Privacy Policy

Last updated: October 2024

1. Data Controller

This app is operated by an independent individual developer. For privacy inquiries, contact: aicodevapp@gmail.com.

2. Data Collection & Processing

We strictly follow the principle of data minimization.

• 2.1 Local Data: No names, emails, or contacts are collected. Messages are ephemeral.
• 2.2 Third-Party Service (Firebase): We use Google Firebase exclusively for backend hosting.
  • Anonymous Usage: All data transmitted to Firebase is stripped of device identifiers (IDFA/GAID). We do not use Firebase Analytics or Firebase Cloud Messaging for tracking.
  • Data Residency: Data is stored in the United States (us-central1).
• 2.3 Temporary Storage: Messages are retained for a maximum of 72 hours or until picked up, then permanently deleted.

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), our legal bases are:

• Legitimate Interest: To provide the core bottle-matching functionality.
• Consent: Implied by your use of the service for ephemeral messaging.

4. Your Rights (Global)

You have the right to access, rectify, erase, restrict processing, and data portability. Since we hold minimal data, most rights can be exercised by simply uninstalling the app. For formal requests, email us.

5. Children’s Privacy (COPPA)

We do not knowingly collect data from children under 13. If discovered, data will be deleted within 48 hours.

6. Data Security

We use TLS 1.3 encryption. While we implement reasonable safeguards, no internet transmission is 100% secure.

7. International Transfers

Data is transferred to the US. For EEA users, we rely on Standard Contractual Clauses (SCCs) to ensure adequate protection.

8. Policy Changes

Material changes will be notified via an in-app alert.

9. GDPR Specifics (EEA Users)

If you are located in the EEA, you have the right to lodge a complaint with your local supervisory authority. Our Data Protection Officer (DPO) contact is the same as the developer contact above.