This page summarizes (i) the device permissions Ongo Audit requests and the reasons for each, (ii) the data declared in Apple’s App Privacy (“Privacy Nutrition Label”), and (iii) the data declared in Google Play’s Data Safety section. The disclosures here are consistent with the Privacy Policy.
4.1 Device permissions and purpose strings
| Permission | When requested | Purpose | iOS purpose string (Info.plist) |
|---|---|---|---|
| Camera | When you tap the camera button to attach a photo to a form, incident, or corrective action. | Capture photos as part of an audit, inspection, or incident report submitted to your organization. | NSCameraUsageDescription: “Ongo Audit uses the camera to attach photos to audit, inspection, and incident submissions for your organization.” |
| Photo library (read, add) | When you choose an existing photo to attach, or save a captured photo. | Attach existing photos to submissions and, if you choose, save captured photos to your device. | NSPhotoLibraryUsageDescription: “Ongo Audit accesses your photo library when you attach existing photos to a submission.” NSPhotoLibraryAddUsageDescription: “Ongo Audit can save photos you capture in the App to your photo library.” |
| Location (when in use only) | When you explicitly tap the “Capture location” control inside a form. | Record latitude and longitude on user request, so your organization can verify the inspection was performed at the correct site. The App does not track location continuously or in the background. | NSLocationWhenInUseUsageDescription: “Ongo Audit captures your location only when you tap ‘Capture location’ inside a form, to confirm the inspection was performed at the correct site.” |
| Notifications | When you sign in for the first time. | Notify you of new assignments, comments on submissions, and important system events. | (No purpose string required; user consent is captured by the system prompt.) |
| Network access | Always. | Connect to the Ongo Audit servers to authenticate, sync assignments, upload submissions and photos, and receive notifications. | (Standard.) |
The App does not request: contacts, calendar, microphone, background location, Bluetooth, motion sensors, health data, SMS, call log, files outside the App’s container, or App Tracking Transparency (since the App does not track users across other companies’ apps and websites).
4.2 Apple App Store — App Privacy (“Privacy Nutrition Label”)
To be entered in App Store Connect → App Privacy. The App does not use data for tracking. None of the data types are linked to user identity for advertising; identifying information is linked to the user’s account for the purpose of providing the Service.
The disclosures below cover the mobile (iOS) app. No analytics, crash reporting, or session replay data is collected from the iOS app at this time. The data types listed below cover only the data sent to the Ongo Audit backend.
Data Used to Track You: None.
Data Linked to You (used to provide the Service, linked to the user’s account):
| Data type | Purposes |
|---|---|
| Name | App Functionality |
| Email Address | App Functionality, Authentication |
| Phone Number (if provided by Customer) | App Functionality |
| User ID | App Functionality |
| Photos | App Functionality |
| Precise Location | App Functionality |
| Other User Content (form responses, comments, incident reports) | App Functionality |
| Customer Support data | App Functionality |
Data Not Linked to You: None separately declared (all collected data is associated with the account that submits or generates it).
Privacy Policy URL (App Store Connect): https://www.ongoaudit.com/legal/privacy-policy
Privacy Choices URL (App Store Connect): same as Privacy Policy URL.
4.3 Google Play — Data Safety section
To be entered in Play Console → App content → Data safety. The disclosures below cover the Android companion app. No analytics, crash logs, or diagnostics data is collected from the Android app at this time.
Does your app collect or share any of the required user data types? Yes, collect. No sharing for advertising or independent use by third parties; data is shared only with processors acting on Taskworld’s behalf.
Is all of the user data collected by your app encrypted in transit? Yes (TLS 1.2 or higher).
Do you provide a way for users to request that their data be deleted? Yes (in-app account deletion request available; deletion is processed by Taskworld within thirty (30) days of the request).
Data types collected:
| Category | Data type | Collected | Shared | Required/Optional | Purpose |
|---|---|---|---|---|---|
| Personal info | Name | Yes | No | Required | Account management, App functionality |
| Personal info | Email address | Yes | No | Required | Account management, App functionality |
| Personal info | Phone number | Yes (if provided) | No | Optional | App functionality |
| Personal info | User IDs | Yes | No | Required | Account management, App functionality |
| Location | Approximate location | No | No | n/a | n/a |
| Location | Precise location | Yes | No | Optional (only when user taps “Capture location”) | App functionality |
| Photos and videos | Photos | Yes | No | Required (when user attaches a photo) | App functionality |
| Files and docs | Files and docs | No | No | n/a | n/a |
| Audio | Audio | No | No | n/a | n/a |
| Messages | Other in-app messages | Yes (chat on submissions) | No | Optional | App functionality |
| App activity | App interactions | No | No | n/a | n/a |
| App activity | In-app search history | No | No | n/a | n/a |
| App activity | Other user-generated content (form responses, incidents, corrective actions) | Yes | No | Required | App functionality |
| App info & performance | Crash logs | No | No | n/a | n/a |
| App info & performance | Diagnostics | No | No | n/a | n/a |
| App info & performance | Other app performance data | No | No | n/a | n/a |
| Device or other IDs | Device or other IDs | Yes | No | Required | App functionality |
| Financial info | Any | No | No | n/a | n/a |
| Health and fitness | Any | No | No | n/a | n/a |
| Contacts | Any | No | No | n/a | n/a |
| Calendar | Any | No | No | n/a | n/a |
Security practices
- Data is encrypted in transit: Yes.
- Users can request that data is deleted: Yes.
- Committed to follow Play Families Policy: Not applicable (the App is not directed to children).
- Independent security review: To be updated if and when an independent review is completed.
4.4 Apple privacy manifest (PrivacyInfo.xcprivacy)
The Ongo Audit iOS app is built with Expo (SDK 55+), which generates the PrivacyInfo.xcprivacy privacy manifest at build time and includes the manifests of bundled Expo modules (expo-router, expo-location, expo-splash-screen, expo-font). The manifest declares no tracking domains, no tracked data, and the collected data types listed in Section 4.2.
Before each App Store submission, the development team should:
- verify the generated privacy manifest in the built .ipa matches the disclosures in Sections 4.1 and 4.2;
- confirm that any newly added third-party SDK on Apple’s commonly-used SDK list includes its own signed privacy manifest;
- verify that the required-reason API entries cover the actual API usage of the app and bundled SDKs.
4.5 Android target SDK and permissions
- Target SDK: Android 15 (API level 35) or higher, in line with Google Play’s 2026 target API level requirement.
- Declared permissions: INTERNET, ACCESS_NETWORK_STATE, CAMERA, ACCESS_FINE_LOCATION (foreground only), POST_NOTIFICATIONS, READ_MEDIA_IMAGES (Android 13+) or scoped equivalents.
- The App does not request ACCESS_BACKGROUND_LOCATION, READ_CONTACTS, READ_CALL_LOG, READ_SMS, MANAGE_EXTERNAL_STORAGE, or any other broad-access permission.
- A prominent in-app disclosure is shown the first time location is requested, explaining that location is captured only on explicit user action (tapping “Capture location” inside a form) and is not collected in the background.