1. Comprehensive Data Collection
We collect and process the following categories of personal data with explicit purposes:
| Data Category | Specific Elements | Collection Method |
|---|---|---|
| Account Data | Username, email, hashed password, registration timestamp | Direct user input during registration |
| User Content | Text phrases (max 500 chars), JPEG/PNG images (max 5MB), content metadata | In-app submission forms with server validation |
| Technical Data | Device model (e.g., iPhone 14), OS version (iOS 16.4), IP address (anonymized via truncation), Flutter version (3.7.12) | Automatic collection through Firebase SDK |
| Usage Data | Session duration (minutes), feature usage frequency, crash reports with stack traces | Firebase Analytics and Crashlytics |
| Advertising Data | Google Advertising ID (AAID/IDFA), impression counts, click-through rates | AdMob SDK with user consent mechanism |
2. Legal Bases for Processing (GDPR Art. 6)
- Contractual Necessity: Account creation and core app functionality
- Legitimate Interests: Service optimization, fraud prevention
- Consent: Personalized advertising, analytics tracking
- Legal Obligation: Tax records, fraud investigations
3. Detailed Data Flow
3.1 User Registration
Email verification via Firebase Auth (sendEmailVerification()) with 6-digit OTA code valid for 15 minutes.
3.2 Content Submission
All user-generated content undergoes:
- Automated filtering (ML-based text analysis via Firebase ML Kit)
- Manual review by human moderators within 24-48 hours
- SHA-256 checksum validation for image integrity
3.3 Data Storage Architecture
- Firestore Database: User profiles (document per UID)
- Cloud Storage: Images stored in EU-west1 region with AES-256 encryption
- Firebase Realtime Database: Real-time content updates
4. Third-Party Integrations
| Service | Purpose | Data Shared | Legal Agreement |
|---|---|---|---|
| Firebase Authentication | User identity management | Hashed passwords, OAuth tokens | Google Data Processing Amendment |
| AdMob | Ad serving | Advertising ID, device locale | Google EU User Consent Policy |
| Firebase Analytics | Usage tracking | Event logs, user journey data | Data Processing Terms (GDPR) |
5. Data Retention Schedule
- Account Data: Retained until deletion request + 30 days grace period
- User Content: Anonymized 72h post-account deletion (replace username with "DeletedUser#123")
- Server Logs: Rotated every 7 days, archived for 12 months
- Advertising Data: Reset with app reinstall via AdMob.reset()
6. Security Protocols
Technical Measures
- End-to-end TLS 1.3 encryption
- HSM-protected signing keys rotated every 90 days
- Daily vulnerability scans via Firebase App Check
Organizational Measures
- Biometric access to production databases
- Annual staff GDPR training (certification required)
- Third-party penetration testing every 6 months
7. User Rights Enforcement
To exercise GDPR rights:
- Submit verifiable request via in-app form
- Two-factor authentication required
- Response within 30 calendar days
Deletion Process
1. User triggers deleteAccount()
2. Firestore: Soft-delete with isDeleted flag
3. Cloud Functions: Initiate anonymization pipeline
4. Final purge from backup snapshots (max 60 days)
8. International Data Transfers
Data may transfer to:
- Google LLC (USA): Under SCCs (2021) and TIA 3.0
- Our EU-based moderation partners: Through adequacy decision
Transfer Impact Assessment available upon request.
9. Children's Privacy
COPPA Compliance:
- No collection from users under 13
- Age gate during registration with age verification
- Parental consent required for 13-16 year olds in EU
10. Breach Notification
In case of data breach affecting user data:
- Notify DPA within 72 hours of discovery
- Inform impacted users via in-app notification and email
- Public disclosure on company website
11. Policy Updates
Version control:
- Change log maintained in GitHub repository
- Previous versions archived for 5 years
- Material changes require re-consent