
Your data may be processed in countries where we or our service providers operate. Where required, we use appropriate safeguards (such as standard contractual clauses).
8. Retention
We retain personal and inspection data only as long as needed for the purposes above, including legal, regulatory, and insurance record-keeping requirements. Retention periods may depend on your relationship with the insurer or fleet operator commissioning the inspection. Local copies on your device may remain until you delete the App or clear app data.
9. Security
We use technical and organizational measures appropriate to the sensitivity of inspection and identity data, including encrypted transport (HTTPS), secure authentication flows, and access controls on backend systems. No method of transmission or storage is 100% secure.
10. Your rights
Depending on your location, you may have rights to access, rectify, delete, restrict or object to processing, data portability, and to withdraw consent where processing is consent-based. You may also lodge a complaint with a supervisory authority. Contact us at the email in section 1 to exercise these rights.
11. Children
The App is not directed at children under 16 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children.
12. Changes to this policy
We may update this policy from time to time. We will post the revised version on this page and update the "Last updated" date. Material changes may require additional notice as required by law.