Froppy - Privacy Policy

Overview

Froppy is designed with privacy as the foundation. This Privacy Policy explains how we handle your information when you use our subscription tracking application available on Android. Our core principle is simple: your data stays on your device.

Platform: Android (Google Play Store)
Minimum Android Version: 8.0 (API level 26) or higher

1. Information We Collect

1.1 Local Data Only

Froppy is designed with privacy as the foundation. All your subscription data is stored locally on your device using encrypted SQLite database storage.

1.2 No Personal Information Collected

We do not collect, store, or transmit any of your personal information, subscription details, payment information, or usage data to our servers.

1.3 No Analytics or Tracking

The App does not include any analytics, crash reporting, or user tracking systems.

1.4 What We DON'T Collect

• ❌ Personal subscription details
• ❌ Payment information or financial data
• ❌ Usage analytics or app behavior data
• ❌ Device information or identifiers
• ❌ Location data
• ❌ Contact information
• ❌ Crash reports or diagnostic data
• ❌ Advertising identifiers
• ❌ Social media information

1.5 What We DO Collect

• ✅ Nothing by default - The App works entirely offline
• ✅ Google Drive authentication token (only if you choose backup)
• ✅ Service icon downloads (only if you choose custom services)

2. How We Use Information

2.1 Local Processing

All subscription calculations, analytics, and data processing occur entirely on your device.

2.2 No Server Communication

The App does not communicate with our servers or third-party services for core functionality.

2.3 Optional Features Only

The only external communication occurs when you explicitly choose to:

• Backup data to your personal Google Drive account
• Download service icons from the internet (cached locally)

2.4 Data Flow

1. Input: You enter subscription data
2. Storage: Data stored locally in encrypted database
3. Processing: All calculations happen on your device
4. Backup (Optional): Encrypted backup to your Google Drive
5. No Transmission: No data sent to our servers

3. Data Storage and Security

3.1 Local Encryption

Your subscription data is stored in an encrypted Room database on your device using Android's built-in encryption capabilities and industry-standard security practices.

3.2 Biometric Protection

You can optionally enable biometric authentication (fingerprint, face recognition) to protect access to the App. We do not store or have access to your biometric data.

3.3 No Cloud Storage by Default

By default, your data never leaves your device. Cloud backup is entirely optional and user-controlled.

3.4 Security Measures

• Database Encryption: All local data encrypted at rest
• Secure Authentication: Biometric and device-level security
• No Network Dependencies: Core functionality requires no internet access
• Regular Security Updates: Timely security patches and updates

4. Google Drive Integration (Optional)

4.1 Explicit Consent Required

Google Drive backup requires your explicit consent and Google account authentication through OAuth 2.0.

4.2 How It Works

1. User Choice: You explicitly choose to enable Google Drive backup
2. Authentication: You authenticate with your Google account
3. Encryption: Data is encrypted before upload using strong encryption
4. Storage: Encrypted backup stored in your personal Google Drive
5. Control: You can disable, modify, or delete backups anytime

4.3 Your Google Drive Data

• Location: /Froppy/backups/ folder in your Google Drive
• Format: Encrypted JSON files with .froppy extension
• Access: Only you and the Froppy app can access this data
• Deletion: You can delete backup files directly from Google Drive

4.4 Your Control Over Backups

• Whether to enable Google Drive backup
• When backups occur (manual or scheduled)
• Whether to restore from backups
• Deletion of backup data from your Google Drive
• Revoking app access to Google Drive

4.5 Google's Privacy Policy

When using Google Drive backup, Google's Privacy Policy also applies to data stored in your Google Drive account. We recommend reviewing Google's privacy practices.

5. Permissions Explained

5.1 Storage Access

• Purpose: Store subscription data locally and export backup files
• Data: Only subscription information you enter
• Scope: Limited to app-specific storage areas

5.2 Biometric Authentication

• Purpose: Secure access to the App
• Data: Only authentication status (no biometric data stored by us)
• Control: Completely optional and user-controlled

5.3 Internet Access (Optional)

• Purpose: Download service icons and Google Drive backup
• Data: Only when you explicitly choose these features
• Frequency: Only when needed for requested features

6. Third-Party Services

6.1 Google Drive API

• Purpose: Optional backup functionality
• Data Shared: Only encrypted backup files you choose to create
• Control: You can revoke access at any time through Google account settings

6.2 Service Icon Providers

• Purpose: Download service logos and icons
• Data Shared: No personal data, only icon requests
• Storage: Icons cached locally on your device

6.3 No Other Third Parties

We do not integrate with advertising networks, analytics services, or other third-party tracking services.

7. Children's Privacy

7.1 Age Requirements

• Minimum Age: 13 years old (16 in EU under GDPR)
• Parental Supervision: Users under 18 should have parental guidance
• Financial Context: App deals with financial tracking, appropriate for mature users

7.2 COPPA Compliance

• No Data Collection: We don't collect data from users of any age
• No Targeted Content: No advertisements or targeted content
• Educational Use: App can be used for teaching financial literacy with supervision

7.3 Parental Notice

If you believe a child under 13 has used our App, please contact us immediately. Since we don't collect data, there would typically be no information to delete from our systems.

8. Data Retention and Deletion

8.1 Local Data Retention

Your subscription data remains on your device until you:

• Delete the App
• Use the "Clear All Data" function in settings
• Manually delete individual subscriptions

8.2 Google Drive Backups

Backup data remains in your Google Drive account until you delete it. You have complete control over backup retention.

8.3 No Server Data Retention

We do not retain any of your data on our servers, so there's no server-side data to delete.

8.4 Data Deletion Process

1. Local Data: Uninstall app or use clear data function
2. Google Drive: Delete backup files from your Drive
3. Icon Cache: Automatically cleared when app is uninstalled

9. Your Rights and Choices

9.1 Complete Data Control

You have complete ownership and control over your subscription data at all times.

9.2 Access Rights

• View All Data: Access all your information through the App interface
• Export Data: Export your data in JSON format for backup or migration
• Modify Data: Edit or delete any subscription information

9.3 Privacy Choices

• Biometric Authentication: Enable or disable app security
• Google Drive Backup: Choose whether to use cloud backup
• Service Icons: Choose whether to download service icons
• Data Sharing: No data sharing options (we don't share data)

9.4 GDPR Rights (EU Users)

Under the General Data Protection Regulation, you have the right to:

• Access: Access your personal data (stored locally on your device)
• Rectification: Correct inaccurate data
• Erasure: Delete your data
• Portability: Export your data
• Object: Object to data processing (not applicable as we don't process personal data)
• Restrict: Restrict processing (not applicable)

10. Data Security

10.1 Technical Safeguards

• Encryption at Rest: All local data encrypted using industry-standard methods
• Secure Storage: Data stored in protected app sandbox
• No Network Transmission: Core data never transmitted over networks
• Secure Backup: Cloud backups encrypted before transmission

10.2 Access Controls

• Device Security: Relies on your device's security measures
• Biometric Authentication: Optional additional security layer
• No Remote Access: We cannot access your data remotely

11. International Data Transfers

11.1 No International Transfers by Default

Since all data processing occurs locally on your device, there are no international data transfers for core functionality.

11.2 Google Drive Considerations

If you choose Google Drive backup, data transfer is governed by Google's international data handling policies and your Google account settings.

11.3 Service Icons

Service icons may be downloaded from international content delivery networks, but no personal data is involved in these transfers.

12. Changes to This Privacy Policy

12.1 Notification Methods

We will notify you of any privacy policy changes through:

• In-app notifications
• Update release notes
• Prominent notice in the App
• Email (if you've provided contact information voluntarily)

12.2 Material Changes

For significant changes affecting your privacy rights:

• 30-day advance notice when possible
• Clear explanation of what changed and why
• Opt-in consent for any new data collection or sharing

12.3 Continued Use

Your continued use of the App after changes become effective constitutes acceptance of the updated Privacy Policy.

13. Contact Information

13.1 Privacy Questions

For any privacy-related questions or concerns:

• Email: me@binodswain.dev
• Subject Line: Include "Froppy Privacy" for faster processing

13.2 Data Protection Officer

For compliance and user rights requests:

• Contact: me@binodswain.dev
• Role: Handles privacy compliance and user rights requests

13.3 Security Issues

For security-related concerns:

• Email: me@binodswain.dev
• Encryption: PGP key available upon request

13.4 General Support

• Email: me@binodswain.dev

14. Compliance and Certifications

14.1 Regulatory Compliance

• GDPR: Compliant with EU data protection requirements
• CCPA: Compliant with California privacy law
• COPPA: Compliant with children's privacy requirements
• Local Laws: Compliant with applicable data protection laws

14.2 Privacy by Design

Our privacy practices are built into the app architecture:

• Data Minimization: Collect only what's necessary (nothing by default)
• Purpose Limitation: Use data only for stated purposes
• Storage Limitation: Retain data only as long as needed
• Transparency: Clear and open about our practices

15. Document Information

Version History:

• v1.0 (November 1, 2025): Initial release
• Future updates will be documented here with change summaries

Review Schedule:

• Annual Review: Every November 1st
• Triggered Reviews: When features change or laws update
• Emergency Reviews: For security or compliance issues

Languages Available:

• English (Primary)
• Additional languages may be added based on user base

This Privacy Policy is designed to be transparent, comprehensive, and compliant with global privacy regulations while reflecting Froppy's privacy-first design philosophy. Your privacy is not just a policy for us—it's built into the very architecture of our application.