Privacy policy

VariationProof Privacy Policy

Effective date: 30 June 2026

Developer: Commercial Concrete Grinding

Contact: nick@commercialconcretegrinding.co.nz

App details

App name: VariationProof. Package ID: nz.co.variationproof.app.

What the app does

VariationProof helps tradespeople record extra work, attach site photos, describe scope changes, price variations, generate PDFs, share variation notices and, for Pro users, capture customer confirmation and create Xero draft invoices.

Data stored by the app

The app can store variation numbers, project and site details, customer or builder names, recipient email addresses, phone numbers entered by the user, descriptions of work, pricing, GST settings, local status events, manually entered confirmation notes, customer confirmation records, proof hashes, company branding details, logo images, evidence photos, generated PDFs and accounting export status.

Local-first storage

Core VariationProof records are stored locally on the user's Android device in app-private storage. The developer does not operate a VariationProof server for the core variation record, approval record, PDF, photo, Gmail send option or Xero draft invoice workflow.

Camera, photos and files

Camera and photo access are used only when the user chooses to capture or attach evidence photos, choose a logo, generate a PDF or share an exported file. Evidence photos and PDFs remain local unless the user shares, emails, exports or uploads them through another app or service.

Email and sharing

Users can share variation PDFs through email apps, Gmail or other sharing tools installed on the device. Once a user shares a file, that copy is controlled by the recipient and by the selected email, file sharing or messaging service.

Payments

VariationProof Pro subscriptions are handled by Google Play Billing. Payment details are processed by Google Play, not by Commercial Concrete Grinding or a VariationProof server.

Xero connection

If a Pro user connects Xero, the app uses Xero OAuth to connect the user's Xero organisation and create draft invoices from customer-confirmed variations. Xero access and refresh tokens are stored on the device using Android Keystore encryption. Xero data is sent directly between the device and Xero's API.

No advertising or analytics SDK

VariationProof does not include an advertising SDK, analytics SDK or developer-operated tracking system in the app. The app is designed to work locally unless the user chooses to share a file, use Google Play Billing, connect Xero or use another installed app or service.

Deleting local data

Users can delete local variation records in the app. Deleting a local record removes that record and its app-private photos or PDFs from that device. This does not delete copies already exported, emailed, downloaded, uploaded to Xero or shared outside the app.

Support

For privacy or support questions, contact nick@commercialconcretegrinding.co.nz.