Privacy Policy

1. Introduction

Phobic AS ("we", "us", or "our"), a company registered in Norway, operates the Ataxophobic mobile application (com.phobic.ataxophobic) on Android and iOS. This Privacy Policy explains how we collect, use, and protect your information when you use our app on any platform.

By using Ataxophobic, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the app.

2. Data We Collect

We collect and process the following categories of data:

• Account information: When you sign in, we collect authentication details depending on the method you choose: your name, email address, and profile picture (Google Sign-In); your email and password (email sign-in); or your phone number (phone OTP sign-in). This information is stored securely via Firebase Authentication.
• Inventory data: Items, categories, locations, quantities, brands, descriptions, custom attributes, container hierarchy (places, rooms, shelves, boxes), and any other information you enter into the app to organize your belongings.
• Photos: Images you take with your device camera or import from your photo library within the app to document your items. Photos are stored locally on your device and optionally synced to Firebase Storage (encrypted in transit).
• AI photo processing (Google Gemini): When you use the AI recognition feature, item photos are sent to Google's Gemini API for identification. Google processes the image to return item details (name, category, brand). Photos are processed in real time and are not stored on Google's servers beyond the API request.
• Subscription data (iOS): If you subscribe via the App Store, Apple handles all payment processing through StoreKit. We receive confirmation of your subscription status but do not have access to your payment details, credit card information, or Apple ID password. Subscription management is handled entirely by Apple.
• Google Drive backup data: If you choose to back up your inventory to Google Drive, the app accesses your Google Drive account (with your explicit permission) to create and restore backup files. Backup files contain your inventory data and are stored in your personal Google Drive storage. We do not access any other files in your Google Drive.
• Analytics and crash reporting: We use Firebase Analytics and Firebase Crashlytics to collect anonymous usage statistics and crash reports. This helps us improve the app. No personally identifiable information is included in analytics data.
• Feedback: When you submit bug reports or suggestions through the app, we collect your feedback text, an optional screenshot, your user ID and display name (if signed in), and the app version.
• Location data: When you create recycle or sell listings in the marketplace, we collect your device's GPS coordinates (with your permission). Location is rounded to approximately 1 km accuracy before being stored in Cloud Firestore to indicate the general area of the listing. Location is only collected when you explicitly use marketplace features and grant location permission.
• Push notification tokens: We collect Firebase Cloud Messaging (FCM) device tokens to deliver push notifications to your device. These tokens are stored in Cloud Firestore and are associated with your user account.

We do not collect:

• Device identifiers for advertising purposes
• Contact lists, call logs, or SMS data

3. How We Use Your Data

Your data is used solely to provide and improve the core functionality of the app:

• Authentication: To identify you and secure your account via your chosen sign-in method (Google, email/password, or phone).
• Data synchronization: To sync your inventory across your devices using Cloud Firestore.
• Photo storage: To store your item photos in Firebase Storage so they are accessible across your devices.
• AI recognition (Google Gemini): To automatically identify and categorize items from photos using Google's Gemini AI API.
• Local storage: To keep a local copy of your data on your device for offline access and performance. The app uses SQLite with SQLCipher encryption on both Android and iOS.
• Google Drive backup: To allow you to create manual backups of your inventory data to your personal Google Drive and restore them when needed.
• Subscriptions (iOS): To manage premium features via Apple's StoreKit subscription system.
• Feedback: To improve the app based on your bug reports and suggestions.
• Analytics: To understand anonymous usage patterns and fix crashes.
• Location: To display approximate location on recycle and sell listings in the marketplace, so nearby users can find relevant items.
• Push notifications: To notify you of relevant activity such as marketplace updates and account events via Firebase Cloud Messaging.

We do not use your data for advertising, profiling, or any purpose unrelated to the app's core functionality.

4. Third-Party Services

Ataxophobic relies on the following third-party services to function:

• Firebase Authentication: Handles user authentication (Google Sign-In, email/password, and phone OTP). Subject to Google's Privacy Policy.
• Cloud Firestore (Firebase): Stores and syncs your inventory data in the cloud. Subject to Firebase's Privacy and Security documentation.
• Firebase Storage: Stores photos you upload. Subject to the same Firebase privacy terms above.
• Firebase Analytics & Crashlytics: Collects anonymous usage statistics and crash reports to help us improve the app. No personally identifiable information is collected. Subject to the same Firebase privacy terms above.
• Google Gemini AI: Processes item photos to provide automatic identification and categorization. Images are transmitted securely, processed in real time, and are not retained by Google beyond the API request. Subject to Google's Gemini API Terms of Service.
• Google Drive: Used for optional backup and restore of your inventory data. The app only accesses backup files it creates and does not read or modify any other files in your Google Drive. Subject to Google's Privacy Policy.
• Apple StoreKit (iOS): Handles in-app subscription purchases and management on iOS. All payment processing is handled by Apple. We only receive subscription status information. Subject to Apple's Privacy Policy.
• RevenueCat: Manages cross-platform subscription status and purchase validation. RevenueCat receives purchase data, device information, and IP addresses to verify and manage your subscription. Subject to RevenueCat's Privacy Policy.
• Firebase Cloud Messaging (FCM): Delivers push notifications to your device. FCM collects device tokens and may process device information and IP addresses to route notifications. Subject to the same Firebase privacy terms above.

We do not share your personal data with any other third parties. We do not sell, rent, or trade your data.

5. Data Storage and Security

Your data is stored on Google Cloud infrastructure (via Firebase) and locally on your device. On both Android and iOS, local data is stored using SQLite with SQLCipher encryption (AES-256). We use industry-standard security measures, including:

• Encrypted data transmission (HTTPS/TLS)
• Encrypted local database (SQLCipher AES-256)
• Firebase Security Rules to restrict data access to authenticated users
• Each user can only access their own data

While we take reasonable steps to protect your information, no method of electronic storage or transmission is 100% secure.

6. Data Retention

Your data is retained for as long as you maintain an active account. You can delete your inventory data at any time from the app's settings. If you delete your account or request data deletion, we will remove all associated cloud data from our servers within a reasonable timeframe.

Local data stored on your device can be removed by clearing the app's data or uninstalling the app. Google Drive backups remain in your personal Google Drive until you delete them manually.

Feedback submissions are retained for product improvement purposes and are not automatically deleted. Analytics data is retained for 14 months (Firebase default retention period) and then automatically removed.

7. Legal Basis for Processing (GDPR)

Under the EU/EEA General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:

• Legitimate interest (Article 6(1)(f)): For core app functionality including authentication, inventory synchronization, local storage, photo storage, crash reporting, and push notifications.
• Consent (Article 6(1)(a)): For optional features including analytics data collection, location data for marketplace listings, and AI photo recognition. You can withdraw consent at any time through the app's settings or your device's permission settings.
• Contract performance (Article 6(1)(b)): For subscription management and purchase processing through RevenueCat and platform stores.

8. Your Rights

Under applicable data protection laws, including the EU/EEA General Data Protection Regulation (GDPR), you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Request a copy of your data in a portable format
• Withdraw consent at any time by deleting your account

To exercise any of these rights, please contact us at info@phobic.no.

9. Children's Privacy

Ataxophobic is not directed at children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at info@phobic.no and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Effective date" at the top of this page. We encourage you to review this page periodically. Continued use of the app after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

Phobic AS
Email: info@phobic.no
General inquiries: spamme.post@gmail.com