TornCat MossosPublic legal center

Data and safety

Privacy Policy.

Clear information about processed data, purposes, legal bases, technical providers, retention, deletion and user rights.

Private and unofficial app.

TornCat Mossos is not affiliated with, endorsed by or managed by Mossos d'Esquadra, Generalitat de Catalunya or the Department of Interior. It does not replace official rosters, communications, instructions, emergency channels or official systems.

Last updated: June 30, 2026 Public HTTPS · No login · Not a PDF

Language

Read this page in another language

Select a language to keep the same legal section translated.

1. Controller and contact

This policy describes the data processing of TornCat Mossos, a private tool for organizing shifts, leave, reminders, personal work calendars, user-entered professional records and voluntary schedule sharing.

The data controller is the individual, company or entity that owns the public developer account distributing TornCat Mossos on Google Play, App Store or other official app distribution channels. The visible controller identity should match the public store listing.

Operational controller
TornCat Mossos / public developer account holder distributing the app.
Privacy contact
Data protection officer
No specific DPO is published unless a legal obligation requires one. If one is appointed, this page will be updated.
Scope
Users of the mobile app, public legal website and associated services.
Public legal URLs

2. Data the app may process

The app should collect only the data needed to provide its functions. Depending on actual use, the following categories may be processed:

  • Account data: email address, user identifier, display name or alias, session state and basic settings.
  • Service configuration: selected work configuration, area or service settings, shift pattern, team, regime or parameters needed to generate the calendar.
  • Calendar and shifts: shifts, vacation, personal leave, blue days, user-marked sick leave, overtime extensions, holidays, notes, reminders and manual adjustments.
  • Jornada and Radar: hour calculations, night work, deviations, leave records, alerts and other indicators derived from the calendar.
  • User-entered professional records: court appearances, summons, meetings, shooting practice, training, overtime extensions, extra hours or other records voluntarily added by the user.
  • Private notes: text entered by the user in the calendar or personal record areas.
  • Private sharing: authorized connections, invitations, visibility permissions, exchange/coverage requests and content the user chooses to share.
  • Moderation and safety: reports, blocks, incidents, review reasons and signals needed to prevent abuse if social or exchange features are used.
  • Exports: PDFs, Excel files, text files, calendars, files or previews generated when the user requests to send or export information.
  • Support: messages sent to support, incidents, screenshots provided by the user and metadata needed to resolve the request.
  • Minimum technical data: app version, operating system, language, date/time of technical events, security logs and data needed to prevent abuse or diagnose errors.

3. Sensitive data and use limits

Do not enter sensitive institutional data. The app must not be used to store official credentials, badge numbers, institutional passwords, classified information, police operational data, victim data, suspect data, reports, proceedings, sensitive locations or third-party data without authorization.

Some functions may allow users to record sick leave, court appearances, summons, notes or professional events. These records are for personal organization and do not make the app a medical, judicial, police, administrative or institutional system.

Users should avoid entering medical diagnoses, health reports, third-party data, procedural details, operational information or any data that is not strictly necessary for personal organization. If a note or export contains sensitive information, the user is responsible for deciding whether to store, share or delete it.

4. Purposes and legal bases

PurposeMain dataMain legal basis
Create an account, sign in and maintain the service.Email, user identifier, session and basic profile.Performance of the service requested by the user.
Generate calendar, shifts, jornada, reminders and summaries.Configuration, shifts, leave, notes and records entered by the user.Performance of the service and voluntary user actions.
Send notifications, use camera, device calendar or exports.Device permissions, events, files and preferences.Consent or voluntary activation through the operating system or app.
Share schedules or information with authorized connections.Visibility permissions, invitations and data selected by the user.Consent or explicit user request.
Handle support, privacy, account deletion and security.Email, support messages, minimum technical data and request records.Service performance, legal obligation and legitimate interest in security.
Prevent abuse, unauthorized access, fraud, spam or misuse.Minimum technical logs, reports, blocks and security signals.Legitimate interest in protecting users, the service and data.
Comply with legal obligations or defend claims.Strictly necessary data depending on the case.Legal obligation and defense of claims.

5. Device permissions, SDKs and tracking

The app may request device permissions only when a specific function requires them. The user may deny them through the operating system; in that case, the app keeps available the features that do not depend on that permission.

Permission or functionUse in TornCat MossosRequired
CameraScan invitation or connection QR codes when the user opens that feature.No. QR only.
Device calendarCreate or export local calendars if the user enables an integration or export.No. The app works without granting it.
NotificationsUser-configured reminders and alerts.No. Optional.
Files and system share sheetGenerate or share PDF, Excel, text or calendar files when the user taps export or share.No. Only for voluntary export.

In the current version, TornCat Mossos does not integrate advertising SDKs, does not sell personal data, does not use advertising tracking across third-party apps or websites and does not include a proprietary analytics or crash reporting SDK. If Sentry, analytics, advertising, payments, subscriptions or other SDKs are added in the future, this policy, Google Play Data Safety and App Store Privacy information must be updated before publishing the affected version.

6. Providers, processors and transfers

TornCat Mossos does not sell personal data. It may disclose strictly necessary data to technical providers that run the app and legal website, acting as providers or processors where applicable.

Provider or channelIntended usePossible data
SupabaseAuthentication, database, access rules and backend functions.Account, profile, calendar, notes, records and data needed for functionality.
Cloudflare PagesHosting this public legal website and securely delivering static pages.Ordinary technical web access data processed by the infrastructure provider.
Google Play / Apple App StoreDistribution, review, updates, operating system and store services.Technical or account data processed by the store under its own terms.
Email providerRespond to support, privacy, security and deletion requests.Email, message content and data the user chooses to send.
External apps chosen by the userWhatsApp, email, files, calendars or other apps used to share exports.Only what the user chooses to share outside TornCat Mossos.

Some providers may process data outside the European Economic Area. Where applicable, appropriate safeguards such as processing agreements, standard contractual clauses or other mechanisms recognized by data protection law will be used. Exports sent by the user to external apps are governed by the privacy controls and terms of those apps.

7. Legal website, cookies and local storage

This public legal website is hosted on Cloudflare Pages, does not require login and does not include first-party forms. The current configuration does not use advertising cookies, marketing analytics or commercial tracking.

The legal website is served in light mode and does not store a persistent visual theme preference in the browser.

8. Security, retention and deletion

Reasonable measures are applied to protect information, including encrypted communications where applicable, per-user access control, security rules, permission limitation, data separation and data minimization.

CategoryExpected retention
Account and profileWhile the account is active or until the user requests deletion, except minimal retention for legal obligations, security or claims.
Calendar, shifts, notes and recordsWhile the user keeps them in the app, until they delete them, clear the calendar, export their information or delete the account.
Connection invitationsInvitations are designed to expire after 24 hours unless revoked or accepted earlier.
Data shared with connectionsWhile the connection and visibility permission exist, or until the user revokes, blocks, deletes or changes sharing.
Reports, security and abuseFor the time needed to review incidents, prevent abuse, protect the service or meet legal obligations.
SupportFor a reasonable time to answer the request and keep minimal traceability for incidents or claims.
External exportsFiles shared outside the app remain under the control of the user and the chosen external service.

Account and data deletion can be started from the app or from the public deletion page. If part of the deletion requires manual verification, support will process it with reasonable measures to prevent fraudulent deletion.

9. User rights

The user may request access, correction, deletion, restriction, objection, portability or withdrawal of consent by writing to support.torncatmossos@gmail.com. To protect the account, reasonable identity verification may be requested, for example writing from the email associated with the account.

If the user considers that processing does not comply with data protection law, they may lodge a complaint with the competent supervisory authority. In Spain, the reference authority is the Spanish Data Protection Agency (AEPD).

10. Minors, professional use and official channels

The app is not directed at minors. It is a personal work-organization tool and should be used with the user's own lawful, minimized data.

TornCat Mossos is not an institutional, administrative, police, union, medical, judicial or official system. It is not for emergencies, complaints, service instructions, official communications or legal advice. Any calculation, alert or reminder should be checked against the applicable official sources.

11. Google Play Data Safety and App Privacy summary

This summary helps keep the Google Play and App Store listings consistent with this policy. The final console declarations must always match the real app implementation and the SDKs used.

CategoryIntended useRequired or optionalSharing
Email and account identifierAuthentication, support and security.Required for account.Technical authentication/backend provider.
Profile and configurationConfigure the calendar, jornada and app experience.Required for core features.Not shared except voluntary action or necessary technical provider.
Calendar, shifts, leave and notesPlanning, calculations, reminders, summaries and exports.Required or optional depending on feature.Only by permission, authorized connection, voluntary export or necessary technical provider.
Professional and judicial recordsPersonal reminder and tracking of events entered by the user.Optional.Not shared except by permission or user-initiated export.
Connections and sharingAllow schedules or requests to be shared with authorized contacts.Optional.Only with users or contacts chosen by the user.
Reports and blocksModeration, security, abuse prevention and rule enforcement.Optional, when reporting or blocking.Technical provider needed to operate the app and review incidents.
Device permissionsCamera for QR, calendar for export/sync and notifications for reminders.Optional.Processed by the operating system and requested function.
Technical dataSecurity, minimum diagnostics and abuse prevention.Necessary to operate safely.Technical provider needed to operate the app.
Support dataAnswer incidents, legal requests and privacy requests.Optional, if the user contacts support.Email/support provider if applicable.

Personal data is not sold. There is no advertising SDK or advertising tracking in the current version. Google Play Data Safety and App Store Privacy declarations must be updated before enabling analytics, crash reporting, advertising, payments, Sentry or other SDKs that change data processing.

12. Changes to this policy

This policy may be updated when the app, providers, purposes, store declarations or applicable law change. The last updated date is shown at the top of the page.

13. Store review note

This policy is available at a public, active, HTTPS URL that is not geoblocked, not user-editable and not presented as a PDF. It should also be linked from the app and from the Google Play or App Store listing.