Privacy Policy for SystemFlow
Effective Date: January 2026
Last Updated: January 2026
1. Introduction
Blue Sparrow Dev ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard information when you use the SystemFlow mobile application ("App").
This policy applies to all users worldwide, including those in the European Union (EU/EEA), United Kingdom (UK), United States (USA), India, Canada, Australia, and all other jurisdictions.
2. Contact Information
- General inquiries: info@bluesparrow.dev
- Privacy inquiries: privacy@bluesparrow.dev
- Website: https://bluesparrow.dev
3. Our Privacy Commitment
SystemFlow is designed with a privacy-first philosophy:
- Your data stays on YOUR device — We do not upload, sync, or store your tasks, rituals, algorithms, or any personal data on any server controlled by us.
- Optional encrypted backup — If you choose, your data can be backed up to YOUR Google Drive in an encrypted format. We never have access to this data.
- Minimal data collection — We only collect what is absolutely necessary for the App to function.
- No behavioral tracking — We do not track your in-app behavior for advertising, analytics, or marketing purposes.
- No sale of data — We never sell, rent, trade, or share your personal information with third parties for marketing purposes.
- No advertising — SystemFlow contains no advertisements and no ad-tracking technology.
4. Information We Collect
4.1 Account Information (Optional)
If you choose to sign in with your Google account, we receive:
- Your email address
- Your display name
- Your Google account profile photo URL
This information is used solely for account identification and is stored in our secure Firebase Authentication system.
4.2 Subscription Information
If you purchase a premium subscription, the following is processed:
- Transaction IDs
- Subscription status (active, expired, cancelled)
- Purchase timestamps
All payment processing is handled securely by Google Play. We never receive, store, or have access to your payment card details, bank account information, or billing address.
4.3 App Usage Permissions
The App may request the following device permissions:
| Permission | Purpose |
|---|---|
| Usage Access | Required for Focus Shield to detect when blocked apps are opened |
| Display Over Other Apps | Required to show the Focus Shield intervention screen |
| Notifications | Required to send ritual reminders and weekly review notifications |
| Internet Access | Required for authentication, subscription verification, and optional Google Drive backup |
You can revoke any permission at any time through your device's Settings.
4.4 User-Generated Content
All user-generated content is stored locally on your device only:
- TO DO, TO WANT, TO BE list items
- If-Then algorithms
- Rituals and schedules
- Analytics and progress data
- Preferences and settings
We do not have access to this information.
4.5 Backup Data (Optional)
If you enable Google Drive backup:
- Data is encrypted with AES-256-GCM before upload
- Data is stored in your personal Google Drive's appData folder
- Only you can access this data
- We do not store backup encryption keys on any server
5. How We Use Your Information
We use the limited information we collect solely for:
- Account Management — To identify you and manage your account
- Subscription Validation — To verify premium subscription status via RevenueCat
- App Functionality — To provide core app features
- Customer Support — To respond to your support requests
- Service Improvement — To fix bugs and improve the App (using anonymized crash reports only)
We do NOT use your information for:
- Advertising or ad targeting
- Selling or sharing with data brokers
- Behavioral profiling
- Marketing to you without consent
6. Data Storage and Security
6.1 Local Storage
All your tasks, rituals, algorithms, and analytics are stored locally on your device using secure encrypted storage (Drift database with SQLCipher-equivalent security).
6.2 Cloud Services
We use the following cloud services:
| Service | Purpose | Data Stored |
|---|---|---|
| Firebase Authentication | Account sign-in | Email, name, photo URL |
| RevenueCat | Subscription management | Transaction IDs, subscription status |
| Google Drive (optional) | User-initiated backup | Encrypted backup files (your Drive only) |
6.3 Security Measures
We implement industry-standard security measures:
- Encrypted data transmission (TLS 1.3)
- Secure token storage on device
- No server-side storage of personal content
- AES-256-GCM encryption for backups
- Regular security updates
7. Data Retention
- Account Data: Retained until you delete your account or request deletion
- Local Data: Stored on your device until you clear app data or uninstall
- Backup Data: Stored in your Google Drive until you delete it
- Support Communications: Retained for up to 2 years for quality assurance
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
8.1 Universal Rights
All users have the right to:
- Access — Request a copy of your personal data
- Correction — Request correction of inaccurate data
- Deletion — Delete your account and all associated data
- Portability — Export your data in a standard format
8.2 EU/EEA/UK Residents (GDPR)
In addition to the above, you have the right to:
- Restrict Processing — Limit how we use your data
- Object to Processing — Object to certain uses of your data
- Withdraw Consent — Withdraw any previously given consent
- Lodge a Complaint — File a complaint with your local data protection authority
Legal Basis for Processing (GDPR Article 6):
- Consent: For optional features like Google Drive backup
- Contract Performance: For providing the App and subscription services
- Legitimate Interests: For security, fraud prevention, and service improvement
8.3 California Residents (CCPA/CPRA)
You have the right to:
- Know — Request disclosure of data collected about you
- Delete — Request deletion of your personal information
- Opt-Out — We do not sell personal information
- Non-Discrimination — We will not discriminate against you for exercising your rights
Categories of Personal Information Collected: Identifiers (email, name)
Categories Sold: None
Categories Shared for Business Purposes: Subscription data with RevenueCat
8.4 Brazil Residents (LGPD)
You have similar rights to access, correct, delete, and port your data. Contact us to exercise these rights.
8.5 Indian Residents (DPDP Act)
You have the right to access, correct, and erase your personal data. You may nominate a person to exercise these rights on your behalf.
8.6 Exercising Your Rights
To exercise any of these rights, contact us at privacy@bluesparrow.dev. We will respond within 30 days (or sooner if required by applicable regulations).
You can also delete your account at any time through Settings > Account > Delete Account within the App.
9. Children's Privacy
SystemFlow is not intended for children under 13 years of age (or 16 in the EU/EEA). We do not knowingly collect personal information from children.
If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@bluesparrow.dev and we will promptly delete such information.
10. Third-Party Services
The App integrates with the following third-party services:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Google Play | App distribution, payments | Google Privacy Policy |
| Firebase (Google) | Authentication | Firebase Privacy |
| RevenueCat | Subscription management | RevenueCat Privacy Policy |
| Google Drive | Optional backup | Google Privacy Policy |
We are not responsible for the privacy practices of these third-party services. We encourage you to review their privacy policies.
11. International Data Transfers
If you are located outside India, your information may be transferred to and processed in India where our development operations are based. We ensure appropriate safeguards are in place:
- For EU/UK transfers: Standard Contractual Clauses where applicable
- All data is encrypted in transit
- We minimize the data transferred internationally
12. Offline Functionality
SystemFlow is designed to work offline. Core features including task management, rituals, algorithms, and analytics work without an internet connection. Your data remains on your device and is never uploaded without your explicit action.
13. Do Not Track
SystemFlow does not track users across websites or apps. We honor Do Not Track (DNT) signals automatically by design as we do not perform any tracking.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes:
- The "Last Updated" date will be revised
- For significant changes, we will notify you via the App or email
- Continued use of the App after changes constitutes acceptance
We recommend reviewing this policy periodically.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy:
- General inquiries: info@bluesparrow.dev
- Privacy inquiries: privacy@bluesparrow.dev
- Website: https://bluesparrow.dev
We aim to respond to all inquiries within 7 business days.
© 2026 Blue Sparrow Dev. All rights reserved.
Blue Sparrow Dev is operated by an independent developer based in India.