Privacy Policy

1. Introduction

Welcome to PeacePort. We are committed to protecting your privacy and ensuring transparency about how we handle your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your information.

PeacePort is a self-help tool designed to help manage health anxiety through meditation, audio activities, and educational content. We take your privacy seriously and have designed our app to minimize data collection while providing you with a personalized experience.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address and user ID when you create an account through Firebase Authentication
• User Preferences: Settings and preferences you configure within the app
• Support Communications: Information you provide when contacting our support team

2.2 Automatically Collected Information

• Usage Data: Information about how you interact with the app, including:
  • Activities completed and progress tracking
  • Screen views and navigation patterns
  • Time spent in different sections of the app
  • Feature usage and engagement metrics
• Device Information: Device type, operating system version, unique device identifiers, and mobile network information
• Analytics Data: We use Firebase Analytics to collect:
  • App performance metrics
  • User engagement statistics
  • Custom events (e.g., activity completion, feature usage)
• Crash Reports: We use Firebase Crashlytics to collect technical data about app crashes and errors to improve stability

2.3 Subscription Information

• Payment Processing: We use RevenueCat to manage subscriptions. Payment information is processed by Apple App Store or Google Play Store and is not stored on our servers
• Subscription Status: Information about your subscription status, trial period, and renewal dates
• Paywall Events: We track events such as:
  • Paywall shown
  • Purchase initiated
  • Purchase completed
  • Purchase failed
  • Restore completed

2.4 Information We Do NOT Collect

We want to be clear about what we do not collect:

• We do NOT collect health data or medical information
• We do NOT record or store audio from your device's microphone
• We do NOT access your contacts, photos, or other personal files
• We do NOT track your location
• We do NOT sell your personal information to third parties

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 To Provide and Improve Our Services

• Deliver meditation and audio activities
• Track your progress and activity completion
• Personalize your experience based on your preferences
• Improve app performance and fix bugs
• Develop new features and content

3.2 To Manage Your Subscription

• Process your subscription and free trial
• Send subscription-related notifications
• Handle refunds and cancellations
• Verify premium access to features

3.3 To Communicate With You

• Respond to your support requests
• Send important updates about the app
• Notify you of changes to our policies

3.4 For Analytics and Research

• Understand how users interact with the app
• Analyze usage patterns to improve content
• Measure the effectiveness of features
• Generate anonymized, aggregated statistics

4. Data Storage & Security

4.1 Where Your Data is Stored

We use a hybrid approach combining local and cloud storage:

Local Storage (On Your Device)

• User Progress: Your activity completion, preferences, and premium status are stored locally using SharedPreferences
• Audio Cache: Downloaded audio files are cached on your device for offline playback
• Important Note: If you delete the app, locally stored data will be lost. We are working on cloud sync features for future updates

Cloud Storage

• Firebase Authentication: Your user ID and email are stored securely in Firebase
• Firebase Storage: Audio content files are hosted on Firebase Storage
• RevenueCat: Your subscription status is stored by RevenueCat as the source of truth for premium access
• Firebase Analytics & Crashlytics: Usage data and crash reports are stored on Google's Firebase servers

4.2 Data Security Measures

We implement industry-standard security measures to protect your data:

• Data transmission is encrypted using SSL/TLS protocols
• Firebase services comply with SOC 2 and ISO 27001 standards
• Access to user data is restricted to authorized personnel only
• Regular security audits and updates
• Secure authentication using Firebase Auth

4.3 Data Retention

• Active Accounts: We retain your data as long as your account is active
• Inactive Accounts: If you don't use the app for 3 years, we may delete your account and associated data
• Analytics Data: Aggregated analytics data may be retained indefinitely for research purposes
• Deleted Accounts: When you delete your account, we will delete your personal data within 30 days, except where required by law

5. Third-Party Services

We use the following third-party services to operate PeacePort:

5.1 Firebase (Google)

• Services Used: Authentication, Analytics, Crashlytics, Storage
• Purpose: User authentication, app analytics, crash reporting, content delivery
• Privacy Policy: Firebase Privacy Policy
• Data Shared: User ID, email, device information, usage data, crash reports

5.2 RevenueCat

• Purpose: Subscription management and payment processing
• Privacy Policy: RevenueCat Privacy Policy
• Data Shared: User ID, subscription status, purchase events

5.3 Apple App Store & Google Play Store

• Purpose: Payment processing and subscription billing
• Privacy Policies:
  • Apple Privacy Policy
  • Google Privacy Policy
• Data Shared: Payment information is handled directly by Apple/Google and is not accessible to us

6. Your Rights

You have the following rights regarding your personal information:

6.1 Access & Portability

• Right to Access: You can request a copy of the personal data we hold about you
• Data Portability: You can request your data in a machine-readable format

6.2 Correction & Deletion

• Right to Correct: You can update your account information at any time within the app
• Right to Delete: You have two options to delete your account and personal data:
  • In-App Deletion (Recommended): Open PeacePort → More tab → Data & Privacy → Delete My Data
  • Email Request: Contact us at Info@vernaldigital.com with "Data Deletion Request" in the subject line

6.3 Control Over Data Collection

• Analytics Opt-Out: You can disable analytics tracking in your device settings
• Marketing Communications: You can opt out of promotional emails (we currently don't send marketing emails)

6.4 GDPR Rights (EU Users)

If you are located in the European Union, you have additional rights under GDPR:

• Right to restriction of processing
• Right to object to processing
• Right to lodge a complaint with a supervisory authority
• Right to withdraw consent at any time

6.5 CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to say no to the sale of personal information (we do NOT sell your data)
• Right to access your personal information
• Right to equal service and price

To exercise any of these rights, please contact us at: Info@vernaldigital.com

7. Children's Privacy (COPPA Compliance)

Age Restriction: PeacePort is intended for users aged 18 years and older. We do not knowingly collect personal information from children under 18.

If we discover that we have inadvertently collected personal information from a child under 18, we will delete that information immediately. If you believe we have collected information from a child under 18, please contact us at Info@vernaldigital.com.

8. International Users

PeacePort is available globally. Your information may be transferred to and processed in countries other than your own, including the United States, where our service providers (Firebase, RevenueCat) operate.

8.1 Data Transfers

• We ensure that data transfers comply with applicable data protection laws
• Firebase complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
• We use standard contractual clauses approved by the European Commission

8.2 GDPR Compliance

For users in the European Economic Area (EEA), we comply with the General Data Protection Regulation (GDPR). We process your data based on the following legal grounds:

• Contract Performance: To provide the services you've subscribed to
• Legitimate Interest: To improve our services and ensure security
• Consent: For analytics and optional features (you can withdraw consent at any time)
• Legal Obligation: To comply with applicable laws

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You

• We will update the "Last Updated" date at the top of this policy
• For material changes, we will notify you via email or in-app notification
• We will provide at least 30 days' notice for significant changes
• Continued use of the app after changes constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For specific privacy-related requests (data access, deletion, etc.), please include "Privacy Request" in your email subject line.