ApsCAS Privacy Policy
Updated | 30 March 2026 |
Operator | Complex Automation Systems GmbH |
Contact | support@casystems.at |
ApsCAS is a project and workflow management platform operated by Complex Automation Systems GmbH. This Privacy Policy explains how personal data is collected, used, shared, retained, and protected when you use ApsCAS.
Within the scope of this Policy, the platform operator is Complex Automation Systems GmbH, Universitatsring 12, 1010 Vienna, Austria. Contact: office@casystems.at and support@casystems.at.
If you use ApsCAS within an organization, that organization may determine the purposes and means of processing certain personal data within its workspace. In that case, the organization may act as an independent controller and ApsCAS may act as a processor or technical service provider for those processing activities.
This Policy applies to ApsCAS mobile applications, desktop applications, web interfaces, backend services, support channels, and related service operations. Separate notices may apply for external websites or third-party services where required.
We aim to collect only the personal data reasonably necessary to provide, secure, support, and lawfully operate the service.
· Account and identity data, such as email address, password hash, username, display name, and where required within an organization, first and last name.
· Organization, membership, role, invitation, permission, and project participation data.
· Project and workflow content, including projects, tasks, statuses, approvals, comments, files, attachments, tags, and activity history.
· Technical and security data, including limited logs, security events, authentication metadata, device notification tokens, and service integrity records.
· Support and communication data, including support requests, correspondence, and materials voluntarily shared for troubleshooting.
· Subscription, billing, contractual, and accounting data where relevant to the selected billing model, including subscription status, plan type, technical transaction identifiers, invoice and contract records, billing contact details, and where operationally or legally required, certain banking or billing-related details.
ApsCAS does not currently offer user audio recording, voice note features, or AI audio or voice interaction as part of the current service scope.
Accordingly, this Policy is not intended to describe ongoing processing of user audio content as a standard ApsCAS feature.
Push notifications are sent only where explicitly enabled by the user or the relevant device/platform settings. For this purpose, notification tokens and preference settings may be stored and processed.
Notifications are intended for system and workflow-related purposes rather than advertising.
· Account creation, login, authentication, and security.
· Organization invitations, membership management, and permissions control.
· Provision of project management, collaboration, file, approval, and workflow features.
· Customer support, troubleshooting, and service improvement.
· Subscription, contract, billing, accounting, and legal compliance operations.
· Fraud prevention, misuse prevention, service integrity, and security incident response.
· Context-limited AI-assisted features where enabled and authorized.
· Contract - where processing is necessary to provide the service or fulfill pre-contractual steps.
· Consent - for example where a user enables optional notifications or where another optional processing activity lawfully relies on consent.
· Legal obligation - for accounting, tax, legal retention, and regulatory obligations.
· Legitimate interest - for security, fraud prevention, service stability, rights protection, and limited internal operational governance.
When AI-assisted features are used, ApsCAS may process only the context reasonably necessary for the requested AI function, subject to role and access permissions.
ApsCAS may store AI-related outputs, such as summaries or analysis records, within the relevant project or task context where required for workflow continuity, auditability, or user convenience. AI outputs are not intended to function as autonomous decisions.
· Authorized administrators and users within the organization or workspace, according to permissions and role settings.
· Technical service providers, infrastructure providers, and subprocessors to the extent reasonably necessary to provide or secure the service.
· Payment, billing, or platform operators relevant to subscriptions or purchases.
· Public authorities, courts, regulators, or law enforcement where disclosure is required by law or necessary to protect rights.
We do not sell personal data for advertising purposes.
Where personal data is processed outside the European Union or European Economic Area, appropriate safeguards such as Standard Contractual Clauses or another lawful transfer mechanism are applied where required.
Personal data is retained only for as long as necessary for the applicable purpose, operational need, contractual relationship, or legal obligation.
· Active account and workspace data may be retained while the account or organizational relationship remains active.
· Some project history, approval history, or audit records may remain after a user leaves an organization or requests deletion, where retention is necessary for traceability, legal compliance, rights protection, or platform integrity.
· Contract, invoice, accounting, and related billing documents may be retained for statutory retention periods.
· When full deletion is requested, ApsCAS may delete, minimize, pseudonymize, or restrict data depending on legal and operational requirements.
· TLS/HTTPS encryption where applicable.
· Role-based and permission-based access control.
· Technical and organizational measures designed to protect confidentiality, integrity, and availability.
· Security monitoring and incident handling appropriate to the service.
Under the GDPR, you may have rights of access, rectification, erasure, restriction, portability, objection, and withdrawal of consent where applicable. You may also lodge a complaint with the Austrian Data Protection Authority or another competent supervisory authority.
ApsCAS is intended for professional and business use and is not directed to children under 16 years of age.
This Policy may be updated from time to time. The current version will be published through the application, website, or another lawful notice channel.
For privacy-related matters, contact: support@casystems.at.