Privacy Policy for Decaf
Effective Date: February 17, 2026
Last Updated: February 17, 2026
Introduction
Welcome to Decaf ("we," "our," or "us"). Decaf is developed and operated by Blue Sparrow, an independent software developer based in India.
This Privacy Policy explains how we collect, use, store, and protect your information when you use the Decaf mobile application ("App"). We are committed to protecting your privacy and ensuring you understand how your data is handled.
Contact Information:
- Website: https://bluesparrow.dev
- General Inquiries: info@bluesparrow.dev
- Privacy-Related Inquiries: privacy@bluesparrow.dev
1. Our Privacy Commitment
Decaf is built with a privacy-first design. We believe your data is deeply personal and should remain under your control.
- Local-First Storage: Your data is stored locally on your device
- No Mandatory Account: You can use the App without creating an account
- No Advertising: We do not display advertisements
- No Data Selling: We never sell, rent, or trade your personal information
- Minimal Data Collection: We only collect what is necessary to provide core functionality and optional services
- User Control: You can export or delete your data at any time
2. Information We Collect
2.1 Information You Provide Directly
When you use Decaf, you may voluntarily provide the following information:
Habit Tracking Data:
- Daily check-in responses (caffeine-free status)
- Symptom tracking data (headache severity, energy levels, how you're feeling)
- Optional symptom logs (fatigue, focus levels, comfort levels, nausea, restlessness)
- Daily notes and journal entries
- Caffeine consumption history
- Quit method preferences (cold turkey or gradual taper)
- Personal goals
App Preferences:
- Theme preferences (light/dark mode)
- Notification settings and reminder times
- Display preferences
Optional Account Information (if you choose to sign in):
- Google account email address (for cloud backup feature only)
- Account display name
2.2 Information Collected Automatically
Device Information:
- Device type and model
- Operating system version
- App version
- Unique device identifiers (for app functionality only)
- Time zone settings
Usage Analytics:
We do not collect usage analytics events or crash reports automatically. We do not use Firebase Analytics or Firebase Crashlytics at this time.
2.3 Information We Do NOT Collect
- Precise location data
- Contacts or address book information
- Photos, camera, or microphone data
- Browsing history
- Information from other apps on your device
- Biometric data
- Financial or payment card details (purchases are handled by Google Play)
3. How We Use Your Information
3.1 Core App Functionality
- Tracking your caffeine-free journey and streak count
- Calculating your withdrawal phase and progress
- Displaying symptom analytics and patterns
- Generating personalized insights based on your logged data
- Providing milestone celebrations and achievements
3.2 App Improvement
- Identifying and fixing bugs and crashes
- Understanding which features are most valuable
- Improving performance and user experience
- Developing new features based on usage patterns
3.3 Optional Cloud Services
- If enabled, syncing your data across devices via Google Drive backup
- Restoring your data if you switch devices
3.4 Communication (Only with Your Consent)
- Daily reminder notifications (if enabled)
- Milestone celebration notifications (if enabled)
- Peak withdrawal alerts (if enabled)
4. Data Storage and Security
4.1 Local Storage
Your habit tracking data is primarily stored locally on your device using secure database storage.
- Your data remains on your device unless you explicitly choose to back it up
- If you uninstall the App without backing up, your data will be permanently deleted
- Other apps on your device cannot access Decaf's data
4.2 Cloud Storage (Optional)
If you choose to use the cloud backup feature:
- Your data is encrypted before being uploaded to Google Drive
- Data is stored in your personal Google Drive App Data folder
- Only Decaf can access this data; it is not visible in your regular Drive files
- You can delete cloud backups at any time through the App settings
4.3 Security Measures
- Secure local database encryption
- Encrypted data transmission (HTTPS/TLS) for network communications
- Regular security updates and vulnerability assessments
- Minimal data access principles
5. Data Sharing and Disclosure
5.1 We Do Not Sell Your Data
We do not sell, rent, lease, or trade your personal information to any third parties for commercial purposes.
5.2 Third-Party Service Providers
We work with the following third-party services:
| Service | Purpose | Data Shared |
|---|---|---|
| Google Firebase (Authentication, Firestore, Cloud Messaging) | Optional sign-in, account/profile storage, push notifications | Email (if you sign in), display name, profile photo URL, user ID, push notification token, subscription/VIP status fields |
| RevenueCat | Subscription management | App user ID, subscription status, product identifiers |
| Blue Sparrow Email Service | Transactional emails | Email delivery info |
| Google Play Services | App distribution, purchases | Purchase transactions |
| Google Drive API | Optional cloud backup | Encrypted backup data (user-initiated) |
5.3 Circumstances for Disclosure
We may disclose your information only in the following limited circumstances:
- With Your Consent: When you explicitly authorize us to share specific information
- Data Export: When you request to export your own data
- Service Providers: To trusted third parties who assist in operating the App
- Legal Requirements: If required by applicable law, regulation, or valid legal process
6. Your Privacy Rights
6.1 Universal Rights (All Users)
- Access: View all data stored by the App
- Export: Download your data in a portable format (JSON)
- Deletion: Delete all your data from the App and our services
- Correction: Edit or update any information you have provided
- Opt-Out: Disable optional features like notifications and cloud backup
6.2 EEA Residents (GDPR)
If you are located in the European Economic Area, you have additional rights under GDPR including access, rectification, erasure, restriction, portability, objection, and withdrawal of consent.
Legal Basis for Processing:
- Contract Performance: Processing necessary to provide the App services
- Legitimate Interests: App improvement, security, and fraud prevention
- Consent: Optional features like cloud backup and notifications
6.3 California Residents (CCPA/CPRA)
If you are a California resident, you have rights under CCPA/CPRA including the right to know, delete, correct, and non-discrimination. Note: we do not sell personal information.
6.4 Other Jurisdictions
We respect privacy rights globally and extend similar rights to users regardless of location, including Brazil (LGPD), Canada (PIPEDA), Australia (Privacy Act), the UK (UK GDPR), India (DPDP Act), Japan (APPI), and South Korea (PIPA).
6.5 How to Exercise Your Rights
To exercise any of your privacy rights:
- In-App: Use Settings → Data Management to access, export, or delete your data
- Email: Contact us at privacy@bluesparrow.dev
We will respond to your request within 30 days (or sooner where required by law).
7. Data Retention
7.1 Local Data
Data stored locally on your device is retained until you delete it through the App settings, uninstall the App, or clear the App data through device settings.
7.2 Cloud Backup Data
If you use cloud backup, your data is retained until you delete it through the App settings, revoke the App's access to Google Drive, or delete your Google account.
7.3 Account Data (Firebase)
If you choose to sign in, we store your basic profile information (such as email, display name, and profile photo URL) in Google Firebase. This data is retained until you delete your account.
7.4 Communication Records
If you contact us via email, we may retain communication records for up to 2 years to provide support and improve our services.
8. Children's Privacy
Decaf is not intended for children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children.
9. International Data Transfers
As a local-first app, most of your data never leaves your device. However:
- Account and Notification Data: Processed by Google Firebase (servers may be located in the US and other countries)
- Cloud Backup: Stored in Google Drive (server location depends on your Google settings)
- Support Requests: Processed by Blue Sparrow (server location may vary)
10. Third-Party Links and Services
The App may contain links to external websites or services. These external sites are not operated by us, and we are not responsible for their privacy practices.
11. Push Notifications
If you enable push notifications, we may send you daily reminders, milestone celebrations, and peak withdrawal alerts. You can disable notifications at any time through app settings or your device settings.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make changes, we will update the "Last Updated" date at the top of this policy.
13. General Disclaimer
Decaf is a personal habit tracking tool and is not a medical device. It does not provide medical advice, diagnosis, or treatment. All information provided by the App is for general informational and self-tracking purposes only. Always consult a qualified professional for medical advice.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy, please contact us:
- General Inquiries: info@bluesparrow.dev
- Privacy Inquiries: privacy@bluesparrow.dev
- Website: https://bluesparrow.dev
Thank you for trusting Decaf with your caffeine-free journey. Your privacy matters to us.
© 2026 Blue Sparrow. All rights reserved.