Last updated: 5 May 2026 · Version 2.0
Plain-English summary: Perlicom Systems Ltd, an Irish company, runs StellarGauge. We collect only the data we need to operate the Service: your Google account profile (for sign-in), the readings your StellarGauge devices send (level, temperature, signal, battery), and basic billing records when you subscribe to Premium. We host everything inside the European Union. We never sell, rent or share personal data for cross-context behavioural advertising.
"Service" in this policy means StellarGauge, accessible at stellargauge.com and via our official Android (and, in future, iOS) applications.
The table below is our full Article 13/14 GDPR disclosure: each row sets out a category of personal data, why we process it, the lawful basis under Article 6, and how long we keep it.
| Data | Purpose | Lawful basis | Retention |
|---|---|---|---|
| Google account profile (Google ID, email, display name, profile picture) returned by Google OAuth | Authenticate you, populate your account, send service email | Performance of contract (Art. 6(1)(b)) | While your account exists; deleted within 30 days of account closure |
| Device data: BLE device IDs, friendly names, capacity (litres), tank shape, calibration values, firmware version | Match readings to your devices, render correct level/% on screen, push firmware OTA updates | Performance of contract (Art. 6(1)(b)) | Until you remove the device from your account, then 30 days |
| Readings: level, temperature, signal strength (RSSI), battery voltage, timestamp, location-of-reading (which device) | Show live state and history; trigger smart alerts; analytics dashboards (Premium) | Performance of contract (Art. 6(1)(b)) | Free tier: only the most recent reading per device. Premium: 365 days. Aggregated daily summaries: indefinite (no personal identifiers). |
| Alert configuration (thresholds, contact email/phone for notifications, alert history) | Send you the alerts you opted into | Performance of contract (Art. 6(1)(b)) | Until you delete the alert, or 90 days after account closure |
| Subscription / billing: subscription tier, status, start date, renewal date, last 4 of card, Revolut order id | Run your subscription, comply with VAT/invoicing rules | Legal obligation (Art. 6(1)(c)) for invoicing; Performance of contract for billing operations | 7 years (Irish revenue requirement) |
| Audit logs: account-significant events (login, password reset, billing change, device added/removed) | Security, fraud-detection, regulatory accountability | Legitimate interests (Art. 6(1)(f)) — protecting account security | 2 years |
| Diagnostic logs (anonymised request paths, error counts, app version) — no payloads, no PII | Find and fix bugs, capacity-plan | Legitimate interests (Art. 6(1)(f)) | 30 days |
| IP address & coarse geo (country / ISP) on each request | Rate-limit abuse, regional pricing/VAT, fraud prevention | Legitimate interests (Art. 6(1)(f)) | 30 days for live logs; redacted in long-term audit |
| Permission | Why | If you decline |
|---|---|---|
| Bluetooth scan / connect | Required to discover and read StellarGauge BLE devices | The app cannot connect to any device — no live readings |
| Location (Approximate, foreground only) | Android requires location permission to scan for nearby BLE devices on Android 11 and below; we never log or upload your location | BLE scanning may be blocked by Android, depending on version |
| Notifications | Show alerts (low-level, battery low, lost-signal) outside the app | You won't receive in-app or system alerts; everything stays in-app |
| Run in background (battery optimisation exemption, Workmanager) | Periodic background scans so a device away from the phone still updates | Readings only update while the app is in the foreground |
| Internet | Sync readings, sign in with Google, download firmware | App is unusable without it |
| Processor | Purpose | Country |
|---|---|---|
| Google LLC (OAuth identity) | Sign-in | EU/US (SCCs in place) |
| MongoDB Atlas | Database hosting | EU (Frankfurt) |
| Revolut Payments UAB | Subscription billing | EU (Lithuania) |
| ChemiCloud (SMTP) | Service email (alerts, invoices, password resets) | EU |
Each processor operates under a written Data Processing Agreement and may only process the data we specifically instruct them to.
We do not sell, rent or share personal data for advertising. We disclose data only:
You can:
We respond to verified rights requests within 30 days at no cost (extended by up to 60 days only for complex requests).
The web dashboard uses one strictly-necessary session cookie to keep you signed in. We do not use third-party cookies, ad pixels or session replay tools. We collect anonymised request counts (no IPs, no user-agent fingerprinting) for capacity planning only.
StellarGauge is not directed at children. We do not knowingly create accounts for users under 16. If you believe a child has registered, contact us and we will delete the account.
We use TLS 1.2+ for everything in transit, AES-256 at rest, hashed/peppered passwords (when applicable), least-privilege access to production, and audit logging of admin actions. Despite all reasonable measures, no system is unbreakable; if a breach affects you, we will notify you and the Data Protection Commission within 72 hours of confirmation, as required by Article 33 GDPR.
All primary processing is in the EU. The only material US transfer is Google OAuth metadata; that transfer is covered by Standard Contractual Clauses (SCCs) and Google's EU-US Data Privacy Framework certification.
We may update this Policy; material changes will be flagged in the app or by email at least 14 days before they take effect. The current version and effective date are always at the top of this page.
Questions, concerns or rights requests: support@stellargauge.com.