Last updated: April 27, 2026 · Version: 2026-04-27
Upkeep ("we", "us", "our") operates the Upkeep mobile application. This policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR).
We collect the following personal data when you use Upkeep:
We use your data solely to deliver the Upkeep service: to generate personalised maintenance schedules, send task reminders, and store your completion history. We do not use your data for any other purpose.
Legal basis: GDPR Article 6(1)(b) — processing necessary for the performance of a contract.
Your personal data — including your profile, properties, tasks, photos, and receipts — is stored on Firebase (Google Cloud Platform) infrastructure located in the European Union (region europe-west).
International transfers. Firebase Authentication data (your email address and authentication tokens) is stored by Google on servers located in the United States. There is currently no EU data residency option for Firebase Authentication. Google transfers this data under the EU-US Data Privacy Framework and Standard Contractual Clauses, both approved mechanisms under GDPR Articles 44–49. We will migrate authentication data to the EU as soon as Firebase makes EU regional authentication generally available.
No personal data is stored on your device beyond what the operating system caches for app functionality.
We do not collect legal names, physical addresses, government IDs, or financial information. Properties in the app are identified using user-defined nicknames only (e.g., "My Apartment", "Beach House") — never real addresses.
Photos and receipts uploaded by users may contain personal information (e.g., names or addresses visible on receipts). Users upload this content at their own risk. We display a warning in the app before receipt uploads.
Please do not upload:
Uploaded photos and receipts are stored in our EU Cloud Storage bucket and are deleted in full when you delete your account (see §11).
Photo library and camera access. When you attach a photo, the app asks your device for permission to access the camera or your photo library. We only read photos you explicitly select; we never scan your library in the background.
We do not scan, analyse, or moderate uploaded images.
We use Firebase (Google) as our data processor for authentication, database, and file storage. Google's GDPR compliance and Data Processing Terms apply.
Crash and error reporting is handled by Sentry (Functional Software, Inc.) and is described in detail in §8 below.
We use Sentry (Functional Software, Inc.) to collect crash and error reports so we can identify and fix bugs.
What is collected. When the app encounters an error or crash, the following is sent to Sentry: the error stack trace, your device type, OS version, app version, and an internal user identifier (your Firebase user ID).
Linkability to your identity. Although Sentry does not receive your email address directly, the internal user identifier in crash reports can in principle be linked back to your account (and therefore to your email address) by Upkeep when investigating an issue. Crash reports are therefore pseudonymised, not anonymous.
Approximate geolocation. Sentry derives approximate geolocation (country, region, and sometimes city) from the IP address of the device sending the crash report. This happens during ingestion. We have enabled IP-address scrubbing and Advanced Data Scrubbing rules to limit what is retained, but some coarse geolocation data may be stored.
Legal basis. GDPR Article 6(1)(f) — our legitimate interest in maintaining a stable, reliable service.
For more information, see Sentry's privacy policy.
We do not sell, rent, or share your personal data with third parties. We do not use your data for marketing or advertising. Anonymous crash and error reports are shared with our error tracking provider (Sentry) solely for the purpose of identifying and fixing bugs — no personal data is included in these reports.
As a user in the European Economic Area, you have the right to:
Your data is kept for as long as your account is active. Upon account deletion, all your data — including your profile, properties, tasks, photos, receipts, contractor contacts, and invitations — is immediately and permanently deleted. We do not retain any data after account deletion.
Upkeep is not intended for use by children under the age of 16. We do not knowingly collect personal data from children. If we become aware that a child under 16 has provided us with personal data, we will delete it promptly.
We may update this policy from time to time. Each version of this page carries a version date in the header (visible above and embedded in the page metadata). When we publish substantive changes, we will notify you in the app and may ask you to review and re-accept the updated policy on your next login. Continued use of Upkeep after changes are posted constitutes acceptance of the updated policy.
For any data-related requests — including account deletion, data export, or general questions about your privacy — contact us at privacy@upkeepapp.no.