Privacy Policy for DrivePoint
Effective Date: December 13, 2025
Last Updated: December 13, 2025
BlueSparrow ("we," "us," "our") operates the DrivePoint mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App. We are committed to protecting your privacy and giving you control over your personal data.
This Privacy Policy applies to all users of DrivePoint worldwide, including users in the European Union (EU), European Economic Area (EEA), United Kingdom (UK), United States, India, and all other regions. We comply with applicable data protection laws including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and India's Digital Personal Data Protection Act.
Contact Information:
- Website: https://bluesparrow.dev
- General inquiries: info@bluesparrow.dev
- Privacy-related inquiries: privacy@bluesparrow.dev
About Us: DrivePoint is developed and operated by BlueSparrow (Solo Proprietorship). We are committed to building privacy-focused apps that respect your data.
Please read this Privacy Policy carefully. By using DrivePoint, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Information You Provide
Account Information:
- Email address (from Google Sign-In)
- Display name
- Profile picture (optional, from authentication provider)
Cloud Service Connections:
- OAuth tokens for connected cloud services (Google Drive, Dropbox, OneDrive)
- Cloud account email addresses
- Connection timestamps
1.2 Information We Access From Cloud Providers
When you connect your cloud storage accounts, we access:
- File and folder names
- File metadata (size, type, modification date)
- Folder structure
- Sharing status
With Write Permissions (for Premium features):
If you use bulk operations or file organization features, we may also:
- Copy files between folders or accounts
- Move files between folders or accounts
- Delete files upon your explicit request
Important: We do NOT download, store, or have access to the actual content of your files. All file operations are performed directly through the cloud provider's API based on your explicit actions.
1.3 Information Collected Automatically
Usage Data:
- Search queries (stored locally on your device)
- App feature usage statistics
- Crash reports and error logs
Device Information:
- Device type and model
- Operating system version
- App version
- Unique device identifiers (for analytics)
1.4 Information We Do NOT Collect
- File contents or file bodies (we only access metadata)
- Passwords (OAuth is used for authentication)
- Location data
- Contacts or address book
- SMS or call logs
- Camera or microphone recordings (voice search is processed entirely on-device and not transmitted)
2. How We Use Your Information
We use the information we collect to:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and maintain the App | Contract performance |
| Enable cloud file search functionality | Contract performance |
| Authenticate your identity | Contract performance |
| Process subscription payments | Contract performance |
| Send service-related notifications | Legitimate interest |
| Improve App performance and features | Legitimate interest |
| Respond to support requests | Legitimate interest |
| Comply with legal obligations | Legal obligation |
3. Data Storage and Security
3.1 Where Your Data Is Stored
- Authentication Tokens: Stored securely on Appwrite Cloud (Frankfurt, Germany - EU region)
- File Metadata Index: Stored on Appwrite Cloud for search functionality
- Local Cache: Recent file metadata cached on your device for offline access
- Sensitive Data: Encrypted using industry-standard encryption (AES-256)
3.2 Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until you delete your account |
| OAuth tokens | Until you disconnect the cloud account |
| File metadata index | Re-synced periodically; deleted when account disconnected |
| Local cache | Stored on device until you clear app data |
| Support communications | 2 years |
3.3 Security Measures
We implement appropriate technical and organizational measures to protect your data:
- Encrypted data transmission (TLS/HTTPS)
- Encrypted data storage (AES-256)
- OAuth 2.0 for secure authentication (we never see your passwords)
- Biometric authentication option
- Regular security audits
- Access controls and authentication for our systems
4. Third-Party Services
We integrate with the following third-party services:
4.1 Cloud Storage Providers
| Provider | Data Accessed | Permissions | Purpose |
|---|---|---|---|
| Google Drive | File metadata via Google Drive API | Read & Write | Search, display, and manage files |
| Dropbox | File metadata via Dropbox API | Read & Write | Search, display, and manage files |
| Microsoft OneDrive | File metadata via Microsoft Graph API | Read & Write | Search, display, and manage files |
Note on Write Permissions: Write access is used only for Premium features (bulk operations, file organization) and only when you explicitly initiate an action. We never modify your files without your direct instruction.
Each provider has their own privacy policy:
- Google: https://policies.google.com/privacy
- Dropbox: https://www.dropbox.com/privacy
- Microsoft: https://privacy.microsoft.com/privacystatement
4.2 Backend and Infrastructure
| Service | Purpose | Data Processed |
|---|---|---|
| Appwrite Cloud | Authentication, database, backend | Account data, file index |
| Firebase Cloud Messaging | Push notifications | Device tokens |
| Google Play Billing | Subscription management | Payment tokens (not payment details) |
| Firebase Crashlytics | Crash reporting | Error logs, device info |
4.3 Analytics
We use analytics to improve our App. Analytics data is aggregated and does not identify individual users. You can opt out of analytics in App settings.
5. Your Privacy Rights
Depending on your location, you have the following rights regarding your personal data:
5.1 Rights for All Users
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data
- Portability: Request your data in a portable format
- Withdraw Consent: Withdraw consent at any time
- Disconnect Accounts: Remove connected cloud services at any time
5.2 Additional Rights for EU/EEA/UK Users (GDPR)
- Right to be Forgotten: Request complete deletion of your data
- Right to Restrict Processing: Limit how we use your data
- Right to Object: Object to processing based on legitimate interests
- Right to Lodge a Complaint: File a complaint with your local data protection authority
5.3 Additional Rights for California Users (CCPA)
- Right to Know: Request disclosure of data collected
- Right to Delete: Request deletion of personal information
- Right to Opt-Out: Opt out of sale of personal information (we do not sell your data)
- Right to Non-Discrimination: Equal service regardless of privacy choices
5.4 India Privacy Rights (Digital Personal Data Protection Act)
- Right to Access: You can request information about your personal data.
- Right to Correction: You can request correction or completion of inaccurate data.
- Right to Erasure: You can request deletion of your personal data (subject to legal exceptions).
- Right to Grievance Redressal: You can raise concerns or complaints with us (privacy@bluesparrow.dev).
- Right to Nominate: You may nominate another individual to exercise your rights in case of death or incapacity (as per future regulations).
5.5 Other Jurisdictions
If you are located in another jurisdiction with data protection laws (e.g., Australia, Canada, Brazil), you may have similar rights. Please contact us at privacy@bluesparrow.dev to exercise your rights.
5.6 How to Exercise Your Rights
To exercise any of these rights:
- Use the in-app settings to manage your data, account, or preferences.
- Email us at privacy@bluesparrow.dev with your request.
- We will respond to your request within 30 days (or sooner as required by applicable law).
6. Data Transfers
6.1 International Transfers
Your data may be processed in different countries depending on the services used:
| Service | Location |
|---|---|
| Appwrite Cloud | Frankfurt, Germany (EU) |
| Firebase (Google) | United States |
| Cloud Providers | Various (based on provider) |
6.2 Transfer Safeguards
For transfers outside the EU/EEA, we rely on:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions by the European Commission
- Binding corporate rules of service providers
7. Children's Privacy
DrivePoint is not intended for children under the age of 13 (or 16 in some jurisdictions). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at privacy@bluesparrow.dev, and we will delete such information.
8. Cookies and Tracking
The DrivePoint mobile app does not use cookies. We use local storage on your device for:
- Authentication tokens
- User preferences
- Cached file metadata
9. Push Notifications
We may send push notifications for:
- Sync status updates
- Subscription reminders
- Important service announcements
You can disable push notifications in your device settings at any time.
10. Do Not Track (DNT) Signals
Some browsers support "Do Not Track" (DNT) signals. Because there is no industry-wide standard for interpreting DNT, we do not currently respond to DNT signals. However, we do not track your browsing activity across other websites or apps.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by:
- Posting the new policy in the App
- Updating the "Last Updated" date
- Sending an in-app notification for material changes
We encourage you to review this Privacy Policy periodically.
12. Data Controller Information
Data Controller:
BlueSparrow (Solo Proprietorship)
Website: https://bluesparrow.dev
Email: privacy@bluesparrow.dev
For users in the EU/EEA, we act as the Data Controller for your personal data as defined under the GDPR.
13. Do Not Sell My Personal Information
We do not sell, rent, or trade your personal information to third parties for their marketing purposes. The data we share with third parties is solely for the purpose of providing and improving our services.
14. Your Choices and Controls
You have control over your data and privacy settings:
- Disconnect Cloud Accounts: Remove connected cloud services at any time in settings.
- Clear Cache: Delete locally cached file metadata.
- Analytics: Opt out of analytics and crash reporting in settings.
- Delete Account: Delete your account at any time from the App or by contacting privacy@bluesparrow.dev.
15. Definitions and Glossary
- Personal Data/Personal Information: Any information relating to an identified or identifiable individual (e.g., email address, account identifiers).
- Processing: Any operation performed on personal data, such as collection, storage, use, disclosure, or deletion.
- Data Controller: BlueSparrow (the entity that determines how and why personal data is processed).
- Data Processor: Third-party service providers (e.g., Appwrite, cloud storage providers) that process data on our behalf.
- File Metadata: Information about files (name, size, type, date) but NOT the actual file content.
- OAuth: An open standard for secure authorization that allows you to grant us access to your cloud files without sharing your password.
16. Consent and Agreement
By using DrivePoint, you acknowledge that:
- You have read, understood, and agree to this Privacy Policy.
- You consent to the collection and use of information as described in this Privacy Policy.
- You consent to the transfer of your information to third-party service providers as described above.
- You consent to the processing of your data in accordance with applicable laws.
You may withdraw your consent at any time by deleting your account or contacting us at privacy@bluesparrow.dev.
17. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
General Inquiries:
Email: info@bluesparrow.dev
Website: https://bluesparrow.dev
Privacy-Specific Inquiries:
Email: privacy@bluesparrow.dev
We aim to respond to all inquiries within 5 business days.
Thank you for choosing DrivePoint. Your privacy and trust are important to us.
This Privacy Policy is effective as of the date stated above and applies to all users of DrivePoint worldwide.