ProofPocket — Privacy Policy

Introduction

ProofPocket ("the App") is a privacy-first receipt and warranty tracker that helps you save proof of purchase, track return and warranty deadlines, and export Proof Packs.

This Privacy Policy explains how information is handled when you use the App and related services.

Who we are

• Developer: BlueSparrow (solo developer based in India)
• Website: https://bluesparrow.dev

Contact Information

• Privacy inquiries: privacy@bluesparrow.dev
• General inquiries: info@bluesparrow.dev

Quick Summary (Plain Language)

• ProofPocket is offline-first. Most data you add stays on your device.
• We do not sell personal data. We do not run advertising SDKs or behavioral Firebase Analytics in the MVP.
• Google sign-in is required before you can use ProofPocket.
• Account-linked features rely on third-party providers such as Google, RevenueCat, and Google Play.
• If you connect Google Drive backup access, encrypted checkpoints are created on your device before upload.
• Firebase Crashlytics is used for crash reporting and diagnostic breadcrumbs so we can fix reliability issues.

1. Information We Handle

1.1 Information you create in the App (stored locally by default)

When you use ProofPocket, you may create and store:

• Item details such as item name, store, category, purchase date, return window, warranty duration, serial or model, and notes
• Attachments such as receipt photos, receipt PDFs, warranty documents, and product photos
• Reminder settings
• Exports generated by the App such as PDF Proof Packs, ZIP bundles, and inventory CSV files

By default, this information is stored locally on your device in app-private storage.

1.2 Account information and Firebase profile metadata

ProofPocket requires Google sign-in and uses Firebase Authentication to handle:

• Your Firebase Auth UID
• Your email address
• Your display name
• Your profile photo URL, if provided by Google

ProofPocket may also store a minimal Firestore user profile document for account and entitlement support, including fields such as email, displayName, photoURL, createdAt, updatedAt, and subscription or VIP entitlement fields.

ProofPocket does not store your receipts, attachments, item inventory, or exports in Firestore.

1.3 Subscription information

ProofPocket offers optional Premium features. Subscriptions and purchases are handled by:

• Google Play Store
• RevenueCat

We do not receive your full payment card details. We may receive subscription status and entitlement metadata needed to unlock Premium features.

1.4 Optional Google Drive backup and restore

If you connect Google Drive backup and restore, the App may request access to your Google Drive appDataFolder.

Backup behavior:

• The App creates encrypted checkpoint data from your local database and attachments
• That checkpoint data is encrypted on your device using key material derived from your signed-in Google/Firebase account identity
• Encrypted checkpoint snapshots and related backup objects are uploaded to your own Google Drive appDataFolder
• Once Drive access is granted, ProofPocket may create checkpoints automatically and finish checkpoint metadata in the background
• If you use the in-app account deletion flow, ProofPocket deletes ProofPocket checkpoint data from your Google Drive appDataFolder as part of that destructive flow

Important:

• Restoring a backup requires signing in with the same Google account identity used to create it
• Supported restores reload in-app on this device without requiring an app restart
• This convenience model is designed for easier restore and may provide less separation than a separate user-managed backup passphrase
• BlueSparrow does not store a separate backup passphrase or recovery key for you
• ProofPocket uses checkpoint-based backup and restore, not true live multi-device merge sync

1.5 Crash diagnostics and reliability telemetry

ProofPocket uses Firebase Crashlytics to help diagnose crashes and serious app failures.

Crash diagnostics may include:

• Crash stack traces
• App version, device model, operating system version, and timestamp data
• Diagnostic breadcrumbs generated from recent in-app actions
• Technical identifiers used by Firebase Crashlytics to group crash reports

We use this information only to investigate stability and reliability issues. ProofPocket does not use Firebase Analytics for behavioral analytics in the MVP.

1.6 Permissions and device features

Depending on the features you use, ProofPocket may request:

• Camera access to capture receipts
• Photo, media, or document access to import images and PDFs
• Notification permission for reminders
• Biometric authentication for app lock

The App does not receive your raw biometric data. The operating system only returns a success or failure result.

1.7 Support communications

If you contact us by email or through in-app support, we receive the information you choose to send, such as your email address and message content. We use this information only to respond and provide support.

2. Information We Do Not Intentionally Collect

• Your precise location
• Your contacts or address book
• Your call logs or SMS
• Your browsing history
• Advertising identifiers for cross-app tracking
• Your receipts, attachments, or item inventory on our own servers
• Behavioral Firebase Analytics data in the MVP

3. How We Use Information

• Provide core app functionality
• Authenticate your account and keep backup recovery and Premium access linked to one signed-in identity
• Enable Premium features and verify entitlements
• Create and restore encrypted Google Drive backups when you connect Drive access
• Diagnose crashes, investigate failures, and improve app reliability
• Respond to support requests

We do not use your information for targeted advertising.

4. Where Your Data Is Stored

• On your device by default: items, attachments, reminders, exports, and app settings
• In your Google Drive appDataFolder if you connect Drive backup: encrypted checkpoint snapshots and backup objects
• In Firebase Authentication and Firestore for your signed-in account: minimal account and entitlement metadata
• In Firebase Crashlytics: crash reports and technical diagnostics
• In Google Play and RevenueCat: billing and entitlement records

ProofPocket does not store your receipts or item inventory on our own servers as part of the core product design.

5. Sharing and Disclosure

• When you use third-party features such as Google sign-in, Google Drive backup, or app-store billing
• When service providers process information on our behalf to provide subscriptions, authentication, backup integration, or crash diagnostics
• When required by law or valid legal process

We do not sell personal data.

6. Data Security

• App-private storage for local files and database content
• Encrypted Google Drive backups created on your device
• HTTPS for network communication with supported providers
• Minimal cloud metadata design

No system is perfectly secure. You are responsible for protecting your device and Google account.

7. Data Retention

• Local app data: kept until you delete it, uninstall the App, or use the in-app account deletion flow with device wipe enabled
• Google Drive backups: kept until you delete them from your Google account or use the in-app account deletion flow
• Firestore account metadata: kept while needed to support your account and entitlements, or until deleted under our retention and legal obligations
• Crash diagnostics: retained by Firebase Crashlytics according to Google Firebase retention practices
• Support communications: retained only as long as reasonably needed for support and recordkeeping

8. International Users and Cross-Border Processing

The developer is based in India. Third-party providers such as Google and RevenueCat may process data in other countries depending on their infrastructure and your region.

9. Your Privacy Rights

We respect privacy rights globally and will respond to legitimate requests where applicable.

9.1 EEA, UK, and Switzerland

• Access
• Correction
• Deletion
• Restriction
• Portability
• Objection
• Withdrawal of consent where processing is based on consent

9.2 United States

• Knowing what categories of personal information are handled
• Requesting access
• Requesting deletion
• Correcting inaccurate information

We do not sell personal information.

9.3 Other jurisdictions

You may have additional rights under your local law. Contact us and we will make reasonable efforts to help.

To exercise privacy rights, contact: privacy@bluesparrow.dev

10. Children's Privacy

ProofPocket is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information, contact privacy@bluesparrow.dev.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will update the "Last Updated" date and may provide an in-app notice for significant changes.

12. Contact Us

• Privacy inquiries: privacy@bluesparrow.dev
• General contact: info@bluesparrow.dev
• Website: https://bluesparrow.dev

13. Consent

By using ProofPocket, you agree to the handling of information described in this Privacy Policy.