# Privacy Policy (EN)

## 1. Overview

This Privacy Policy describes how the Feeding Start mobile application ("App", "we", "our") collects, uses, stores, and protects personal data.

By using the App, you agree to this Privacy Policy.

Contact:

Email: feedingstart@gmail.com

## 2. Data We Collect

### 2.1 Account Data

We may collect and store:

- Firebase Auth user identifier;
- email address;
- display name, stored either as `accounts.name` or, where encryption is enabled, as `accounts.display_name_encrypted`;
- preferred app language, stored as `accounts.language`;
- authentication provider, stored as `accounts.provider`;
- current active child identifier, stored as `accounts.current_child_id`;
- onboarding status and service timestamps, including `created_at`, `updated_at`, and `last_login_at`.

The current confirmed Firestore account document does not store a profile photo field.

### 2.2 Child Data

Child data is provided by a parent or caregiver and may include:

- child name, stored either as `accounts/{account_id}/children/{child_id}.name` or, where encryption is enabled, as `name_encrypted`;
- birth date, stored as `birth_date`;
- introduced product identifiers, stored as `introduced_product_ids`;
- product identifiers marked as allergic reactions, stored as `allergic_product_ids`;
- service timestamps, including `created_at` and `updated_at`.

Child data is used to personalize feeding guidance, product recommendations, menus, and introduction tracking.

### 2.3 Feeding, Menu, and App Usage Data

We may collect data created through app features, including:

- product introduction plans and records from `introductions`;
- menu data from `menus`;
- product, recipe, and feeding-related interactions;
- document acknowledgement records from `accounts/{account_id}/document_acknowledgements`, including document version, locale, and acknowledgement time;
- screen and feature analytics events.

The current confirmed account model does not include a production-ready account-level `favorites` field.

### 2.4 Subscription and Payment Data

We may collect and store subscription and payment-related technical data, including:

- current subscription state from `accounts/{account_id}/subscription_state/current`;
- subscription status, provider, plan identifier, start date, expiration date, trial end date, renewal/cancellation state, and last verification time;
- Google Play purchase token or other provider transaction token where required for verification;
- payment records from `accounts/{account_id}/payments/*`, including provider, plan identifier, status, amount, currency, transaction identifiers, and payment timestamps;
- subscription events from `accounts/{account_id}/subscription_events/*`.

We do not collect or store payment card details in the App.

Payments and subscriptions are processed by Google Play.

### 2.5 Security and Encryption Data

The App may use local protection and encryption mechanisms. We may store technical security metadata, including:

- encryption enabled status;
- encrypted personal values;
- encrypted data key wrapping metadata;
- salts and key-derivation metadata;
- server-assisted recovery metadata, where enabled;
- local security settings.

We do not store the raw PIN, raw pattern, biometric data, or plaintext encryption key in Firestore, Analytics, Crashlytics, logs, or payment systems.

Biometric authentication is handled by the operating system. The App only stores whether biometric login is enabled.

### 2.6 Technical, Diagnostic, and Analytics Data

We may collect technical data needed to operate and improve the App, including:

- device and platform information;
- app version;
- locale;
- subscription status;
- current screen or feature name;
- crash and non-fatal diagnostic data;
- analytics events such as sign-in, onboarding, feeding actions, subscription events, and screen opens.

Analytics and crash reports must not include free-text personal data, child names, birth dates, email addresses, encryption keys, raw PIN/pattern values, ciphertext, nonce, or MAC values.

## 3. How We Use Data

We use data to:

- create and manage your account;
- authenticate you through Firebase Auth and supported sign-in providers;
- personalize content based on child age, introduced products, and allergy-related product identifiers;
- provide feeding plans, menu features, product information, recipes, recommendations, and tracking;
- manage subscriptions and determine access to paid features;
- verify purchases and prevent duplicate or fraudulent payment processing;
- display legal documents and record acknowledgement of document versions;
- improve stability, diagnose crashes, and fix technical issues;
- provide user support;
- protect account access and personal data through local security and encryption features.

## 4. Subscriptions and Payments

Subscription access is determined from `accounts/{account_id}/subscription_state/current`.

Google Play manages Google Play payments, renewals, cancellations, and refunds according to Google Play rules.



We do not collect or store payment card numbers, card security codes, or full payment credentials in the App.

## 5. Data Sharing

We may share data with trusted service providers only as needed to operate the App:

- Google Firebase Auth for authentication;
- Google Cloud Firestore for data storage;
- Firebase Storage for legal document PDF files and app storage where applicable;
- Firebase Cloud Functions for backend operations;
- Firebase Crashlytics for crash diagnostics;
- Firebase Analytics for product and technical analytics;
- Google Sign-In for sign-in flow;
- Google Play Billing for subscriptions and purchase verification;

We do not sell personal data.

## 6. Data Storage and Retention

We store account-dependent data while your account is active or as needed to provide the service.

When account deletion is requested, the current target flow uses a 30-day recovery window:

- during the recovery window, deletion is scheduled and the account may be restored;
- after the recovery window, backend/admin processing performs final anonymization;
- after final anonymization, account restoration is not available.

Some financial and technical records may be retained in minimized or anonymized form where needed for payment audit, refunds, disputes, fraud prevention, security, or legal obligations.

Reference data such as products, recipes, and legal document metadata is not account-dependent and is not deleted with a user account.

## 7. Your Rights

You may request to:

- access your personal data;
- update your personal data;
- delete your account and account-dependent personal data;
- ask questions about how your data is processed.

To exercise these rights, contact us at feedingstart@gmail.com.

## 8. Data Deletion

You can request deletion through the App where available or by email.

The current deletion model is:

- a deletion request is created after account access is confirmed;
- the account enters a 30-day recovery window;
- you may restore the account before `scheduled_delete_at`;
- after the recovery window, personal identifiers are removed or anonymized and account access is deactivated.

Deletion and anonymization include account data, child profile identifiers, account-dependent feeding and menu data, subscription state, payment records, subscription events, Firebase Auth user, and account-dependent storage files where applicable.

Payment and transaction records may retain minimized transaction identifiers where required for audit, refunds, disputes, or legal obligations.

## 9. Security

We use reasonable technical and organizational measures to protect data from unauthorized access, loss, misuse, or disclosure.

Security measures may include:

- Firebase Authentication;
- Firestore security rules;
- backend/admin-only writes for subscription state, payments, document acknowledgements, and deletion requests;
- client-side encryption for selected personal fields where enabled;
- local device protection through PIN, pattern, and/or biometric unlock;
- secure device storage for local security material.

No system can guarantee absolute security.

## 10. Children

The App is intended for parents and caregivers.

We do not knowingly collect personal data directly from children. Child-related data is entered by a parent or caregiver and is used to provide app functionality and personalization.

## 11. Changes to This Policy

We may update this Privacy Policy from time to time.

When the policy changes, we may update the document version and may request acknowledgement of the new version in the App.

## 12. Contact

Email: feedingstart@gmail.com

---